ensuring data security base paper
TRANSCRIPT
-
8/10/2019 Ensuring Data Security Base Paper
1/10
ENSURING DISTRIBUTED ACCOUNTABILITY
FOR DATA SHARING IN THE CLOUD
ABSTRACT:
Cloud computing enables highly scalable services to be easily consumed over the Internet
on an as-needed basis a major feature of the cloud services is that users data are usually
processed remotely in unknown machines that users do not own or operate. While
enjoying the convenience brought by this new emerging technology, users fears of losing
control of their own data particularly, financial and health data! can become a significant
barrier to the wide adoption of cloud services. "o address this problem, here, we propose
a novel highly decentrali#ed information accountability framework to keep track of the
actual usage of the users data in the cloud. In particular, we propose an object-centered
approach that enables enclosing our logging mechanism together with users data and
policies. We leverage the $%& programmable capabilities to both create a dynamic and
traveling object, and to ensure that any access to users data will trigger authentication
and automated logging local to the $%&s. "o strengthen users control, we also provide
distributed auditing mechanisms. We provide e'tensive e'perimental studies thatdemonstrate the efficiency and effectiveness of the proposed approaches.
-
8/10/2019 Ensuring Data Security Base Paper
2/10
EXISTING SYSTEM:
"o allay users concerns, it is essential to provide an effective mechanism for users to
monitor the usage of their data in the cloud. (or e'ample, users need to be able to ensure
that their data are handled according to the servicelevel agreements made at the time they
sign on for services in the cloud. Conventional access control approaches developed for
closed domains such as databases and operating systems, or approaches using a
centrali#ed server in distributed environments, are not suitable, due to the following
features characteri#ing cloud environments.
PROBLEMS ON EXISTING SYSTEM:
(irst, data handling can be outsourced by the direct cloud service provider C)*! to other
entities in the cloud and theses entities can also delegate the tasks to others, and so on.
)econd, entities are allowed to join and leave the cloud in a fle'ible manner. %s a result,
data handling in the cloud goes through a comple' and dynamic hierarchical service
chain which does not e'ist in conventional environments.
-
8/10/2019 Ensuring Data Security Base Paper
3/10
PROPOSED SYSTEM:
We propose a novel approach, namely Cloud Information %ccountability CI%!
framework, based on the notion of information accountability. +nlike privacy protection
technologies which are built on the hide-it-or-lose-it perspective, information
accountability focuses on keeping the data usage transparent and trackable. ur proposed
CI% framework provides end-toend accountability in a highly distributed fashion. ne of
the main innovative features of the CI% framework lies in its ability of maintaining
lightweight and powerful accountability that combines aspects of access control, usage
control and authentication. y means of the CI%, data owners can track not only whether
or not the service-level agreements are being honored, but also enforce access and usage
control rules as needed. %ssociated with the accountability feature, we also develop two
distinct modes for auditing push mode and pull mode. "he push mode refers to logs
being periodically sent to the data owner or stakeholder while the pull mode refers to an
alternative approach whereby the user or another authori#ed party! can retrieve the logs
as needed.
OUR MAIN CONTRIBUTIONS ARE AS FOLLOWS:
We propose a novel automatic and enforceable logging mechanism in the cloud.
ur proposed architecture is platform independent and highly decentrali#ed, in that it
does not re/uire any dedicated authentication or storage system in place.
We go beyond traditional access control in that we provide a certain degree of usage
control for the protected data after these are delivered to the receiver.
We conduct e'periments on a real cloud test bed. "he results demonstrate the efficiency,
scalability, and granularity of our approach. We also provide a detailed security analysis
and discuss the reliability and strength of our architecture.
-
8/10/2019 Ensuring Data Security Base Paper
4/10
IMPLEMENTATION:
Implementation is the stage of the project when the theoretical design is turned out into a
working system. "hus it can be considered to be the most critical stage in achieving a
successful new system and in giving the user, confidence that the new system will work
and be effective.
"he implementation stage involves careful planning, investigation of the e'isting
system and its constraints on implementation, designing of methods to achieve
changeover and evaluation of changeover methods.
-
8/10/2019 Ensuring Data Security Base Paper
5/10
HARDWARE & SOFTWARE REQUIREMENTS:
H/W SYSTEM CONFIGURATION:-
*rocessor - *entium 0I1
)peed - 2.2 3h#
&%4 - 567 4 min!
8ard 9isk - 5: 3
(loppy 9rive - 2.;; 4
-
8/10/2019 Ensuring Data Security Base Paper
6/10
MAIN MODULES:-
1. CIA (Cl!" I#$%')# A**!#'+)l), FRAMEWOR:
CI% framework lies in its ability of maintaining lightweight and powerful accountability
that combines aspects of access control, usage control and authentication. y means of
the CI%, data owners can track not only whether or not the service-level agreements are
being honored, but also enforce access and usage control rules as needed.
. DISTINCT MODE FOR AUDITING:
P!0 "2:
"he push mode refers to logs being periodically sent to the data owner or stakeholder.
P!ll "2:
*ull mode refers to an alternative approach whereby the user
r another authori#ed party! can retrieve the logs as needed.
3. LOGGING AND AUDITING TECHNIQUES:
2. "he logging should be decentrali#ed in order to adapt to the dynamic nature of the
cloud. 4ore specifically, log files should be tightly bounded with the corresponding data
being controlled, and re/uire minimal infrastructural support from any server.
5. ?very access to the users data should be correctly and automatically logged. "his
re/uires integrated techni/ues to authenticate the entity who accesses the data, verify, and
record the actual operations on the data as well as the time that the data have been
accessed.
-
8/10/2019 Ensuring Data Security Base Paper
7/10
B. @og files should be reliable and tamper proof to avoid illegal insertion, deletion, and
modification by malicious parties. &ecovery mechanisms are also desirable to restore
damaged log files caused by technical problems.
;. @og files should be sent back to their data owners periodically to inform them of the
current usage of their data. 4ore importantly, log files should be retrievable anytime by
their data owners when needed regardless the location where the files are stored.
6. "he proposed techni/ue should not intrusively monitor data recipients systems, nor it
should introduce heavy communication and computation overhead, which otherwise will
hinder its feasibility and adoption in practice.
4. MA5OR COMPONENTS OF CIA:
"here are two major components of the CI%, the first being the logger, and the second
being the log harmoni#er.
"he logger is strongly coupled with users data either single or multiple data items!. Its
main tasks include automatically logging access to data items that it contains, encrypting
the log record using the public key of the content owner, and periodically sending them to
the log harmoni#er. It may also be configured to ensure that access and usage control
policies associated with the data are honored. (or e'ample, a data owner can specify that
user = is only allowed to view but not to modify the data. "he logger will control the data
access even after it is downloaded by user =. "he log harmoni#er forms the central
component which allows the user access to the log files. "he log harmoni#er is
responsible for auditing.
-
8/10/2019 Ensuring Data Security Base Paper
8/10
CONCLUSION:
We proposed innovative approaches for automatically logging any access to the data in
the cloud together with an auditing mechanism. ur approach allows the data owner to
not only audit his content but also enforce strong back-end protection if needed.
4oreover, one of the main features of our work is that it enables the data owner to audit
even those copies of its data that were made without his knowledge.
In the future, we plan to refine our approach to verify the integrity of the $&? and the
authentication of $%&s. (or e'ample, we will investigate whether it is possible to
leverage the notion of a secure $14 being developed by I4. "his research is aimed at
providing software tamper resistance to $ava applications. In the long term, we plan to
design a comprehensive and more generic object-oriented approach to facilitate
autonomous protection of traveling content. We would like to support a variety of
security policies, like inde'ing policies for te't files, usage control for e'ecutables, and
generic accountability and provenance controls.
-
8/10/2019 Ensuring Data Security Base Paper
9/10
REFERENCES:
2D *. %mmann and ). $ajodia, E9istributed "imestamp 3eneration in *lanar @attice
Fetworks,G %C4 "rans. Computer )ystems, vol. 22, pp. 5:6-556, %ug. 2HHB.
5D 3. %teniese, &. urns, &. Curtmola, $. 8erring, @. >www.oasis-open.org> committees>tc home.phpLwg
abbrevMsecurity, 5:25.
http://www.oasis-open.org/http://www.oasis-open.org/http://www.oasis-open.org/ -
8/10/2019 Ensuring Data Security Base Paper
10/10
HD &. Corin, ). ?talle, $.I. den 8artog, 3. @en#ini, and I. )taicu, E% @ogic for %uditing
%ccountability in 9ecentrali#ed )ystems,G *roc. I(I* "C2 W32.K Workshop (ormal
%spects in )ecurity and "rust, pp. 2JK-5:2, 5::6.
2:D . Crispo and 3. &uffo, E&easoning about %ccountability within 9elegation,G *roc.
"hird Intl Conf. Information and Comm. )ecurity ICIC)!, pp. 562-57:, 5::2.
22D N. Chen et al., Eblivious 8ashing % )tealthy )oftware Integrity 1erification
*rimitive,G *roc. Intl Workshop Information 8iding, (. *etitcolas, ed., pp. ;::-;2;,
5::B.
25D ). ?talle and W.8. Winsborough, E% *osteriori Compliance Control,G )%C4%" :K
*roc. 25th %C4 )ymp. %ccess Control 4odels and "echnologies, pp. 22-5:, 5::K.