Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

15.2 Data Security in Cloud Computing > 15.2.4 Data Confidentiality - Pg. 394

394 CHAPTER 15 Data Security in Cloud Computing data to be stored in the cloud; the cloud user, who is authorized by the data owner to access his data files; cloud servers, which are managed by cloud service providers to provide data stor- age and/or sharing services and has significant storage space and computation resources; and the third-party auditor (TPA), which is the trusted entity that assesses the cloud storage security on behalf of the data owner on request. In the cloud paradigm, the data owner may represent either the individual or the enterprise customer, who relies on the cloud server for remote data storage and maintenance and thus is relieved from the burden of building and maintaining local stor- age infrastructure. In most cases, cloud services also provide benefits like high availability of data (being able to access data from anywhere) at relative low cost (paying as function of needs). Cloud service providers implement the neces- sary security mechanisms for protecting data ser- vices. The data owners can also implement their own security protection mechanisms, for exam- ple end-to-end security, for better security pro- tection. Instead of auditing the cloud services by themselves, data owners (cloud users) may del- egate all the auditing tasks to the third-party auditors. such as eavesdropping the network traffic and active attacks like phishing legitimate users' credentials, manipulating network traffic, and probing the cloud structure. For some cloud services, outsider attackers can launch very severe attacks by taking advantage of the sys- tem flaw. For example, by launching cross- virtual machine attacks [5], attackers are able to monitor VMs from their co-resident VMs and threaten their security. By bluepilling/- subverting hypervisors with rootkits [6, 7], attackers are even able to control the whole system stack above the hypervisor. To address outsider attacks, cloud service providers have the responsibility to secure their cloud infras- tructure, isolate user application in the cloud, patch system flaws in a timely manner, and notify cloud users with any discovered secu- rity risks. Cloud users should strictly abide by the security guidance when using cloud services for the purpose of reducing the pos- sibility of security breach. Cloud users need to negotiate recovery and backup mecha- nisms with service providers for better secu- rity protection. 15.2.3. System Model From the high level, the system architecture for cloud computing data services can be depicted as Figure 15-1. At its core, the architecture consists of four different entities: the data owner, who is also a cloud user and has a large amount of 15.2.4. Data Confidentiality Data confidentiality is a basic security service for data protection. In cloud computing, providing such a service is of great importance because of Public data auditing Cloud servers Third-party auditor Data auditing delegation ta da file s w e flo urc ge sa s O me ty uri c Se o uts Fil s e s c e a Issuing file access credential uing Owner User FIGURE 15-1 The architecture of cloud data service.