Hongda Xiao
Bryan Ford
ABSTRACT
As organizations and individuals have begun to rely more and more heavily on cloud-service providers for critical tasks, cloud-service reliability has become a top priority. It is natural for cloud-service providers to use redundancy to achieve reliability. For example, a provider may replicate critical state in two data centers. If the two data centers use the same power supply, however, then a power outage will cause them to fail simultaneously; replication per se does not, therefore, enable the cloud-service provider to make strong reliability guarantees to its users. Zhai et al.[socc-submission] present a system, which they refer to as a structural-reliability auditor (SRA), that uncovers common dependencies in seemingly disjoint cloud-in\-fra\-struc\-tu\-ral components (such as the power supply in the example above) and quantifies the risks that they pose. In this paper, we focus on the need for structural-reliability auditing to be done in a privacy-preserving manner. We present a privacy-preserving structural-reliability auditor (P-SRA), discuss its privacy properties, and evaluate a prototype implementation built on the Sharemind SecreC platform[SecreC]. P-SRA is an interesting application of secure multi-party computation (SMPC), which has not often been used for graph problems. It can achieve acceptable running times even on large cloud structures by using a novel data-partitioning technique that may be useful in other applications of SMPC.
- Amazon web services global infrastructure. http://aws.amazon.com/en/about-aws/globalinfrastructure/.Google Scholar
- NetworkX. http://networkx.github.com/.Google Scholar
- Windows azure. http://en.wikipedia.org/wiki/Windows_Azure.Google Scholar
- A. Ben-David, N. Nisan, and B. Pinkas. FairplayMP: a system for secure multi-party computation. In ACM Symposium on Computer and Communication Security, pages 257--266, 2008. Google ScholarDigital Library
- S. Bleikertz, M. Schunter, C. W. Probst, D. Pendarakis, and K. Eriksson. Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In ACM Cloud Computing Security Workshop, pages 93--102, 2010. Google ScholarDigital Library
- D. Bogdanov and A. Kalu. Pushing back the rain -- how to create trustworthy services in the cloud. ISACA Journal, 3:49--51, 2013. Available at http://www.isaca.org/Journal/Past-Issues/2013/Volume-3/Pages/default.aspx.Google Scholar
- M. Burkhart, M. Strasser, D. Many, and X. Dimitropoulos. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. In USENIX Security Symposium, 2010. Google ScholarDigital Library
- B. Butler. Cloud storage viable option, but proceed carefully, 2013. Available at http://www.networkworld.com/news/2013/010313-gartner-storage-265460.html.Google Scholar
- B. Butler. Top 10 cloud storage providers, 2013. Available at http://www.networkworld.com/news/2013/010313-gartner-cloud-storage-265459.html.Google Scholar
- I. Damgrard, M. Geisler, M. Krøigrard, and J. Nielsen. Asynchronous multiparty computation: Theory and implementation. In S. Jarecki and G. Tsudik, editors, Public Key Cryptography -- PKC 2009, pages 160--179. Springer Verlag, LNCS 5443, 2009. Google ScholarDigital Library
- C. A. Ericson II. Hazard analysis techniques for system safety. John Wiley and Sons, 2000.Google Scholar
- D. Gupta, A. Segal, A. Panda, G. Segev, M. Schapira, J. Feigenbaum, J. Rexford, and S. Shenker. A New Approach to Interdomain Routing Based on Secure Multi-Party Computation. In ACM SIGCOMM Workshop on Hot Topics in Networks, 2012. Google ScholarDigital Library
- W. Henecka, S. Kögl, A.-R. Sadeghi, T. Schneider, and I. Wehrenberg. Tasty: tool for automating secure two-party computations. In ACM Conference on Computer and Communications Security, pages 451--462, 2010. Google ScholarDigital Library
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay\ --\ a secure two-party computation system. In USENIX Security Symposium, pages 298--302, 2004. Google ScholarDigital Library
- R. N. Mysore, A. Pamboris, N. Farrington, N. Huang, P. Miri, S. Radhakrishnan, V. Subramanya, and A. Vahdat. PortLand: A Scalable Fault-tolerant Layer 2 Data Center Network Fabric. In ACM SIGCOMM, pages 39--50, 2009. Google ScholarDigital Library
- W. Oremus. Internet outages highlight problem for cloud computing: Actual clouds, 2012. Available at http://www.slate.com/blogs/future_tense/2012/07/02/amazon_ec2_outage_netflix_pinterest_instagram_down_after_aws_cloud_loses_power.html.Google Scholar
- M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan. Auditing to keep online storage services honest. In USENIX Workshop on Hot Topics in Operating Systems, 2007. Google ScholarDigital Library
- M. A. Shah, R. Swaminathan, and M. Baker. Privacy-preserving audit and extraction of digital contents. Cryptology ePrint Archive, Report 2008/186, 2008. Available at http://eprint.iacr.org/2008/186/.Google Scholar
- W. E. Vesely, F. F. Goldberg, N. H. Roberts, and D. F. Haasl. Fault Tree Handbook. US Nuclear Regulatory Commission, 1981.Google Scholar
- C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou. Privacy-preserving public auditing for secure cloud storage. IEEE Transactions on Computers, 62(2):362--375, 2013. Google ScholarDigital Library
- C. Wang, K. Ren, W. Lou, and J. Li. Toward publicly auditable secure cloud data storage services. IEEE Network, 24(4):19--24, 2010. Google ScholarDigital Library
- C. Wang, Q. Wang, K. Ren, and W. Lou. Privacy-preserving public auditing for data storage security in cloud computing. In IEEE INFOCOM, pages 525--533, 2010. Google ScholarDigital Library
- Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li. Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 22(5):847--859, 2011. Google ScholarDigital Library
- K. Yang and X. Jia. Data storage auditing service in cloud computing: challenges, methods and opportunities. World Wide Web, 15(4):409--428, 2012. Google ScholarDigital Library
- A. C. Yao. Protocols for secure computation. In IEEE Symposium on Foundations of Computer Science, pages 160--164, 1982. Google ScholarDigital Library
- A. C. Yao. How to generate and exchange secrets. In IEEE Symposium on Foundations of Computer Science, pages 162--167, 1986. Google ScholarDigital Library
- E. Zhai, R. Chen, D. I. Wolinsky, and B. Ford. An untold story of redundant clouds: Making your service deployment truly reliable. In ACM Workshop on Hot Topics in Dependable Systems, 2013. Google ScholarDigital Library
- E. Zhai, D. I. Wolinsky, H. Xiao, H. Liu, X. Su, and B. Ford. Auditing the structural reliability of the clouds. Technical Report YALEU/DCS/TR-1479, July 2013. Available at http://www.cs.yale.edu/publications/techreports/tr1479.pdf.Google Scholar
Index Terms
- Structural cloud audits that protect private information
Recommendations
Privacy-Preserving Certificateless Cloud Auditing with Multiple Users
Cloud auditing is one of the important processes to ensure the security and integrity of data in cloud storage. Implementing cloud auditing requires various cryptographic tools such as identity-based cryptography and its variant: certificateless ...
Auditing and Analysis of Network Traffic in Cloud Environment
SERVICES '13: Proceedings of the 2013 IEEE Ninth World Congress on ServicesCloud computing allows users to remotely store their data into the cloud and provides on-demand applications and services from a shared pool of configurable computing resources. The security of the outsourced data in the cloud is dependent on the ...
Creating Your Own Private Cloud: Ezilla Toolkit -- For Coordinated Storage, Computing, and Networking Services
CCGRID '12: Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)As Cloud computing-based technology has grown, so have the number of services offered over the Cloud. Due to this rapid growth in Cloud-based technology, service providers must be able to deploy Cloud service environments very quickly and very easily. ...
Comments