Article Preview
TopIntroduction
Cloud computing has gained significant popularity during the evolution of communication and information technology. Major cloud service providers are Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). Cloud computing offers elastic and on-demand network access to a shared pool of computing resources. The resources include storage, networking, computation, security, and others. A number of organizations use Cloud computing to store a large amount of data remotely instead of keeping it on local devices. The services provided by the Cloud require wide bandwidth with high-speed internet that limits its adoption by many end users. Similarly, vendor lock-in is another challenge in the Cloud computing environment and it is difficult to migrate data from one Cloud provide to another. Recently, decentralized storage system has been introduced for storing the data securely without the third-party assistance. Distributed file system (DFS) is one of its application in which data chunks are stored on different peers over the network. Different implementations include Interplanetary file system (IPFS), {SWARM}, and {SIA} and others. The interplanetary file system is a peer-to-peer network that provides an alternative solution for storing a large amount of data and provides a platform that works independently from central servers. IPFS uses the concept of storing data based on content based-addressing. It works by dividing data into fixed-size chunks, distribute them over the entire network and then constructing a hash table. Distributed file systems can thus facilitate existing Cloud users to store data locally, giving them more control over the data.
Security is a major concern for the sensitive and private data. Authorization or access control policies allow determining who can access what resources based on some attributes or roles. All major cloud providers provide access control or authorization services, for example, Amazon provides Identity and Access management (IAM) service to specify authorization policies. Migrating private or sensitive data from the cloud to the distributed file system (DFS) is not feasible unless one can migrate the authorization policies, associated with the data on the Cloud, to the DFS. The current implementations of DFS, such as IPFS and Sia, do not provide any authorization policies specification mechanism and thus it is difficult for data to be migrated from the Cloud. The blockchain is another decentralized storage system that works without any central authority and stores data in the form of a list of blocks that are linked using cryptographic hash of previous block. Data in blockchain is stored in the form of blocks linked together to form an immutable chain. Every time a new transaction occurs in the blockchain, it is added to the ledger and sent to all network peers. As the blockchain is a decentralized solution similar to the design of DFS, it is natural to extend the concept of DFS and use a Blockchain for the specification of authorization policies.
This paper addresses the problem of migrating data, and associated authorization policies, from the Cloud to the DFS. The authorization process has remained a highly active research area since the last few decades and several approaches have been proposed to address different aspects related to authorization. In this context, some recent approaches attempt to solve different aspects related to authorization services provided by the Cloud, such as based on IAM service by AWS (Zahoor, Bibi, & Perrin, 2019; Zahoor, Ikram, Akhtar, & Perrin, 2018). However, there exists no approach which handles the case of data and authorization policies migration from the Cloud to the DFS, the problem being addressed in this work. The proposed approach has been mapped to migrate data from AWS S3 to the IPFS and the resource-based authorization policies specified at AWS are added to a custom blockchain solution. Specifically, the contributions of the proposed approach include: