Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Laboratory Regular Seminar 2013-07-22 TaeHoon Kim Article.

Published byDarren Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Laboratory Regular Seminar 2013-07-22 TaeHoon Kim Article."— Presentation transcript:

1 Database Laboratory Regular Seminar 2013-07-22 TaeHoon Kim Article

2 Contents 1.Introduction 2.Solution Overview 3.Iris - Iris Authenticated file system - Iris Structure 4.Auditing Framework 5.Conclusion

3 /15 1. Introduction  Cloud Computing Service Model offers users(called tenants) on- demand network access A large shared pool of computing resources(cloud)  Many of company adopted private cloud IBM, HP, VMware, EMC2  Public cloud are not adopted Security and operational risk  Including hardware failure, software bugs, power outages, server misconfiguration, malware, and inside threats Lack of availability and reliability  Striking loss of personal customer data 3 http://blog.naver.com/PostView.nhn?blogId=lugenzhe&logNo=90100646811&redirect=Dlog&widgetTypeCa ll=truehttp://blog.naver.com/PostView.nhn?blogId=lugenzhe&logNo=90100646811&redirect=Dlog&widgetTypeCa ll=true

4 /15 1. Introduction  Potentially malicious tenants Ristenpart et al,[18], such an attacker an exploit side channels in shared hardware to exfiltrate sensitive data  Our research addresses The challenge of migrating enterprise data into the public cloud  Devised Cryptographic protocol Propose auditing framework to verify properties of the internal operation of the cloud and assure enterprise 4

5 /15 2. Solution Overview  Our vision of more-trustworthy cloud-computing model Manages cryptographic keys Maintains trusted storage for integrity Freshness enforcement Redundancy to data for enhanced availability 5

6 /15 3. Iris Authenticated file system  An authenticated file system Allows migration of existing internal enterprise systems into cloud  Offer strong integrity and freshness guarantees  Minimizes the effects of network latency on file-system operations  Is designed to use any existing back-end cloud storage system transparently without modification 6

7 /15 3. Iris Structure(2 layers)  The gateway-side Caches data and meta-data blocks from the file system recently accessed by enterprise users. Computes integrity checks  Namely MACs on data block  MACs Fixed-size file segments of typical size 4KB Enables random access Verification of individual file-block integrity 7

8 /15 3. Iris Structure(2 layers)  Merkle-tree-based structure Internal nodes of the tree contain hashes of their children Tenant can efficiently verify the integrity and freshness data MAC and freshness of the block- version number Support for existing file-system operations Support for concurrent operations 8 http://en.wikipedia.org/wiki/Merkle_tree#How_hash_trees_work

9 /15 4. Auditing Framework  When Alice(client) stores data with Bob, she wants to know that Bob(service provider) has not let her data succumb to bit rot, storage-device failure, corruption by buggy software, … etc Using strong cryptographic approach to assurance : PoR(Proofs of Retrievability)  Bob proves to Alice that a given piece of Data D stored in the cloud is not damaged and retrievable  Cryptographically verify the correctness of all cloud-stored data 9

10 /15 4. Auditing Framework  Notation D is some piece of data D * is constructed by appending what are called “parity blocks” r i denote the i th data block(fixed- size 4KB)  Using secret key k, Alice can compute MACs, secret-key digital signatures over data blocks r 1, r 2, r 3 … r n  To verify the correctness of a block r1, Alice uses k and c i Alice needs to store only the key k 10 http://en.wikipedia.org/wiki/Merkle_tree#How_hash_trees_work

11 /15 4. Auditing Framework  PoR(Proofs of Retrievability) efficient only for checks on static data(such as archived data)  PDP(Proof of Data Possession) Enables public verification of data integrity  Dynamic PoR Conceals individual parity-block updates from Bob, as well as the code structure  PoS(Proofs of Storage) Detecting data loss  E.g)drive crash, a large data center is likely to experience thousands of drive failures each year[19] 11

12 /15 4. Auditing Framework  Auditing of drive-failure Solution : RAFT(Remote Assessment of Fault Tolerance Makes use of bounds on the seek time of a rotational drive  RAFT operates specifically on data stored in rotational drives, exploiting their performance limitations as a bounding parameter 12

13 /15 4. Auditing Framework  If the cloud provider fails to respond correctly to an audit due to data loss? HAIL(High availability and integrity layer) is the solution Works by promptly detecting and recovering from data corruption(is similar to RAID)  HAIL An extension of RAID into the cloud distributing data across multiple cloud providers to achieve continuous availability 13 http://blog.naver.com/capemay?Redirect=Log&logNo=40192616466 http://jaesoo.com/study_board/23324

14 /15 4. Auditing Framework  To provide recovery(resilience)cloud-provider failure, the gateway splits the data into fixed-size blocks and encodes it with a new erasure code ; dispersal code  Distributes her data with embedded redundancy a set of n cloud providers:S 1 … S n 14

15 /15 Conclusion  Described new techniques a range of protections, integrity and freshness verification to high data availability  Proposed an auditing framework  These technique enable an extension from enterprise internal data centers into public clouds  Our hope alleviate some of the concern over security in the cloud facilitate migration of enterprise resources into public clouds 15

16 /15 Q/A  Thank you for listening my presentation 16

Download ppt "Database Laboratory Regular Seminar 2013-07-22 TaeHoon Kim Article."

Similar presentations

What is RAID Redundant Array of Independent Disks.

What is RAID Redundant Array of Independent Disks.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
HAIL (High-Availability and Integrity Layer) for Cloud Storage

HAIL (High-Availability and Integrity Layer) for Cloud Storage
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
2P13 Week 11. A+ Guide to Managing and Maintaining your PC, 6e2 RAID Controllers Redundant Array of Independent (or Inexpensive) Disks Level 0 -- Striped.

2P13 Week 11. A+ Guide to Managing and Maintaining your PC, 6e2 RAID Controllers Redundant Array of Independent (or Inexpensive) Disks Level 0 -- Striped.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank

Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Wide-area cooperative storage with CFS

Wide-area cooperative storage with CFS
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
Servers Redundant Array of Inexpensive Disks (RAID) –A group of hard disks is called a disk array FIGURE 14-10 Server with redundant NICs.

Servers Redundant Array of Inexpensive Disks (RAID) –A group of hard disks is called a disk array FIGURE Server with redundant NICs.
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Similar presentations

Ads by Google