Database Laboratory Regular Seminar 2013-07-22 TaeHoon Kim Article.

Slides:



Advertisements
Similar presentations
What is RAID Redundant Array of Independent Disks.
Advertisements

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Henry C. H. Chen and Patrick P. C. Lee
HAIL (High-Availability and Integrity Layer) for Cloud Storage
Digital Signatures and Hash Functions. Digital Signatures.
Database Administration and Security Transparencies 1.
2P13 Week 11. A+ Guide to Managing and Maintaining your PC, 6e2 RAID Controllers Redundant Array of Independent (or Inexpensive) Disks Level 0 -- Striped.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Wide-area cooperative storage with CFS
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
Servers Redundant Array of Inexpensive Disks (RAID) –A group of hard disks is called a disk array FIGURE Server with redundant NICs.
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
1 System Models. 2 Outline Introduction Architectural models Fundamental models Guideline.
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.
Project Presentation Students: Yan Michalevsky Asaf Cidon Supervisors: Alexander Shraer Assoc. Prof. Idit Keidar.
TECHNOLOGY GUIDE THREE
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
IVEC: Off-Chip Memory Integrity Protection for Both Security and Reliability Ruirui Huang, G. Edward Suh Cornell University.
Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Speaker: Meng-Ting Tsai Date:2010/11/16 Toward Publicly Auditable Secure Cloud Data Storage Services Cong Wang and Kui Ren..etc IEEE Communications Society.
Introduction. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
ACM 511 Introduction to Computer Networks. Computer Networks.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Presented by: Sanketh Beerabbi University of Central Florida.
A Multimedia Presentation by Louis Balzani. o Source of extreme power o High elasticity o Large data centers generate 5-7x savings.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Distributed File System. Outline Basic Concepts Current project Hadoop Distributed File System Future work Reference.
Cloud Computing Vs RAID Group 21 Fangfei Li John Soh Course: CSCI4707.
Seminar On Rain Technology
RAID TECHNOLOGY RASHMI ACHARYA CSE(A) RG NO
Pouya Ostovari and Jie Wu Computer & Information Sciences
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.
Chapter 40 Internet Security.
Searchable Encryption in Cloud
Reducing Risk with Cloud Storage
RAID Non-Redundant (RAID Level 0) has the lowest cost of any RAID
Cryptographic Hash Function
Cloud Computing By P.Mahesh
Cloud Testing Shilpi Chugh.
NET 311 Information Security
INFORMATION SYSTEMS SECURITY and CONTROL
TECHNICAL SEMINAR PRESENTATION
SYNERGY: Rethinking Secure-Memory Design for Error-Correcting Memories
ONLINE SECURE DATA SERVICE
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.
ACE – Auditing Control Environment
Presentation transcript:

Database Laboratory Regular Seminar TaeHoon Kim Article

Contents 1.Introduction 2.Solution Overview 3.Iris - Iris Authenticated file system - Iris Structure 4.Auditing Framework 5.Conclusion

/15 1. Introduction  Cloud Computing Service Model offers users(called tenants) on- demand network access A large shared pool of computing resources(cloud)  Many of company adopted private cloud IBM, HP, VMware, EMC2  Public cloud are not adopted Security and operational risk  Including hardware failure, software bugs, power outages, server misconfiguration, malware, and inside threats Lack of availability and reliability  Striking loss of personal customer data 3 ll=truehttp://blog.naver.com/PostView.nhn?blogId=lugenzhe&logNo= &redirect=Dlog&widgetTypeCa ll=true

/15 1. Introduction  Potentially malicious tenants Ristenpart et al,[18], such an attacker an exploit side channels in shared hardware to exfiltrate sensitive data  Our research addresses The challenge of migrating enterprise data into the public cloud  Devised Cryptographic protocol Propose auditing framework to verify properties of the internal operation of the cloud and assure enterprise 4

/15 2. Solution Overview  Our vision of more-trustworthy cloud-computing model Manages cryptographic keys Maintains trusted storage for integrity Freshness enforcement Redundancy to data for enhanced availability 5

/15 3. Iris Authenticated file system  An authenticated file system Allows migration of existing internal enterprise systems into cloud  Offer strong integrity and freshness guarantees  Minimizes the effects of network latency on file-system operations  Is designed to use any existing back-end cloud storage system transparently without modification 6

/15 3. Iris Structure(2 layers)  The gateway-side Caches data and meta-data blocks from the file system recently accessed by enterprise users. Computes integrity checks  Namely MACs on data block  MACs Fixed-size file segments of typical size 4KB Enables random access Verification of individual file-block integrity 7

/15 3. Iris Structure(2 layers)  Merkle-tree-based structure Internal nodes of the tree contain hashes of their children Tenant can efficiently verify the integrity and freshness data MAC and freshness of the block- version number Support for existing file-system operations Support for concurrent operations 8

/15 4. Auditing Framework  When Alice(client) stores data with Bob, she wants to know that Bob(service provider) has not let her data succumb to bit rot, storage-device failure, corruption by buggy software, … etc Using strong cryptographic approach to assurance : PoR(Proofs of Retrievability)  Bob proves to Alice that a given piece of Data D stored in the cloud is not damaged and retrievable  Cryptographically verify the correctness of all cloud-stored data 9

/15 4. Auditing Framework  Notation D is some piece of data D * is constructed by appending what are called “parity blocks” r i denote the i th data block(fixed- size 4KB)  Using secret key k, Alice can compute MACs, secret-key digital signatures over data blocks r 1, r 2, r 3 … r n  To verify the correctness of a block r1, Alice uses k and c i Alice needs to store only the key k 10

/15 4. Auditing Framework  PoR(Proofs of Retrievability) efficient only for checks on static data(such as archived data)  PDP(Proof of Data Possession) Enables public verification of data integrity  Dynamic PoR Conceals individual parity-block updates from Bob, as well as the code structure  PoS(Proofs of Storage) Detecting data loss  E.g)drive crash, a large data center is likely to experience thousands of drive failures each year[19] 11

/15 4. Auditing Framework  Auditing of drive-failure Solution : RAFT(Remote Assessment of Fault Tolerance Makes use of bounds on the seek time of a rotational drive  RAFT operates specifically on data stored in rotational drives, exploiting their performance limitations as a bounding parameter 12

/15 4. Auditing Framework  If the cloud provider fails to respond correctly to an audit due to data loss? HAIL(High availability and integrity layer) is the solution Works by promptly detecting and recovering from data corruption(is similar to RAID)  HAIL An extension of RAID into the cloud distributing data across multiple cloud providers to achieve continuous availability

/15 4. Auditing Framework  To provide recovery(resilience)cloud-provider failure, the gateway splits the data into fixed-size blocks and encodes it with a new erasure code ; dispersal code  Distributes her data with embedded redundancy a set of n cloud providers:S 1 … S n 14

/15 Conclusion  Described new techniques a range of protections, integrity and freshness verification to high data availability  Proposed an auditing framework  These technique enable an extension from enterprise internal data centers into public clouds  Our hope alleviate some of the concern over security in the cloud facilitate migration of enterprise resources into public clouds 15

/15 Q/A  Thank you for listening my presentation 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.