Data Security in Cloud Computing

Document Sample
Data Security in Cloud Computing Powered By Docstoc
					National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                      31

                           Data Security in Cloud Computing
                                                                   Mini T
                                                         ME Computer Science
                                               Sun College of Engineering and Technology
                                                     Erachakulam, Nagercoil, India

   Abstract— Cloud Computing provides a way to share distributed        for number of reasons. Firstly, traditional cryptographic
   resources , software and information to computers and other          primitives for the purpose of data security protection can not
   devices on_demand which belongs to different organizations. Any      be directly adopted due to the users’ loss control of data under
   computing services like cloud computing should provide the data
   security and integrity for getting acceptance by the users. Since    Cloud Computing. Therefore, verification of correct data
   cloud computing uses distributed resources in open environment,      storage in the cloud must be conducted without explicit
   clients of cloud computing have some problems of security,           knowledge of the whole data. Considering various kinds of
   integrity and confidentiality of their data and computations. To     data for each user stored in the cloud and the demand of long
   overcome this problem we analyse some security requirements in       term continuous assurance of their data safety, the problem of
   cloud computing environment. For this we propose a Trusted
   Cloud Computing Platform (TCCP), which enables IaaS
                                                                        verifying correctness of data storage in the cloud becomes
   providers to provide a secured box execution environment for         even more challenging. Secondly, Cloud Computing is not
   security, integrity and confidentiality of data. To improve the      justa third party data warehouse. The data stored in the cloud
   security of shared data objects and distributed software modules     may be frequently updated by the users, including insertion,
   Data Coloring technique is used in the TCCP.                         deletion, modification, appending, reordering, etc. To ensure
       Keywords - cloud computing; Trusted Cloud Computing              storage correctness under dynamic data update is hence of
   Platform; Data Coloring;                                             paramount importance. However, this dynamic feature also
                                                                        makes traditional integrity insurance techniques futile and
                          I.    INTRODUCTION                            entails new solutions. Last but not the least, the deployment of
                                                                        Cloud Computing is powered by data centers running in a
       Cloud computing is used to reduce the IT costs by storing        simultaneous, cooperated and distributed manner. Individual
   data and computations in virtual machines. Cloud computing           user’s data is redundantly stored in multiple physical locations
   has improve IT to newer limits by store data and share
                                                                        to further reduce the data integrity threats. Therefore,
   resources to reducing capital expenditure. It reduces the time
                                                                        distributed protocols for storage correctness assurance will be
   required to install resources and new servers, which take more
   time to do it. It allow the clients to quick accessing of            of most importance in achieving a robust and secure cloud
   uploading and downloading of datas and all computations              data storage system in the real world.
   when they need to access. Cloud users have no need of instal
   separate storage and softwares in their own computing devices.       System Model
       Instead of installing storage and softwares in the clients          There are three different network entities are used in the
   machines, to reduce all installation expenditure clients can         representation of network architecture of cloud data storage.
   renting storage and software from a cloud provider. The cloud        Three different network entities can be identified as follows:
   providers have a large storage and software with them to                User: users, who have data to be stored in the cloud and rely
   provide the clients when they request them for rent. When
                                                                        on the cloud for data computation, consist of both individual
   renting the resources and software from cloud providers
   security is the most serious problem for the clients. To avoid       consumers and organizations.
   this, the cloud service users or clients must need to secure their      Cloud Service Provider (CSP): a CSP, who has significant
   data before store into the cloud providers.                          resources and expertise in building and managing distributed
                                                                        cloud storage servers, owns and operates live Cloud
      One of the most serious problem is the posibility of              Computing systems.
   confidentiality violations. This is because of change or leak the      Third Party Auditor (TPA): an optional TPA, who has
   company’s data, known or unknown by the cloud provider’s             expertise and capabilities that users may not have, is trusted to
   employees. This may damage the name and finances of the              assess and expose risk of cloud storage services on behalf of
   company. For this they can use encryption before store their         the users upon request.
   data to the providers where the data is to be computed.                 In cloud data storage, a user stores his data through a CSP
      From the perspective of data security, which has always           into a set of cloud servers, which are running in a cloud
   been an important aspect of quality of service, Cloud                provider, Co-operated and distributed manner. Data
   Computing internally poses new challenging security threats          redundancy can be employed with technique of erasure

   Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                              32

   correcting code to further tolerate faults or server crash as         instances in cases of EC2 or by just increasing memory in some
   user’s data grows in size and importance. Thereafter, for             other case.
   application purposes, the user interacts with the cloud servers       On-demand self-service
   via CSP to access or retrieve his data. In some cases, the user
   may need to perform block level operations on his data. The               A consumer can unilaterally provision computing capabilities,
   most general forms of these operations we are considering are         such as server time and network storage, as needed automatically
                                                                         without requiring human interaction with each service’s provider.
   block update, delete, insert and append.
        As users no longer possess their data locally, it is of          Broad Network Access
   critical importance to assure users that their data are being            Capabilities are available over the network and accessed through
   correctly stored and maintained. That is, users should be             standard mechanisms that promote use by client platforms (e.g.,
   equipped with security means so that they can make                    mobile phones, laptops, and PDAs).
   continuous correctness assurance of their stored data even
                                                                         Resource Pooling
   without the existence of local copies. In case that users do not
   necessarily have the time, feasibility or resources to monitor           The provider’s computing resources are pooled to serve multiple
   their data, they can delegate the tasks to an optional trusted        consumers using a multi-tenant model, with different physical and
                                                                         virtual resources dynamically assigned and reassigned according to
   TPA of their espective choices. In our model, we assume that
                                                                         consumer demand. A sense of location independence exists because
   the point-to-point communication channels between each                the customer generally has no control over or knowledge of the
   cloud server and theuser is authenticated and reliable, which         provided resources’ exact location but may be able to specify location
   can be achieved in practice with little overhead. Note that we        at a higher level of abstraction (e.g., country, state, or data center).
   don’t address the issue of data privacy in this paper, as in          Examples of resources include storage, processing, memory, network
   Cloud Computing, data privacy is orthogonal to the problem            bandwidth, and virtual machines.
   we study here. Not only does it desire to move data that has          Rapid Elasticity
   not been or is rarely accessed to a lower tier of storage than
                                                                            Capabilities can be rapidly and elastically provisioned, in some
   agreed for netary reasons, but it may also attempt to hide a
                                                                         cases automatically, to quickly scale out and rapidly released to
   data loss incident due to management errors, Byzantine                quickly scale in. To the consumer, the capabilities available for
   failures and so on. On the other hand, there may also exist an        provisioning often appear unlimited and can be purchased in any
   economicallymotivated adversary, who has the capability to            quantity at any time.
   compromise a number of cloud data storage servers in
                                                                         Measured Service
   different time intervals and subsequently is able to modify or
   delete users’ data while remaining undetected by CSPs for a              Cloud systems automatically control and optimize resource use by
   certain period.                                                       leveraging a metering capability appropriate to the type of service
                                                                         (e.g., storage, processing, bandwidth, and active user accounts). The
                                                                         provider and consumer can monitor, control, and report resource
      There are two types of adversary models involved in cloud          usage, thus providing transparency of the utilized service.
   computing Threats. They are
   Weak Adversary: The adversary is interested in corrupting the         Location and Device Independence
   user’s data files stored on individual servers. Once a server is          Users can access the server through the internet from any
   comprised, an adversary can pollute the original data files by        place and from any device including the iPhone and Androids.
   modifying or introducing its own fraudulent data to prevent
   the original data from being retrieved by the user.                   Data Protection
   Strong Adversary: This is the worst case scenario, in which we            Where do data physically reside, and does the data’s location
   assume that the adversary can compromise all the storage              have legal ramifications?
   servers so that he can intentionally modify the data files as             Are data safely protected (i.e., by encryption) while stationary or
   long as they are internally consistent. In fact, this is equivalent   in motion within and across the cloud?
   to the case where all servers are colluding together to hide a
                                                                             How is availability of data assured in the cloud?
   data loss or corruption incident.
                                                                             Does the provider take measures to ensure that deleted data is not
   Features of cloud computing                                           recoverable?

       The major features of cloud computing are discussed here,         Security Control
   Consumption based billing                                                What security controls does the cloud provider need to
                                                                         implement, and how?
       Pay per use is the winning characteristic for cloud. You              How are assurance levels effectively and efficiently managed in
   can pay for the time you use the infrastructure of cloud              the cloud?
   Rapid Elasticity                                                      Security Threats in Cloud Computing
    Consumers can increase or decrease the capacity within a               Traditional server environments pose several challenges:
   matter of minutes. This can be by adding instances in case of         high labor and capital costs, long development and eployment

   Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                     33

   cycles and quality risks associated with largely manual             model in which public verifiability is enforced can be used
   processes. Organisations are now finding new ways to meet           where the third party auditor audits the data without wasting
   these challenges using cloud computing from cloud providers.        with user's time to ensure the data security.
   Some cloud infrastructures designed to provide rapid access to
   security-rich, enterprise-class virtual server environments,        How to Secure Data during Transport in Cloud Computing
   well suited for development and test activities and other              When transporting data in cloud computing environment,
   dynamic workloads. Ideal for both IT and application                keep two things in mind: Make sure that no one can intercept
   development teams, the Cloud delivers cloud-based services,         your data as it moves from client to cloud provider in the
   systems and software to meet the needs of your business.            cloud, and make sure that no data tamper with or leaks from
                                                                       any storage in the cloud.
        The three general models of cloud computing are IaaS
   (Infrastructure as a Service), PaaS (Platform as a Service),            In the cloud, the sending data from client to cloud provider
   and SaaS (Software as a Service). Each of these models              might be within a cloud environment. The data can be send to
   possess a different impact on application security. However,        the public Internet between an enterprise and a cloud provider,
   in a typical scenario where an application is hosted in a cloud,    or between two or more cloud providers.
   two broad security questions that arises are:                          The security process may include separating our data from
             – How secure is the Data?                                 other companies’ data and then encrypting it by using any
            – How secure is the Code?                                  encryption methods. In addition, you can provide security to
        Cloud computing environment is generally assumed as a          older data that remains with a cloud provider after you no
   potential cost saver as well as provider of higher service          longer need it.
   quality. Security,confidentiality, Availability, and Reliability
                                                                          A virtual private network (VPN) is one way to manage the
   are the major quality concerns of cloud service users. These
                                                                       security of data during its transport in a cloud environment. A
   suggests that security in one of the important challenge among
                                                                       VPN essentially makes the public network your own private
   all other quality challenges.                                       network instead of using dedicated connectivity.
      The data transfer between cloud providers and cutomers           Security components of cloud computing
   can be secured using SSL. Users ignore the warning exploited
   by attackers because this technology is much familiar. Google       Firewall
   has demonstrated such type of exploitation in cloud based               A firewall to act as a barrier to between the public Internet
   services. On the other hand, a flaw in indexing system design       like cloud providers and any private network like cloud users.
   has resulted in security vulnerability where one user can read
   others documents. Also there are other attacks which were           Encryption
   successful on cloud which makes it vulnerable to attacks.               Encryption is used to protect our sensitive data from
                                                                       hackers and employees in the cloud providers; only the
       The developer should always assume that intruders have          computer that you send the data should have the key to decode
   full access to the client as anyone including intruders can buy     the data by using some Decryption methods.
   the software in SaaS model. Though they are not supplied with
   source code, they still have access to binaries using which they    Antivirus
   can exploit the vulnerabilities. Hence there should always be a        Antivirus scanning can be done on the cloud to reduce the
   verification mechanism to verify client requests before             risk of malicious activities. It is an expensive operation and
   execution.                                                          doing it once ahead of time for benefit of many could be
   Data Security in cloud Computing                                    advantageous, and with the power of cloud more anti-virus
                                                                       engines can be employed to make more efficient. The
     The organisations using cloud computing should maintain           challenge here is bridging the gap between the threat release
   their own data backups even if the providers backs up data for      and the virus signature release. Although antivirus scanning is
   the organisation. This will help continuous access to their data    an expensive operation, it should be repeated with the release
   even at the critical situations such as data providers going shut   of new virus signatures
   down or disaster at data center etc.
                                                                           Providing security for cloud computing requires more than
       A client or customer manager has to eliminate the fear of       authentication using passwords and confidentiality in data
   data leakage and loss of privacy in cloud computing. In             transmission. This proposed to a solution for intrusion which can undergo a security threat; theft of        detection in cloud computing. The solution consists of two
   sales data and various ways that an intruder can gain               kinds of analysis behavioural analysis and knowledge analysis.
   knowledge based on the un-encrypted data. The threats include       In behavioural analysis, the data mining techniques were used
   the collection of personal information and getting inappropriate    to recognize expected behaviour or a sever deviation of
   access to the information. Based on this scenario a set of          behaviour and in knowledge analysis security policy violations
   requirements was derived which include the minimization of          and attack patterns were analysed to detect or prevent
   personal and sensitive data used in cloud and maximising            intrusion.
   security protection of data. Finally the overall architecture for
   client-based privacy data manager has been depicted.         The

   Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                   34

       Depending upon the need of security of our data, the level      itself can prevent attacks that require physical access to the
   of concern about data security may differ for everyone. In some     machines.
   situations, such as with a test environment processing test data,       Sysadmins need privileged permissions at the cluster’s
   you may have limited concerns about some of these security          machines in order to manage the software they run. Since we
   and privacy issues. In other situations where you may have a        do not precisely know the current IaaS providers, we assume
   lot at risk if the security and privacy of your data is             in our attack model that sysadmins can login remotely to any
   compromised, you need to evaluate how your cloud vendor             machine with root privileges, at any point in time. The only
   treats the security issues.                                         way a sysadmin would be able to gain physical access to a
   Infrastructure as a Service(IaaS)                                   node running a costumer’s VM is by diverting this VM to a
                                                                       machine under her control, located outside the IaaS’s security
       Today, cloud providers offer services at various software       perimeter.
   stack layers of the software stack model. Infrastructure as a
                                                                           Therefore, the TCCP must be able to confine the VM
   Service (IaaS) providers provide services to their customers to
   access the entire virtual machines (VMs) which are hosted by        execution inside the perimeter, and guarentee that at any
   the cloud providers. Some of the impotant Infrastructure as a       point a sysadmin with root privileges remotely logged to a
   Service (IaaS) providers are Amazon, Flexiscale and GoGrid.         machine hosting a Vm cannot access its memory.
   The responsibilities for providing the entire software stack
   running inside a VM is the customers or the users of the            Trusted Computing
   system. At higher layers, Software as a Service (SaaS) systems
   offer complete online applications that can be directly executed        The Trusted Computing Group (TCG) proposed a set of
   by their users. The most popular Software as a Service (SaaS)       hardware and software technologies to enable the construction
   systems is Google Apps.                                             of trusted platforms. In particular, the TCG proposed a
                                                                       standard for the design of the trusted platform module (TPM)
       Since the services in the higher layers of the software stack
   are provide the services for their own to run the software which    chip that is now bundled with commodity hardware. The TPM
   is directly access the customers data, the problem of               contains an endorsement private key (EK) that uniquely
   confidentiality of computations increases. The lower layer IaaS     identifies the TPM (thus, the physical host), and some
   cloud providers where securing a customer’s VM is more              cryptographic functions that cannot be modified. The
   manageable. While we know very little detail about the              respective manufacturers sign the corresponding public key to
   internal organization of IaaS services, we describe about the       guarantee the correctness of the chip and validity of the key.
   IaaS platform that offers an interface similar to EC2. It           Trusted platforms [1, 4, 5, 9] leverage the features of TPM
   manages one or more clusters whose nodes run a virtual              chips to enable remote attestation. This mechanism works as
   machine monitor (typically Xen) to host customers’ VMs. Our         follows. At boot time, the host computes a measurement list
   simple description aggregates all these components in a single      ML consisting of a sequence of hashes of the software
   cloud manager (CM) that handles a single cluster. VM is             involved in the boot sequence, namely the BIOS, the boot
   launched from a virtual machine image (VMI) loaded from the         loader, and the software implementing the platform. The ML is
   CM. Once a VM is launched, users can log in to it using             securely stored inside the host’s TPM. To attest to the
   normal tools such as ssh.                                           platform, a remote party challenges the platform running at the
       Also from the interface to every user, the CM exports           host with a nonce nU. The platform asks the local TPM to
   services that can be used to perform administrative tasks such      create a message containing both the ML and the nU,
   as adding and removing VMIs or users.                               encrypted with the TPM’s private EK. The host sends the
                                                                       message back to the remote party who can decrypt it using the
   Attack models in cloud computing                                    EK’s corresponding public key, thereby authenticating the
                                                                       host. By checking that the match and the ML corresponds to a
       A sysadmin of the cloud provider that has privileged            configuration it deems trusted, a remote party can reliably
   control over the backend can perpetrate many attacks in order       identify the platform on an untrusted host.
   to access the memory of a customer’s VM. With root
   privileges at each machine, the sysadmin can install or execute         A trusted platform like Terra implements a thin VMM that
   all sorts of software to perform an attack. Sysadmin run a user     enforces a closed box execution environment, meaning that a
   level process that directly accesses the content of a VM’s          guest VM running on top cannot be inspected or modified by a
   memory at run time. Furthermore, with physical access to the        user with full privileges over the host. The VMM guarantees
   machine, a sysadmin can perform more sophisticated attacks          its own integrity until the machine reboots. Thus, a remote
   like cold boot attacks and even tamper with the hardware.           party can attest to the platform running at the host to verify
       In current IaaS providers, we can reasonably consider that      that a trusted VMM implementation is running, and thus make
   no single person accumulates all these privileges. Moreover,        sure that her computation running in a guest VM is secure.
   providers already deploy stringent security devices, restricted     Given that a traditional trusted platform can secure the
   access control policies, and surveillance mechanisms to             computation on a single host, a natural approach to secure an
   protect the physical integrity of the hardware. Thus, we            IaaS service would be to deploy the platform at each node of
   assume that, by enforcing a security perimeter, the provider        the service’s backend. However, this approach is insufficient:

   Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                              35

   a sysadmin can divert a customer’s VM to a node not running                  Metadata Data Trusted computing Compute and storage
   the platform, either when the VM is launched, or during the                  Networking Binary analysis, scanners, WebApp .rewalls,
   VM execution. Consequently, the attestation mechanism of                     transactional security, copyright protection Data loss
   the platform does not guarantee that the measurement list                    protection, common log .le, database activity, monitoring,
   obtained by the remote party corresponds to the actual                       encryption, data coloring (watermarking) Government risk
   configuration of the host where the VM has been running  ser CM NN31 NN2 4

                                                                                management and compliance, identity and access
   E The components of the trusted cloud computing platform                     management, virtual machines (VMs), patch management
   include a set of trusted nodes (N) and the trusted coordinator               Hardware and software RoT and APIs, trust-overlay and
   (TC). The untrusted cloud manager (CM) makes a set of                        reputation systems IDS/IPS, host-based .rewalls, integrity and
   services available to users. The TC is maintained by an
                                                                                .re/log management, encryption, masking Network IDS/IPS,
   external trusted entity (ETE). Therefore, the TCCP needs to
                                                                                .rewalls, data processing information, anti-DDoS, QoS,
   provide a remote attestation that guarantees the immutability
                                                                                DNSSEC IPS: Intrusion-prevention system RoT: Root of trust
   of the platform’s security properties in the backend.
                                                                                DDoS: Distribted denial of service DNSSEC: Domain Name
   Trusted Cloud Computing Platform                                             System Security Extensions QoS: Quality of service Security,
                                                                                privacy, and copyright protection measures needed at various
      The Trusted Cloud Computing Platform (TCCP) that                          cloud service levels .
   provides a closed box execution environment by extending the
   concept of trusted platform to an entire IaaS backend. The                   Securing Software as a Service
   TCCP guarantees the confidentiality and the integrity of a
   user’s VM, and allows a user to determine up front whether or                   SaaS employs browser-initiated application software to
   not the IaaS enforces these properties.                                      serve thousands of cloud customers, who make no upfront
       Trusted platform module (TPM) chips, which are now                       investment in servers or software licensing. From the
   being bundled into commodity hardware and which provide                      provider’s perspective, costs are rather low compared with
   unique identification and a public endorsement key, plus                     conventional application hosting. SaaS — as heavily pushed
   capabilities that are specific to the machine on which the chip              by Google, Microsoft,, and so on — requires
   has been installed, are components of TCCP.                                  that data be protected from loss, distortion, or theft. Trans-
                                                                                actional security and copyright compliance are designed to
   Securing Infrastructure as a Service
                                                                                protect all intellectual property rights at this level. Data
                                                                                encryption and coloring offer options for upholding data
     The IaaS model lets users lease compute, storage, network,
                                                                                integrity and user privacy.
   and other resources in a virtualized environment. The user
   doesn’t manage or control the underlying cloud infrastructure
   but has control over the OS, storage, deployed applications,                 Data coloring
   and possibly certain networking components. Amazon’s
   Elastic Compute Cloud (EC2) is a good example of IaaS. At                       Data coloring is the technique used in the software file or
   the cloud infrastructure level, CSPs can enforce network                     data object to secure the clients data from attackers or threats.
   security with intrusion-detection systems (IDSs), firewalls,                 This lets us segregate user access and insulate sensitive
   antivirus programs, distributed denial-of-service (DDoS)                     information from cloud provider access.
   defenses, and so on.                                                            A trusted software environment that provides useful tools
                                                                                for building cloud applications over protected datasets. In the
   Securing Platform as a Service                                               past, watermarking was mainly used for digital copyright
                                                                                management. Christian Collberg and Clark Thomborson have
                                                                                suggested using watermarking to protect software modules.
      Cloud platforms are built on top of IaaS with system
                                                                                The trust model Deyi Li and his colleagues propose offers a
   integration and virtualization middleware support. Such
                                                                                second-order fuzzy membership function for protecting data
   platforms let users deploy user-built software applications
                                                                                owners. We extend this model to add unique data colors to
   onto the cloud infrastructure using provider-supported pro-                  protect large datasets in the cloud. We consider cloud security
   gramming languages and software tools (such as Java, Python,                 a community property. To guard it, we combine the
   or .NET). The user doesn’t manage the underlying cloud                       advantages of secured cloud storage and software
   infrastructure. Popular PaaS platforms include the Google App                watermarking through data coloring and trust negotiation. The
   Engine (GAE) or Microsoft Windows Azure. This level                          image is the data object being protected.
   requires securing the provisioned VMs, enforcing security                        Data coloring provides forward and backward color-
   compliance, managing potential risk, and establishing trust                  generation processes. We add the cloud drops (data colors)
   among all cloud users and providers. Cloud service models                    into the input photo and remove color to restore the original
   Applications APIs Content Integration OS and middleware                      photo. The coloring process uses three data characteristics to
   APIs Connectivity and delivery Virtualization Hardware IaaS                  generate the color: the expected value (Ex) depends on the
   PaaS SaaS Applications Data/information Management                           data content, whereas entropy (En) and hyperentropy (He) add

   Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                            36

   randomness or uncertainty, which are independent of the data       the security of the customers data stored in the providers of
   content and known only to the data owner. Collectively, these      cloud computing.
   three functions generate a collection of cloud drops to form a
   unique ―color‖ that providers or other cloud users can’t detect.                                REFERENCES
   Additional details about this cloud watermark scheme are           [1]
   available elsewhere.                                               [2]
       We can use data coloring at varying security levels based      [4]
   on the variable cost function applied. We can apply the            [5]
   method to protect documents, images, video, software, and          [6]
   relational databases. Figure 4b shows the details involved in      [7]Nuno Santos, Krishna P. Gummadi, Rodrigo Rodrigues, MPI-SWS
                                                                      Towards Trusted Cloud Computing.
   the color-matching process, which aims to associate a colored      [8]Kai Hwang, University of Southern California, Deyi Li, Tsinghua
   data object with its owner, whose user identification is also      University, China, Trusted Cloud Computing with Secure Resources and Data
   colored with the same Ex, En, and He identification                Coloring.
   characteristics. The color-matching process assures that colors    [8]
                                                                        cloud computing hype security/
   applied to user identification match the data colors. This can     [9] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh.
   initiate various trust-management events, including authentica-    Terra: A Virtual Machine-Based Platform for Trusted Computing.
   tion and authorization. Virtual storage supports color             In Proc. of SOSP’03, 2003.
   generation, embedding, and extraction.                             [10] TCG.
   Combining secure data storage and data coloring, we can
   prevent data objects from being damaged, stolen, altered, or
   deleted. Thus, legitimate users have sole access to their
   desired data objects. The computational complexity of the
   three data characteristics is much lower than that performed in
   conventional encryption and decryption calculations in PKI
   services. The watermark-based scheme thus incurs a very low
   overhead in the coloring and decoloring processes. The En and
   He functions’ randomness guarantees data owner privacy.
   These characteristics can uniquely distinguish different data

   Abbreviations and Acronyms

      IEEE - Institute of Electrical and Electronics Engineers
       IaaS – Infrastructure as a Service
      SaaS – Software as a Service
      PaaS – Platform as a Service
        TC – Trusted Computing
      TCP – Trusted Computing Platform
     TCCP – Trusted Cloud Computing Platform

        In this paper, we discuss the concerns about the
   confidentiality, availability and integrity of the cloud users
   data and computation are a major important measures for
   enterprises looking to embrace cloud computing. For the need
   of security of data in the cloud we present the design of a
   Trusted Cloud Computing Platform (TCCP) that enables IaaS
   services such as Amazon EC2 to provide a closed box
   execution environment.         TCCP guarantees confidential
   execution of guest VMs, and allows users to attest to the IaaS
   provider and determine if the service is secure before they
   launch their VMs. Data coloring is the technique used in the
   software file or data object to secure the clients data from
   attackers or threats. This lets us segregate user access and
   insulate sensitive information from cloud provider access.
   When we combine these two techniques, it leads to increase

   Department of CSE, Sun College of Engineering and Technology

Shared By: