we discuss security issues for cloud computing and present a layered framework for secure clouds and then focus on two of the layers, i.e., the storage layer and the data layer. In particular, we discuss a scheme for secure third party publications of documents in a cloud. Next, we will converse secure federated query processing with map Reduce and Hadoop, and discuss the use of secure co-processors for cloud computing. Finally, we discuss XACML implementation for Hadoop and discuss their beliefs that building trusted applications from untrusted components will be a major aspect of secure
cloud computing.
Ensuring data storage security in cloud computingUday Wankar
Cloud computing has been envisioned as the next-generation architecture of IT enterprise.
In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy.
Moving data into the cloud offers great convenience to users since they don’t have to care about the complexities of direct hardware management.
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
Kuan Hon's slides for workshop on data protection in cloud computing at Data Protection 2011 conference organised by Holyrood in Edinburgh, UK on 24 February 2011.
Ensuring data storage security in cloud computingUday Wankar
Cloud computing has been envisioned as the next-generation architecture of IT enterprise.
In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy.
Moving data into the cloud offers great convenience to users since they don’t have to care about the complexities of direct hardware management.
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
Kuan Hon's slides for workshop on data protection in cloud computing at Data Protection 2011 conference organised by Holyrood in Edinburgh, UK on 24 February 2011.
The aim of this project is to secure the sensitive outsourced data with encryption and data fragmentation within the cloud provider. The major requirements for achieving security in outsourced cloud databases are confidentiality, privacy, availability and integrity. While achieving the requirements various data confidentiality mechanisms of fragmentation and encryption of data are used. This project presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. Applying encryption and obfuscation techniques on the cloud data will provide more protection against unauthorized access of sensitive data of a private user.
Nowadays cloud computing is emerging technology which gives open resources on the internet. It is offering large amount of data to the users and distributed data over the network. Cloud computing denotes sharing of resources rather than having local servers to handle applications. It provides services to servers, storage and applications over the internet. And this cloud computing environment is used by all small and large company users. Since all the data is stored in the cloud, backing it up and restoring the same is relatively much easier than storing the same on a physical device. Cloud computing provide a convenient way to work group of people together on a common project or applications in an effective manner. there are also many factors supporting cloud computing like virtualization process, distributed storage, fast and inexpensive server, broadband internet access etc.
But the major drawback is security in providing data over the internet. Each and every cloud searcher is raising a question to cloud provider that whether it contains security policies and procedures before hosting their applications. Due to poor security, there exists poor applications, data loss, hijacking, traffic etc. But the main issue is it does not have any security in distributing data. It becomes the main obstacle in cloud computing environment. So to enhance the security, so to protect the data, we proposed an algorithm called RSA algorithm. It is a new approach and it met the requirements of public key systems. By using this algorithm it will increase the data security This algorithm uses various data block size and various size keys. It has asymmetric keys for both encryption and decryption. It uses two prime numbers to generate the public and private keys. These two different keys are used for encryption and decryption purpose. This algorithm can be broadly classified in to three stages; key generation by using two prime numbers, encryption and decryption.
Many cryptographic asymmetric algorithms are available to solve data security issue in cloud. Algorithms hide data from unauthorized users. Encryption Algorithms have vital role in the data security of cloud computing. Examples of such algorithms are Diffie-hellman ,ECC,DSA,RSA etc. Since Diffie-helman algorithm is not for encryption or decryption but it enable two parties who are involved in communication to generate a shared secret key for exchanging information confidentially. Elliptic Curve Cryptography (ECC) is only for smaller devices like cell phones. When Digital Signature Algorithm (DSA) is used, the process of creating the digital signature is faster than validating it. When RSA is used, the process of validating the digital signature is faster than creating it.RSA has two keys one public and the other is private, The public key is known to all, and the private key is kept secret and is mostly used in hybrid encryption schemes and digital signatures.
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
This complete deck covers various topics and highlights important concepts. It has PPT slides which cater to your business needs. This complete deck presentation emphasizes Cloud Computing Security Organisation Assessments Service Categories Responsibility and has templates with professional background images and relevant content. This deck consists of total of twelve slides. Our designers have created customizable templates, keeping your convenience in mind. You can edit the colour, text and font size with ease. Not just this, you can also add or delete the content if needed. Get access to this fully editable complete presentation by clicking the download button below. https://bit.ly/3cmXz7E
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Cloud here means data and encryption means to secure the data. In this ppt you can get to know about various encryption algorithms which are used to secure the data.
The aim of this project is to secure the sensitive outsourced data with encryption and data fragmentation within the cloud provider. The major requirements for achieving security in outsourced cloud databases are confidentiality, privacy, availability and integrity. While achieving the requirements various data confidentiality mechanisms of fragmentation and encryption of data are used. This project presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. Applying encryption and obfuscation techniques on the cloud data will provide more protection against unauthorized access of sensitive data of a private user.
Nowadays cloud computing is emerging technology which gives open resources on the internet. It is offering large amount of data to the users and distributed data over the network. Cloud computing denotes sharing of resources rather than having local servers to handle applications. It provides services to servers, storage and applications over the internet. And this cloud computing environment is used by all small and large company users. Since all the data is stored in the cloud, backing it up and restoring the same is relatively much easier than storing the same on a physical device. Cloud computing provide a convenient way to work group of people together on a common project or applications in an effective manner. there are also many factors supporting cloud computing like virtualization process, distributed storage, fast and inexpensive server, broadband internet access etc.
But the major drawback is security in providing data over the internet. Each and every cloud searcher is raising a question to cloud provider that whether it contains security policies and procedures before hosting their applications. Due to poor security, there exists poor applications, data loss, hijacking, traffic etc. But the main issue is it does not have any security in distributing data. It becomes the main obstacle in cloud computing environment. So to enhance the security, so to protect the data, we proposed an algorithm called RSA algorithm. It is a new approach and it met the requirements of public key systems. By using this algorithm it will increase the data security This algorithm uses various data block size and various size keys. It has asymmetric keys for both encryption and decryption. It uses two prime numbers to generate the public and private keys. These two different keys are used for encryption and decryption purpose. This algorithm can be broadly classified in to three stages; key generation by using two prime numbers, encryption and decryption.
Many cryptographic asymmetric algorithms are available to solve data security issue in cloud. Algorithms hide data from unauthorized users. Encryption Algorithms have vital role in the data security of cloud computing. Examples of such algorithms are Diffie-hellman ,ECC,DSA,RSA etc. Since Diffie-helman algorithm is not for encryption or decryption but it enable two parties who are involved in communication to generate a shared secret key for exchanging information confidentially. Elliptic Curve Cryptography (ECC) is only for smaller devices like cell phones. When Digital Signature Algorithm (DSA) is used, the process of creating the digital signature is faster than validating it. When RSA is used, the process of validating the digital signature is faster than creating it.RSA has two keys one public and the other is private, The public key is known to all, and the private key is kept secret and is mostly used in hybrid encryption schemes and digital signatures.
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
This complete deck covers various topics and highlights important concepts. It has PPT slides which cater to your business needs. This complete deck presentation emphasizes Cloud Computing Security Organisation Assessments Service Categories Responsibility and has templates with professional background images and relevant content. This deck consists of total of twelve slides. Our designers have created customizable templates, keeping your convenience in mind. You can edit the colour, text and font size with ease. Not just this, you can also add or delete the content if needed. Get access to this fully editable complete presentation by clicking the download button below. https://bit.ly/3cmXz7E
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Cloud here means data and encryption means to secure the data. In this ppt you can get to know about various encryption algorithms which are used to secure the data.
Cloud computing means using multiple server computers via a digital network, as though they were one computer.
We can say , it is a new computing paradigm, involving data and/or computation outsourcing.
it has many issues like security issues, privacy issues, data issues, energy issues, bandwidth issues, cloud interoperability.
there are solutions like scaling of resources, distribute servers etc.
Scaling People, Not Just Systems, to Take On Big Data ChallengesMatthew Vaughn
Here, I describe how the Texas Advanced Computing Center has shifted its focus from traditional modeling and simulation towards fully embracing big data analytics performed by users with diverse technical backgrounds.
Defending Applications In the Cloud: Architecting Layered Security Solutions ...EC-Council
The many benefits of running enterprise applications in cloud computing environments make the migration from traditional data center hosting to cloud service providers compelling. Differences in the way cloud computing services are delivered raise questions about how best to ensure that cloud-hosted applications implement security measures associated with conventional defense-in-depth strategies. Although the virtualized, distributed infrastructure characteristic of cloud computing environments does not directly support the separate zones long used to deploy multi-tier applications, there are architectural features and services available from many cloud service providers that can be used to design functionally equivalent security models. This session will present practical design considerations and architectural patterns for securing cloud-based applications. It will highlight key functions and security measures available from major cloud providers such as Amazon Web Service and Microsoft Azure. Despite the quite valid security concerns many organizations have about deploying applications to cloud computing environments, the infrastructure and platform services many CSPs offer may actually result in stronger security controls than would be feasible in in-house or traditional IT outsourcing environments.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
legal issues in cloud computing,cloud computing and law,cyberlaw and cloud computing in india,prashant mali,cloud computing issues,cloud computing security
Providing IT Security as a Service to internal stakeholders reduces risk while increasing audit ability. This is a presentation from the ISACA NACS 2012 conference.
Improving Data Storage Security in Cloud using HadoopIJERA Editor
The rising abuse of information stored on large data centres in cloud emphasizes the need to safe guard the data. Despite adopting strict authentication policies for cloud users data while transferred over to secure channel when reaches data centres is vulnerable to numerous attacks .The most widely adoptable methodology is safeguarding the cloud data is through encryption algorithm. Encryption of large data deployed in cloud is actually a time consuming process. For the secure transmission of information AES encryption has been used which provides most secure way to transfer the sensitive information from sender to the intended receiver. The main purpose of using this technique is to make sensitive information unreadable to all other except the receiver. The data thus compressed enables utilization of storage space in cloud environment. It has been augmented with Hadoop‟s map-reduce paradigm which works in a parallel mode. The experimental results clearly reflect the effectiveness of the methodology to improve the security of data in cloud environment.
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
Cloud computing is new way of economical and efficient storage. The single data mart storage system is a less
secure because data remain under a single data mart. This can lead to data loss due to different causes like
hacking, server failure etc. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud
provider, try to have access to the client’s information. This makes an easy job of the attackers, both inside and
outside attackers get the benefit of using data mining to a great extent. Inside attackers refer to malicious
employees at a cloud provider. Thus single data mart storage architecture is the biggest security threat
concerning data mining on cloud, so in this paper present the secure replication approach that encrypt based on
biocrypt and replicate the data in distributed data mart storage system. This approach involves the encryption,
replication and storage of data
An efficient, secure deduplication data storing in cloud storage environmenteSAT Journals
Abstract Most of the IT industry heading towards the cloud –based storage services .cloud storage is witnessed to weak in security and privacy for public cloud environments .To tackle these security challenges ,we propose a new deduplication at client side for secure data storing and data sharing among the cloud users through public cloud .our proposal is mainly concerned on the owner of the file is encrypted the data that he intended to upload to the cloud by applying per data key, so data access controlled by data owner and log file which contains retrieval rights of the cloud users ,an authorised user can decipher an encrypted file with his private key. Keywords: convergent encryption, cloud storage, deduplication, privacy, Merkle-tree
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Survey on Privacy- Preserving Multi keyword Ranked Search over Encrypted Clou...Editor IJMTER
The advent of cloud computing, data owners are motivated to outsource their complex
data management systems from local sites to commercial public cloud for great flexibility and
economic savings. But for protecting data privacy, sensitive data has to be encrypted before
outsourcing.Considering the large number of data users and documents in cloud, it is crucial for
the search service to allow multi-keyword query and provide result similarity ranking to meet the
effective data retrieval need. Related works on searchable encryption focus on single keyword
search or Boolean keyword search, and rarely differentiate the search results. We first propose a
basic MRSE scheme using secure inner product computation, and then significantly improve it to
meet different privacy requirements in two levels of threat models. The Incremental High Utility
Pattern Transaction Frequency Tree (IHUPTF-Tree) is designed according to the transaction
frequency (descending order) of items to obtain a compact tree.
By using high utility pattern the items can be arranged in an efficient manner. Tree structure
is used to sort the items. Thus the items are sorted and frequent pattern is obtained. The frequent
pattern items are retrieved from the database by using hybrid tree (H-Tree) structure. So the
execution time becomes faster. Finally, the frequent pattern item that satisfies the threshold value
is displayed.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
An Efficient PDP Scheme for Distributed Cloud StorageIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A New Framework for Securing Personal Data Using the Multi-CloudClaraZara1
Relaying On A Single Cloud As A Storage Service Is Not A Proper Solution For A Number Of Reasons; For Instance, The Data Could Be Captured While Uploaded To The Cloud, And The Data Could Be Stolen From The Cloud Using A Stolen Id. In This Paper, We Propose A Solution That Aims At Offering A Secure Data Storage For Mobile Cloud Computing Based On The Multi-Clouds Scheme. The Proposed Solution Will Take The Advantages Of Multi-Clouds, Data Cryptography, And Data Compression To Secure The Distributed Data; By Splitting The Data Into Segments, Encrypting The Segments, Compressing The Segments, Distributing The Segments Via Multi-Clouds While Keeping One Segment On The Mobile Device Memory; Which Will Prevent Extracting The Data If The Distributed Segments Have Been Intercepted.
A New Framework for Securing Personal Data Using the Multi-CloudClaraZara1
Relaying On A Single Cloud As A Storage Service Is Not A Proper Solution For A Number Of Reasons; For Instance, The Data Could Be Captured While Uploaded To The Cloud, And The Data Could Be Stolen From The Cloud Using A Stolen Id. In This Paper, We Propose A Solution That Aims At Offering A Secure Data Storage For Mobile Cloud Computing Based On The Multi-Clouds Scheme. The Proposed Solution Will Take The Advantages Of Multi-Clouds, Data Cryptography, And Data Compression To Secure The Distributed Data; By Splitting The Data Into Segments, Encrypting The Segments, Compressing The Segments, Distributing The Segments Via Multi-Clouds While Keeping One Segment On The Mobile Device Memory; Which Will Prevent Extracting The Data If The Distributed Segments Have Been Intercepted.
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUDijsptm
Relaying On A Single Cloud As A Storage Service Is Not A Proper Solution For A Number Of Reasons; For Instance, The Data Could Be Captured While Uploaded To The Cloud, And The Data Could Be Stolen From The Cloud Using A Stolen Id. In This Paper, We Propose A Solution That Aims At Offering A Secure Data Storage For Mobile Cloud Computing Based On The Multi-Clouds Scheme. The Proposed Solution
Will Take The Advantages Of Multi-Clouds, Data Cryptography, And Data Compression To Secure The
Distributed Data; By Splitting The Data Into Segments, Encrypting The Segments, Compressing The
Segments, Distributing The Segments Via Multi-Clouds While Keeping One Segment On The Mobile Device
Memory; Which Will Prevent Extracting The Data If The Distributed Segments Have Been Intercepted
Cooperative Schedule Data Possession for Integrity Verification in Multi-Clou...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Dynamic Resource Allocation and Data Security for CloudAM Publications
Cloud computing is the next generation of IT organization. Cloud computing moves the software and
databases to the large centres where the management of services and data may not be fully trusted. In this system, we
focus on cloud data storage security, which has been an important aspect of quality of services. To ensure the
correctness of user’s data in the cloud, we propose an effective scheme with Advanced Encryption Standard and MD5
algorithm. Extensive security and performance analysis shows that the proposed scheme is highly efficient. In
proposed work we have developed efficient parallel data processing in clouds and present our research project for
parallel security. Parallel security is the data processing framework to explicitly exploit the dynamic storage along with
data security. We have proposed a strong, formal model for data security on cloud and corruption detection.
Similar to Presentation on cloud computing security issues using HADOOP and HDFS ARCHITECTURE (20)
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Chapter 3 - Islamic Banking Products and Services.pptx
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITECTURE
1. TECHNICAL SEMINAR REPORT
ON
SECURITY ISSUES FOR CLOUD COMPUTING
Presented by
E.PUSHPA
PRIYADARSHINI COLLEGE OF ENGINEERING &
TECHNOLOGY
[Affiliated to Jawaharlal Nehru technological university,
Ananthapur]
Kanupartipadu, Nellore-524004
2012-2013
2. Overview
1. Introduction
2. Security Issues
3. Third Party Secure Data Publication Applied to
CLOUD
4. Encrypted Data Storage for Cloud
5. Secure Query Processing with Hadoop
5.1 Overview of Hadoop
5.2 Inadequacies of Hadoop
i)No facility to handle encrypted
sensitive
ii)Semantic Web Data Management
3. iii)No fine-grained access control
iv)No strong authentication
5.3 System Design
i)Jena
ii)Pellet
iii)Pig Latin
iv)Mahout, Hama
v)Pre-processing
5.3.3 Query Execution and Optimization
5.4 Integrate SUN XACML Implementation into HDFS
5.5 Strong Authentication
6. Conclusion
7. References
4. ABSTRACT
We discuss security issues for cloud computing and
present a layered framework for secure clouds and
then focus on two of the layers, i.e., the storage
layer and the data layer.
we discuss a scheme for secure third party
publications of documents in a cloud. Next, we will
converse secure federated query processing with
map Reduce and Hadoop, and discuss the use of
secure co-processors for cloud computing.
Finally, the we discuss XACML implementation for
Hadoop and discuss their beliefs that building
trusted applications from untrusted components
will be a major aspect of secure cloud computing.
5. INTRODUCTION
There is a critical need to securely store,
manage,share and analyze massive amounts of
complex data to determine patterns and trends
Because of the critical nature of the
applications, it is important that clouds be secure
Google has now introduced the MapReduce
framework for processing large amounts of data on
commodity hardware
Apache’s Hadoop distributed file system
(HDFS) is emerging as a superior software
component for cloud computing combined with
integrated parts such as MapReduce
6. Due to the extensive complexity of the
cloud, we contend that it will be difficult to
provide a holistic solution to securing the
cloud
Our cloud system will:
(a)support efficient storageof encrypted sensitive
data,
(b) store, manage and query massive amounts of
data,
(c) support fine-grained access control and
(d) support strong authentication
7. 2.SECURITY ISSUES
There are numerous security issues for cloud
computing as it encompasses many technologies
including networks, databases, operating systems
Data security involves encrypting the data as
well as ensuring that appropriate policies are
enforced for data sharing
We describe ways of efficiently storing the data
in foreign machines
Querying encrypted data, as much of the data on
the cloud may be encrypted
8. Data mining techniques may be applicable to
malware detection in clouds
We are using Hadoop distributed file system for
virtualization at the storage level and applying security
for Hadoop which includes an XACML implementation
Resource allocation and memory management
algorithms
We are investigating secure federated query
processing on clouds over Hadoop
9. 3.THIRD PARTY SECURE DATAPUBLICATION
APPLIED TO CLOUD
►We have developed techniques for third party publication
of data in a secure manner
►security policy is specified depending on user roles and
credentials
Figure : Access control framework
10. ►Users must possess the credentials to access XML
documents
►For example, a professor has access to all of the details of
students while a secretary only has access to administrative
information
►If access is granted to the root, it does not necessarily
mean access is granted to all the children
►When the subject requests a document, the publisher
will apply the policies relevant to the subject and give
portions of the documents to the subject.
►Owner will encrypt various combinations of documents
and policies with his/her private key
11. ►Using Merkle signature and the encryption techniques,
the subject can verify the authenticity and completeness
of the document
►In the cloud environment,
the third party publisher is the
machine that stored the
sensitive data in the cloud
12. 4.ENCRYPTED DATA
STORAGE FOR CLOUD
►Data in the cloud will be placed anywhere
►We are using secure co-processor as part of the cloud
infrastructure to enable efficient encrypted storage of
sensitive data.
► Open Cirrus provides limited access based on their
economic model
►Open Cirrus doesnot provide the hardware support
we need (e.g., secure co-processors).
13. ►By embedding a secure co-processor (SCP)into the cloud
infrastructure, the system can handle encrypted data
efficiently
►SCP is a tamper resistant hardware capable of limited
general-purpose computation
►Secure coprocessor is tamper-resistant, one could be
tempted to run the entire sensitive data storage server on
the secure coprocessor.
►Due to the tamper-resistant shell, secure co-processors
have usually limited memory .
14. ►Another issue is that the software running on the SCP
must be totally trusted and verified
►Framework will facilitate
(a)secure data storage and
(b) assured information
sharing
►We have conducted
research on querying
encrypted data as well as
secure multipart
computation (SMC)
►One drawback of SMC is the high computation costs
15. 5.SECURE QUERY PROCESSING
WITH HADOOP
5.1 Overview of Hadoop
A major part of our system is HDFS which is a
distributed Java-based file system with the capacity to
handle a large number of nodes storing petabytes of data
HDFS architecture
is based on the
Master- Slave
approach
16. 5.3 SYSTEM DESIGN
We are using several software tools that are available
to help us in the process
i)Jena: Jena is a framework which is widely used
for solving SPARQL queries over RDF data
ii)Pellet: We use Pellet to reason at various stages.
We do real-time query reasoning using pellet libraries
(Pellet) coupled with Hadoop’s map-reduce functionalities
iii)Pig Latin: Pig Latin is a scripting language which
runs on top of Hadoop.
17. It comes with many built-in functions, but we can also
create our own user-defined functions to do special-
purpose processing.
iv)Mahout, Hama: These are open source data mining
and machine learning packages that already augment
Hadoop.
Our approach consists of processing SPARQL queries
securely over Hadoop. SPARQL is a query language used to
query RDF data
v)Pre-processing: Generally, RDF data is in XML format
In order to execute a SPARQL query, we propose some data
pre-processing steps and store the pre-processed data into
HDFS.
18. 5.3.3 Query Execution and
Optimization
We are developing a SPARQL query execution and
optimization module for Hadoop.
As our storage strategy is based on predicate splits
First, we will look at the predicates present in the query.
Second, rather than looking at all of the input files, we
will look at a subset of the input files that are matched with
predicates.
Third, SPARQL queries generally have many joins in them
and all of these joins may not be possible to perform in a
single Hadoop job.
19. 5.4 Integrate SUN XACML
Implementation into HDFS
Current Hadoop implementations enforce a very coarse-
grained access control policy that permits or denies a
principal access to essentially all system resources as a
group without distinguishing amongst resources.
For example, users who are granted access to the
Namenode may execute any program on any client
machine, and all client machines have read and write
access to all files stored on all clients
We are enforcing more flexible and fine-grained
access control policies on Hadoop by designing an In-
lined Reference Monitor implementation of Sun
XACML.
20. Untrusted processes in the framework access
securityrelevant resources by submitting a request to the
resource’s Policy Enforcement Point (PEP)
PEP reformulates the
request as a policy query
and submits it to a
Policy Decision Point
(PDP)
IRM has advantage
that the policy can be
enforced without
modifying the
operating system
21. 5.5 Strong Authentication
♦Open source community is actively working to integrate
kerberos protocols with hadoop
♦On top of the proposed Kerboros protocol, for some
assured information applications, there may be a need
for adding simple authentication protocols to
authenticate with secure co-processors
♦We can add a simple public key infrastructure to our
system so that users can independently authenticate with
secure coprocessors to retrieve secret keys used for
encrypting sensitive data
22. 6.Conclusion
The main goal is to securely store and manage data that
is not controlled by the owner of the data
It will be difficult to achieve end-to-end security.
However, the challenge we have is to ensure more secure
operations even if some parts of the cloud fail
Building trust applications from untrusted components
will be a major aspect with respect to cloud security
23. 7. References
W3C. (n.d.). SPARQL. Retrieved from http://www. w3.org/TR/rdf-sparql-query
Bertino, E. (2002). Access Control for XML Documents.
Data & Knowledge Engineering, 43(3).
Bertino, E. (2004).
Selective and Authentic Third Party Distribution of XML Documents. IEEE
Transactions on Knowledge and Data Engineering,
16(10). doi:10.1109/TKDE.2004.63
DeVries, B. W., Gupta, G., Hamlen, K. W., Moore, S.,
& Sridhar, M. (2009).
ActionScript Bytecode Verification
with Co-Logic Programming. In Proceedings
of the ACM SIGPLAN Workshop on Programming
Languages and Analysis for Security (PLAS).
Gates, F., Natkovich, O., Chopra, S., Kamath, S. M.,