Securing Cloud Storage

Securing Cloud Storage

Jacques Jorda (Institut de Recherche en Informatique de Toulouse, Université Paul Sabatier, France) and Abdelaziz M’zoughi (Institut de Recherche en Informatique de Toulouse, Université Paul Sabatier, France)
Copyright: © 2013 |Pages: 20
DOI: 10.4018/978-1-4666-2125-1.ch009
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Data storage appears as a central component of the problematic associated with the move of processes and resources in the cloud. Whether it is a simple storage externalization for backup purposes, use of hosted software services or virtualization in a third-party provider of the company computing infrastructure, data security is crucial. This security declines according to three axes: data availability, integrity and confidentiality. Numerous techniques targeting these three issues exist, but none presents the combined guarantees that would allow a practical implementation. The authors’ solution relies on the integration of these techniques to a virtualization middleware. Quality of service definition allows specifying the nature of the security to implement with a seamless access.
Chapter Preview
Top

Background

When data are moved in the cloud, the storage security is critical. Because data are no longer managed by their owner, the latter must be ensured that security is maintained. This security is defined by three main parameters: confidentiality, integrity and availability. These three parameters are used to characterize threats likely to affect the data.

Data availability is crucial. Storage provider must ensure that the data will be available independently of what could happen, by committing fast turnaround time subjected to a penalty. Providers such as Amazon with its Simple Storage Service are likely to be unavailable for several hours. When it happens, the user computing infrastructure becomes partly ineffective (when only few services are hosted by Saas solutions) or completely ineffective (when the all user server infrastructure is virtualized and hosted by the provider), leading to significant losses. To always ensure data availability, the provider must thus implement not only redundancy solutions but also backups.

Data integrity issue relies on the guarantee sought by the user that all his externalized data are effectively present and non-altered in its provider infrastructure. Data integrity damages may results from malicious third party attacks, hosting infrastructure vulnerabilities, or conscious choice of the hosting infrastructure to delete non-accessed data to maximize its costs. This issue begins to be well studied in the literature with, for example, the use of POR (Proof Of Retreivability) and PDP (Proof of Data Possession) tools. These techniques allow detecting data integrity damage without requiring local data copy storage by the user (the aim being exactly to externalize the storage).

Data confidentiality remains one of the main concerns and the major barrier to the development of cloud services. This confidentiality is vulnerable to conventional threats (injection attacks, cross-site scripting…) but also to specific cloud computing threats (hypervisor flaws, management of the security perimeter within a company, confidence in the provider). At this level, differences can be separated according to the user infrastructure externalization degree in the provider infrastructure:

Complete Chapter List

Search this Book:
Reset