1 / 16

Cloud Integrity Monitoring

Cloud Integrity Monitoring. Mike Smorul ADAPT Group University of Maryland, College Par. Cloud Computing. A new paradigm for offering a wide variety of cost effective services – storage, compute, software, application, infrastructure – over the internet.

Download Presentation

Cloud Integrity Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cloud Integrity Monitoring Mike Smorul ADAPT Group University of Maryland, College Par

  2. Cloud Computing • A new paradigm for offering a wide variety of cost effective services – storage, compute, software, application, infrastructure – over the internet. • A major issue – confidentiality and integrity of data stored in a cloud. • This presentation: a new light weight scheme for clients to monitor the integrity of their holdings in the cloud.

  3. Monitoring Concerns • Transfer to validate incurs a fee. • Last mile may be too slow. • Remote monitoring not feasible • How can third parties validate their data?

  4. Background: ACE Integrity Token • Small proof that resides alongside a file. • Proof links digest of file to external number (CSI) • May be transferred over insecure channels and still validated • Does not rely on secret data (private key, etc) • Linked to a single (nightly) published witness. • Witness is tiny (32 bytes) • Widely published • Witness provides 24h time window for token • Independent of size or type of data

  5. Token Construction • Construction Steps • Aggregate all digests for a round (seconds) • Create small summary value for the round • At the end of each day, publish witness = aggregate data for all intermediate values • Value • Small amount of data after each aggregation • Alteration of the content of any object will cause the value of the witness to be different • Two levels allow for quick client response and tiny daily data

  6. Token Construction

  7. ACE Token

  8. Types of Audit • Audit Local Files: Periodically scans files and compares stored digests with computed digests. • Assume valid hashes in local storage • Audit Local Digests: Recompute the round summary for each digest using that digest and its token. This is compared to value stored on the IMS. • Assume IMS returns valid summary information, do not trust hashes stored locally • External IMS Audit: Round summaries are used to compute witness values. These are compared with offsite witness values. • Do not trust IMS, force IMS to prove its CSIs link to a witness

  9. Storing token in a cloud • Two possibilities • Whole token may be stored as separate file. • Validation components of token may be stored in attribute/value pairs • Tokens are small (1-2k) • Validation information is even smaller (<1k)

  10. Validation by 3rd party • 3rd party downloads object and token. • Runs validation processes using external information • No interaction with original depositor required. • Validation information may be supplied as http headers from cloud service. • Validation information adds at most 10 digests to the header. • Uses metadata stored in cloud (no extra objects)

  11. Data Flow Cloud Storage 2. Token + data Depositor 3. Token + data 1. Token Request/Response Consumer IMS 4. CSI Request/Response

  12. How 3rd party validation works • Acquire token and original file • Use http headers, or separate token request • Compute digest for file • Compute CSI value using token + digest • Compare computed CSI to remote CSI on IMS • IMS is public, generally not tied to depositor. • (Optionally) Challenge IMS to prove CSI • Compare challenge result to external Witness

  13. Validation during processing • Upload validation routines along with application • Application computes digest during access • Most languages allows you to chain or wrap data reads. • After read finished, validate digest using token • Inexpensive • Most computation likely to be service • External data required (CSI, Witness) is very small

  14. Ex: Image Conversion Service • Request file from cloud storage • Compute digest during read • Perform transformation • When read finishes • Validate integrity using digest + token • Roll back transformation, log error if validation fails • No extra reads required for validation • Transformation likely to be more expensive than digest calculation

  15. Remote Validation • Most clouds do not charge for intra-cloud transfer. • Create an EC2 instance or other service that reads all data and validates • May be expensive depending on CPU fees • Sampling may be adequate • Requires you to trust EC2 to run your service and not return false results • False/forged results unlikely. • You are supplying image/software

  16. Additional Information • Cloud extensions still in development • ACE Audit Manager is available for download • http://adapt.umiacs.umd.edu/ace • Now BSD licensed!

More Related