Merge pull request #8 from AndrewQuijano/main

2024 Updates
adwise-fiu · Apr 19, 2024 · 7ef17d9 · 7ef17d9
2 parents 52500bd + c9c44b3
commit 7ef17d9
Show file tree

Hide file tree

Showing 79 changed files with 19,564 additions and 637 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -1,3 +1,10 @@
-# On GitHub Actions with Windows, git will use CRLF by default when checking out
-# the repo. If this file has CRLF line endings
-configure.ac text eol=lf
+# Always checkout with LF
+*.sh text eol=lf
+*.txt text eol=lf
+*.values text eol=lf
+*.csv text eol=lf
+gradlew text eol=lf
+.env text eol=lf
+
+# Always checkout with CRLF
+*.bat text eol=crlf
diff --git a/.github/workflows/build-gradle-project.yml b/.github/workflows/build-gradle-project.yml
@@ -2,8 +2,6 @@ name: Build Gradle project
 
 on:
  push:
- branches:
- - main
 
 jobs:
  build-gradle-project:
@@ -16,53 +14,59 @@ jobs:
 
  steps:
  - name: Checkout project sources
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  - name: Install Graphviz to visualize trees
  run: sudo apt-get install -y graphviz
 
  - name: Setup Gradle
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
  with:
  distribution: 'oracle'
  java-version: '17'
  cache: 'gradle'
 
- # - name: Create Key Store
- # run: sh create_keystore.sh
-
  - name: Run Gradle Testing
  run: sh gradlew build
 
  - name: Upload coverage reports to Codecov
- uses: codecov/codecov-action@v3
+ uses: codecov/codecov-action@v4
  with:
  token: ${{ secrets.CODECOV_TOKEN }}
 
- # This workflow uses actions that are not certified by GitHub.
- # They are provided by a third-party and are governed by
- # separate terms of service, privacy policy, and support
- # documentation.
+ # This workflow uses actions that GitHub does not certify.
+ # They are provided by a third-party and are governed by
+ # separate terms of service, privacy policy, and support
+ # documentation.
+
+ # GitHub recommends pinning actions to a commit SHA.
+ # To get a newer version, you will need to update the SHA.
+ # You can also reference a tag or branch, but the action may change without warning.
 
- # GitHub recommends pinning actions to a commit SHA.
- # To get a newer version, you will need to update the SHA.
- # You can also reference a tag or branch, but the action may change without warning.
+ # https://github.com/docker/build-push-action
 
- # https://github.com/docker/build-push-action
+ # Only create a release on main branch, should update to adwise-fiu eventually.
+ upload_dockerhub:
+ # if: github.repository == 'AndrewQuijano/Level-Site-PPDT' && github.ref == 'refs/heads/main'
+ # needs: [ build-gradle-project ]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout project sources
+ uses: actions/checkout@v4
 
  - name: Login to Docker Hub
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  username: ${{ secrets.DOCKERHUB_USERNAME }}
  password: ${{ secrets.DOCKERHUB_TOKEN }}
 
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
 
  - name: Build and push
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
  with:
  context: .
  file: ./Dockerfile
  push: true
- tags: ${{ secrets.DOCKERHUB_USERNAME }}/ppdt:latest
+ tags: ${{ secrets.DOCKERHUB_USERNAME }}/ppdt:latest
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,6 @@
 # Making certificates, dont mess around here
+logs
 .env
-ppdt-certificate
 
 # No Binaries
 bin

diff --git a/Dockerfile b/Dockerfile
@@ -1,21 +1,42 @@
-FROM gradle:latest
+# Use the same base image as your GitHub Actions workflow
+FROM gradle:8.7.0-jdk17
 
 ENV PATH="/scripts:${PATH}"
+ENV ALIAS="appsec"
+ENV CERTIFICATE="ppdt-certificate"
 
+# Verify installation
+RUN gradle --version
+
+# Get VIM if I need to debug a bit on container/pod
+RUN apt-get update
+RUN apt-get install -y vim
+RUN apt-get install -y graphviz
+RUN vim -h
+
+# Create directories
 RUN mkdir /code
 RUN mkdir /scripts
 RUN mkdir /data
 
-ADD . /code/
+# Copy your project files into the container
+COPY . /code
 
+# Move scripts and data to appropriate directories
 RUN mv /code/scripts/* /scripts/
 RUN mv /code/data/* /data/
 RUN chmod +x /scripts/*
 WORKDIR /code
 
-RUN useradd tree-user
-RUN chown -R tree-user:tree-user /scripts/
-RUN chown -R tree-user:tree-user /code/
-USER tree-user
+# Apparently for Amazon to be happy, I need to import the certificate too, ugh.
+# Might as well update openssl certificates for good measure
+RUN keytool -import -alias ${ALIAS} -file ${CERTIFICATE} -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt
+
+# Set permissions
+# RUN useradd tree-user
+# RUN chown -R tree-user:tree-user /scripts/
+# RUN chown -R tree-user:tree-user /code/
+# USER tree-user
 
+# Define entrypoint
 CMD ["entrypoint.sh"]
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 - 2023 Andrew Quijano
+Copyright (c) 2021 - 2024 Andrew Quijano
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,14 +1,12 @@
 # Level-Site-PPDT
-[![Build Gradle project](https://github.com/AndrewQuijano/MPC-PPDT/actions/workflows/build-gradle-project.yml/badge.svg)](https://github.com/AndrewQuijano/MPC-PPDT/actions/workflows/build-gradle-project.yml) 
-[![codecov](https://codecov.io/gh/AndrewQuijano/MPC-PPDT/branch/main/graph/badge.svg?token=eEtEvBZYu9)](https://codecov.io/gh/AndrewQuijano/MPC-PPDT) 
+[![Build Gradle project](https://github.com/adwise-fiu/Level-Site-PPDT/actions/workflows/build-gradle-project.yml/badge.svg)](https://github.com/AndrewQuijano/Level-Site-PPDT/actions/workflows/build-gradle-project.yml) 
+[![codecov](https://codecov.io/gh/adwise-fiu/Level-Site-PPDT/branch/main/graph/badge.svg?token=eEtEvBZYu9)](https://codecov.io/gh/AndrewQuijano/Level-Site-PPDT) 
 Implementation of the PPDT in the paper "Evaluating Outsourced Decision Trees by a Level-Based Approach"
 
 ## Libraries
-* crypto.jar library is from this [repository](https://github.com/AndrewQuijano/Homomorphic_Encryption)
+* crypto.jar library is from this [repository](https://github.com/adwise-fiu/Homomorphic_Encryption)
 * weka.jar library is from [SourceForge](https://sourceforge.net/projects/weka/files/weka-3-9/3.9.5/),
- download the ZIP file and import the weka.jar file**
-
-** To be confirmed/tested again...
+ download the ZIP file and import the weka.jar file
 
 ## Installation
 It is a requirement to install [SDK](https://sdkman.io/install) to install Gradle.
@@ -47,13 +45,13 @@ fi
 wget "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-amd64.tar.gz"
 tar -xvzf kubeseal-"${KUBESEAL_VERSION}"-linux-amd64.tar.gz kubeseal
 sudo install -m 755 kubeseal /usr/local/bin/kubeseal
-rm kubeseal
+rm kubeseal*
 
 # Install Helm
 curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
 chmod 700 get_helm.sh
 ./get_helm.sh
-rm get_helm
+rm ./get_helm.sh
 
 # Add Sealed Secret Cluster
 helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
@@ -113,7 +111,7 @@ You will need to start and configure minikube. When writing the paper, we provid
 
 - Run the following command to create the cluster
 ```bash
-eksctl create cluster --config-file eks-config/config.yaml
+eksctl create cluster --config-file eks-config/single-cluster.yaml
 ```
 
 - Confirm the EKS cluster exists using the following
@@ -127,16 +125,16 @@ aws eks update-kubeconfig --name ppdt --region us-east-2
 ```
 
 ### Using/Creating a Kubernetes Sealed Secret
-It is suggested you use the existing sealed secret. The password in this secret is aligned with what is on the keystore,
+It is suggested you use the existing sealed secret. The password in this secret is aligned with what is on the keystore.
 
 ```commandline
 kubectl apply -f ppdt-sealedsecret.yaml
 ```
 
 Alternatively, you can create a new sealed secret as follows:
 ```bash
-kubectl create secret generic ppdt-secrets  --from-literal=keystore-pass=<SECRET_VALUE>
-kubectl get secret ppdt-secrets -o yaml | kubeseal > ppdt-sealedsecret.yaml
+kubectl create secret generic ppdt-secrets --from-literal=keystore-pass=<SECRET_VALUE>
+kubectl get secret ppdt-secrets -o yaml | kubeseal --scope cluster-wide > ppdt-sealedsecret.yaml
 ```
 However, if you make a new sealed secret, you should re-make the keystore as well.
 
@@ -166,28 +164,39 @@ ppdt-level-site-08-deploy-6d596967b8-mh9hz 1/1 Running 1 (2m39s ago)
 ppdt-level-site-09-deploy-8555c56976-752pn 1/1 Running 1 (16h ago) 16h
 ppdt-level-site-10-deploy-67b7c5689b-rkl6r 1/1 Running 1 (2m39s ago) 16h
 ```
-The next step is to start the server site. To do this, run the following command.
-
- kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-server-deploy" -o name) -- bash -c "gradle run -PchooseRole=weka.finito.server --args <TRAINING-FILE>"
-
 It does take time for the level-site to be able to accept connections. Run the following command on the first level-site,
-and wait for an output in standard output saying `Ready to accept connections at: 9000`. Use CTRL+C to exit the pod.
+and wait for an output in standard output saying `LEVEL SITE SERVER STARTED!`. Use CTRL+C to exit the pod.
 
  kubectl logs -f $(kubectl get pod -l "pod=ppdt-level-site-01-deploy" -o name)
+ kubectl logs -f $(kubectl get pod -l "pod=ppdt-level-site-10-deploy" -o name)
+
+Next, you need to run the server to create Decision Tree and split the model among the level-sites. 
+You can run it either connecting via a terminal to the pod using the commands below.
 
+ kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-server-deploy" -o name) -- /bin/bash
+ gradle run -PchooseRole=weka.finito.server --args <TRAINING-FILE>
 
-To verify that the server site is ready, use the following command to confirm the server_site is _running_
-and check the logs to confirm we see `Server ready to get public keys from client-site`.
+Alternatively, you can combine the above commands as follows:
 
- kubectl logs -f $(kubectl get pod -l "pod=ppdt-server-deploy" -o name)
+ kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-server-deploy" -o name) -- bash -c "gradle run -PchooseRole=weka.finito.server --args <TRAINING-FILE>"
+
+Once you see this output `Server ready to get public keys from client-site`, you need to run the client.
 
 **In a NEW terminal**, start the client, run the following commands to complete an evaluation. 
-You would point values to something like `/data/hypothyroid.values`
+You would point values to something like `/data/hypothyroid.values`.
+
+ kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-client-deploy" -o name) -- /bin/bash
+ gradle run -PchooseRole=weka.finito.client --args <VALUES-FILE>
+
+ # Test WITHOUT level-sites
+ gradle run -PchooseRole=weka.finito.client --args '<VALUES-FILE> --server'
+
+Alternatively, you can combine both commands in one go as follows:
 
  kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-client-deploy" -o name) -- bash -c "gradle run -PchooseRole=weka.finito.client --args <VALUES-FILE>"
 
  # Test WITHOUT level-sites
- kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-client-deploy" -o name) -- bash -c "gradle run -PchooseRole=weka.finito.client --args <VALUES-FILE> --server"
+ kubectl exec -i -t $(kubectl get pod -l "pod=ppdt-client-deploy" -o name) -- bash -c "gradle run -PchooseRole=weka.finito.client --args '<VALUES-FILE> --server'"
 
 ### Re-running with different experiments
 If you are just re-running the client with the same or different values file, just re-run the above command again. 
@@ -204,14 +213,12 @@ Then repeat the instructions on the previous section.
 ### Clean up
 Destroy the EKS cluster using the following:
 ```bash
-eksctl delete cluster --config-file eks-config/config.yaml --wait
-docker system prune --force
+eksctl delete cluster --config-file eks-config/single-cluster.yaml --wait
 ```
 
 Destroy the MiniKube environment as follows:
 ```bash
 minikube delete
-docker system prune --force
 ```
 
 ## Authors and Acknowledgement
@@ -221,4 +228,7 @@ Code Authors: Andrew Quijano, Spyros T. Halkidis, Kevin Gallagher
 [MIT](https://choosealicense.com/licenses/mit/)
 
 ## Project status
-Fully tested and completed. Although I believe I need a label encoder to compare two strings.
+The project is fully tested. 
+Not sure why the encryption library seems to have a bug in comparisons, 
+and TLS Sockets do not work on EKS, but I will fix this eventually.
+Also, I should probably look into a nicer way to make arbitrary YAML files for level-sites.
diff --git a/build.gradle b/build.gradle
@@ -23,7 +23,7 @@ dependencies {
 
  // https://mvnrepository.com/artifact/commons-io/commons-io
  implementation 'commons-io:commons-io:2.14.0'
-
+ implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
  implementation fileTree(dir: 'libs', include: ['*.jar'])
 }
 
@@ -55,6 +55,10 @@ jacocoTestReport {
  }
 }
 
+clean {
+ delete 'logs/ppdt.log'
+}
+
 check.dependsOn jacocoTestReport
 
 application {

diff --git a/config.properties b/config.properties
@@ -1,6 +1,6 @@
-level-site-ports = "9000,9001,9002,9003,9004,9005,9006,9007,9008,9009"
+level-site-ports = "9000,9001,9002,9003,9004,9005,9006,9007,9008,9009,9010,9011"
 key_size = 2048
 precision = 2
 data_directory = data
-server-port=10000
-server-ip=127.0.0.1
+server-port = 10000
+server-ip = 127.0.0.1
diff --git a/create_keystore.sh b/create_keystore.sh
@@ -4,7 +4,7 @@
 # Generate the self-signed certificate and place it in the KeyStore
 keytool -genkey -noprompt \
  -alias "${ALIAS}" \
- -dname "CN=mqttserver.ibm.com, OU=ID, O=IBM, L=Hursley, S=Hants, C=US" \
+ -dname "CN=kubernetes-services, OU=CSE, O=NYU, L=New York, S=NY, C=US" \
  -keystore "${KEYSTORE}" \
  -storepass "${PASSWORD}" \
  -keypass "${PASSWORD}" \

diff --git a/data/D2.model b/data/D2.model
diff --git a/data/D3.model b/data/D3.model
diff --git a/data/D4.model b/data/D4.model
diff --git a/data/D5.model b/data/D5.model
diff --git a/data/answers.csv b/data/answers.csv
@@ -1,13 +1,13 @@
 D1.model,D1.values,388.36 (3.0/2.0)
-D2.arff,D2.values,58 (3.0/2.0)
-D3.arff,D3.values,190 (3.0)
-D4.arff,D4.values,157 (3.0/2.0)
-D5.arff,D5.values,19 (2.0)
-diabetes.arff,diabetes.values,tested_positive (4.0)
-iris.arff,iris.values,Iris-virginica (3.0)
-iris2D.arff,iris2D.values,Iris-versicolor (48.0/1.0)
-labor.arff,labor.values,good (3.99)
-hypothyroid.arff,hypothyroid-2.values,negative (3366.31/2.0)
-hypothyroid.arff,hypothyroid-4.values,negative (56.17)
-hypothyroid.arff,hypothyroid-5.values,negative (30.75)
-hypothyroid.arff,hypothyroid-9.values,negative (2.0/1.0)
+D2.model,D2.values,58 (3.0/2.0)
+D3.model,D3.values,190 (3.0)
+D4.model,D4.values,157 (3.0/2.0)
+D5.model,D5.values,19 (2.0)
+diabetes.model,diabetes.values,tested_positive (4.0)
+iris.model,iris.values,Iris-virginica (3.0)
+iris2D.model,iris2D.values,Iris-versicolor (48.0/1.0)
+labor.model,labor.values,good (3.99)
+hypothyroid.model,hypothyroid-2.values,negative (3366.31/2.0)
+hypothyroid.model,hypothyroid-4.values,negative (56.17)
+hypothyroid.model,hypothyroid-5.values,negative (30.75)
+hypothyroid.model,hypothyroid-9.values,negative (2.0/1.0)
diff --git a/data/answers_liu.csv b/data/answers_liu.csv
@@ -0,0 +1,6 @@
+nursery.model,nursery-2.values,not_recom (4320.0)
+nursery.model,nursery-5.values,spec_prior (648.0)
+nursery.model,nursery-9.values,priority (384.0)
+nursery.model,nursery-14.values,priority (32.0)
+breast-cancer.model,breast-cancer-8.values,recurrence-events (5.0/1.0)
+spambase.model,spambase-17.values,0 (2.0)
diff --git a/data/breast-cancer-8.values b/data/breast-cancer-8.values
@@ -0,0 +1,9 @@
+age 10-19
+menopause premeno
+tumor-size 0-4
+inv-nodes 0-2
+node-caps yes
+deg-malig 3
+breast right
+breast-quad left-up
+irradiat no