“Ensuring distributed accountability for data sharing in the cloud” Smitha Sundareswaran, Anna C. Squicciarini and Dan Lin

Contents Cloud computing Introduction to CIA framework Problem statement Information accountability Automated logging mechanism End-to-end auditing mechanism Security discussion Performance study Conclusion References

Cloud computing

Introduction to CIA framework Security of user data in cloud computing Cloud computing & its services User’s data processed in remote machine Fear of losing data & other security concerns Cloud Information Accountability(CIA) framework Highly decentralized We leverage JAR programmable capabilities Also use distributed auditing mechanisms

Problem statement Cloud user send his/her data & access control policies to the service provider The service provider will have granted access rights If the rights are granted using conventional access control mechanisms, data will be fully available at the service provider We use new logging and auditing techniques to track the actual usage of data

Requirements The logging technique must satisfy: Logging should be decentralized Every access to user’s data should be automatically logged Log files should be reliable and tamper proof Recovery mechanisms are also desirable Log files should sent back to data owners periodically

Information accountability Accountability helps to Trace the user’s data Protect sensitive & confidential information Enhance user’s trust in cloud computing A cloud is accountable if: Faults can be reliably detected Each fault can be linked to one party (customer or provider)

Accountable clouds

Major components of CIA framework Logger Have logging access to a particular instance of user data Encrypt log record using the public key of the content owner Periodically send the log record to log harmonizer Ensure access & usage control policies associated with data are honored Generate the error correction information for each log record Log harmonizer Responsible for auditing: Two strategies: Push strategy Pull strategy Responsible for handling log file corruption

Accountability mechanism

Data flow

Automated logging mechanism

Logger structure Outer JAR Inner JAR Contain more than one inner JARs Handle authentication of entities to access the data Selecting the correct inner JAR Checking the JVM’s validity Managing the Graphical User interface Inner JAR Encrypted data, retrieval of log files, display enclosed data Two options Pure log Access log

Log record generation The log records(Lr) are generated as Lr = r1, r2, r3, r4... Rk rk = ( id, action, T, loc, h((id, action, T, loc)ri-1…r1), sig ) rk = log record id = user identification action = perform on user's data T = Time at location loc loc = Location h((id, action, T, loc)ri-1…r1) = checksum component sig = Signature of record by server Checksum is computed using hash function, H[i] = f(H[i − 1] ,m[i])

Ensuring log correctness Verify the access time, locations & actions JAR can perform an IP lookup to find the location of the cloud service provider Actions to user’s data has to be logged Mainly four types of actions used: View Download Timed access Location-based access.

Dependabililty of logs JARs Availability Log harmonizer deals with Copies of JARs and logger components Recovering of corrupted logs Stores error correction information Decrypt the log records & handle duplicate records Log Correctness JRE of the system must remain unmodified Verify the integrity of the logger component by: Repair the JRE before logger is launched Insert hash codes to detect modifications of the JRE

End-to-end auditing mechanism Push and Pull Mode Push mode: The logs are periodically pushed to the data owner by the harmonizer: Ensures size of the log files does not explode Enables timely detection and correction of any loss or damage to log files Pull mode auditors may retrieve the logs anytime Pull message contains FTP pull command

End-to-end auditing mechanism Algorithms: Pushing strategy Pull strategy Hybrid strategy

Security discussion The attacker copies entire JAR files. Copying Attack The attacker copies entire JAR files. Disassembling Attack Disassemble the JAR file & attempt to extract useful information Man-in-the-Middle Attack Attacker intercept messages during authentication of service provider with certificate authority, and reply messages Compromised JVM Attack Attacker try to compromise the JVM

Performance study Experimental Settings By setting up a small cloud, using the Emulab testbed On OpenSSL-enabled servers Servers are installed with Eucalyptus Used Linux-based servers running Fedora 10 OS a 64-bit Intel Quad Core Xeon E5530 processor 4 GB RAM 500 GB Hard Drive

Performance study Experimental Results Log Creation Time

Performance study Authentication Time Time Taken to Perform Logging Not too much overhead is added Performance can be further improved by caching the certificates Time Taken to Perform Logging Time for executing the action is negligible

Performance study Log Merging Time

Performance study Size of the Data JAR Files

Conclusion CIA performs automatic authentication of users Data owner can confirm that his data is safe in the cloud by using auditing mechanism Able to distribute applications to many different mobile devices Information gathering capabilities is high High portability

References [1] Smitha Sundareswaran, Anna C. Squicciarini and Dan Lin, "Ensuring Distributed Accountability for Data Sharing in the Cloud,", IEEE Transaction on dependable a secure computing, VOL. 9, NO. 4, pg 556-568, 2012. [2] S. Pearson and A. Charlesworth, "Accountability as a Way Forward for Privacy Protection in the Cloud, " Proc First Int'l conf. Cloud Computing, 2009. [3] B. Chun and A. C. Bavier ,"Decentralized Trust Management and Accountability in Federated System," Proc. Ann. Hawaii Int'l Conf. System Science (HICSS), 2004. [4] B. Crispo and G. Ruffo, “Reasoning about Accountability within Delegation,” Proc. Third Int’l Conf. Information and Comm. Security (ICICS), pp. 251-260, 2001 26

Thank you! 