Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli.

Published byLoreen Nichols Modified over 9 years ago

Similar presentations

Presentation on theme: "By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli."— Presentation transcript:

1 By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli

2 Agenda Introduction Industrial Motivation Literature Review Problem Statement Proposed Architecture Tools and Technologies Timeline References 2

3 NoSQL Database Open source Flexible Data model High Scalability and Performance Handles Large volumes of unstructured data Best suitable for Cloud Integrated Caching 3

4 Types of NoSQL Databases 4

5 Sharding Horizontal Scalability Can be based on Various parameters (Chunk size, data Relevance, key ranges etc) 5

6 Sharding Two basic operations –Chunk Splitting –Chunk Migration 6

7 Cloud Computing 7 Essential Characteristics Essential Characteristics Service Models Deployment Models Software as a Service Platform as a Service Infrastructure as a Service PublicPrivateHybridCommunity Broad Network Access Rapid Elasticity On-Demand Self Service Resource Pooling Measured Service

8 Cloud Security Threats 8 Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Services Malicious Insider Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues

9 Cloud Database Issues 9 Cloud Database Availability Performance Security & Privacy Consistency Fault Tolerance Scalability Inter- operability Simplified Queries

10 Cloud Federation Cloud service providers collaborate dynamically to share their virtual infrastructure for Load Balancing Prevention from Vendor Lock-ins Prevention from Power Outages & Failures Capacity Management Efficient use of Surplus Resources Scaling Data to other CSPs 10

11 Industrial Motivation 11 Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214http://www.darkreading.com/database/does-nosql-mean-no-security/232400214 “We think the lack of security around NoSQL is going to take a toll on Organizations” Amichai Shulman, Co- founder & CTO of Imperva

12 Industrial Motivation (cont.) 12 Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214http://www.darkreading.com/database/does-nosql-mean-no-security/232400214 “Instead of SQL injection you have JavaScript or JSON injection” Alex Rothacker, manager of Application Security Inc.'s research division, Team SHATTER Rothacker suggests that because of the dependence on the perimeter to secure these databases, organizations strongly consider encryption whenever possible

13 zNcrypt for MongoDB Reference: MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013]. 13

14 Literature Review 14

15 MetaStorage Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011. 15

16 MetaStorage Pros Security maintained through role based user management Increased availability because of multiple storage providers Low latency due to data replication Cons No communication security (e.g SSL, TLS) or security of data at rest (e.g encryption) etc Additional overhead due to data processing layer Consistency issues due to different cloud storage services No scalability limitations 16 Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011.

17 RACS Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010. 17

18 RACS Pros Each RACS proxy maintains user authentication information and credentials for each repository Use redundancy through fragmentation for high availability Read synchronizations using zookeeper Cons No communication as well as data at rest security High latency due to mutual consistency Data loss when RACS proxy crashes 18 Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.

19 Management of Symmetric Cryptographic Keys in cloud Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on, vol., no., pp.39,44, 27-30 Jan. 2013 19

20 Management of Symmetric Cryptographic Keys in cloud Pros Distributed Key generation on client side Privacy maintained through client’s key component contribution in key regeneration. Recoverable key components except for client side component Cons Communication overhead when key to decrypt data is needed in cloud Key combiner on client terminal 20 Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on, vol., no., pp.39,44, 27-30 Jan. 2013

21 Summary So, besides providing high availability and throughput because of data fragmentation, there is a need for strong client authentication and authorization mechanisms Security of data during transmission (e.g. through TLS, SSL, IPSec etc) Data-at-rest security (e.g. hashing, encryption etc) 21

22 Our Motivation According to Microsoft’s Framework For data Governance 22 Source: http://www.microsoft.com/privacy/datagovernance.aspxhttp://www.microsoft.com/privacy/datagovernance.aspx

23 Our motivation 23 Compliance Organizations rules and policies:

24 Fine Grained Access Control for Database Management Systems Masood, R.; Shibli, M.A., “Fine Grained Access Control for Database Management Systems," MS Thesis, SEECS NUST, (2013). 24

25 Problem Statement 25 In order to avoid the prevalent problem of data breaches in distributed cloud environment, there is a need to provide effective access control and encryption to ensure the security of data residing on the domain of various cloud providers.

26 Proposed Architecture 26 Our Domain

27 Proposed Architecture 27 For Distributed Data “PUT” request 9 Authentication Fine Grained Access Control Client Application Key Distribution Store Encryption/ Decryption Engine Query Router HCSP Config. Server NoSQL Database Server FCSP Encryption/ Decryption Engine Query Router Config. Server NoSQL Database Server 1 2 3 4 5 6 77 7 8 10 11 12

28 Contribution In our proposed system, data security would be ensured by: Client side Authentication Embedded Fine grained authorization Selective field Encryption of data chunks Distribution of data across several service providers 28

29 Tools and Technologies MongoDB C++ (MS Visual Studio) Open Stack XACML 29

30 Proposed Timeline #MilestoneDuration 1Preliminary Literature ReviewDone 2Implementation 2.1 Sharding in NoSQL database3 weeks 2.2 Encryption and Decryption Module + KDS1 month & 3 weeks 2.3 Fine grained access control Module1 month 2.4 Cloud federation establishment and tag aware sharding implementation 1 month 2.5 Integration of all modules2-3 weeks 3Testing and Evaluation1 month 4Final Documentation1 month 30

31 References [1] Fox, Armando, Rean Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica. "Above the clouds: A Berkeley view of cloud computing." Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS 28 (2009). [2]Arora, Indu, and Anu Gupta. "Cloud Databases: A Paradigm Shift in Databases."International J. of Computer Science Issues 9, no. 4 (2012): 77-83. [3] https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf [4] Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing (draft)." NIST special publication 800, no. 145 (2011): 7. [5]MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013]. [6] http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/ [7] http://www.darkreading.com/database/does-nosql-mean-no-security/232400214 http://www.darkreading.com/database/does-nosql-mean-no-security/232400214 [8] Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011. [9]Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010. [10]Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on, vol., no., pp.39,44, 27-30 Jan. 2013 [11] Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4, no. 1 (2013): 1-13. [12]Chandra, Deka Ganesh, Ravi Prakash, and Swati Lamdharia. "A Study on Cloud Database." In Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on, pp. 513-519. IEEE, 2012. [13]Subashini, S., and V. Kavitha. "A survey on security issues in service delivery models of cloud computing." Journal of Network and Computer Applications 34, no. 1 (2011): 1-11. 31

32 32

33 MongoDB Sharding Architecture 33

Download ppt "By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Virtual Machine Usage in Cloud Computing for Amazon EE126: Computer Engineering Connor Cunningham Tufts University 12/1/14 “Virtual Machine Usage in Cloud.

Virtual Machine Usage in Cloud Computing for Amazon EE126: Computer Engineering Connor Cunningham Tufts University 12/1/14 “Virtual Machine Usage in Cloud.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Aims and Motivation The goal of this project is to produce a secure and dependable way of distributing and storing data securely over a distributed system.

Aims and Motivation The goal of this project is to produce a secure and dependable way of distributing and storing data securely over a distributed system.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Cloud Usability Framework

Cloud Usability Framework
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
MongoDB Sharding and its Threats

MongoDB Sharding and its Threats

Similar presentations

Ads by Google