Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Slides:



Advertisements
Similar presentations
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Advertisements

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
Security Prospects through Cloud Computing by Adopting Multiple Clouds Meiko Jensen, Jorg Schwenk Jens-Matthias Bohli, Nils Gruschka Luigi Lo Iacono Presented.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
Principles of Information Security, 2nd edition1 Cryptography.
11 DICOM Image Communication in Globus-Based Medical Grids Michal Vossberg, Thomas Tolxdorff, Associate Member, IEEE, and Dagmar Krefting Ting-Wei, Chen.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
SaaS, PaaS & TaaS By: Raza Usmani
Computer Measurement Group, India CLOUD PERFORMANCE TESTING - KEY CONSIDERATIONS Abhijeet Padwal, Persistent Systems.
Plan Introduction What is Cloud Computing?
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
A Seminar on Securities In Cloud Computing Presented by Sanjib Kumar Raul Mtech(ICT) Roll-10IT61B09 IIT Kharagpur Under the supervision of Prof. Indranil.
Cloud Computing All Copyrights reserved to Talal Abu-Ghazaleh Organization
Osama Shahid ( ) Vishal ( ) BSCS-5B
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.
DATA DYNAMICS AND PUBLIC VERIFIABILITY CHECKING WITHOUT THIRD PARTY AUDITOR GUIDED BY PROJECT MEMBERS: Ms. V.JAYANTHI M.E Assistant Professor V.KARTHIKEYAN.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Identity-Based Secure Distributed Data Storage Schemes.
Presented by: Mostafa Magdi. Contents Introduction. Cloud Computing Definition. Cloud Computing Characteristics. Cloud Computing Key features. Cost Virtualization.
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
 Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). 
Application Development
Presented By: Kasey Campbell John Geer.  Hermes Company Transfer will allow the passing of files, large or small, between companies.  All files are.
- A. Celesti et al University of Messina, Italy Enhanced Cloud Architectures to Enable Cross-Federation Presented by Sanketh Beerabbi University of Central.
E-commerce Architecture Ayşe Başar Bener. Client Server Architecture E-commerce is based on client/ server architecture –Client processes requesting service.
Speed Cash System. Purpose of the Project  online Banking Transaction Information.  keeping in view of the distributed client server computing technology,
 Abstract  Introduction  Literature Survey  Conclusion on Literature Survey  Threat model and system architecture  Proposed Work  Attack Scenarios.
Md Baitul Al Sadi, Isaac J. Cushman, Lei Chen, Rami J. Haddad
Unit 3 Virtualization.
CLOUD ARCHITECTURE Many organizations and researchers have defined the architecture for cloud computing. Basically the whole system can be divided into.
Course: Cluster, grid and cloud computing systems Course author: Prof
Chapter 6: Securing the Cloud
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
Conflict Resolution & Policy Compliance in Multi-Cloud Distributed System. Presented By:- Adarsh Pillay Deepak Begrajka Rudra gupta.
Distributed Cache Technology in Cloud Computing and its Application in the GIS Software Wang Qi Zhu Yitong Peng Cheng
Cloud Security– an overview Keke Chen
N-Tier Architecture.
Recommendation 6: Using ‘cloud computing’ to meet the societal need ‘Faster and transparent access to public sector services’ Cloud computing Faster and.
Sindhusha Doddapaneni
Cloud Computing Kelley Raines.
Chapter 21: Cloud Computing and Related Security Issues
Introduction to Cloud Computing
Chapter 22: Cloud Computing Technology and Security
Overview Introduction VPS Understanding VPS Architecture
Cloud Computing Dr. Sharad Saxena.
Continuous Performance Engineering
EIS Fast-track Revision Om Trivedi Enterprise Information Systems
Concept of VLAN (Virtual LAN) and Benefits
Outline Virtualization Cloud Computing Microsoft Azure Platform
Lecture 1: Multi-tier Architecture Overview
Cloud Computing and its Implementation
Cloud Security 李芮,蒋希坤,崔男 2018年4月.
RKL Remote key loading.
Syllabus and Introduction Keke Chen
Firewalls Jiang Long Spring 2002.
Emerging technologies-
Cloud Computing: Concepts
ONLINE SECURE DATA SERVICE
MS AZURE By Sauras Pandey.
Erica Burch Jesse Forrest
Practice Management & Patient Health Record sharing system
06 | SQL Server and the Cloud
Presentation transcript:

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold et al 지능형 시스템 연구실 문성필

Outline Introduction Cloud Model Comparison Hybrid Cloud Architecture Implemented Prototype Conclusion

Introduction The increasing knowledge about cloud computing technology and its publicity leads to a growing number of service offerings over the Internet Even small and medium sized companies are able to offer services through cloud computing concepts Resource can be obtained easily from public cloud providers e.g. Amazon Web Services, Instagram

Introduction Many of these cloud services are provided in a form of Software-as-a-Service (SaaS) The high acceptance of these services suggests that private consumers have a lower privacy demand than business users Typical reasons are security and privacy This paper propose a hybrid cloud architecture enhanced with an additional architecture layer between business logic and persistence layer It has minimal migration effort and reveals no information, except for meta data

Cloud Model Comparison The table shows a comparison between the 3 cloud service models Privacy is low for public and medium for private cloud Private clouds have strong authorization and access control But, there is no special requirement to secure data The cloud provider often has access to customer data

Cloud Model Comparison The table shows a comparison between the 3 cloud service models Data-at-rest encryption is possible in all of the models But, strongly connected with key ownership and management If the same istance encrypts data and stores the referring key, that is not trustable security

Hybrid Cloud Architecture The aim of this paper is to combine the security of a private cloud and availability of a public cloud This paper proposed privacy-enhanced hybrid cloud architecture

Hybrid Cloud Architecture The architecture of this paper use AES for encryption The result of test about encryption algorithms, AES works most efficient

Hybrid Cloud Architecture Key concept The master key kM The master key is persisted by consumer The master key is used to encrypt / decrypt the data keys The data key dxky The data keys are persisted by the provider The data keys are used to encrypt / decrypt data The transfer key kT The transfer key are generated during the customers registration The transfer key are used for secure exchange of a temporary copy of the consumers’ master key

Hybrid Cloud Architecture The consumer uses a computer with Internet connection to access the SaaS The consumer has a master key for encryption

Hybrid Cloud Architecture The initial login and identification procedure should be located on physically separated hardware or be outsourced to a trusted ID verification provider

Hybrid Cloud Architecture The key management system, storing encryption keys, is another security critical resource and should not be integrated in the private cloud

Hybrid Cloud Architecture The private cloud structures contain the application server layer and encryption server layer

Hybrid Cloud Architecture All communication pass these tiers, so they have to be highly scalable The public cloud provider is illustrated in form of a persistence layer

Hybrid Cloud Architecture Security Overview After a successful login, the consumer allows the provider to decrypt the data keys dxky with its master key kM The data keys allow decrypting the data stored in the public cloud This method makes the consumer and SaaS provider trust the public cloud provider in next three scenario

Hybrid Cloud Architecture Threat Scenario A An attack against the public cloud provider Even if the attackers have full access to resources of the cloud provider, all data are secure Attack!

Hybrid Cloud Architecture Threat Scenario B An attack against the SaaS provider If SaaS provider is attacked, the attacker gets no access to consumer data Because the attacker can’t decrypt data keys Attack!

Hybrid Cloud Architecture Threat Scenario C An attack against the consumer The attacker obtains the login credentials, factors and the master key But the attacker can’t access to other consumer’s data Application servers of different consumers should be at least virtually separated Attack!

Implemented Prototype The private cloud servers Environment OpenNebula 4.4 CPU 3 GHz Dual-Cores RAM 8 GB Key Management VM (Virtual Machines) Load balancing Jboss mod_cluster 1.2.6 Gateway Apache http-Server

Implemented Prototype Client and server http POST requests for file uploads http GET requests for file downloads The client send SQL Queries to test the DB capability

Implemented Prototype Test Setup Started with a delay of 20s, send files While one client sends SQL queries Two file clients work after the following patterns ABABA A : UDD (upload, download, delete) 12 files of 1MB, 2s delay B : UDD 12 files of 1MB, 10ms delay Third client work after the following patterns CDC C : UDD 5 files of 10MB, 5s delay D : UDD 3 files of 10MB 10ms delay The simulated clients take 10m 23s

Implemented Prototype Test Results The result shows the percentage of times of each works to upload / download files to cloud The encryption and decryption times compared to upload / download times are so small

Conclusion Hybrid cloud architecture offers compromise for multiple reasons The solution addresses SME with experience in SaaS and own hardware infrastructure This model offers a higher security level and lowers privacy concerns of consumers The prototype includes scalable and flexible encryption servers With minimal key management system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.