160 likes | 173 Views
Cloud Integrity Monitoring. Mike Smorul ADAPT Group University of Maryland, College Par. Cloud Computing. A new paradigm for offering a wide variety of cost effective services – storage, compute, software, application, infrastructure – over the internet.
E N D
Cloud Integrity Monitoring Mike Smorul ADAPT Group University of Maryland, College Par
Cloud Computing • A new paradigm for offering a wide variety of cost effective services – storage, compute, software, application, infrastructure – over the internet. • A major issue – confidentiality and integrity of data stored in a cloud. • This presentation: a new light weight scheme for clients to monitor the integrity of their holdings in the cloud.
Monitoring Concerns • Transfer to validate incurs a fee. • Last mile may be too slow. • Remote monitoring not feasible • How can third parties validate their data?
Background: ACE Integrity Token • Small proof that resides alongside a file. • Proof links digest of file to external number (CSI) • May be transferred over insecure channels and still validated • Does not rely on secret data (private key, etc) • Linked to a single (nightly) published witness. • Witness is tiny (32 bytes) • Widely published • Witness provides 24h time window for token • Independent of size or type of data
Token Construction • Construction Steps • Aggregate all digests for a round (seconds) • Create small summary value for the round • At the end of each day, publish witness = aggregate data for all intermediate values • Value • Small amount of data after each aggregation • Alteration of the content of any object will cause the value of the witness to be different • Two levels allow for quick client response and tiny daily data
Types of Audit • Audit Local Files: Periodically scans files and compares stored digests with computed digests. • Assume valid hashes in local storage • Audit Local Digests: Recompute the round summary for each digest using that digest and its token. This is compared to value stored on the IMS. • Assume IMS returns valid summary information, do not trust hashes stored locally • External IMS Audit: Round summaries are used to compute witness values. These are compared with offsite witness values. • Do not trust IMS, force IMS to prove its CSIs link to a witness
Storing token in a cloud • Two possibilities • Whole token may be stored as separate file. • Validation components of token may be stored in attribute/value pairs • Tokens are small (1-2k) • Validation information is even smaller (<1k)
Validation by 3rd party • 3rd party downloads object and token. • Runs validation processes using external information • No interaction with original depositor required. • Validation information may be supplied as http headers from cloud service. • Validation information adds at most 10 digests to the header. • Uses metadata stored in cloud (no extra objects)
Data Flow Cloud Storage 2. Token + data Depositor 3. Token + data 1. Token Request/Response Consumer IMS 4. CSI Request/Response
How 3rd party validation works • Acquire token and original file • Use http headers, or separate token request • Compute digest for file • Compute CSI value using token + digest • Compare computed CSI to remote CSI on IMS • IMS is public, generally not tied to depositor. • (Optionally) Challenge IMS to prove CSI • Compare challenge result to external Witness
Validation during processing • Upload validation routines along with application • Application computes digest during access • Most languages allows you to chain or wrap data reads. • After read finished, validate digest using token • Inexpensive • Most computation likely to be service • External data required (CSI, Witness) is very small
Ex: Image Conversion Service • Request file from cloud storage • Compute digest during read • Perform transformation • When read finishes • Validate integrity using digest + token • Roll back transformation, log error if validation fails • No extra reads required for validation • Transformation likely to be more expensive than digest calculation
Remote Validation • Most clouds do not charge for intra-cloud transfer. • Create an EC2 instance or other service that reads all data and validates • May be expensive depending on CPU fees • Sampling may be adequate • Requires you to trust EC2 to run your service and not return false results • False/forged results unlikely. • You are supplying image/software
Additional Information • Cloud extensions still in development • ACE Audit Manager is available for download • http://adapt.umiacs.umd.edu/ace • Now BSD licensed!