Ensuring distributed accountability for data sharing in the cloud

    47 Votes

Security of user data in cloud computing is required for Cloud computing and its services, User’s data processed in remote machine and due to fear of losing data and other security concerns. In order to achieve the security, Cloud Information Accountability(CIA) framework is used. It is Highly decentralized, which leverage JAR programmable capabilities. It also use distributed auditing mechanisms.

Cloud user send his/her data and access control policies to the service provider. The service provider will have granted access rights. If the rights are granted using conventional access control mechanisms, data will be fully available at the service provider. We use new logging and auditing techniques to track the actual usage of data. 

The logging technique must satisfy 
  • Logging should be decentralized
  • Every access to user’s data should be automatically logged
  • Log files should be reliable and tamper proof
  • Recovery mechanisms are also desirable
  • Log files should sent back to data owners periodically

Information accountability helps to trace the user’s data, Protect sensitive and confidential information  and enhance user’s trust in cloud computing. A cloud is accountable if faults can be reliably detected and each fault can be linked to one party (customer or provider).

Major components of CIA framework

Ensuring distributed accountability Cloud computing

Logger

  • Have logging access to a particular instance of user data
  • Encrypt log record using the public key of the content owner
  • Periodically send the log record to log harmonizer
  • Ensure access & usage control policies associated with data are honored
  • Generate the error correction information for each log record

Log harmonizer

  • Responsible for auditing: Two strategies Push and Pull strategy
  • Responsible for handling log file corruption

Logger structure

  • Outer JAR - Contain more than one inner JARs. Handle authentication of entities to access the data. Selecting the correct inner JAR. Checking the JVM’s validity. Managing the Graphical User interface
  • Inner JAR - Encrypted data, retrieval of log files, display enclosed data. Two options - Pure log and Access log

To ensure log correctness, cloud Verify the access time, locations and actions. JAR can perform an IP lookup to find the location of the cloud service provider. Actions to user’s data has to be logged. Mainly four types of actions used - View, Download, Timed access and Location based access.

Dependability of logs

  • JARs Availability - Log harmonizer deals with Copies of JARs and logger components, Recovering of corrupted logs, Stores error correction information and Decrypt the log records & handle duplicate records
  • Log Correctness - JRE of the system must remain unmodified. Verify the integrity of the logger component by Repair the JRE before logger is launched and Insert hash codes to detect modifications of the JRE
  • Push mode - The logs are periodically pushed to the data owner by the harmonizer. Ensures size of the log files does not explode. Enables timely detection and correction of any loss or damage to log files
  • Pull mode - Auditors may retrieve the logs any time. Pull message contains FTP pull command

Conclusion

CIA performs automatic authentication of users. Data owner can confirm that his data is safe in the cloud by using auditing mechanism. Able to distribute applications to many different mobile devices. Information gathering capabilities is high. High portability

Attachments:
Download this file (Ensuring distributed accountability for data sharing in the cloud.ppt)Ensuring distributed accountability for data sharing in the cloud.ppt[PPT Presentation]1897 Kb