Your SlideShare is downloading. ×
0
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
600.412.Lecture07
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

600.412.Lecture07

394

Published on

CS 600.412 Security and Privacy in Cloud Computing

CS 600.412 Security and Privacy in Cloud Computing

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
394
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security and Privacy in Cloud Computing<br />Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010<br />Lecture 7<br />03/29/2010<br />
  • 2. Provenance<br />Provenance: from Latin provenire ‘come from’, defined as <br />“(i) the fact of coming from some particular source or quarter; origin, derivation. <br /> (ii) the history or pedigree of a work of art, manuscript, rare book, etc.; a record of the ultimate derivation and passage of an item through its various owners” (Oxford English Dictionary)<br />In other words,Who owned it, what was done to it, how was it transferred …<br />Widely used in arts, archives, and archeology, called the Fundamental Principle of Archival<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />2<br />http://moma.org/collection/provenance/items/644.67.html<br />L'artiste et son modèle (1928), at Museum of Modern Art<br />
  • 3. Data Provenance<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />3<br />Definition*<br />Description of the origins of data and the process by which it arrived at the database. [Buneman et al.]<br />Information describing materials and transformations applied to derive the data. [Lanter]<br />Metadata recording the process of experiment workflows, annotations, and notes about experiments. [Greenwood]<br />Information that helps determine the derivation history of a data product, starting from its original sources. [Simmhan et al.]<br />*Simmhan et al. A Survey of Provenance in E-Science. SIGMOD Record, 2005.<br />
  • 4. Forensics and Provenance in Clouds<br />Cloud provenance can be<br />Data provenance: Who created, modified, deleted data stored in a cloud (external entities change data)<br />Process provenance: What happened to data once it was inside the cloud (internal entities change data)<br />Cloud provenance should give a record of who accessed the data at different times<br />Auditors should be able to trace an entry (and associated modification) back to the creator<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />4<br />
  • 5. Privacy questions<br />Should the cloud provider know the identity of cloud users?<br />Should cloud users know the identity of other users in the same group?<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />5<br />
  • 6. The “Bread and Butter” paper<br />Problem<br />To preserve user privacy and allow anonymous authentication/accessin a cloud<br />To determine authorship of data, i.e., to bind data versions to user identities in a cloud<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />6<br />Lu et al., Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, AsiaCCS2010<br />
  • 7. Threat Model<br />Who are the key players?<br />Users<br />SM<br />SP<br />Who trusts who?<br />Users: trust the SM, but not the SP<br />SP: Trust SM<br />SM: ?<br />What attacks can happen?<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />7<br />
  • 8. System Model<br />SM: Manages the whole system(?), registers cloud users and providers, issues keys<br />SP: Cloud service provider, manages access to cloud resources<br />Users: A user is part of a group of authorized principals who can access group resources<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />8<br />
  • 9. Secure provenance (according to the paper)<br />By secure provenance, the authors imply<br />Users can anonymously authenticate themselves as part of authorized users/groups to the cloud provider<br />Users can anonymously access and modify resources<br />Encrypted data stored by a user can be decrypted by other users from the same group<br />If necessary, the SM can trace a data item to the user who created it<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />9<br />
  • 10. Setup<br />Inputs: Security parameter k<br />Output: Master key, public parameters<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />10<br />Master Key<br />K<br />Param<br />(Public Parameters)<br />SM<br />
  • 11. User/provider registration<br />Inputs: Master key, public parameters, user identity<br />Outputs: Private key, entry in tracking list<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />11<br />Master Key<br />User identity Ui<br />Private key ski<br />Param<br />(Public Parameters)<br />Tracking list<br />
  • 12. User-cloud interaction (1)<br />User anonymously authenticate herself to the cloud<br />Cloud provider can check that the signature was made with a key issued by the SM<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />12<br />χ<br />σA = signski(Yi||χ)<br />σP / aski<br />
  • 13. User-cloud interaction (2)<br />Provider stores Signatures and authentication information during each access<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />13<br />EncryptedData: C = encrypt(M)<br />Sig = signaski(C)<br />Store C and σA<br />
  • 14. Identifying authorship<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />14<br />σA<br />User identity <br />
  • 15. Confidentiality preservation<br />Each user gets a different authorized group user access key <br />Any group user access key can be used to decrypt a ciphertext created by other users in the same group<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />15<br />
  • 16. Discussion<br />Suppose Amazon S3 implements such a model. What will be the advantages, and what will be the disadvantages?<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />16<br />
  • 17. What about other provenance in computation clouds?<br />If the data is being manipulated by processes running in the cloud, how will the problem change?<br />3/29/2010<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />17<br />
  • 18. 3/29/2010<br />18<br />en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan<br />Further Reading<br />Ragib Hasan, Radu Sion, and Marianne Winslett, Protecting History Forgery with Secure Provenance, ACM Transactions on Storage, December 2009<br />

×