310 likes | 439 Vues
CloudZone : Towards an integrity layer of cloud data storage based on multi agent system architecture. Presenter: Kuei -Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/1/2 (Happy New Year :D). Outline. The Basics of Cloud Computing Introduction “ CloudZone ” Research Methodology Conclusions.
E N D
CloudZone: Towards an integrity layer of cloud data storage based on multi agent system architecture Presenter: Kuei-Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/1/2 (Happy New Year:D)
Outline • The Basics of Cloud Computing • Introduction • “CloudZone” • Research Methodology • Conclusions
The Basics of Cloud Computing What is cloud computing? 5 Essential characteristics Cloud computing layers Service models
What is cloud computing? • Cloud computing is theuse of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). – by Wikipedia • A type of parallel and distributed system consisting of a collection of interconnected and virtualized computers that aredynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the cloud service provider (CSP) and cloud users.
5 Essential characteristics • On-demand self-service • A consumer can unilaterally provision computing capabilities, as needed automatically without requiring human interaction with each service’s provider. • Broad network access • Capabilities are available over the network and accessed through standard mechanisms (e.g., mobile phones, laptops, and PDAs). • Measured Service • Cloud systems automatically control and optimize resource use by leveraging a metering capability.
5 Essential characteristics (2) • Resource pooling • The provider’s computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamicallyassigned and reassigned according to consumer demand. • Rapid elasticity • Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in.
Service Models • Software as a service (SaaS) • cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients. • Platform as a service (PaaS) • cloud providers deliver a computing platform. • Infrastructure as a service (IaaS) • IaaS providers offer computers, as physical or more often as virtual machines, and other resources.
Introduction • The ultimate challenge in cloud computing is data-level security, and sensitive data is the domain of the enterprise, not the cloud computing provider. • Cloud Data Storage(CDS) systems offer services to assure integrity of data transmission. However, they do not provide a solution to the CDS integrity problem. • Thus, the cloud client would have to develop its own solution, in order to verify that cloud data returned by the CDS server has not been tampered with.
Introduction(2) • Multi Agent System(MAS) is defined as“a loosely coupled network of problem-solver entities that work together to find answers to problems that are beyond the individual capabilities or knowledge of each entity”. • As data is the base for providing cloud computing services(Daas, SaaS, Paas), keeping data integrity is afundamental task.
“CloudZone” “CloudZone”Overview “CloudZone” Requirements
“CloudZone”Overview(2) • Cloud Service Provider Agent (CSPA) • Provide the security service task according to the authorized service level agreements (SLAs) and the original message content sent by the CDIBA and CDAuA. • Receive the security reports and/or alarms from the rest of other agents to respect. • Monitor specific activities concerning a part of the CDS or a particular cloud user. • Translate the attack in terms of goals.
“CloudZone”Overview(3) • Display the security policies specified by the CSP and the rest of the agents. • Designing user interfaces that prevent the input of invalid cloud data. • Creating security reports/ alarm systems. • Cloud Data Integrity Backup Agent (CDIBA) • Main responsibility is to enable the CDS bythe new backup technique using StructuralQuery Language (SQL) programming.
“CloudZone” Requirements • “CloudZone” only backs up the MS SQL databases. It does not back up other MS SQL files such as program installation files, etc. • “CloudZone” does not support component-based backup. • “CloudZone” does not use Visual SourceSafe (VSS) for backup and restore. • The “CloudZone” supports backup and recovery of Windows Oracle 11i.
Research Methodology Secure System Development Life Cycle (SecSDLC) Investigation Analysis Design Implementation Testing & Validation
Secure System Development Life Cycle (SecSDLC) • SDLC is a process of creating or altering information systems, and the models and methodologies that people use to develop these systems. • Investigation • begins with directive from management, scope, goals, objective
Secure System Development Life Cycle (SecSDLC) (2) • Analysis • existing security examined, threats and controls assessed • Design • Logical: blueprints, incident responses planned • Physical: final design, definition of success • Implementation • security solutions obtained, tested, implemented, tested again - training and approval submit • Testing & Validation • monitor, test, modify, update, repair/reconstruction
Phase 1: Investigation • A key aspect of Information Security is integrity. • Data Integrity in cloud computing refers to protecting clouddata from unauthorized deletion, modification or fabrication.
Phase 1: Investigation(2) • CDIBAis enable the cloud user to reconstruct the original cloud data by downloading the cloud data vectors from the cloud servers. • backing up the cloud data regularly from “CloudZone”and sending security reports and/or alarms to CSPA when: • Human errors when cloud data is entered. • Errors that occur when cloud data is transmitted from one computer to another. • Software bugs or virus. • Hardware malfunctions, such as disk crashes.
Phase 2: Analysis • Cloud Data Security Adversary Analysis Approach
Phase 2: Analysis(2) • Weak Adversary: • The adversary is interested incorrupting the user’s CDS stored on individualservers. Once a server is comprised, an adversarycan pollute the original CDS by modifying orintroducing its own fraudulent cloud data toprevent the original cloud data from beingretrieved by the cloud user. • Strong Adversary: • This is the worst case scenario,in which we assume that the adversary cancompromise all the cloud servers so that it canintentionally modify the CDS as long as they areinternally consistent. In fact, this is equivalent tothe case where all servers are colluding together tohide a cloud data loss or corruption incident.
Phase 3: Design • The Prometheus methodology is a detailed process for specifying, designing, and implementing intelligent agent systems. • The Prometheus methodology consists of three phases: • System Specification • Architectural design • Detailed design
Phase 3: Design (2) • “CloudZone” Design Goals
Phase 4: Implementation • will be developed using FIPA(Foundation for Intelligent Physical Agents) compliant JADE-S agent framework version 2. • JADE (Java Agent DEvelopmentframework) is a FIPA compliant software framework fully implemented in the Java programming language, which simplifies the implementation of MASs. • JADE-S is formed by the combination of the standard version of JADE with the JADE security plug-in.
Phase 5: Testing & Validation • Cloudcomputing platform:have asked apermission of theCloud Service Provider (CSP) of Malaysian Institute of Microelectronic Systems (MIMOS) • the scale of the CDS system:will measure the timesrequired for the agents to travel around different number ofcloud users before and after implementing our MAS techniquebased on the linearly over the Round Trip Time (RTT) for eachagent.
Conclusions • This paper proposed MAS architecture based on integritypolicyfor secure CDS. • The architecture consists of two types of agents: Cloud Service Provider Agent (CSPA) and Cloud Data Integrity Backup Agent (CDIBA). • “CloudZone” is proposed to meet the need of integrity layer theera of cloud computing.
References • A.M. Talib, R. Atan, R. Abdullah, and M.A. AzmiMurad. CloudZone: Towards an Integrity Layer of Cloud Data Storage Based on Multi Agent System Architecture, ICOS 2011, IEEE Press., pp. 189-194 • S. Sakr, A. Liu, D. M. Batista, and M. Alomari, “A survey of large scale data management approaches in cloud environments,” IEEE Communications Surveys and Tutorials, vol. 13, no. 3, 2011.