PowerPoint

Presenter: Kuei-Yu HsuAdvisor: Dr. Kai-Wei Ke2013/1/2 (Happy New Year :D)CloudZone: Towards an integrity layer of cloud data storage based on multi agent system architectureOutlineThe Basics of Cloud ComputingIntroductionCloudZoneResearch MethodologyConclusions2The Basics of Cloud ComputingWhat is cloud computing?5 Essential characteristicsCloud computing layersService models

3What is cloud computing?Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). by Wikipedia

A type of parallel and distributed system consisting of a collection of interconnected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the cloud service provider (CSP) and cloud users.45 Essential characteristicsOn-demand self-serviceA consumer can unilaterally provision computing capabilities, as needed automatically without requiring human interaction with each services provider.

Broad network accessCapabilities are available over the network and accessed through standard mechanisms (e.g., mobile phones, laptops, and PDAs).

Measured ServiceCloud systems automatically control and optimize resource use by leveraging a metering capability.55 Essential characteristics (2)Resource poolingThe providers computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

Rapid elasticityCapabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in.6Cloud Computing Layers

7

Service ModelsSoftware as a service (SaaS)cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients.

Platform as a service (PaaS)cloud providers deliver a computing platform.

Infrastructure as a service (IaaS)IaaS providers offer computers, as physical or more often as virtual machines, and other resources.8Introduction9IntroductionThe ultimate challenge in cloud computing is data-level security, and sensitive data is the domain of the enterprise, not the cloud computing provider.

Cloud Data Storage (CDS) systems offer services to assure integrity of data transmission. However, they do not provide a solution to the CDS integrity problem.

Thus, the cloud client would have to develop its own solution, in order to verify that cloud data returned by the CDS server has not been tampered with.

10Introduction (2)Multi Agent System (MAS) is defined as a loosely coupled network of problem-solver entities that work together to find answers to problems that are beyond the individual capabilities or knowledge of each entity.

As data is the base for providing cloud computing services (Daas, SaaS, Paas), keeping data integrity is a fundamental task.11CloudZoneCloudZone OverviewCloudZone Requirements12CloudZone Overview

13CloudZone Overview (2)Cloud Service Provider Agent (CSPA)Provide the security service task according to the authorized service level agreements (SLAs) and the original message content sent by the CDIBA and CDAuA.Receive the security reports and/or alarms from the rest of other agents to respect.Monitor specific activities concerning a part of the CDS or a particular cloud user.Translate the attack in terms of goals.14CloudZone Overview (3)Display the security policies specified by the CSP and the rest of the agents.Designing user interfaces that prevent the input of invalid cloud data.Creating security reports/ alarm systems.

Cloud Data Integrity Backup Agent (CDIBA)Main responsibility is to enable the CDS by the new backup technique using Structural Query Language (SQL) programming.15CloudZone RequirementsCloudZone only backs up the MS SQL databases. It does not back up other MS SQL files such as program installation files, etc.CloudZone does not support component-based backup.CloudZone does not use Visual SourceSafe (VSS) for backup and restore.The CloudZone supports backup and recovery of Windows Oracle 11i.16Research MethodologySecure System Development Life Cycle (SecSDLC)InvestigationAnalysisDesignImplementationTesting & Validation

17Secure System Development Life Cycle (SecSDLC)SDLC is a process of creating or altering information systems, and the models and methodologies that people use to develop these systems.

Investigationbegins with directive from management, scope, goals, objective

18Secure System Development Life Cycle (SecSDLC) (2)Analysisexisting security examined, threats and controls assessedDesignLogical: blueprints, incident responses plannedPhysical: final design, definition of successImplementationsecurity solutions obtained, tested, implemented, tested again - training and approval submitTesting & Validationmonitor, test, modify, update, repair/reconstruction

19Phase 1: InvestigationA key aspect of Information Security is integrity.Data Integrity in cloud computing refers to protecting cloud data from unauthorized deletion, modification or fabrication.

20Phase 1: Investigation (2)CDIBA is enable the cloud user to reconstruct the original cloud data by downloading the cloud data vectors from the cloud servers.

backing up the cloud data regularly from CloudZone and sending security reports and/or alarms to CSPA when:Human errors when cloud data is entered.Errors that occur when cloud data is transmitted from one computer to another.Software bugs or virus.Hardware malfunctions, such as disk crashes.21Phase 2: AnalysisCloud Data Security Adversary Analysis Approach

22Phase 2: Analysis (2)Weak Adversary:The adversary is interested in corrupting the users CDS stored on individual servers. Once a server is comprised, an adversary can pollute the original CDS by modifying or introducing its own fraudulent cloud data to prevent the original cloud data from being retrieved by the cloud user.Strong Adversary:This is the worst case scenario, in which we assume that the adversary can compromise all the cloud servers so that it can intentionally modify the CDS as long as they are internally consistent. In fact, this is equivalent to the case where all servers are colluding together to hide a cloud data loss or corruption incident.23Phase 3: DesignThe Prometheus methodology is a detailed process for specifying, designing, and implementing intelligent agent systems.

The Prometheus methodology consists of three phases:System SpecificationArchitectural designDetailed design24Phase 3: Design (2)

CloudZone Design Goals25Phase 4: Implementationwill be developed using FIPA (Foundation for Intelligent Physical Agents) compliant JADE-S agent framework version 2.

JADE (Java Agent DEvelopment framework) is a FIPA compliant software framework fully implemented in the Java programming language, which simplifies the implementation of MASs.

JADE-S is formed by the combination of the standard version of JADE with the JADE security plug-in.26Phase 5: Testing & ValidationCloud computing platform: have asked a permission of the Cloud Service Provider (CSP) of Malaysian Institute of Microelectronic Systems (MIMOS)

the scale of the CDS system: will measure the times required for the agents to travel around different number of cloud users before and after implementing our MAS technique based on the linearly over the Round Trip Time (RTT) for each agent.27Conclusions28ConclusionsThis paper proposed MAS architecture based on integrity policy for secure CDS.

The architecture consists of two types of agents: Cloud Service Provider Agent (CSPA) and Cloud Data Integrity Backup Agent (CDIBA).

CloudZone is proposed to meet the need of integrity layer the era of cloud computing.29ReferencesA.M. Talib, R. Atan, R. Abdullah, and M.A. Azmi Murad. CloudZone: Towards an Integrity Layer of Cloud Data Storage Based on Multi Agent System Architecture, ICOS 2011, IEEE Press., pp. 189-194

S. Sakr, A. Liu, D. M. Batista, and M. Alomari, A survey of large scale data management approaches in cloud environments, IEEE Communications Surveys and Tutorials, vol. 13, no. 3, 2011.

30Thanks for listening31