SlideShare a Scribd company logo

102.12.25 中正大學資管系古政元教授 屏東科技大學演講(2013-12-25)

Download as PPT, PDF
平原 謝
平原 謝

This document proposes a novel infrastructure for data sanitization in cloud computing. It discusses the need for data sanitization to comply with personal data protection acts and address the issue of data remanence in cloud storage. The proposed mechanism includes a trust model, data sanitization scheme, and monitoring framework. It implements various data overwriting methods and evaluates their performance. Experimental results demonstrate the feasibility of the infrastructure and monitoring of data sanitization in cloud computing. Future work is outlined to further improve performance evaluation and address additional cloud security issues.

1 of 36
A Novel Infrastructure for Data Sanitization in Cloud Computing Dr. Cheng-Yuan Ku Department of Information Management, National Chung Cheng University, Taiwan, R.O.C. Date : Dec. 25, 2013
C. V. • NCTU, Control Engineering, B.S. in 1987 • Northwestern University, EECS M.S. in 1993 • Northwestern University, EECS Ph.D. in 1995 • Purdue University, Visiting Professor in 2009 • Specialties: Computer and Communication Network, Information Security, Information Security Management, E- and M-commerce, Cloud Computing Security
Outline 1. Introduction1. Introduction 2. Related Technology and Works2. Related Technology and Works 3. Proposed Mechanism3. Proposed Mechanism 4. Experimental Results and Future Work 4. Experimental Results and Future Work 1. Introduction1. Introduction
Background  Cloud computing service (Mell & Grance, 2011):  IaaS , PaaS , SaaS  Cloud Security (Subashini & Kavitha, 2011):  Data security  Personal Data Protection Act in Taiwan (Chang, 2012):  Collecting, processing and using personal data  A party will be fined up to NT 200 million for violation.  Government agencies and non-governmental organizations must provide evidence for handling personal data with due care in the court. It is not the customer’s responsibility.
Motivations  Data Remanence :  Comply with PDPA : • What is data remanence ? – Data sanitization (Kissel et al., 2006) – One of the most important security issues for cloud computing • Solutions for cloud computing – To provide evidence – To audit data security
Outline 1. Introduction1. Introduction 2. Related Works2. Related Works 3. Proposed Mechanism3. Proposed Mechanism 4. Experimental Results and Future Work 4. Experimental Results and Future Work 2. Related Technology and Works2. Related Technology and Works
Cloud Computing Operating System VMware vSphere architecture Source : Modified from the VMware (2011) • Windows Azure • Google Apps • VMware vSphere • Amazon WebService
Big Data Platform-Hadoop Hadoop cluster operating Source : White (2012) • Hadoop Distributed File System (HDFS) • MapReduce
Public-Key Infrastructure Public-key infrastructure model Source : Stallings (2012)
Monitoring mode (CSA, 2011) • Database Activity Monitoring (DAM) • File Activity Monitoring (FAM)
Monitoring Approach for Cloud McAfee database activity monitoring architecture Source : McAfee (2012)
Data Security Lifecycle Source : Modified from the CSA (2011)
Data Sanitization (1/2)  Definition (Kissel, Scholl, Skolochenko, & Li, 2006) : • The data sanitization refers to removing remnant data from storage media. • Type – Clearing : Overwriting – Purging : Degaussing – Destroying : Disintegration, incineration, pulverizing, shredding, and melting.
Data Sanitization (2/2)  Overwriting methods : • Gutmann • Schneier • US DoD 5220-22.M • VSITR Overwrite Algorithm Pass 1-35: Writes a random character • Gutmann Source : Gutmann (1996) • Schneier Pass 1: Writes a one Pass 2: Writes a zero Pass 3: Writes a random character Pass 4: Writes a random character Pass 5: Writes a random character Pass 6: Writes a random character Pass 7: Writes a random character Source : Schneier (2004) • US DoD 5220-22.M Pass 1: Writes a zero and verifies Pass 2: Writes a one and verifies Pass 3: Writes a random character and verifies the write Source : DoD and CIA (1995) • VSITR Pass 1: Writes a zero Pass 2: Writes a one Pass 3: Writes a zero Pass 4: Writes a one Pass 5: Writes a zero Pass 6: Writes a one Pass 7: Writes a random character Source : Hintemann and Faßnacht (2008)
Outline 1. Introduction1. Introduction 2. Related Technology and Works2. Related Technology and Works 3. Proposed Mechanism3. Proposed Mechanism 4. Experimental Results and Future Work 4. Experimental Results and Future Work 3. Proposed Mechanism3. Proposed Mechanism
Mechanism process Trust ModelTrust Model Data Sanitization SchemeData Sanitization Scheme Monitoring Framework DesignMonitoring Framework Design
Trust Model
Concerns of data sanitization 1) We must know where the data are stored and which data should be cleared. 2) We need to monitor the clearing process.
Design of Monitoring Framework
Monitoring Center • Monitoring Data
Data Sanitization Scheme (1/2)  Data Sanitization Process
Data Sanitization Scheme (2/2)  Data Sanitization by Overwriting • Customer interface and procedure – Interface provides customer two choices whether the data sanitization should be monitored or not. – Select the number of overwrites, and confirm the service. – Customers choose whether the recovery test report is necessary.
Outline 1. Introduction1. Introduction 2. Related Technology and Works2. Related Technology and Works 3. Proposed Mechanism3. Proposed Mechanism 4. Current Status and Future Work4. Current Status and Future Work 4. Experimental Results and Future Work 4. Experimental Results and Future Work
Implementation and performance evaluation • Overwriting program – To propose an efficient overwriting scheme in cloud • Monitoring center – Provide big data to the monitoring center to test • Monitoring agent – DAM (Database activity monitoring) captures the metadata packet – FAM (File activity monitoring) captures the log files
Gutmann sanitization performance Gutmann sanitization performance
Schneier sanitization performance Schneier sanitization performance
US DoD 5220-22.M sanitization performance US DoD 5220-22.M sanitization performance
VSITR sanitization performance VSITR sanitization performance
Performance Analysis of Data Sanitization Sanitization method Time CPU load Gutmann 31 min 12 Schneier 6 min 2 US DoD 5220-22.M 3 min 1 VSITR 6 min 2
System Simulation and Implementation
System Simulation and Implementation
Cloud Environment - DNS & iSCSI
System Establishment - Conversion Interface
Data Security Lifecycle Report
Future Work • Further Performance Evaluation • Cloud Data Lifecycle Auditing Criteria for ISACA • Other Cloud Security Issues
Thank you for your attention

Recommended

Journals analysis ppt
Journals analysis pptJournals analysis ppt
Journals analysis ppt
Muhammad Heikal
 
50120130405014 2-3
50120130405014 2-350120130405014 2-3
50120130405014 2-3
IAEME Publication
 
Efficient Database Management System For Wireless Sensor Network
Efficient Database Management System For Wireless Sensor Network Efficient Database Management System For Wireless Sensor Network
Efficient Database Management System For Wireless Sensor Network
Onyebuchi nosiri
 
Use of genetic algorithm for
Use of genetic algorithm forUse of genetic algorithm for
Use of genetic algorithm for
ijitjournal
 
Data mining
Data miningData mining
Data mining
sweetysweety8
 
A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...
A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...
A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...
1crore projects
 
50120140504006
5012014050400650120140504006
50120140504006
IAEME Publication
 
Stream Processing Environmental Applications in Jordan Valley
Stream Processing Environmental Applications in Jordan ValleyStream Processing Environmental Applications in Jordan Valley
Stream Processing Environmental Applications in Jordan Valley
CSCJournals
 

Recommended

Journals analysis ppt
Journals analysis pptJournals analysis ppt
Journals analysis ppt
Muhammad Heikal
 
50120130405014 2-3
50120130405014 2-350120130405014 2-3
50120130405014 2-3
IAEME Publication
 
Efficient Database Management System For Wireless Sensor Network
Efficient Database Management System For Wireless Sensor Network Efficient Database Management System For Wireless Sensor Network
Efficient Database Management System For Wireless Sensor Network
Onyebuchi nosiri
 
Use of genetic algorithm for
Use of genetic algorithm forUse of genetic algorithm for
Use of genetic algorithm for
ijitjournal
 
Data mining
Data miningData mining
Data mining
sweetysweety8
 
A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...
A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...
A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud ...
1crore projects
 
50120140504006
5012014050400650120140504006
50120140504006
IAEME Publication
 
Stream Processing Environmental Applications in Jordan Valley
Stream Processing Environmental Applications in Jordan ValleyStream Processing Environmental Applications in Jordan Valley
Stream Processing Environmental Applications in Jordan Valley
CSCJournals
 
Cloak-Reduce Load Balancing Strategy for Mapreduce
Cloak-Reduce Load Balancing Strategy for MapreduceCloak-Reduce Load Balancing Strategy for Mapreduce
Cloak-Reduce Load Balancing Strategy for Mapreduce
AIRCC Publishing Corporation
 
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
hydrologyproject001
 
Fp3111131118
Fp3111131118Fp3111131118
Fp3111131118
IJERA Editor
 
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENTA CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
IJwest
 
Data reduction techniques to analyze nsl kdd dataset
Data reduction techniques to analyze nsl kdd datasetData reduction techniques to analyze nsl kdd dataset
Data reduction techniques to analyze nsl kdd dataset
IAEME Publication
 
An efficient approach on spatial big data related to wireless networks and it...
An efficient approach on spatial big data related to wireless networks and it...An efficient approach on spatial big data related to wireless networks and it...
An efficient approach on spatial big data related to wireless networks and it...
eSAT Journals
 
G1802044855
G1802044855G1802044855
G1802044855
IOSR Journals
 
Project Report (Summer 2016)
Project Report (Summer 2016)Project Report (Summer 2016)
Project Report (Summer 2016)
Brendan Guang Yao Tham
 
Coordination issues of multi agent systems in distributed data mining
Coordination issues of multi agent systems in distributed data miningCoordination issues of multi agent systems in distributed data mining
Coordination issues of multi agent systems in distributed data mining
IAEME Publication
 
Peer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
Peer-to-Peer Data Sharing and Deduplication using Genetic AlgorithmPeer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
Peer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
IRJET Journal
 
8 ijcse-01235
8 ijcse-012358 ijcse-01235
8 ijcse-01235
Shivlal Mewada
 
IRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET-Auditing and Resisting Key Exposure on Cloud StorageIRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET Journal
 
An adaptive algorithm for task scheduling for computational grid
An adaptive algorithm for task scheduling for computational gridAn adaptive algorithm for task scheduling for computational grid
An adaptive algorithm for task scheduling for computational grid
eSAT Journals
 
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
Tal Lavian Ph.D.
 
many-task computing
many-task computingmany-task computing
many-task computing
Harry Sunarsa
 
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
IJECEIAES
 
Multi sensor data fusion system for enhanced analysis of deterioration in con...
Multi sensor data fusion system for enhanced analysis of deterioration in con...Multi sensor data fusion system for enhanced analysis of deterioration in con...
Multi sensor data fusion system for enhanced analysis of deterioration in con...
Sayed Abulhasan Quadri
 
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTINGDISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
ijgca
 
Data repository for sensor network a data mining approach
Data repository for sensor network a data mining approachData repository for sensor network a data mining approach
Data repository for sensor network a data mining approach
ijdms
 
Peng Privette SMM_AMS2014_P695
Peng Privette SMM_AMS2014_P695Peng Privette SMM_AMS2014_P695
Peng Privette SMM_AMS2014_P695
Ge Peng
 
MN691 Assignment 3 - Final Report 2
MN691 Assignment 3 - Final Report 2MN691 Assignment 3 - Final Report 2
MN691 Assignment 3 - Final Report 2
Abi Reddy
 
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
Bharath Nair
 

More Related Content

What's hot

Cloak-Reduce Load Balancing Strategy for Mapreduce
Cloak-Reduce Load Balancing Strategy for MapreduceCloak-Reduce Load Balancing Strategy for Mapreduce
Cloak-Reduce Load Balancing Strategy for Mapreduce
AIRCC Publishing Corporation
 
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
hydrologyproject001
 
Fp3111131118
Fp3111131118Fp3111131118
Fp3111131118
IJERA Editor
 
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENTA CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
IJwest
 
Data reduction techniques to analyze nsl kdd dataset
Data reduction techniques to analyze nsl kdd datasetData reduction techniques to analyze nsl kdd dataset
Data reduction techniques to analyze nsl kdd dataset
IAEME Publication
 
An efficient approach on spatial big data related to wireless networks and it...
An efficient approach on spatial big data related to wireless networks and it...An efficient approach on spatial big data related to wireless networks and it...
An efficient approach on spatial big data related to wireless networks and it...
eSAT Journals
 
G1802044855
G1802044855G1802044855
G1802044855
IOSR Journals
 
Project Report (Summer 2016)
Project Report (Summer 2016)Project Report (Summer 2016)
Project Report (Summer 2016)
Brendan Guang Yao Tham
 
Coordination issues of multi agent systems in distributed data mining
Coordination issues of multi agent systems in distributed data miningCoordination issues of multi agent systems in distributed data mining
Coordination issues of multi agent systems in distributed data mining
IAEME Publication
 
Peer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
Peer-to-Peer Data Sharing and Deduplication using Genetic AlgorithmPeer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
Peer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
IRJET Journal
 
8 ijcse-01235
8 ijcse-012358 ijcse-01235
8 ijcse-01235
Shivlal Mewada
 
IRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET-Auditing and Resisting Key Exposure on Cloud StorageIRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET Journal
 
An adaptive algorithm for task scheduling for computational grid
An adaptive algorithm for task scheduling for computational gridAn adaptive algorithm for task scheduling for computational grid
An adaptive algorithm for task scheduling for computational grid
eSAT Journals
 
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
Tal Lavian Ph.D.
 
many-task computing
many-task computingmany-task computing
many-task computing
Harry Sunarsa
 
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
IJECEIAES
 
Multi sensor data fusion system for enhanced analysis of deterioration in con...
Multi sensor data fusion system for enhanced analysis of deterioration in con...Multi sensor data fusion system for enhanced analysis of deterioration in con...
Multi sensor data fusion system for enhanced analysis of deterioration in con...
Sayed Abulhasan Quadri
 
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTINGDISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
ijgca
 
Data repository for sensor network a data mining approach
Data repository for sensor network a data mining approachData repository for sensor network a data mining approach
Data repository for sensor network a data mining approach
ijdms
 

What's hot (19)

Cloak-Reduce Load Balancing Strategy for Mapreduce
Cloak-Reduce Load Balancing Strategy for MapreduceCloak-Reduce Load Balancing Strategy for Mapreduce
Cloak-Reduce Load Balancing Strategy for Mapreduce
 
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
Download-manuals-surface water-manual-45howtoreviewmonitoringnetworks
 
Fp3111131118
Fp3111131118Fp3111131118
Fp3111131118
 
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENTA CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
A CLOUD BASED ARCHITECTURE FOR WORKING ON BIG DATA WITH WORKFLOW MANAGEMENT
 
Data reduction techniques to analyze nsl kdd dataset
Data reduction techniques to analyze nsl kdd datasetData reduction techniques to analyze nsl kdd dataset
Data reduction techniques to analyze nsl kdd dataset
 
An efficient approach on spatial big data related to wireless networks and it...
An efficient approach on spatial big data related to wireless networks and it...An efficient approach on spatial big data related to wireless networks and it...
An efficient approach on spatial big data related to wireless networks and it...
 
G1802044855
G1802044855G1802044855
G1802044855
 
Project Report (Summer 2016)
Project Report (Summer 2016)Project Report (Summer 2016)
Project Report (Summer 2016)
 
Coordination issues of multi agent systems in distributed data mining
Coordination issues of multi agent systems in distributed data miningCoordination issues of multi agent systems in distributed data mining
Coordination issues of multi agent systems in distributed data mining
 
Peer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
Peer-to-Peer Data Sharing and Deduplication using Genetic AlgorithmPeer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
Peer-to-Peer Data Sharing and Deduplication using Genetic Algorithm
 
8 ijcse-01235
8 ijcse-012358 ijcse-01235
8 ijcse-01235
 
IRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET-Auditing and Resisting Key Exposure on Cloud StorageIRJET-Auditing and Resisting Key Exposure on Cloud Storage
IRJET-Auditing and Resisting Key Exposure on Cloud Storage
 
An adaptive algorithm for task scheduling for computational grid
An adaptive algorithm for task scheduling for computational gridAn adaptive algorithm for task scheduling for computational grid
An adaptive algorithm for task scheduling for computational grid
 
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
A Platform for Large-Scale Grid Data Service on Dynamic High-Performance Netw...
 
many-task computing
many-task computingmany-task computing
many-task computing
 
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
Novel Scheme for Minimal Iterative PSO Algorithm for Extending Network Lifeti...
 
Multi sensor data fusion system for enhanced analysis of deterioration in con...
Multi sensor data fusion system for enhanced analysis of deterioration in con...Multi sensor data fusion system for enhanced analysis of deterioration in con...
Multi sensor data fusion system for enhanced analysis of deterioration in con...
 
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTINGDISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
DISTRIBUTED AND BIG DATA STORAGE MANAGEMENT IN GRID COMPUTING
 
Data repository for sensor network a data mining approach
Data repository for sensor network a data mining approachData repository for sensor network a data mining approach
Data repository for sensor network a data mining approach
 

Similar to 102.12.25 中正大學資管系古政元教授 屏東科技大學演講(2013-12-25)

Peng Privette SMM_AMS2014_P695
Peng Privette SMM_AMS2014_P695Peng Privette SMM_AMS2014_P695
Peng Privette SMM_AMS2014_P695
Ge Peng
 
MN691 Assignment 3 - Final Report 2
MN691 Assignment 3 - Final Report 2MN691 Assignment 3 - Final Report 2
MN691 Assignment 3 - Final Report 2
Abi Reddy
 
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
Bharath Nair
 
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Geoffrey Fox
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...
IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...
IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...
IRJET Journal
 
A novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data applicationA novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data application
ijmnct
 
Data Domain-Driven Design
Data Domain-Driven DesignData Domain-Driven Design
Data Domain-Driven Design
Kiran Kumar Chittoori
 
Different Phases of Cloud Migration Process
Different Phases of Cloud Migration ProcessDifferent Phases of Cloud Migration Process
Different Phases of Cloud Migration Process
Christine Shepherd
 
Challenges of Cloud Monitoring
Challenges of Cloud MonitoringChallenges of Cloud Monitoring
Challenges of Cloud Monitoring
William Pourmajidi
 
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
INFOGAIN PUBLICATION
 
final security ppt.pptx
final security ppt.pptxfinal security ppt.pptx
final security ppt.pptx
SukhpreetSingh519414
 
A Study Review of Common Big Data Architecture for Small-Medium Enterprise
A Study Review of Common Big Data Architecture for Small-Medium EnterpriseA Study Review of Common Big Data Architecture for Small-Medium Enterprise
A Study Review of Common Big Data Architecture for Small-Medium Enterprise
Ridwan Fadjar
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Girish Chandra
 
ijcatr04081001
ijcatr04081001ijcatr04081001
ijcatr04081001
reagan muriithi
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
Editor IJCATR
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
Editor IJCATR
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
Editor IJCATR
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
Editor IJCATR
 
Analysis of Cloud Computing Security Concerns and Methodologies
Analysis of Cloud Computing Security Concerns and MethodologiesAnalysis of Cloud Computing Security Concerns and Methodologies
Analysis of Cloud Computing Security Concerns and Methodologies
IRJET Journal
 

Similar to 102.12.25 中正大學資管系古政元教授 屏東科技大學演講(2013-12-25) (20)

Peng Privette SMM_AMS2014_P695
Peng Privette SMM_AMS2014_P695Peng Privette SMM_AMS2014_P695
Peng Privette SMM_AMS2014_P695
 
MN691 Assignment 3 - Final Report 2
MN691 Assignment 3 - Final Report 2MN691 Assignment 3 - Final Report 2
MN691 Assignment 3 - Final Report 2
 
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
 
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...
IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...
IRJET-Implementation of Threshold based Cryptographic Technique over Cloud Co...
 
A novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data applicationA novel cloud storage system with support of sensitive data application
A novel cloud storage system with support of sensitive data application
 
Data Domain-Driven Design
Data Domain-Driven DesignData Domain-Driven Design
Data Domain-Driven Design
 
Different Phases of Cloud Migration Process
Different Phases of Cloud Migration ProcessDifferent Phases of Cloud Migration Process
Different Phases of Cloud Migration Process
 
Challenges of Cloud Monitoring
Challenges of Cloud MonitoringChallenges of Cloud Monitoring
Challenges of Cloud Monitoring
 
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
 
final security ppt.pptx
final security ppt.pptxfinal security ppt.pptx
final security ppt.pptx
 
A Study Review of Common Big Data Architecture for Small-Medium Enterprise
A Study Review of Common Big Data Architecture for Small-Medium EnterpriseA Study Review of Common Big Data Architecture for Small-Medium Enterprise
A Study Review of Common Big Data Architecture for Small-Medium Enterprise
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
 
ijcatr04081001
ijcatr04081001ijcatr04081001
ijcatr04081001
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
 
Enhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data AccessEnhancing Data Staging as a Mechanism for Fast Data Access
Enhancing Data Staging as a Mechanism for Fast Data Access
 
Analysis of Cloud Computing Security Concerns and Methodologies
Analysis of Cloud Computing Security Concerns and MethodologiesAnalysis of Cloud Computing Security Concerns and Methodologies
Analysis of Cloud Computing Security Concerns and Methodologies
 

102.12.25 中正大學資管系古政元教授 屏東科技大學演講(2013-12-25)

  • 1. A Novel Infrastructure for Data Sanitization in Cloud Computing Dr. Cheng-Yuan Ku Department of Information Management, National Chung Cheng University, Taiwan, R.O.C. Date : Dec. 25, 2013
  • 2. C. V. • NCTU, Control Engineering, B.S. in 1987 • Northwestern University, EECS M.S. in 1993 • Northwestern University, EECS Ph.D. in 1995 • Purdue University, Visiting Professor in 2009 • Specialties: Computer and Communication Network, Information Security, Information Security Management, E- and M-commerce, Cloud Computing Security
  • 3. Outline 1. Introduction1. Introduction 2. Related Technology and Works2. Related Technology and Works 3. Proposed Mechanism3. Proposed Mechanism 4. Experimental Results and Future Work 4. Experimental Results and Future Work 1. Introduction1. Introduction
  • 4. Background  Cloud computing service (Mell & Grance, 2011):  IaaS , PaaS , SaaS  Cloud Security (Subashini & Kavitha, 2011):  Data security  Personal Data Protection Act in Taiwan (Chang, 2012):  Collecting, processing and using personal data  A party will be fined up to NT 200 million for violation.  Government agencies and non-governmental organizations must provide evidence for handling personal data with due care in the court. It is not the customer’s responsibility.
  • 5. Motivations  Data Remanence :  Comply with PDPA : • What is data remanence ? – Data sanitization (Kissel et al., 2006) – One of the most important security issues for cloud computing • Solutions for cloud computing – To provide evidence – To audit data security
  • 6. Outline 1. Introduction1. Introduction 2. Related Works2. Related Works 3. Proposed Mechanism3. Proposed Mechanism 4. Experimental Results and Future Work 4. Experimental Results and Future Work 2. Related Technology and Works2. Related Technology and Works
  • 7. Cloud Computing Operating System VMware vSphere architecture Source : Modified from the VMware (2011) • Windows Azure • Google Apps • VMware vSphere • Amazon WebService
  • 8. Big Data Platform-Hadoop Hadoop cluster operating Source : White (2012) • Hadoop Distributed File System (HDFS) • MapReduce
  • 9. Public-Key Infrastructure Public-key infrastructure model Source : Stallings (2012)
  • 10. Monitoring mode (CSA, 2011) • Database Activity Monitoring (DAM) • File Activity Monitoring (FAM)
  • 11. Monitoring Approach for Cloud McAfee database activity monitoring architecture Source : McAfee (2012)
  • 12. Data Security Lifecycle Source : Modified from the CSA (2011)
  • 13. Data Sanitization (1/2)  Definition (Kissel, Scholl, Skolochenko, & Li, 2006) : • The data sanitization refers to removing remnant data from storage media. • Type – Clearing : Overwriting – Purging : Degaussing – Destroying : Disintegration, incineration, pulverizing, shredding, and melting.
  • 14. Data Sanitization (2/2)  Overwriting methods : • Gutmann • Schneier • US DoD 5220-22.M • VSITR Overwrite Algorithm Pass 1-35: Writes a random character • Gutmann Source : Gutmann (1996) • Schneier Pass 1: Writes a one Pass 2: Writes a zero Pass 3: Writes a random character Pass 4: Writes a random character Pass 5: Writes a random character Pass 6: Writes a random character Pass 7: Writes a random character Source : Schneier (2004) • US DoD 5220-22.M Pass 1: Writes a zero and verifies Pass 2: Writes a one and verifies Pass 3: Writes a random character and verifies the write Source : DoD and CIA (1995) • VSITR Pass 1: Writes a zero Pass 2: Writes a one Pass 3: Writes a zero Pass 4: Writes a one Pass 5: Writes a zero Pass 6: Writes a one Pass 7: Writes a random character Source : Hintemann and Faßnacht (2008)
  • 15. Outline 1. Introduction1. Introduction 2. Related Technology and Works2. Related Technology and Works 3. Proposed Mechanism3. Proposed Mechanism 4. Experimental Results and Future Work 4. Experimental Results and Future Work 3. Proposed Mechanism3. Proposed Mechanism
  • 16. Mechanism process Trust ModelTrust Model Data Sanitization SchemeData Sanitization Scheme Monitoring Framework DesignMonitoring Framework Design
  • 18. Concerns of data sanitization 1) We must know where the data are stored and which data should be cleared. 2) We need to monitor the clearing process.
  • 19. Design of Monitoring Framework
  • 21. Data Sanitization Scheme (1/2)  Data Sanitization Process
  • 22. Data Sanitization Scheme (2/2)  Data Sanitization by Overwriting • Customer interface and procedure – Interface provides customer two choices whether the data sanitization should be monitored or not. – Select the number of overwrites, and confirm the service. – Customers choose whether the recovery test report is necessary.
  • 23. Outline 1. Introduction1. Introduction 2. Related Technology and Works2. Related Technology and Works 3. Proposed Mechanism3. Proposed Mechanism 4. Current Status and Future Work4. Current Status and Future Work 4. Experimental Results and Future Work 4. Experimental Results and Future Work
  • 24. Implementation and performance evaluation • Overwriting program – To propose an efficient overwriting scheme in cloud • Monitoring center – Provide big data to the monitoring center to test • Monitoring agent – DAM (Database activity monitoring) captures the metadata packet – FAM (File activity monitoring) captures the log files
  • 25. Gutmann sanitization performance Gutmann sanitization performance
  • 26. Schneier sanitization performance Schneier sanitization performance
  • 27. US DoD 5220-22.M sanitization performance US DoD 5220-22.M sanitization performance
  • 28. VSITR sanitization performance VSITR sanitization performance
  • 29. Performance Analysis of Data Sanitization Sanitization method Time CPU load Gutmann 31 min 12 Schneier 6 min 2 US DoD 5220-22.M 3 min 1 VSITR 6 min 2
  • 30. System Simulation and Implementation
  • 31. System Simulation and Implementation
  • 32. Cloud Environment - DNS & iSCSI
  • 33. System Establishment - Conversion Interface
  • 35. Future Work • Further Performance Evaluation • Cloud Data Lifecycle Auditing Criteria for ISACA • Other Cloud Security Issues
  • 36. Thank you for your attention

Editor's Notes

  1. 我們的主題是關於雲端中資料殘餘的問題 在一般的個人電腦中基於安全的理由,當我們想汰換硬碟的時候會需要將殘餘的資料做清除,這就是所謂的Data Sanitization, 而當這個問題轉移到雲端時,雲端客戶提出想清除雲端硬碟的資料時,會需要一個機制去實施Data Sanitization 這就是主要想解決的問題
  2. 報告的內容有以下4大項
  3. 報告的內容有以下4大項
  4. 在研究背景方面,主要是基於雲端運算的發展,越來越多的企業採用雲端運算作為他們的競爭優勢, 而這樣也讓雲端運算上發展出許多種服務策略,根據美國國家標準技術研究所(NIST)所定義 Cloud computing services 雲端目前的服務策略主要可以分成三種 SaaS軟體及服務-此服務策略例如google文件 PaaS平台及服務-此服務策略例如亞馬遜所提供的電子商務平台 IaaS基礎建設及服務-此服務策略例如中華電信提供業者租用硬體資源 Cloud Security 在這樣的雲端運算環境下,也產生許多的安全問題, 雲端運算中各服務層所產生的安全問題,最主要是資料安全的問題, 在各服務層中都有, 這也是企業所關注的一個雲端安全議題,到底資料放在雲端中是否具有安全性? 這也是所要探討的 Personal Data Protection Act 當我們討論到資料安全問題,就需要更關注近期所實行的個人資料保護法,這也是研究背景之一 在個資法中有幾項重點法條需要關注 第一,當組織在收集處理使用個人資料時,都必須符合個資法 第二,組織若是違反個資法最高可求償兩億元 第三,企業必須自行舉證沒有違反個資法 在此背景之下,資料安全的解決方案會越來越受到重視
  5. 在研究動機中,資料殘餘是主要的議題 Data Remanence: 什麼是資料殘餘呢?在個人電腦中當檔案作刪除時,事實上只是刪除檔案路徑,硬碟中還是存在檔案內容 這就是所謂的資料殘餘,從早期就有許多人在探討資料殘餘的問題,如何清除資料殘餘就是Data sanitization要處理的事 Data sanitization 也就是資料清除於2006年定義在NIST中 資料殘餘是屬於資料安全的其中的一個議題,有心人士可以透過還原檔案的方法去竊取出殘餘的資料 在雲端上面有一個很著名的駭客技術VM escape,由駭客技術大會Black Hat的K學者所提出 利用雲端上虛擬機的漏洞滲透進客戶的虛擬機中取得控制權限,有了這樣的駭客技術,我們可以知道竊取資料殘餘是有可行性的 因此我們需要發展一個雲端資料清除的機制,來確保殘餘資料不會被竊取 Issues about PDPA : 由於個資法的上路,會漸漸出現許多資料安全的解決方案, 而越來越多企業建構在雲端,是否有一個雲端上個資法的解決方案呢? 這是我們想探討這個議題的動機之一 基於雲端上的個資法解決方案主要想做到兩件事 能夠去證明(提出舉證的能力).能夠去審計(資料安全的監控)
  6. 接下來是RW的部分
  7. 在RW方面,首先要先介紹雲端作業系統的架構,在所提出的機制中必須要架設在雲端作業系統之上, 什麼是雲端作業系統?像一般個人電腦的作業系統是去做資源分配,而雲端作業系統也是分配資源 主要是將資源分配到各個虛擬機上,提供虛擬機租用的用戶調用 雲端作業系統有很多雲端供應商在開發,例如google apps, windows Azure 和Vmware所開發的vSphere 這個就是VM的雲端OS,內部結構大致上都很像,實體機上建設雲OS,上面在安裝管理中心, 再上一層是虛擬層安全中心例如防火牆就是建設在這層中,最後上面虛擬出許多VM提供客戶租用 一個虛擬資料中心可以代表一個企業租用的VM數量
  8. RW的第二部分要介紹巨量資料平台Hadoop,在我們的機制中需要處理大量的監控資料,在模擬的階段會採用到這個平台 先介紹一下什麼是Big Data 呢? Big Data 目前和雲端運算一樣受到企業重視,由於網路上每天產生的大量資料已經超過現行資料庫所能處理的能力, 而Hadoop就是要處理分析這些巨量資料的方法, 在Hadoop中最基本的元件為HDFS和MapReduce,這兩個就像個人電腦中的硬碟和記憶體的運作模式 HDFS分散式的儲存資料, MapReduce平行處理資料 HDFS分散存放不同的儲存點,要運算時利用MapReduce去組合出結果
  9. 第四部分是PKI的身分驗證模式,在我們所提出的機制中需要採用PKI來確認資料傳送者的身分 PKI是非對稱加密系統,當使用者A和B想進行通訊時,須要先去向憑證中心CA申請數位憑證, 雙方先將自己的公鑰傳送給憑證中心,憑證中心發送數位憑證Ca和Cb給雙方,雙方就能利用此憑證通訊 來達到身分驗證的功能
  10. 第四部分是PKI的身分驗證模式,在我們所提出的機制中需要採用PKI來確認資料傳送者的身分 PKI是非對稱加密系統,當使用者A和B想進行通訊時,須要先去向憑證中心CA申請數位憑證, 雙方先將自己的公鑰傳送給憑證中心,憑證中心發送數位憑證Ca和Cb給雙方,雙方就能利用此憑證通訊 來達到身分驗證的功能
  11. 第五部分是雲端雲算中監控的方法, 這裡簡介一下McAfee這加防毒軟體公司所提出的DAM監控系統,他採用輕量級的監控方式, 怎麼說是輕量級的呢?因為目前大多的監控方式都是設置硬體儀器在實體層, 但是這樣的監控運用在雲端其實不是很適合,因為在安裝時需要改變雲端的infrustrcture 而McAfee採用的輕量級是指以軟體的方式安裝監控系統,監控端是這些sensor也可以稱為agent代理人 這些agent將這些受監控的DB的監控狀況傳送回監控中心做分析
  12. 第六個部分是說明資料安全生命週期,由於我們是基於個資法所開發的資料安全解決方法, 法規中針對資料的蒐集處理利用都有詳細規範 因此我們需要針對資料的各個階段去監控,也就是資料的創造儲存使用分享備份和最後的銷毀 監控資料完整的流程,我們才能確保最後資料刪除不會出現其他安全問題
  13. 再來就說到我們所要探討的主要議題Data Sanitization 根據NIST官方文件所定義, Data Sanitization是指要移除儲存媒介裡殘餘的資料 Sanitization的方法可以分成三種: Clearing主要用其他資料去覆蓋儲存媒介裡殘餘的檔案,使他成為碎片無法回復 Purging消磁必須拿到硬碟,去對硬碟做磁性反轉用以消除資料 直接破壞儲存媒介-物理破壞包括解體,焚燒,粉碎,切碎,和熔化。 我們主要採用Overwriting此方法做Sanitize
  14. 對於覆蓋的方法我們做了以下的研究 Gutmann 於1996年由G所提出的覆蓋方式,pass1就是指覆蓋1次~所以G的覆蓋演算法是利用隨機字元去覆蓋殘餘資料35次 覆蓋用多次越安全,但是覆蓋效能也相對的降低 Schneier 2004年由S學者所提出的方法是採用7次的覆蓋,前兩次是用0與1,後面則是用隨機字元做覆蓋 US DoD 5220-22.M 第三個覆蓋方法是由美國國防部於1995所規範的方式,採用三次的覆蓋, 第一次用0第二次用1第三次用隨機字元,並且在每次覆蓋完都做一次驗證確認是否有覆蓋成功 VSITR 由德國聯邦資訊安全中心所開發的覆蓋方法,覆蓋七次,前面六次用0和1去覆蓋,最後一次用隨機字元
  15. 接下來是我們所提出的研究方法
  16. 研究方法分為以下三個步驟去實施, 首先是建立雲端信任模型~再來是雲端監控機制設計~最後是雲端資料清除的方法
  17. 監控模型主要是這三個角色~ 資料擁有者會去使用雲端的服務,由於資料擁有者不信任雲端, 因此藉由信任的第三方去從中監控雲供應商對資料的處理狀況,再回報給使用者 再信任模型中會有一些安全上的疑慮,例如我們怎麼知道傳送者是否真的是對方? 因此我們設定通訊安全採用PKI數位憑證的機制來達到可驗證性,採用SSL通訊加密的機制來達到機密性
  18. 為什麼分成三步驟,主要是因為當我們要建立這個雲端資料清除的機制時產生了兩個問題 1.必須知道資料儲存在哪裡和哪些資料要被清除 2.必須監控清除的流程 所以我們必須先建立監控機制,那在建立監控機制以前必須先有信任模型
  19. 基於這個信任模型,我們發展了雲端監控機制,監控中心佈署在TTP中,監控代理agent則是安裝在客戶的VM裡, 那針對不同的VM屬性,會安裝不同的agent, 例如佈署應用程式的VM所安裝的就是檔案監控代理FAM, 佈署資料庫的VM則是安裝資料庫監控代理DAM, 客戶會去access存取應用程式VM裡的資料,應用程式VM也會去存取資料庫VM的資料, 這些都受到監控代理的記錄,並且傳送回去給監控中心
  20. 除了監控代理的部屬以外,還有監控中心的部分, 首先是監控中心的監控資料,是如何取得的呢? 一般資料的儲存會有metadata 去記錄資料的狀況, 而雲端上則是有metadata server來存取虛擬機的資料儲存狀況 因此我們將採用此特性,當受監控的VM傳送檔案紀錄給metadata server時, 代理人也會傳送一份給監控中心
  21. 是否要監控流程 要做幾次覆蓋?選擇安全性等級 選擇是否需要覆蓋測試報告
  22. 論文研究的目前狀況與未來工作
  23. 我們未來是要採用系統雛型去做測試,因此這裡有三個系統雛型需要設計 分別是Monitoring agent、Monitoring center和Overwriting program Monitoring agent 此部分的雛型設計會分成DAM(Database Activity Monitoring)和FAM(File Activity Monitoring)兩部分去抓取不同監控檔案 Monitoring center 由於監控中心是採用Hadoop去佈署,而Hadoop一個block size也就是最小的儲存單位是64M, 因此必須提供至少64M的監控資料去給監控中心做分析,如此才能看出效能 Overwriting program 對於覆蓋的演算法,我們期望能夠從許多覆蓋方法中找出適合運用在雲端環境之下的,並且能達到最佳效能 最後系統評估方面 在系統評估方面,我們會評估機制的安全性例如中間人攻擊,驗證性,暴力攻擊等等的安全性評估 還有效能分析,我們會開發系統雛型去測試,評估機制的可行性與效能,主要希望能找出在雲端中,最有效的覆蓋方法