Upload
asha-nadimpalli
View
31
Download
0
Embed Size (px)
Citation preview
Data protectión &malicious insiders detection in cloud
abstract
• Cloud Storage Enables Users To Store Their Data Offering strong data
protection to cloud users while enabling rich applications is a
challenging task. We explore a new cloud platform architecture called
Data Protection as a Service, which dramatically reduces the per-
application development effort required to offer data protection, while
still allowing rapid development and maintenance.
Existing system
• a key challenge is how to ensure and build confidence that the cloud
can handle user data securely. A recent Microsoft survey found that
“58 percent of the public and 86 percent of business leaders are
excited about the possibilities of cloud computing. But more than 90
percent of them are worried about security, availability, and privacy of
their data as it rests in the cloud. It’s impossible to develop a single
data-protection solution for the cloud
disadvantages
• 1)Integrity problem
• 2)privacy problem
• 3)verification problem
• 4)rich computation problem
• 5)development and maintenance problem
Proposed system
• We propose a new cloud computing paradigm, data protection as a
service (DPaaS) is a suite of security primitives offered by a cloud
platform, which enforces data security and privacy and offers evidence
of privacy to data owners, even in the presence of potentially
compromised or malicious applications. Such as secure data using
encryption, logging, key management.
advantages
1)it must be able to perform user authentication, or at least have a trusted way to know who’s logged in and accessing the service; and
2) it must rely on encryption and authenticated data store techniques to remove the need to trust the storage service.
3) administrative access for maintenance operations such as debugging
System architecture
modules
• Cloud Computing• Trusted Platform Module • Third Party Auditor• User Module
Cloud Computing
Cloud computing promises
• lower costs
• rapid scaling
• easier maintenance
• service availability
Trusted Platform Module
) A trusted platform module (TPM) to provide secure and verifiable boot and dynamic root of trust.
• Two techniques
Full disk Encryption
Computing on Encrypted data
Third Party Auditor
• In this module, Auditor views the all user data and verifying data and also changed data. Auditor directly views all user data without key. Admin provided the permission to Auditor. After auditing data, store to the cloud.
User Module
• User store large amount of data to clouds and access data using secure key. Secure key provided admin after encrypting data. Encrypt the data using TPM. User store data after auditor, view and verifying data and also changed data. User again views data at that time admin provided the message to user only changes data.
Use -case diagram
View all user data
changing data
AUDITOR
store
allows user data
view all dataADMIN
view auditing details
view data
change data with alert
USER
User data
Sequence diagram
user auditor cloud admin
data upload with encrypt
view all user data
change or unchanging store dataview user data
view auditing details
allow new data
view data or change data with alert message
collaboration diagram
user
auditor
cloud
admin
1: data upload with encrypt 5: view auditing details7: view data or change data with alert message
2: view all user data
3: change or unchanging store data
4: view user data
6: allow new data
Class diagram
User
string upload data;string view data;string change data
user process()
Auditor
string view all users data;string changing data;unchanging data;
auditor process()
Admin
string view all data;string allow new data;string view auding data details
Admin process()
login
string username;string password;
check valid()unvalid()
screens
screens
screens
enhancement
• We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against
the misuse of the user’s real data.
Conclusion
• The cloud platform not only provides the hardware and software stack as in today’s cloud computing, but also dynamic data protection that protects users’ data while enabling rich computation over them.
• Data is protected at the platform level.
Queries