Database Reference
In-Depth Information
Today's cloud computing models are designed to hide most of the inner workings
of the cloud from the users. From the cloud provider's point of view, this is designed
to protect the cloud infrastructure as well as the privacy of the users. However, this
comes at a cost - the users of a cloud get no information beyond whatever is pro-
vided by the cloud service provider. The users do not usually have control over the
operation of their virtual machines or applications running on the cloud other than
through the limited interface provided by the cloud service provider.
To resolve this, researchers have proposed architectures that provide security
guarantees to the users. Santos et al. designed a secure cloud infrastructure by lever-
aging trusted platform module or TPM chips to build a chain of trust [30]. This was
used to ensure that virtual machines or applications were always loaded on a trust-
worthy machine with trusted configuration.
Alternatively, there have been proposals in which part of the security decision
and capabilities are extended to the client's domain [22]. In this approach, a virtual
management infrastructure is used for control of the cloud's operations, and the cli-
ents are allowed to have control over their own applications and virtual machines.
There are several other research approaches for securing cloud architectures [7].
For example, Zhang et al. proposed hardening the hypervisor to enforce security
[33]. Excalibur [31] is another system that uses remote attestations and leverages
TPMs to ensure security of the cloud architecture.
19.3.3 a
CCountability
For
o
utsourCeD
b
ig
D
ata
s
ets
Research Question 3
: How can clients get assurance/proofs that the cloud provider
is actually storing data, is not tampering with data, and can make the data available
on demand [3,20]?
Data outsourcing is a major role of clouds. Big Data is by nature large in scale and
beyond the capacity of most local data storage systems. Therefore, users use clouds
to store their data sets. Another reason for using clouds is to ensure the reliability and
survivability of data stored in an off-site cloud.
However, today's cloud service providers do not provide any technical assurance
for ensuring the integrity of outsourced data. As clouds do not allow users to examine
or observe their inner workings, users have no idea where their data is being stored,
how it is stored, and whether the integrity of the data set is preserved. While encryp-
tion can ensure confidentiality of outsourced data, ensuring integrity is difficult. The
clients do not, most likely, have a copy of data, so comparing the stored version to
the local copy is not a realistic assumption. A naive solution is to download the data
completely to determine whether it was stored without any tampering. However, for
large data sets, the network bandwidth costs simply prohibit this approach.
A better approach has been to perform spot checks on small chunks of data
blocks. Provable Data Possession (PDP) [3] further improves this by first adding
redundancy to files, which prevents small bit errors, and then preprocessing the files
to add cryptographic tags. Later, the client periodically sends challenges for a small
and random set of blocks. Upon getting a challenge, the cloud server needs to com-
pute the response by reading the actual file blocks. PDP ensures that the server will
be able to respond correctly only if it has the actual file blocks. The small size of the
Search WWH ::
Custom Search