Achieving trust-oriented data protection in the cloud environment

University of Technology, Sydney. Faculty of Engineering and Information Technology.Cloud computing has gained increasing acceptance in recent years. In privacy-conscious domains such as healthcare and banking, however, data security and privacy are the greatest obstacles to the widespread adoption of cloud computing technology. Despite enjoying the benefits brought by this innovative technology, users are concerned about losing the control of their own data in the outsourced environment. Encrypting data can resolve confidentiality and integrity challenges, but the key to mitigating users’ concerns and encouraging broader adoption of cloud computing is the establishment of a trustworthy relationship between cloud providers and users. In this dissertation, we investigate a novel trust-oriented data protection framework adapted to the cloud environment. By investigating cloud data security, privacy, and control related issues, we propose a novel data protection approach that combines active and passive protection mechanisms. The active protection is used to secure data in an independent and smart data cube that can survive even when the host is in danger. The passive protection covers the actions and mechanisms taken to monitor and audit data based on third party security services such as access control services and audit services. Furthermore, by incorporating full mobility and replica management with the active and passive mechanisms, the proposed framework can satisfy confidentiality, integrity, availability, scalability, intrusion-tolerance, authentication, authorization, auditability, and accountability, increasing users’ confidence in consuming cloud-based data services. In this work we begin by introducing cloud data storage characteristics and then analyse the reasons for issues of data security, privacy and control in cloud. On the basis of results of analysis, we identify desirable properties and objectives for protecting cloud data. In principle, cryptography-based and third party based approaches are insufficient to address users’ concerns and increase confidence in consuming cloud-based data services, because of possible intrusion attacks and direct tampering of data. Hence, we propose a novel way of securing data in an active data cube (ADCu) with smart and independent functionality. Each ADCu is a deployable data protection unit encapsulating sensitive data, networking, data manipulation, and security verification functions within a coherent data structure. A sealed and signed ADCu encloses dynamic information-flow tracking throughout the data cube that can precisely monitor the inner data and the derivatives. Any violations of policy or tampering with data would be compulsorily recorded and reported to bundled users via the mechanisms within the ADCu. This active and bundled architecture is designed to establish a trustworthy relationship between cloud and users. Subsequently, to establish a more comprehensive security environment cooperating with an active data-centric (ADC) framework, we propose a cloud-based privacy-aware role-based access control (CPRBAC) service and an active auditing service (AAS). These components in the entire data protection framework contribute to the passive security mechanisms. They provide access control management and audit work based on a consistent security environment. We also discuss and implement full mobility management and data replica management related to the ADCu, which are regarded as significant factors to satisfy data accountability, availability, and scalability. We conduct a set of practical experiments and security evaluation on a mini-private cloud platform. The outcome of this research demonstrates the efficiency, feasibility, dependability, and scalability of protecting outsourced data in cloud by using the trust-oriented protection framework. To that end, we introduce an application applying the components and mechanisms of the trust-oriented security framework to protecting eHealth data in cloud. The novelty of this work lies in protecting cloud data in an ADCu that is not highly reliant on strong encryption schemes and third-party protection schemes. By proposing innovative structures, concepts, algorithms, and services, the major contribution of this thesis is that it helps cloud providers to deliver trust actively to cloud users, and encourages broader adoption of cloud-based solutions for data storage services in sensitive areas

Proactive cloud management for highly heterogeneous multi-cloud infrastructures

Various literature studies demonstrated that the cloud computing paradigm can help to improve availability and performance of applications subject to the problem of software anomalies. Indeed, the cloud resource provisioning model enables users to rapidly access new processing resources, even distributed over different geographical regions, that can be promptly used in the case of, e.g., crashes or hangs of running machines, as well as to balance the load in the case of overloaded machines. Nevertheless, managing a complex geographically-distributed cloud deploy could be a complex and time-consuming task. Autonomic Cloud Manager (ACM) Framework is an autonomic framework for supporting proactive management of applications deployed over multiple cloud regions. It uses machine learning models to predict failures of virtual machines and to proactively redirect the load to healthy machines/cloud regions. In this paper, we study different policies to perform efficient proactive load balancing across cloud regions in order to mitigate the effect of software anomalies. These policies use predictions about the mean time to failure of virtual machines. We consider the case of heterogeneous cloud regions, i.e regions with different amount of resources, and we provide an experimental assessment of these policies in the context of ACM Framework

Scalable service-oriented replication with flexible consistency guarantee in the cloud

Replication techniques are widely applied in and for cloud to improve scalability and availability. In such context, the well-understood problem is how to guarantee consistency amongst different replicas and govern the trade-off between consistency and scalability requirements. Such requirements are often related to specific services and can vary considerably in the cloud. However, a major drawback of existing service-oriented replication approaches is that they only allow either restricted consistency or none at all. Consequently, service-oriented systems based on such replication techniques may violate consistency requirements or not scale well. In this paper, we present a Scalable Service Oriented Replication (SSOR) solution, a middleware that is capable of satisfying applications’ consistency requirements when replicating cloud-based services. We introduce new formalism for describing services in service-oriented replication. We propose the notion of consistency regions and relevant service oriented requirements policies, by which trading between consistency and scalability requirements can be handled within regions. We solve the associated sub-problem of atomic broadcasting by introducing a Multi-fixed Sequencers Protocol (MSP), which is a requirements aware variation of the traditional fixed sequencer approach. We also present a Region-based Election Protocol (REP) that elastically balances the workload amongst sequencers. Finally, we experimentally evaluate our approach under different loads, to show that the proposed approach achieves better scalability with more flexible consistency constraints when compared with the state-of-the-art replication technique

ElfStore: A Resilient Data Storage Service for Federated Edge and Fog Resources

Edge and fog computing have grown popular as IoT deployments become wide-spread. While application composition and scheduling on such resources are being explored, there exists a gap in a distributed data storage service on the edge and fog layer, instead depending solely on the cloud for data persistence. Such a service should reliably store and manage data on fog and edge devices, even in the presence of failures, and offer transparent discovery and access to data for use by edge computing applications. Here, we present Elfstore, a first-of-its-kind edge-local federated store for streams of data blocks. It uses reliable fog devices as a super-peer overlay to monitor the edge resources, offers federated metadata indexing using Bloom filters, locates data within 2-hops, and maintains approximate global statistics about the reliability and storage capacity of edges. Edges host the actual data blocks, and we use a unique differential replication scheme to select edges on which to replicate blocks, to guarantee a minimum reliability and to balance storage utilization. Our experiments on two IoT virtual deployments with 20 and 272 devices show that ElfStore has low overheads, is bound only by the network bandwidth, has scalable performance, and offers tunable resilience.Comment: 24 pages, 14 figures, To appear in IEEE International Conference on Web Services (ICWS), Milan, Italy, 201