Cloud integrity monitoring
1 / 16

Cloud Integrity Monitoring - PowerPoint PPT Presentation

  • Updated On :

Cloud Integrity Monitoring. Mike Smorul ADAPT Group University of Maryland, College Par. Cloud Computing. A new paradigm for offering a wide variety of cost effective services – storage, compute, software, application, infrastructure – over the internet.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Cloud Integrity Monitoring' - Renfred

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Cloud integrity monitoring l.jpg

Cloud Integrity Monitoring

Mike Smorul


University of Maryland, College Par

Cloud computing l.jpg
Cloud Computing

  • A new paradigm for offering a wide variety of cost effective services – storage, compute, software, application, infrastructure – over the internet.

  • A major issue – confidentiality and integrity of data stored in a cloud.

  • This presentation: a new light weight scheme for clients to monitor the integrity of their holdings in the cloud.

Monitoring concerns l.jpg
Monitoring Concerns

  • Transfer to validate incurs a fee.

  • Last mile may be too slow.

    • Remote monitoring not feasible

  • How can third parties validate their data?

Background ace integrity token l.jpg
Background: ACE Integrity Token

  • Small proof that resides alongside a file.

    • Proof links digest of file to external number (CSI)

  • May be transferred over insecure channels and still validated

    • Does not rely on secret data (private key, etc)

  • Linked to a single (nightly) published witness.

    • Witness is tiny (32 bytes)

    • Widely published

    • Witness provides 24h time window for token

    • Independent of size or type of data

Token construction l.jpg
Token Construction

  • Construction Steps

    • Aggregate all digests for a round (seconds)

    • Create small summary value for the round

    • At the end of each day, publish witness = aggregate data for all intermediate values

  • Value

    • Small amount of data after each aggregation

    • Alteration of the content of any object will cause the value of the witness to be different

    • Two levels allow for quick client response and tiny daily data

Types of audit l.jpg
Types of Audit

  • Audit Local Files: Periodically scans files and compares stored digests with computed digests.

    • Assume valid hashes in local storage

  • Audit Local Digests: Recompute the round summary for each digest using that digest and its token. This is compared to value stored on the IMS.

    • Assume IMS returns valid summary information, do not trust hashes stored locally

  • External IMS Audit: Round summaries are used to compute witness values. These are compared with offsite witness values.

    • Do not trust IMS, force IMS to prove its CSIs link to a witness

Storing token in a cloud l.jpg
Storing token in a cloud

  • Two possibilities

    • Whole token may be stored as separate file.

    • Validation components of token may be stored in attribute/value pairs

  • Tokens are small (1-2k)

  • Validation information is even smaller (<1k)

Validation by 3 rd party l.jpg
Validation by 3rd party

  • 3rd party downloads object and token.

  • Runs validation processes using external information

  • No interaction with original depositor required.

  • Validation information may be supplied as http headers from cloud service.

    • Validation information adds at most 10 digests to the header.

    • Uses metadata stored in cloud (no extra objects)

Data flow l.jpg
Data Flow

Cloud Storage

2. Token + data


3. Token + data

1. Token Request/Response



4. CSI Request/Response

How 3 rd party validation works l.jpg
How 3rd party validation works

  • Acquire token and original file

    • Use http headers, or separate token request

  • Compute digest for file

  • Compute CSI value using token + digest

  • Compare computed CSI to remote CSI on IMS

    • IMS is public, generally not tied to depositor.

  • (Optionally) Challenge IMS to prove CSI

  • Compare challenge result to external Witness

Validation during processing l.jpg
Validation during processing

  • Upload validation routines along with application

  • Application computes digest during access

    • Most languages allows you to chain or wrap data reads.

  • After read finished, validate digest using token

  • Inexpensive

    • Most computation likely to be service

    • External data required (CSI, Witness) is very small

Ex image conversion service l.jpg
Ex: Image Conversion Service

  • Request file from cloud storage

    • Compute digest during read

    • Perform transformation

  • When read finishes

    • Validate integrity using digest + token

    • Roll back transformation, log error if validation fails

  • No extra reads required for validation

  • Transformation likely to be more expensive than digest calculation

Remote validation l.jpg
Remote Validation

  • Most clouds do not charge for intra-cloud transfer.

  • Create an EC2 instance or other service that reads all data and validates

  • May be expensive depending on CPU fees

  • Sampling may be adequate

  • Requires you to trust EC2 to run your service and not return false results

    • False/forged results unlikely.

    • You are supplying image/software

Additional information l.jpg
Additional Information

  • Cloud extensions still in development

  • ACE Audit Manager is available for download


    • Now BSD licensed!