The utilization of edge nodes is inevitable for the success and growth of emerging low latency applications, such as Augmented and Virtual Reality (AR/VR) and vehicular networks. Such applications have stringent latency requirements that the current cloud model cannot satisfy. This is due to the large communication latency between users and their closest datacenter (up to 100ms). This latency problem is exacerbated for applications that serve users across large geographical areas. In such cases, users incur wide area latency as large as 100s of milliseconds to seconds. Placing data closer to users at edge nodes overcomes this fundamental communication latency limit. We envision, as others have, that the cloud model will extend to edge locations similar to how content delivery networks utilize edge locations. However, rather than edge locations being used for data caching only, they will also host data management components that will allow manipulation and querying of local edge partitions. In this presentation, we focus on transaction processing as the data management task to be supported by the edge data management components. The model and focus of this aims to serve web and cloud applications, such as online shops, social networks, and collaborative applications.

We present Dynamic Paxos (DPaxos), a Paxos-based consensus protocol [ 1 ] to manage access to partitioned data across globally-distributed datacenters and edge nodes. DPaxos is intended to implement a State Machine Replication component in data management systems for the edge. DPaxos targets the unique opportunities of utilizing edge computing resources to support emerging applications with stringent mobility and real-time requirements such as Augmented and Virtual Reality and vehicular applications. The main objective of DPaxos is to reduce the latency of serving user requests, recovering from failures, and reacting to mobility. DPaxos achieves these objectives by a few proposed changes to the traditional Paxos protocol. Most notably, DPaxos proposes a dynamic allocation of quorums (i.e., groups of nodes) that are needed for Paxos Leader Election. Leader Election quorums in DPaxos are smaller than traditional Paxos and expand only in the presence of conflicts.

DPaxos proposes Zone-centric Quorums as an alternative to majority-based techniques to avoid unnecessary wide-area communication. A zone denotes a collection of neighboring edge nodes. DPaxos restricts the communication corresponding to a data partition to be within the zones where its users are located. To do this, DPaxos distinguishes between the quorums that are needed to perform the main two tasks in Paxos: Leader Election (coordination with other nodes to select a leader for a partition and is typically invoked in reaction to failures or mobility) and Replication (committing data from a leader to secondary nodes and is typically invoked for every transaction or request). In typical workloads, Replication is more frequent than Leader Election, and thus data management systems should be prioritized to optimize its performance. Ideally, for performance, Replication would be performed within a zone rather than a majority of nodes. Flexible Paxos, proposed by Howard et al. [ 2 ], shows that it is possible to assign arbitrarily small Replication quorums as long as they satisfy the condition: a Leader Election quorum must intersect all Replication quorums. This means that in Flexible Paxos-based approaches, the trade-off of small Replication quorums within zones is an expensive Leader Election quorum that must span all zones.

We base DPaxos Zone-Centric Quorums on the theoretical foundation laid by Flexible Paxos and adapt its quorum allocation techniques to the practical application of data management on globally-distributed edge nodes. Then, we propose two approaches to overcome Flexible Paxos significant Leader Election penalty:

In addition to failures, data centers are constantly exposed to an increasing number of non-trivial adversarial threats. Traditional cryptographic methods either limit the functionality of the data, or significantly increase retrieval costs. During the last decade, a large body of academic work has tackled the problem of outsourcing databases to an untrusted cloud while maintaining both confidentiality and SQL-like querying functionality (at least partially). We will highlight some novel approaches that ensure efficient privacy preserving access to data in the Cloud. In particular, we briefly discuss TaoStore [ 3 ] and PinedRQ‘ [ 4 ].

TaoStore is an oblivious storage systems that hides both the contents of the data as well as access patterns from an untrusted cloud provider. The target scenario is one where multiple users from a trusted group (e.g., corporate employees) asynchronously access and edit potentially overlapping data sets through a trusted proxy mediating client-cloud communication. TaoStore is built on top of a new tree-based ORAM scheme that processes client requests concurrently and asynchronously in a non-blocking fashion. This results in a substantial gain in throughput, simplicity, and flexibility over previous systems.

PinedRQ is a differentially private index for outsourced encrypted dataset and that supports non-aggregate range queries on cloud stored data, while achieving both privacy and efficiency. Performing range queries efficiently in an untrusted cloud setting has not been addressed in a satisfactory manner. Range queries express a bounded restriction over the retrieved records. They are fundamental database operations. PinedRQ sends two complementary data structures to the cloud: an encrypted version of the database, e.g., AES encryption scheme, indexed by a hierarchy of histograms, such that both are perturbed to satisfy differential privacy. Efficiency comes from the disclosure of the index, in the clear, to the cloud, for guiding the query execution strategy. No computation is ever performed on encrypted data. Privacy comes from the differential privacy guarantees of the function that computes the encrypted database and the index. Indeed, the differential privacy model is todays de facto standard for protecting personal information that needs to be partially disclosed. PINEDRQ executes queries in the order of at least one magnitude faster.

I. ACKNOWLEDGMENT

This work was partially funded by the NSF grants CNS1528178, CNS-1703560 and CNS 1815733.