1 / 31

Presenter: Kuei -Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/1/2 (Happy New Year :D)

CloudZone : Towards an integrity layer of cloud data storage based on multi agent system architecture. Presenter: Kuei -Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/1/2 (Happy New Year :D). Outline. The Basics of Cloud Computing Introduction “ CloudZone ” Research Methodology Conclusions.

dakota
Télécharger la présentation

Presenter: Kuei -Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/1/2 (Happy New Year :D)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CloudZone: Towards an integrity layer of cloud data storage based on multi agent system architecture Presenter: Kuei-Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/1/2 (Happy New Year:D)

  2. Outline • The Basics of Cloud Computing • Introduction • “CloudZone” • Research Methodology • Conclusions

  3. The Basics of Cloud Computing What is cloud computing? 5 Essential characteristics Cloud computing layers Service models

  4. What is cloud computing? • Cloud computing is theuse of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). – by Wikipedia • A type of parallel and distributed system consisting of a collection of interconnected and virtualized computers that aredynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the cloud service provider (CSP) and cloud users.

  5. 5 Essential characteristics • On-demand self-service • A consumer can unilaterally provision computing capabilities, as needed automatically without requiring human interaction with each service’s provider. • Broad network access • Capabilities are available over the network and accessed through standard mechanisms (e.g., mobile phones, laptops, and PDAs). • Measured Service • Cloud systems automatically control and optimize resource use by leveraging a metering capability.

  6. 5 Essential characteristics (2) • Resource pooling • The provider’s computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamicallyassigned and reassigned according to consumer demand. • Rapid elasticity • Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in.

  7. Cloud Computing Layers

  8. Service Models • Software as a service (SaaS) • cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients. • Platform as a service (PaaS) • cloud providers deliver a computing platform. • Infrastructure as a service (IaaS) • IaaS providers offer computers, as physical or more often as virtual machines, and other resources.

  9. Introduction

  10. Introduction • The ultimate challenge in cloud computing is data-level security, and sensitive data is the domain of the enterprise, not the cloud computing provider. • Cloud Data Storage(CDS) systems offer services to assure integrity of data transmission. However, they do not provide a solution to the CDS integrity problem. • Thus, the cloud client would have to develop its own solution, in order to verify that cloud data returned by the CDS server has not been tampered with.

  11. Introduction(2) • Multi Agent System(MAS) is defined as“a loosely coupled network of problem-solver entities that work together to find answers to problems that are beyond the individual capabilities or knowledge of each entity”. • As data is the base for providing cloud computing services(Daas, SaaS, Paas), keeping data integrity is afundamental task.

  12. “CloudZone” “CloudZone”Overview “CloudZone” Requirements

  13. “CloudZone”Overview

  14. “CloudZone”Overview(2) • Cloud Service Provider Agent (CSPA) • Provide the security service task according to the authorized service level agreements (SLAs) and the original message content sent by the CDIBA and CDAuA. • Receive the security reports and/or alarms from the rest of other agents to respect. • Monitor specific activities concerning a part of the CDS or a particular cloud user. • Translate the attack in terms of goals.

  15. “CloudZone”Overview(3) • Display the security policies specified by the CSP and the rest of the agents. • Designing user interfaces that prevent the input of invalid cloud data. • Creating security reports/ alarm systems. • Cloud Data Integrity Backup Agent (CDIBA) • Main responsibility is to enable the CDS bythe new backup technique using StructuralQuery Language (SQL) programming.

  16. “CloudZone” Requirements • “CloudZone” only backs up the MS SQL databases. It does not back up other MS SQL files such as program installation files, etc. • “CloudZone” does not support component-based backup. • “CloudZone” does not use Visual SourceSafe (VSS) for backup and restore. • The “CloudZone” supports backup and recovery of Windows Oracle 11i.

  17. Research Methodology Secure System Development Life Cycle (SecSDLC) Investigation Analysis Design Implementation Testing & Validation

  18. Secure System Development Life Cycle (SecSDLC) • SDLC is a process of creating or altering information systems, and the models and methodologies that people use to develop these systems. • Investigation • begins with directive from management, scope, goals, objective

  19. Secure System Development Life Cycle (SecSDLC) (2) • Analysis • existing security examined, threats and controls assessed • Design • Logical: blueprints, incident responses planned • Physical: final design, definition of success • Implementation • security solutions obtained, tested, implemented, tested again - training and approval submit • Testing & Validation • monitor, test, modify, update, repair/reconstruction

  20. Phase 1: Investigation • A key aspect of Information Security is integrity. • Data Integrity in cloud computing refers to protecting clouddata from unauthorized deletion, modification or fabrication.

  21. Phase 1: Investigation(2) • CDIBAis enable the cloud user to reconstruct the original cloud data by downloading the cloud data vectors from the cloud servers. • backing up the cloud data regularly from “CloudZone”and sending security reports and/or alarms to CSPA when: • Human errors when cloud data is entered. • Errors that occur when cloud data is transmitted from one computer to another. • Software bugs or virus. • Hardware malfunctions, such as disk crashes.

  22. Phase 2: Analysis • Cloud Data Security Adversary Analysis Approach

  23. Phase 2: Analysis(2) • Weak Adversary: • The adversary is interested incorrupting the user’s CDS stored on individualservers. Once a server is comprised, an adversarycan pollute the original CDS by modifying orintroducing its own fraudulent cloud data toprevent the original cloud data from beingretrieved by the cloud user. • Strong Adversary: • This is the worst case scenario,in which we assume that the adversary cancompromise all the cloud servers so that it canintentionally modify the CDS as long as they areinternally consistent. In fact, this is equivalent tothe case where all servers are colluding together tohide a cloud data loss or corruption incident.

  24. Phase 3: Design • The Prometheus methodology is a detailed process for specifying, designing, and implementing intelligent agent systems. • The Prometheus methodology consists of three phases: • System Specification • Architectural design • Detailed design

  25. Phase 3: Design (2) • “CloudZone” Design Goals

  26. Phase 4: Implementation • will be developed using FIPA(Foundation for Intelligent Physical Agents) compliant JADE-S agent framework version 2. • JADE (Java Agent DEvelopmentframework) is a FIPA compliant software framework fully implemented in the Java programming language, which simplifies the implementation of MASs. • JADE-S is formed by the combination of the standard version of JADE with the JADE security plug-in.

  27. Phase 5: Testing & Validation • Cloudcomputing platform:have asked apermission of theCloud Service Provider (CSP) of Malaysian Institute of Microelectronic Systems (MIMOS) • the scale of the CDS system:will measure the timesrequired for the agents to travel around different number ofcloud users before and after implementing our MAS techniquebased on the linearly over the Round Trip Time (RTT) for eachagent.

  28. Conclusions

  29. Conclusions • This paper proposed MAS architecture based on integritypolicyfor secure CDS. • The architecture consists of two types of agents: Cloud Service Provider Agent (CSPA) and Cloud Data Integrity Backup Agent (CDIBA). • “CloudZone” is proposed to meet the need of integrity layer theera of cloud computing.

  30. References • A.M. Talib, R. Atan, R. Abdullah, and M.A. AzmiMurad. CloudZone: Towards an Integrity Layer of Cloud Data Storage Based on Multi Agent System Architecture, ICOS 2011, IEEE Press., pp. 189-194 • S. Sakr, A. Liu, D. M. Batista, and M. Alomari, “A survey of large scale data management approaches in cloud environments,” IEEE Communications Surveys and Tutorials, vol. 13, no. 3, 2011.

  31. Thanks for listening

More Related