ensuring data security base paper

8/10/2019 Ensuring Data Security Base Paper

1/10

ENSURING DISTRIBUTED ACCOUNTABILITY

FOR DATA SHARING IN THE CLOUD

ABSTRACT:

Cloud computing enables highly scalable services to be easily consumed over the Internet

on an as-needed basis a major feature of the cloud services is that users data are usually

processed remotely in unknown machines that users do not own or operate. While

enjoying the convenience brought by this new emerging technology, users fears of losing

control of their own data particularly, financial and health data! can become a significant

barrier to the wide adoption of cloud services. "o address this problem, here, we propose

a novel highly decentrali#ed information accountability framework to keep track of the

actual usage of the users data in the cloud. In particular, we propose an object-centered

approach that enables enclosing our logging mechanism together with users data and

policies. We leverage the $%& programmable capabilities to both create a dynamic and

traveling object, and to ensure that any access to users data will trigger authentication

and automated logging local to the $%&s. "o strengthen users control, we also provide

distributed auditing mechanisms. We provide e'tensive e'perimental studies thatdemonstrate the efficiency and effectiveness of the proposed approaches.


2/10

EXISTING SYSTEM:

"o allay users concerns, it is essential to provide an effective mechanism for users to

monitor the usage of their data in the cloud. (or e'ample, users need to be able to ensure

that their data are handled according to the servicelevel agreements made at the time they

sign on for services in the cloud. Conventional access control approaches developed for

closed domains such as databases and operating systems, or approaches using a

centrali#ed server in distributed environments, are not suitable, due to the following

features characteri#ing cloud environments.

PROBLEMS ON EXISTING SYSTEM:

(irst, data handling can be outsourced by the direct cloud service provider C)*! to other

entities in the cloud and theses entities can also delegate the tasks to others, and so on.

)econd, entities are allowed to join and leave the cloud in a fle'ible manner. %s a result,

data handling in the cloud goes through a comple' and dynamic hierarchical service

chain which does not e'ist in conventional environments.


3/10

PROPOSED SYSTEM:

We propose a novel approach, namely Cloud Information %ccountability CI%!

framework, based on the notion of information accountability. +nlike privacy protection

technologies which are built on the hide-it-or-lose-it perspective, information

accountability focuses on keeping the data usage transparent and trackable. ur proposed

CI% framework provides end-toend accountability in a highly distributed fashion. ne of

the main innovative features of the CI% framework lies in its ability of maintaining

lightweight and powerful accountability that combines aspects of access control, usage

control and authentication. y means of the CI%, data owners can track not only whether

or not the service-level agreements are being honored, but also enforce access and usage

control rules as needed. %ssociated with the accountability feature, we also develop two

distinct modes for auditing push mode and pull mode. "he push mode refers to logs

being periodically sent to the data owner or stakeholder while the pull mode refers to an

alternative approach whereby the user or another authori#ed party! can retrieve the logs

as needed.

OUR MAIN CONTRIBUTIONS ARE AS FOLLOWS:

We propose a novel automatic and enforceable logging mechanism in the cloud.

ur proposed architecture is platform independent and highly decentrali#ed, in that it

does not re/uire any dedicated authentication or storage system in place.

We go beyond traditional access control in that we provide a certain degree of usage

control for the protected data after these are delivered to the receiver.

We conduct e'periments on a real cloud test bed. "he results demonstrate the efficiency,

scalability, and granularity of our approach. We also provide a detailed security analysis

and discuss the reliability and strength of our architecture.


4/10

IMPLEMENTATION:

Implementation is the stage of the project when the theoretical design is turned out into a

working system. "hus it can be considered to be the most critical stage in achieving a

successful new system and in giving the user, confidence that the new system will work

and be effective.

"he implementation stage involves careful planning, investigation of the e'isting

system and its constraints on implementation, designing of methods to achieve

changeover and evaluation of changeover methods.


5/10

HARDWARE & SOFTWARE REQUIREMENTS:

H/W SYSTEM CONFIGURATION:-

*rocessor - *entium 0I1

)peed - 2.2 3h#

&%4 - 567 4 min!

8ard 9isk - 5: 3

(loppy 9rive - 2.;; 4


6/10

MAIN MODULES:-

1. CIA (Cl!" I#$%')# A**!#'+)l), FRAMEWOR:

CI% framework lies in its ability of maintaining lightweight and powerful accountability

that combines aspects of access control, usage control and authentication. y means of

the CI%, data owners can track not only whether or not the service-level agreements are

being honored, but also enforce access and usage control rules as needed.

. DISTINCT MODE FOR AUDITING:

P!0 "2:

"he push mode refers to logs being periodically sent to the data owner or stakeholder.

P!ll "2:

*ull mode refers to an alternative approach whereby the user

r another authori#ed party! can retrieve the logs as needed.

3. LOGGING AND AUDITING TECHNIQUES:

2. "he logging should be decentrali#ed in order to adapt to the dynamic nature of the

cloud. 4ore specifically, log files should be tightly bounded with the corresponding data

being controlled, and re/uire minimal infrastructural support from any server.

5. ?very access to the users data should be correctly and automatically logged. "his

re/uires integrated techni/ues to authenticate the entity who accesses the data, verify, and

record the actual operations on the data as well as the time that the data have been

accessed.


7/10

B. @og files should be reliable and tamper proof to avoid illegal insertion, deletion, and

modification by malicious parties. &ecovery mechanisms are also desirable to restore

damaged log files caused by technical problems.

;. @og files should be sent back to their data owners periodically to inform them of the

current usage of their data. 4ore importantly, log files should be retrievable anytime by

their data owners when needed regardless the location where the files are stored.

6. "he proposed techni/ue should not intrusively monitor data recipients systems, nor it

should introduce heavy communication and computation overhead, which otherwise will

hinder its feasibility and adoption in practice.

4. MA5OR COMPONENTS OF CIA:

"here are two major components of the CI%, the first being the logger, and the second

being the log harmoni#er.

"he logger is strongly coupled with users data either single or multiple data items!. Its

main tasks include automatically logging access to data items that it contains, encrypting

the log record using the public key of the content owner, and periodically sending them to

the log harmoni#er. It may also be configured to ensure that access and usage control

policies associated with the data are honored. (or e'ample, a data owner can specify that

user = is only allowed to view but not to modify the data. "he logger will control the data

access even after it is downloaded by user =. "he log harmoni#er forms the central

component which allows the user access to the log files. "he log harmoni#er is

responsible for auditing.


8/10

CONCLUSION:

We proposed innovative approaches for automatically logging any access to the data in

the cloud together with an auditing mechanism. ur approach allows the data owner to

not only audit his content but also enforce strong back-end protection if needed.

4oreover, one of the main features of our work is that it enables the data owner to audit

even those copies of its data that were made without his knowledge.

In the future, we plan to refine our approach to verify the integrity of the $&? and the

authentication of $%&s. (or e'ample, we will investigate whether it is possible to

leverage the notion of a secure $14 being developed by I4. "his research is aimed at

providing software tamper resistance to $ava applications. In the long term, we plan to

design a comprehensive and more generic object-oriented approach to facilitate

autonomous protection of traveling content. We would like to support a variety of

security policies, like inde'ing policies for te't files, usage control for e'ecutables, and

generic accountability and provenance controls.


9/10

REFERENCES:

2D *. %mmann and ). $ajodia, E9istributed "imestamp 3eneration in *lanar @attice

Fetworks,G %C4 "rans. Computer )ystems, vol. 22, pp. 5:6-556, %ug. 2HHB.

5D 3. %teniese, &. urns, &. Curtmola, $. 8erring, @. >www.oasis-open.org> committees>tc home.phpLwg

abbrevMsecurity, 5:25.
http://www.oasis-open.org/http://www.oasis-open.org/http://www.oasis-open.org/


10/10

HD &. Corin, ). ?talle, $.I. den 8artog, 3. @en#ini, and I. )taicu, E% @ogic for %uditing

%ccountability in 9ecentrali#ed )ystems,G *roc. I(I* "C2 W32.K Workshop (ormal

%spects in )ecurity and "rust, pp. 2JK-5:2, 5::6.

2:D . Crispo and 3. &uffo, E&easoning about %ccountability within 9elegation,G *roc.

"hird Intl Conf. Information and Comm. )ecurity ICIC)!, pp. 562-57:, 5::2.

22D N. Chen et al., Eblivious 8ashing % )tealthy )oftware Integrity 1erification

*rimitive,G *roc. Intl Workshop Information 8iding, (. *etitcolas, ed., pp. ;::-;2;,

5::B.

25D ). ?talle and W.8. Winsborough, E% *osteriori Compliance Control,G )%C4%" :K

*roc. 25th %C4 )ymp. %ccess Control 4odels and "echnologies, pp. 22-5:, 5::K.

ensuring data security base paper

Documents