by anam zahid ms it 13 nust201260763mseecs60012f supervisor dr awais shibli n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli PowerPoint Presentation
Download Presentation
By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli

Loading in 2 Seconds...

play fullscreen
1 / 32

By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli - PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on

Secure Sharding in Federated Clouds. By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli. Agenda. Introduction Industrial Motivation Literature Review Problem Statement Proposed Architecture Tools and Technologies Timeline References. NoSQL Database.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'By: Anam Zahid, MS(IT)-13 [NUST201260763MSEECS60012F] Supervisor: Dr Awais Shibli' - quentin-good


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
by anam zahid ms it 13 nust201260763mseecs60012f supervisor dr awais shibli

Secure Sharding in Federated Clouds

By: Anam Zahid, MS(IT)-13

[NUST201260763MSEECS60012F]

Supervisor: Dr Awais Shibli

agenda
Agenda
  • Introduction
  • Industrial Motivation
  • Literature Review
  • Problem Statement
  • Proposed Architecture
  • Tools and Technologies
  • Timeline
  • References
nosql database
NoSQL Database
  • Open source
  • Flexible Data model
  • High Scalability and Performance
  • Handles Large volumes of unstructured data
  • Best suitable for Cloud
  • Integrated Caching
sharding
Sharding
  • Horizontal Scalability
  • Can be based on Various parameters (Chunk size, data Relevance, key ranges etc)
sharding1
Sharding
  • Two basic operations
    • Chunk Splitting
    • Chunk Migration
cloud computing
Cloud Computing

Measured Service

Broad Network Access

Rapid Elasticity

On-Demand Self Service

Essential

Characteristics

Resource Pooling

Software as a Service

Platform as a Service

Infrastructure as a Service

Service Models

Public

Private

Hybrid

Community

Deployment Models

cloud security threats
Cloud Security Threats

Data Breaches

Data Loss

Account Hijacking

Insecure APIs

Denial of Services

Malicious Insider

Abuse of Cloud Services

Insufficient Due Diligence

Shared Technology Issues

cloud database issues
Cloud Database Issues

Security & Privacy

Availability

Consistency

Cloud Database

Performance

Fault Tolerance

Scalability

Simplified Queries

Inter-operability

cloud federation
Cloud Federation

Cloud service providers collaborate dynamically to share their virtual infrastructure for

Efficient use of Surplus Resources

Capacity

Management

Prevention from Power Outages &

Failures

Load

Balancing

Prevention from Vendor

Lock-ins

Scaling Data to other CSPs

industrial motivation
Industrial Motivation

“We think the lack of security around NoSQL is going to take a toll on Organizations” Amichai Shulman, Co-founder & CTO of Imperva

Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214

industrial motivation cont
Industrial Motivation (cont.)

“Instead of SQL injection you have JavaScript or JSON injection” Alex Rothacker, manager of Application Security Inc.'s research division, Team SHATTER

Rothacker suggests that because of the dependence on the perimeter to secure these databases, organizations strongly consider encryption whenever possible

Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214

zncrypt for mongodb
zNcrypt for MongoDB

Reference: MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013].

metastorage
MetaStorage

Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011.

metastorage1
MetaStorage

Pros

  • Security maintained through role based user management
  • Increased availability because of multiple storage providers
  • Low latency due to data replication

Cons

  • No communication security (e.g SSL, TLS) or security of data at rest (e.g encryption) etc
  • Additional overhead due to data processing layer
  • Consistency issues due to different cloud storage services
  • No scalability limitations

Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011.

slide17
RACS

Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.

slide18
RACS

Pros

  • Each RACS proxy maintains user authentication information and credentials for each repository
  • Use redundancy through fragmentation for high availability
  • Read synchronizations using zookeeper

Cons

  • No communication as well as data at rest security
  • High latency due to mutual consistency
  • Data loss when RACS proxy crashes

Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.

management of symmetric cryptographic keys in cloud
Management of Symmetric Cryptographic Keys in cloud

Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013

management of symmetric cryptographic keys in cloud1
Management of Symmetric Cryptographic Keys in cloud

Pros

  • Distributed Key generation on client side
  • Privacy maintained through client’s key component contribution in key regeneration.
  • Recoverable key components except for client side component

Cons

  • Communication overhead when key to decrypt data is needed in cloud
  • Key combiner on client terminal

Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013

summary
Summary

So, besides providing high availability and throughput because of data fragmentation, there is a need for

  • strong client authentication and authorization mechanisms
  • Security of data during transmission (e.g. through TLS, SSL, IPSec etc)
  • Data-at-rest security (e.g. hashing, encryption etc)
our motivation
Our Motivation

According to Microsoft’s Framework For data Governance

Source: http://www.microsoft.com/privacy/datagovernance.aspx

our motivation1
Our motivation

Compliance Organizations rules and policies:

fine grained access control for database management systems
Fine Grained Access Control for Database Management Systems

Masood, R.; Shibli, M.A., “Fine Grained Access Control for Database Management Systems," MS Thesis, SEECS NUST, (2013).

problem statement
Problem Statement

In order to avoid the prevalent problem of data breaches in distributed cloud environment, there is a need to provide effective access control and encryption to ensure the security of data residing on the domain of various cloud providers.

proposed architecture1
Proposed Architecture

Key Distribution Store

For Distributed Data “PUT” request

10

6

NoSQL Database Server

NoSQL Database Server

NoSQL Database Server

NoSQL Database Server

NoSQL Database Server

11

FCSP

NoSQL Database Server

11

Config.

Server

Encryption/

Decryption Engine

9

Query Router

HCSP

7

7

12

Config.

Server

Encryption/

Decryption Engine

5

8

4

7

Query Router

Fine Grained Access Control

Authentication

3

2

Client Application

1

contribution
Contribution

In our proposed system, data security would be ensured by:

  • Client side Authentication
  • Embedded Fine grained authorization
  • Selective field Encryption of data chunks
  • Distribution of data across several service providers
tools and technologies
Tools and Technologies
  • MongoDB
  • C++ (MS Visual Studio)
  • Open Stack
  • XACML
references
References
  • [1] Fox, Armando, Rean Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica. "Above the clouds: A Berkeley view of cloud computing." Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS 28 (2009).
  • [2] Arora, Indu, and Anu Gupta. "Cloud Databases: A Paradigm Shift in Databases."International J. of Computer Science Issues 9, no. 4 (2012): 77-83.
  • [3] https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
  • [4] Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing (draft)." NIST special publication 800, no. 145 (2011): 7.
  • [5] MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013].
  • [6] http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/
  • [7] http://www.darkreading.com/database/does-nosql-mean-no-security/232400214
  • [8] Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011.
  • [9] Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.
  • [10] Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013
  • [11] Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4, no. 1 (2013): 1-13.
  • [12] Chandra, DekaGanesh, Ravi Prakash, and SwatiLamdharia. "A Study on Cloud Database." In Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on, pp. 513-519. IEEE, 2012.
  • [13] Subashini, S., and V. Kavitha. "A survey on security issues in service delivery models of cloud computing." Journal of Network and Computer Applications 34, no. 1 (2011): 1-11.