Ensuring distributed accountability

Nandini Chandran
Nandini Chandran

Ensuring distributed accountability

Nandini Chandran
Nandini Chandran

Ensuring distributed accountability

1 de 7
Ensuring Distributed Accountability for Data Sharing in the Cloud Abstract Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that users’ data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, users’ fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, in this paper, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with users’ data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. To strengthen user’s control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches.
Architecture
Literature Survey 1. Identity-Based Encryption from the Weil Pairing We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational Di_e- Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise de_nitions for secure identity based encryption schemes and give several applications for such systems. 2. An Open Framework for Foundational Proof-Carrying Code Today’s software systems often use many different computation features and span different abstraction levels (e.g., user code and runtime-system code). To build foundational certified systems, it is hard to have a single verification system supporting all computation features. In this paper we present an open framework for foundational proof-carrying code (FPCC). It allows program modules to be specified and certified separately using different type systems or program logics. Certified modules (i.e., code and proof) can be linked together to build fully certified systems. The framework supports modular verification and proof reuse. It is also expressive enough so that invariants established in specific verification systems are preserved even when they are embedded into our framework. Our work presents the first FPCC framework that systematically supports interoperation between different verification systems. It is fully mechanized in the Coq proof assistant with machine-checkable soundness proof. 3. Towards a theory of accountability and audit Accountability mechanisms, which rely on after-the-fact verification, are an attractive means to enforce authorization policies. In this paper, we describe an operational model of accountability- based distributed systems. We describe analyses which support both the design of accountability systems and the validation of auditors for finitary accountability systems. Our study provides
formal foundations to explore the tradeoffs underlying the design of accountability systems including: the power of the auditor, the efficiency of the audit protocol, the requirements placed on the agents, and the requirements placed on the communication infrastructure. Existing System With respect to Java-based techniques for security, our methods are related to self-defending objects (SDO) . Self-defending objects are an extension of the object-oriented programming paradigm, where software objects that offer sensitive functions or hold sensitive data are responsible for protecting those functions/data. Similarly, we also extend the concepts of object- oriented programming. The key difference in our implementations is that the authors still rely on a centralized database to maintain the access records, while the items being protected are held as separate files. In previous work, we provided a Java-based approach to prevent privacy leakage from indexing , which could be integrated with the CIA framework proposed in this work since they build on related architectures. In terms of authentication techniques, Appel and Felten proposed the Proof-Carrying authentication (PCA) framework. The PCA includes a high order logic language that allows quantification over predicates, and focuses on access control for web services. While related to ours to the extent that it helps maintaining safe, high-performance, mobile code, the PCA’s goal is highly different from our research, as it focuses on validating code, rather than monitoring content. Another work is by Mont et al. who proposed an approach for strongly coupling content with access control, using Identity-Based Encryption (IBE) . We also leverage IBE techniques, but in a very different way. We do not rely on IBE to bind the content with the rules. Instead, we use it to provide strong guarantees for the encrypted content and the log files, such as protection against chosen plaintext and cipher text attacks. In addition, our work may look similar to works on secure data provenance , but in fact greatly differs from them in terms of goals, techniques, and application domains. Works on data provenance aim to guarantee data integrity by securing the data provenance. They ensure that no one can add or remove entries in the middle of a provenance chain without detection, so that data are correctly delivered to the receiver. Differently, our work is to provide data accountability, to monitor the
usage of the data and ensure that any access to the data is tracked. Since it is in a distributed environment, we also log where the data go. However, this is not for verifying data integrity, but rather for auditing whether data receivers use the data following specified policies. Proposed System In the Proposed System, a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with users’ data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. To strengthen user’s control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches with the following constraints. 1. The logging should be decentralized in order to adapt to the dynamic nature of the cloud. More specifically, log files should be tightly bounded with the corresponding data being controlled, and require minimal infrastructural support from any server. 2. Every access to the user’s data should be correctly and automatically logged. This requires integrated techniques to authenticate the entity who accesses the data, verify, and record the actual operations on the data as well as the time that the data have been accessed.
3. Log files should be reliable and tamper proof to avoid illegal insertion, deletion, and modification by malicious parties. Recovery mechanisms are also desirable to restore damaged log files caused by technical problems. 4. Log files should be sent back to their data owners periodically to inform them of the current usage of their data. More importantly, log files should be retrievable anytime by their data owners when needed regardless the location where the files are stored. 5. The proposed technique should not intrusively monitor data recipients’ systems, nor it should Introduce heavy communication and computation overhead, which otherwise will hinder its feasibility and adoption in practice. System Software and Hardware Requirement Specifications System : Pentium IV 2.4 GHz or Latest Hard Disk : 40 GB Floppy Drive : 1.44 Mb Monitor : 14’ Colour Monitor Mouse : Optical Mouse Ram : 512 Mb Keyboard : 101 Keyboard.
Software Requirements Operating system : Windows XP Coding Language : Java (RMI, Swings, Awt, Networking) Mobile Coding : J2ME Wireless Toll kit : Sun WTK 2.5.1 Wireless Toolkit Data Base : MS Access IDE : Eclipse (Galileo)

Recomendados

Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...
Investigation on Revocable Fine-grained Access Control Scheme for Multi-Autho...IJCERT JOURNAL
280 visualizações6 slides
Cloud Computing Environment using Secured Access Control TechniqueCloud Computing Environment using Secured Access Control Technique
Cloud Computing Environment using Secured Access Control TechniqueIRJET Journal
62 visualizações8 slides
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloudNag Nani
1.1K visualizações11 slides
Attribute-Based Encryption for Cloud SecurityAttribute-Based Encryption for Cloud Security
Attribute-Based Encryption for Cloud SecurityMphasis
1.9K visualizações6 slides
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...Migrant Systems
1.5K visualizações5 slides
Attribute based encryption with privacy preserving in cloudsAttribute based encryption with privacy preserving in clouds
Attribute based encryption with privacy preserving in cloudsSwathi Rampur
638 visualizações6 slides

Mais conteúdo relacionado

Mais procurados

Oruta project reportOruta project report
Oruta project reportManasa Chowdary
4.7K visualizações47 slides

Mais procurados(19)

Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Migrant Systems 1.7K visualizações
Comments on “control cloud data access privilege and anonymity with fully ano...Comments on “control cloud data access privilege and anonymity with fully ano...
Comments on “control cloud data access privilege and anonymity with fully ano...
ieeepondy68 visualizações
Oruta project reportOruta project report
Oruta project report
Manasa Chowdary4.7K visualizações
Oruta privacy preserving public auditing for shared data in the cloudOruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloud
Nexgen Technology 7.3K visualizações
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
IEEEFINALYEARPROJECTS2.1K visualizações
DOTNET 2013 IEEE CLOUDCOMPUTING PROJECT Scalable and secure sharing of person...DOTNET 2013 IEEE CLOUDCOMPUTING PROJECT Scalable and secure sharing of person...
DOTNET 2013 IEEE CLOUDCOMPUTING PROJECT Scalable and secure sharing of person...
IEEEGLOBALSOFTTECHNOLOGIES1.5K visualizações
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data Sharing
IJERA Editor352 visualizações
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast Environment
IRJET Journal13 visualizações
Oruta privacy preserving public auditingOruta privacy preserving public auditing
Oruta privacy preserving public auditing
Papitha Velumani2.8K visualizações
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...
Papitha Velumani2.5K visualizações
A Novel privacy preserving public auditing for shared data in cloudA Novel privacy preserving public auditing for shared data in cloud
A Novel privacy preserving public auditing for shared data in cloud
JAVVAJI VENKATA RAO1.2K visualizações
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
PUBLIC AUDITING FOR SECURE CLOUD STORAGE ...
Bharath Nair1.6K visualizações
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudA Survey on Access Control Mechanisms using Attribute Based Encryption in cloud
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloud
ijsrd.com263 visualizações
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...
Adz91 Digital Ads Pvt Ltd9.7K visualizações
Cloud assisted mobile-access of health data with privacy and auditabilityCloud assisted mobile-access of health data with privacy and auditability
Cloud assisted mobile-access of health data with privacy and auditability
IGEEKS TECHNOLOGIES3.8K visualizações
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storage
Nagamalleswararao Tadikonda1.6K visualizações
Secure Data Storage in Cloud Using Encryption and SteganographySecure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and Steganography
iosrjce375 visualizações
Cam cloud assisted privacy preserving mobile health monitoringCam cloud assisted privacy preserving mobile health monitoring
Cam cloud assisted privacy preserving mobile health monitoring
IEEEFINALYEARPROJECTS3.1K visualizações
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing report
Kiran Girase489 visualizações

Destaque

Biometric systemsBiometric systems
Biometric systemsAnooja Pillai
689 visualizações7 slides
Biometrics Pros & consBiometrics Pros & cons
Biometrics Pros & consGagan Gowda
10.4K visualizações20 slides
Introduction of BiometricsIntroduction of Biometrics
Introduction of BiometricsAnit Thapaliya
4K visualizações19 slides

Destaque(14)

Security & Biometrics LATAM ReportSecurity & Biometrics LATAM Report
Security & Biometrics LATAM Report
★ Herve DELHUMEAU, MBA973 visualizações
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
BIOMETRIC TECHNOLOGY TOWARDS PREVENTION OF MEDICAL IDENTITY THEFT: PHYSICIANS...
hiij197 visualizações
Biometric systemsBiometric systems
Biometric systems
Anooja Pillai689 visualizações
Biometrics Pros & consBiometrics Pros & cons
Biometrics Pros & cons
Gagan Gowda10.4K visualizações
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - Report
Navin Kumar3.8K visualizações
Introduction of BiometricsIntroduction of Biometrics
Introduction of Biometrics
Anit Thapaliya4K visualizações
Biometric technologyBiometric technology
Biometric technology
Dharmik 4.2K visualizações
Final reportFinal report
Final report
Pranjul Mishra1K visualizações
Final Report BiometricsFinal Report Biometrics
Final Report Biometrics
anoop8068624.9K visualizações
Biometrics Technology Seminar Report.Biometrics Technology Seminar Report.
Biometrics Technology Seminar Report.
Pavan Kumar MT26.1K visualizações
biometricsbiometrics
biometrics
Akhil Kumar23.6K visualizações
Biometric slideshareBiometric slideshare
Biometric slideshare
prachi12.7K visualizações
Biometrics TechnologyBiometrics Technology
Biometrics Technology
lole236.7K visualizações
Biometric's final pptBiometric's final ppt
Biometric's final ppt
Ankita Vanage146.2K visualizações

Similar a Ensuring distributed accountability

I42024349I42024349
I42024349IJERA Editor
489 visualizações7 slides
TestTest
TestNitish Bhardwaj
121 visualizações16 slides
Dont look at thisDont look at this
Dont look at thismylawyer1
500 visualizações16 slides
TestTest
TestNitish Bhardwaj
208 visualizações16 slides
Pp1tPp1t
Pp1tNitish Bhardwaj
108 visualizações16 slides

Similar a Ensuring distributed accountability(20)

Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Yashwanth Reddy4.3K visualizações
I42024349I42024349
I42024349
IJERA Editor489 visualizações
TestTest
Test
Nitish Bhardwaj121 visualizações
Dont look at thisDont look at this
Dont look at this
mylawyer1500 visualizações
TestTest
Test
Nitish Bhardwaj208 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj108 visualizações
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
Nitish Bhardwaj166 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj96 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj72 visualizações
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
Nitish Bhardwaj920 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj84 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj124 visualizações
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
Nitish Bhardwaj96 visualizações
82ugszwcqn29itkwai2q 140424034504-phpapp0182ugszwcqn29itkwai2q 140424034504-phpapp01
82ugszwcqn29itkwai2q 140424034504-phpapp01
Nitish Bhardwaj98 visualizações
Ppt1 130410095050-phpapp01Ppt1 130410095050-phpapp01
Ppt1 130410095050-phpapp01
Nitish Bhardwaj119 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj71 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj165 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj96 visualizações
Pp1tPp1t
Pp1t
Nitish Bhardwaj95 visualizações
82ugszwcqn29itkwai2q 140424034504-phpapp0182ugszwcqn29itkwai2q 140424034504-phpapp01
82ugszwcqn29itkwai2q 140424034504-phpapp01
Nitish Bhardwaj124 visualizações

Ensuring distributed accountability

  • 1. Ensuring Distributed Accountability for Data Sharing in the Cloud Abstract Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that users’ data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, users’ fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, in this paper, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with users’ data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. To strengthen user’s control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches.
  • 3. Literature Survey 1. Identity-Based Encryption from the Weil Pairing We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational Di_e- Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise de_nitions for secure identity based encryption schemes and give several applications for such systems. 2. An Open Framework for Foundational Proof-Carrying Code Today’s software systems often use many different computation features and span different abstraction levels (e.g., user code and runtime-system code). To build foundational certified systems, it is hard to have a single verification system supporting all computation features. In this paper we present an open framework for foundational proof-carrying code (FPCC). It allows program modules to be specified and certified separately using different type systems or program logics. Certified modules (i.e., code and proof) can be linked together to build fully certified systems. The framework supports modular verification and proof reuse. It is also expressive enough so that invariants established in specific verification systems are preserved even when they are embedded into our framework. Our work presents the first FPCC framework that systematically supports interoperation between different verification systems. It is fully mechanized in the Coq proof assistant with machine-checkable soundness proof. 3. Towards a theory of accountability and audit Accountability mechanisms, which rely on after-the-fact verification, are an attractive means to enforce authorization policies. In this paper, we describe an operational model of accountability- based distributed systems. We describe analyses which support both the design of accountability systems and the validation of auditors for finitary accountability systems. Our study provides
  • 4. formal foundations to explore the tradeoffs underlying the design of accountability systems including: the power of the auditor, the efficiency of the audit protocol, the requirements placed on the agents, and the requirements placed on the communication infrastructure. Existing System With respect to Java-based techniques for security, our methods are related to self-defending objects (SDO) . Self-defending objects are an extension of the object-oriented programming paradigm, where software objects that offer sensitive functions or hold sensitive data are responsible for protecting those functions/data. Similarly, we also extend the concepts of object- oriented programming. The key difference in our implementations is that the authors still rely on a centralized database to maintain the access records, while the items being protected are held as separate files. In previous work, we provided a Java-based approach to prevent privacy leakage from indexing , which could be integrated with the CIA framework proposed in this work since they build on related architectures. In terms of authentication techniques, Appel and Felten proposed the Proof-Carrying authentication (PCA) framework. The PCA includes a high order logic language that allows quantification over predicates, and focuses on access control for web services. While related to ours to the extent that it helps maintaining safe, high-performance, mobile code, the PCA’s goal is highly different from our research, as it focuses on validating code, rather than monitoring content. Another work is by Mont et al. who proposed an approach for strongly coupling content with access control, using Identity-Based Encryption (IBE) . We also leverage IBE techniques, but in a very different way. We do not rely on IBE to bind the content with the rules. Instead, we use it to provide strong guarantees for the encrypted content and the log files, such as protection against chosen plaintext and cipher text attacks. In addition, our work may look similar to works on secure data provenance , but in fact greatly differs from them in terms of goals, techniques, and application domains. Works on data provenance aim to guarantee data integrity by securing the data provenance. They ensure that no one can add or remove entries in the middle of a provenance chain without detection, so that data are correctly delivered to the receiver. Differently, our work is to provide data accountability, to monitor the
  • 5. usage of the data and ensure that any access to the data is tracked. Since it is in a distributed environment, we also log where the data go. However, this is not for verifying data integrity, but rather for auditing whether data receivers use the data following specified policies. Proposed System In the Proposed System, a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with users’ data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. To strengthen user’s control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches with the following constraints. 1. The logging should be decentralized in order to adapt to the dynamic nature of the cloud. More specifically, log files should be tightly bounded with the corresponding data being controlled, and require minimal infrastructural support from any server. 2. Every access to the user’s data should be correctly and automatically logged. This requires integrated techniques to authenticate the entity who accesses the data, verify, and record the actual operations on the data as well as the time that the data have been accessed.
  • 6. 3. Log files should be reliable and tamper proof to avoid illegal insertion, deletion, and modification by malicious parties. Recovery mechanisms are also desirable to restore damaged log files caused by technical problems. 4. Log files should be sent back to their data owners periodically to inform them of the current usage of their data. More importantly, log files should be retrievable anytime by their data owners when needed regardless the location where the files are stored. 5. The proposed technique should not intrusively monitor data recipients’ systems, nor it should Introduce heavy communication and computation overhead, which otherwise will hinder its feasibility and adoption in practice. System Software and Hardware Requirement Specifications System : Pentium IV 2.4 GHz or Latest Hard Disk : 40 GB Floppy Drive : 1.44 Mb Monitor : 14’ Colour Monitor Mouse : Optical Mouse Ram : 512 Mb Keyboard : 101 Keyboard.
  • 7. Software Requirements Operating system : Windows XP Coding Language : Java (RMI, Swings, Awt, Networking) Mobile Coding : J2ME Wireless Toll kit : Sun WTK 2.5.1 Wireless Toolkit Data Base : MS Access IDE : Eclipse (Galileo)