Distributed accountability for data sharing in cloud
Download as PPTX, PDF9 likes7,149 views
The document proposes a Cloud Information Accountability (CIA) framework to provide end-to-end accountability for data stored in the cloud. The CIA framework uses a logger component associated with each user's data to log all access and encrypt the logs. It also includes a log harmonizer that periodically collects encrypted logs and allows users to retrieve logs on demand for auditing purposes. The framework aims to enable data owners to track how their data is used while maintaining lightweight and decentralized logging.
Ad
More Related Content
What's hot (8)
Viewers also liked (10)
Ad
Similar to Distributed accountability for data sharing in cloud (20)
Ad
Recently uploaded (20)
Distributed accountability for data sharing in cloud
- 2. What is cloud computing? We see Cloud Computing as a computing model, not a technology. In this model “customers” plug into the “cloud” to access IT resources which are priced and provided “on-demand”. Cloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location and configuration of the system that delivers the services
- 3. There are different types of clouds that you can subscribe to depending on your needs. As a home user or small business owner, you will most likely use public cloud services. 1. Public Cloud - A public cloud can be accessed by any subscriber with an internet connection and access to the cloud space. 2. Private Cloud - A private cloud is established for a specific group or organization and limits access to just that group. 3. Community Cloud - A community cloud is shared among two or more organizations that have similar cloud requirements. 4. Hybrid Cloud - A hybrid cloud is essentially a combination of at least two clouds, where the clouds included are a mixture of public, private, or community.
- 5. Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that users’ data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, users’ fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, here, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. There are a number of notable commercial and individual cloud computing services, including Amazon, Google, Microsoft, Yahoo, and Sales force. Details of the services provided are abstracted from the users who no longer need to be experts of technology infrastructure.
- 6. This can be explained by an example: Consider a photographer who wants to sell her photos using cloud.She has the following requirements: Her photographs are downloaded only by users who have paid for her services. Potential buyers are allowed to view her pictures first before they make the payment to obtain the download right. Due to the nature of some of her works, only users from certain countries can view or download some sets of photographs.
- 7. For some of her works, users are allowed to only view them for a limited time, so that the users cannot reproduce her work easily. In case any dispute arises with a client, she wants to have all the access information of that client. She wants to ensure that the cloud service providers do not share her data with other service providers, so that the accountability provided for individual users can also be expected from the cloud service providers. These requirements are achieved using various modules.
- 8. • Data owners do not have the control over their data. • First, data handling can be outsourced by the direct cloud service provider (CSP) to other entities in the cloud and theses entities can also delegate the tasks to others, and so on. • Moreover, users may not know the machines which actually process and host their data.
- 9. • We propose a novel approach, namely Cloud Information Accountability (CIA) framework, based on the notion of information accountability. • Our proposed CIA framework provides end-toend accountability in a highly distributed fashion. One of the main innovative features of the CIA framework lies in its ability of maintaining lightweight and powerful accountability that combines aspects of access control, usage control and authentication. • By means of the CIA, data owners can track not only whether or not the service-level agreements are being honored, but also enforce access and usage control rules as needed. • Associated with the accountability feature, we also develop two distinct modes for auditing: push mode and pull mode.
- 10. Cloud Information Accountability(CIA) framework Distinct mode for Auditing Logging and Auditing techniques Major components of CIA
- 11. • CIA framework lies in its ability of maintaining lightweight and powerful accountability that combines aspects of access control, usage control and authentication. • By means of the CIA, data owners can track not only whether or not the service-level agreements are being honored, but also enforce access and usage control rules as needed.
- 12. The overall CIA framework, combining data, users, logger and harmonizer is shown in the framework. At the beginning, each user creates a pair of public and private keys based on Identity based encryption.(IBE) Using the generated key, the user will create a logger component which is a JARfile, to store its data items. The JAR file includes a set of simple access control rules specifying whether and how the cloud servers, and possibly other data stakeholders (users, companies) are authorized to access the content itself.
- 13. Then, he sends the JAR file to thecloud service provider that he subscribes to. To authenticate the CSP to the JAR we use OpenSSLbased certificates, wherein a trusted certificate authority certifies the CSP. Once the authentication succeeds, the service provider will be allowed to access the data enclosed in the JAR. As for the logging, each time there is an access to the data, the JAR will automatically generate a log record,encrypt it using the public key distributed by the data owner,and store it along with the data. In addition,some error correction information will be sent to the log harmonizer to handle possible log file corruption . The encrypted log files can later be decrypted and their integrity can be verified.
- 15. • Push mode: The push mode refers to logs being periodically sent to the data owner or stakeholder. • Pull mode: Pull mode refers to an alternative approach whereby the user(Or another authorized party) can retrieve the logs as needed.
- 16. • The logging should be decentralized in order to adapt to the dynamic nature of the cloud. • Every access to the user’s data should be correctly and automatically logged. • Log files should be reliable and tamper proof to avoid illegal insertion, deletion, and modification by malicious parties. • Log files should be sent back to their data owners periodically to inform them of the current usage of their data. • The proposed technique should not intrusively monitor data recipients’ systems, nor it should introduce heavy communication and computation overhead, which otherwise will hinder its feasibility and adoption in practice.
- 17. • There are two major components of the CIA, the first being the logger, and the second being the log harmonizer. • The logger is strongly coupled with user’s data (either single or multiple data items). Its main tasks include automatically logging access to data items that it contains, encrypting the log record using the public key of the content owner, and periodically sending them to the log harmonizer. • It may also be configured to ensure that access and usage control policies associated with the data are honored.
- 18. Processor - Pentium –III Speed - 1.1 Ghz RAM - 256 MB(min) Hard Disk - 20 GB Floppy Drive - 1.44 MB Key Board - Standard WindowsKeyboard Mouse - Two or Three Button Mouse Monitor - SVGA
- 19. • Operating System : Windows95/98/2000/ XP • Application Server : Tomcat5.0/6.X • Front End : HTML, Java, Jsp • Scripts : JavaScript. • Server side Script : Java Server Pages. • Database : Mysql 5.0 • Database Connectivity : JDBC.
- 20. We proposed innovative approaches for automatically logging any access to the data in the cloud together with an auditing mechanism. Our approach allows the data owner to not only audit his content but also enforce strong back- end protection if needed. Moreover, one of the main features of our work is that it enables the data owner to audit even those copies of its data that were made without his knowledge.