Ensuring Distributed Accountability for

Data Sharing in Cloud

A
Seminar report
Submitted in partial fulfillment of the requirements for
the award of B.Tech Degree in
COMPUTER SCIENCE AND ENGINEERING

of Cochin University of Science & Technology By

NOYAL P.A
Under the guidance of

Mrs. DEEPA S KUMAR

&
Mrs. LAYA DEVADAS

November 2015
Department of Computer Science and Engineering

COLLEGE OF ENGINEERING MUNNAR

P B No. 45, COUNTY HILLS, MUNNAR-685612

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

COLLEGE OF ENGINEERING MUNNAR

P B No. 45, COUNTY HILLS, MUNNAR - 685612

CERTIFICATE

This is to certify that the content

Seminar
of thereportentitled
Ensuring Distributed Accountability for Data Sharing in Cloud of
Noyal P.A for the award of Degree of Bachelor of Technology in
Computer Science And Engineering
of the Cochin University of Science and, Technology
is a bonafide
account of the work carried out by him
in this department during the
academic year
2015-16, under our supervision.

Seminar Coordinator

Head of the Department

1
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

ABSTRACT

Cloud computing enables highly scalable services to be easily

consumed over the Internet on an as-needed basis. A major feature of the cloud
services is that users data are usually processed remotely in unknown
machines that users do not own or operate. While enjoying the convenience
brought by this new emerging technology, users fears of losing control of their
own data (particularly, financial and health data) can become a significant
barrier to the wide adoption of cloud services.
To address this problem, here, we propose a novel highly decentralized
information accountability framework to keep track of the actual usage of the
users data in the cloud. In particular, we propose an object-centered approach
that enables enclosing our logging mechanism together with users data and
policies. We leverage the JAR programmable capabilities to both create a
dynamic and traveling object, and to ensure that any access to users data will
trigger authentication and automated logging local to the JARs. To strengthen
users control, we also provide distributed auditing mechanisms. We provide
extensive experimental studies that demonstrate the efficiency and
effectiveness of the proposed approaches.

2
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

ACKNOWLEDGEMENT

I have immense pleasure to present this seminar on Ensuring Distributed

Accountability for Data Sharing in Cloud, a topic of my personal interest. Firstly, I
thank God, the almighty for giving me such a great opportunity to present this
seminar.
I express my sincere gratitude to Mrs.Deepa S Kumar (HOD of Computer
Science and Engineering ) for her support.
I sincerely express my thanks to Mrs. Laya Devadas for the approval and
guidance given.
Lastly, I sincerely express my gratitude to other teachers and my dear friends
for their valuable co-operation and help.

NOYAL P.A

3
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

CONTENTS
Page No.
1. INTRODUCTION

2. CLOUD COMPUTING TECHNOLOGY

3. EXISTING SYSTEM

13

4. PROPOSED CIA FRAMEWORK

14

5. MODULES IN CIA FRAMEWORK

5.1. CIA FRAMEWORK

18

5.2. DISTINCT MODE FOR AUDITING

18

5.3. LOGGING AND AUDITING TECHNIQUES

19

5.4. MAJOR COMPONENTS OF CIA

21

6. WORKING OF CIA FRAMEWORK

22

7. FLOWCHARTS IN CIA FRAMEWORK

24

8. ADVANTAGES OF CIA FRAMEWORK

26

9. APPLICATIONS AND FUTURE SCOPE

27

10. CONCLUSION

29

11. REFERENCES

30

4
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

LIST OF FIGURES:

1.
2.
3.
4.
5.
6.
7.
8.
9.

Pg.No

Cloud Computing
Structure of cloud computing
Overview of CIA framework
Time to create log files of different sizes
Structure of logger
Auditing Mechanism in cloud
Working of CIA framework
Data Flow diagram in CIA
Flowchart in CIA

11
12
17
19
20
20
22
23
24

5
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

1. INTRODUCTION
Cloud computing is the use of computing resources(H/w & S/w) that are
delivered as a service over a network (typically the internet).Cloud computing refers
to the delivery of computing and storage capacity as a services to a heterogeneous
community of end-recipients the name comes from the use of clouds as an abstraction
for the complex infrastructure. It provides remote services with a users data, software
and computation over a network. Cloud computing is the newest term for the long
dreamed vision of computing as a utility. Cloud computing is scalable services. Cloud
computing is a computing platform that resides in a large data center and is able to
dynamically provide servers the ability to address a wide range of needs, ranging from
scientific research to e-commerce. Cloud computing is expanding rapidly as service
used by a great many individuals and organizations internationally, policy issues
related to cloud computing. Details of the services provided are abstracted from the
users who no longer need to be experts of technology infrastructure. Moreover, users
may not know the machines which actually process and host their data. While
enjoying the convenience brought by this new technology, users also start worrying
about losing control of their own data. The data processed on clouds are often
outsourced, leading to a number of issues related to accountability, including the
handling of personally identifiable information. It is necessary to provide an effective
mechanism for users to monitor the usage of their data in the cloud. For example,
users need to be able to ensure that their data are handled according to the service
level agreements made at the time. They sign on for services. Conventional access
control approaches developed for closed domains such as Databases and operating
systems, or approaches using a centralized server in distributed environments, are not
suitable, due to the following features characterizing cloud environments. First, data
handling can be outsourced by the direct cloud service provider (CSP) to other entities
in the Cloud and these entities can also delegate the tasks to others, and so on.
Outsourcing of data processing invariably raises governance and accountability
questions. Second, entities are allowed to join and leave the cloud in a flexible
manner. As a result, data handling in the cloud goes through a complex and dynamic
6
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

hierarchical service chain which does not exist in conventional environments. Cloud
computing is expanding rapidly as service used by a great many individuals and
organizations internationally, policy issues related to cloud computing.
We propose a, namely Cloud Information Accountability (CIA) framework,
based on the notion of information accountability. Privacy protection technologies
built on the hide-it-or-lose-it perspective, information accountability focuses on
keeping the data usage transparent and track able.
Our proposed CIA framework provides end-to end accountability in a highly
distributed fashion. One of the main innovative features of the CIA framework lies in
its ability of maintaining lightweight and powerful accountability that combines
aspects of access control, usage control and authentication. Data owners can track not
only whether or not the servicelevel agreements are being honored, but also enforce
access and usage control rules as needed. Associated with the accountability feature,
we also develop two distinct modes for auditing: push mode and pull mode. The push
mode refers to logs being periodically sent to the data owner or stakeholder while the
pull mode refers to an alternative approach whereby the user (or another authorized
party) can retrieve the logs as needed.
The design of the CIA framework presents substantial challenges, including
uniquely identifying CSPs, ensuring the reliability of the log, security issues,
accountability (The Obligation of an individual(or) Organization to account for its
activities, accept responsibility for them.),

adapting to a highly decentralized

infrastructure, etc. Our basic approach toward addressing these issues is to leverage
and extend the programmable capability of JAR (Java Archives) files to automatically
log the usage of the users data by any entity in the cloud. JAR file includes a set of
simple access control rules specifying whether and how the cloud servers and possibly
other data stakeholders are authorized to access the content itself. JAR will provide
usage control associated with logging (or) will provide only logging associated with
logging functionality. Users will send their data along with any policies such as access
control policies and logging policies that they want to enforce, enclosed in JAR files,
to cloud service providers. Any access to the data will trigger an automated and
authenticated logging mechanism local to the JARs. We refer to this type of
enforcement as strong binding since the policies and the logging mechanism travel
7
Dept. of CSE
College of Engineering
Munnar

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

with the data. This strong binding exists even when copies of the JARs are created;
thus, the user will have control over his data at any location. Such decentralized
logging mechanism meets the dynamic nature of the cloud but also imposes challenges
on ensuring the integrity of the logging. To cope with this issue, we provide the JARs
with a central point of contact which forms a link between them and the user. It
records the error correction information sent by the JARs, which allows it to monitor
the loss of any logs from any of the JARs. Moreover, if a JAR is not able to contact its
central point, any access to its enclosed data will be denied.
The results demonstrate the efficiency, scalability, and granularity of our
approach. We also provide a detailed security analysis and discuss the reliability and
strength of our architecture. The following new contributions. First, we integrated
integrity checks and oblivious hashing (OH) technique to our system in order to
strengthen the dependability of our system in case of compromised JRE. We also
updated the log records structure to provide additional guarantees of integrity and
authenticity. Second, we extended the security analysis to cover more possible attack
scenarios. Third, we report the results of new experiments and provide a thorough
evaluation of the system performance. Fourth, we have added a detailed discussion on
related works to prepare readers with a better understanding of background
knowledge. Finally, we have improved the presentation by adding more examples and
illustration graphs

8
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

2. CLOUD COMPUTING TECHNOLOGY

Cloud computing is receiving a great deal of attention, both in

publications and among users, from individuals at home to the U.S. government. Yet it
is not always clearly defined. Cloud computing is a subscription-based service where
you can obtain networked storage space and computer resources. One way to think of
cloud computing is to consider your experience with email. Your email client, if it is
Yahoo!, Gmail, Hotmail, and so on, takes care of housing all of the hardware and
software necessary to support your personal email account. When you want to access
your email you open your web browser, go to the email client, and log in. The most
important part of the equation is having internet access. Your email is not housed on
your physical computer; you access it through an internet connection, and you can
access it anywhere. If you are on a trip, at work, or down the street getting coffee, you
can check your email as long as you have access to the internet. Your email is
different than software installed on your computer, such as a word processing
program. When you create a document using word processing software, that
document stays on the device you used to make it unless you physically move it. An
email client is similar to how cloud computing works. Except instead of accessing just
your email, you can choose what information you have access to within the cloud.
The cloud makes it possible for you to access your information from
anywhere at any time. While a traditional computer setup requires you to be in the
same location as your data storage device, the cloud takes away that step. The cloud
removes the need for you to be in the same physical location as the hardware that
stores your data. Your cloud provider can both own and house the hardware and
software necessary to run your home or business applications.
This is especially helpful for businesses that cannot afford the same
amount of hardware and storage space as a bigger company. Small companies can
store their information in the cloud, removing the cost of purchasing and storing
memory devices. Additionally, because you only need to buy the amount of storage

9
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

space you will use, a business can purchase more space or reduce their subscription as
their business grows or as they find they need less storage space.

10
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

One requirement is that you need to have an internet connection in order to

access the cloud. This means that if you want to look at a specific document you have
housed in the cloud, you must first establish an internet connection either through a
wireless or wired internet or a mobile broadband connection. The benefit is that you
can access that same document from wherever you are with any device that can access
the internet. These devices could be a desktop, laptop, tablet, or phone. This can also
help your business to function more smoothly because anyone who can connect to the
internet and your cloud can work on documents, access software, and store data.
Imagine picking up your smartphone and downloading a .pdf document to review
instead of having to stop by the office to print it or upload it to your laptop. This is the
freedom that the cloud can provide for you or your organization.
Cloud services are popular because they can reduce the cost and complexity of
owning and operating computers and networks. Since cloud users do not have to
invest in information technology infrastructure, purchase hardware, or buy software
licences, the benefits are low up-front costs, rapid return on investment, rapid
deployment, customization, flexible use, and solutions that can make use of new
innovations. In addition, cloud providers that have specialized in a particular area
(such as e-mail) can bring advanced services that a single company might not be able
to afford or develop.
Some other benefits to users include scalability, reliability, and
efficiency. Scalability means that cloud computing offers unlimited processing and
storage capacity. The cloud is reliable in that it enables access to applications and
documents anywhere in the world via the Internet. Cloud computing is often
considered efficient because it allows organizations to free up resources to focus on
innovation and product development.
Another potential benefit is that personal information may be better protected
in the cloud. Specifically, cloud computing may improve efforts to build privacy
protection into technology from the start and the use of better security mechanisms.
Cloud computing will enable more flexible IT acquisition and improvements, which
may permit adjustments to procedures based on the sensitivity of the data. Widespread
use of the cloud may also encourage open standards for cloud computing that will
establish baseline data security features common across different services and
11
Dept. of CSE
College of Engineering
Munnar

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

providers. Cloud computing may also allow for better audit trails. In addition,
information in the cloud is not as easily lost

Fig:Cloud Computing:

12
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

Fig: Structure of Cloud Computing

13
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

3. EXISTING SYSTEM
Cloud computing is the delivery of computing as a service rather than a
product, by which shared resources, software, and information are given to computers
and other devices as a utility like the electricity grid over a network (typically the
Internet). In these days a single server deals with the multiple requests from the user.
Here the server has to operate the both the request from the user simultaneously, so
the processing time will be high. This may leads to deficit of data and packets may be
delayed and corrupted and also the Data Management and the Services are not Trust
Worthy. While enjoying the convenience brought by this new technology, users also
start bothering about losing control of their own data. The data operated on clouds are
often outsourced, which lead to a number of issues related to accountability, including
the management of personally identifiable information. To allay users concerns, it is
necessary to provide an effective mechanism for users to monitor the usage of their
data in the cloud. For example, users required to be able to ensure that their data are
handled according to the service level agreements made at the time they sign on for
services in the cloud. Conventional access control approaches made for closed
domains such as databases and operating systems, or approaches with a centralized
server in distributed environments, are not suitable, because of the following features
characterizing cloud environments.

Main two problems present in existing system are:

First, data handling can be outsourced by the direct cloud service provider
(CSP) to other entities in the cloud and theses entities can also delegate the tasks to
others, and so on.
Second, entities are allowed to join and leave the cloud in a flexible manner.
As a result, data handling in the cloud goes through a complex and dynamic
hierarchical service chain which does not exist in conventional environments.

14
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

4. PROPOSED CIA FRAMEWORK

The Cloud Information Accountability framework proposed in this work
conducts automated logging and distributed auditing of relevant access performed by
any entity, carried out at any point of time at any cloud service provider. It has two
major components: logger and log harmonizer.
There are two major components of the CIA, the first being the logger, and the
second being the log harmonizer. The logger is the component which is strongly
coupled with the users data, so that it is downloaded when the data are accessed, and
is copied whenever the data are copied. It handles a particular instance or copy of the
users data and is responsible for logging access to that instance or copy. The log
harmonizer forms the central component which allows the user access to the log files.
The logger is strongly coupled with users data (either single or multiple data items).
Its main tasks include automatically logging access to data items that it contains,
encrypting the log record using the public key of the content owner, and periodically
sending them to the log harmonizer. It may also be configured to ensure that access
and usage control policies associated with the data are honoured. For example, a data
owner can specify that user X is only allowed to view but not to modify the data. The
logger will control the data access even after it is downloaded by user X. The logger
requires only minimal support from the server (e.g., a valid Java virtual machine
installed) in order to be deployed. The tight coupling between data and logger, results
in a highly distributed logging system, therefore meeting our first design requirement.
Furthermore, since the logger does not need to be installed on any system or require
any special support from the server, it is not very intrusive in its actions, thus
satisfying our fifth requirement. Finally, the logger is also responsible for generating
the error correction information for each log record and sends the same to the log
harmonizer.
The error correction information combined with the encryption and
authentication mechanism provides a robust and reliable recovery mechanism,
therefore meeting the third requirement. The log harmonizer is responsible for
auditing. Being the trusted component, the log harmonizer generates the master key. It
holds on to the decryption key for the IBE key pair, as it is responsible for decrypting
15
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

the logs. Alternatively, the decryption can be carried out on the client end if the path
between the log harmonizer and the client is not trusted. In this case, the harmonizer
sends the key to the client in a secure key exchange. It supports two auditing
strategies: push and pull. Under the push strategy, the log file is pushed back to the
data owner periodically in an automated fashion. The pull mode is an on-demand
approach, whereby the log file is obtained by the data owner as often as requested.
These two modes allow us to satisfy the aforementioned fourth design requirement. In
case there exist multiple loggers for the same set of data items, the log harmonizer will
merge log records from them before sending back to the data owner. The log
harmonizer is also responsible for handling log file corruption. In addition, the log
harmonizer can itself carry out logging in addition to auditing. Separating the logging
and auditing functions improves the performance. The logger and the log harmonizer
are both implemented as lightweight and portable JAR files. The JAR file
implementation provides automatic logging functions, which meets the second design
requirement.
The overall CIA framework, combining data, users, logger and harmonizer is
explained. At the beginning, each user creates a pair of public and private keys based
on IdentityBased Encryption [4]. This IBE scheme is a Weil-pairingbased IBE
scheme, which protects us against one of the most prevalent attacks to our
architecture. Using the generated key, the user will create a logger component which
is a JAR file, to store its data items. The JAR file includes a set of simple access
control rules specifying whether and how the cloud servers and possibly other data
stakeholders (users, companies) are authorized to access the content itself. Then, he
sends the JAR file to the cloud service provider that he subscribes to. To authenticate
the CSP to the JAR, we use Open SSL based certificates, wherein a trusted certificate
authority certifies the CSP. In the event that the access is requested by a user, we
employ SAML-based authentication [8], wherein a trusted identity provider issues
certificates verifying the users identity based on his username. Once the
authentication succeeds, the service provider (or the user) will be allowed to access
the data enclosed in the JAR. Depending on the configuration settings defined at the
time of creation, the JAR will provide usage control associated with logging, or will
provide only logging functionality.
16
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

As for the logging, each time there is an access to the data, the JAR will
automatically generate a log record, encrypt it using the public key distributed by the
data owner, and store it along with the data (step 6 in Fig. 1). The encryption of the
log file prevents unauthorized changes to the file by attackers. The data owner could
opt to reuse the same key pair for all JARs or create different key pairs for separate
JARs. Using separate keys can enhance the security (detailed discussion is in Section
7) without introducing any overhead except in the initialization phase. In addition,
some error correction information will be sent to the log harmonizer to handle
possible log file corruption. To ensure trustworthiness of the logs, each record is
signed by the entity accessing the content.
Further, individual records are hashed together to create a chain structure, able
to quickly detect possible errors or missing records. The encrypted log files can later
be decrypted and their integrity verified. They can be accessed by the data owner or
other authorized stakeholders at any time for auditing purposes with the aid of the log
harmonizer. As discussed, our proposed framework prevents various attacks such as
detecting illegal copies of users data. Note that our work is different from traditional
logging methods which use encryption to protect log files. With only encryption, their
logging mechanisms are neither automatic nor distributed. They require the data to
stay within the boundaries of the centralized system for the logging to be possible,
which is however not suitable in the cloud. Example 2, Considering Example 1, Alice
can enclose her photographs and access control policies in a JAR file and Send the
JAR file to the cloud service provider.
With the aid of control associated logging, Alice will be able to enforce the
first four requirements and record the actual data access. On a regular basis, the pushmode auditing mechanism will inform Alice about the activity on each of her
photographs as this allows her to keep track of her clients demographics and the
usage of her data by the cloud service provider. In the event of some dispute with her
Clients, Alice can rely on the pull-mode auditing mechanism to obtain log records.

17
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

18
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

5. MODULES IN CIA FRAMEWORK

5.1. CIA FRAMEWORK

CIA framework lies in its ability of maintaining lightweight and
powerful accountability that combines aspects of access control, usage
control and authentication. By means of the CIA, data owners can track
not only whether or not the service-level agreements are being honored,
but also enforce access and usage control rules as needed.

5.2. DISTINCT MODE FOR AUDITING

Push mode:
For the every periodical time the Cloud Server will send the access details
of the user to the data owner. So that the Data Owner may able to know
whore all the accessing their data at the particular time period. During the
registration phase, the Data owner will ask by the Cloud Server whether
theyre choosing the push or pull method 4
Pull mode:
In the Pull method, the data owner has to send the request to the Cloud
Server regarding the access details of their data up to the particular time. Then the
Cloud Server will send the response to the Data Owner regarding the users access
details.

19
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

5.3. LOGGING AND AUDITING TECHNIQUES

1. The logging should be decentralized in order to adapt to the dynamic nature of
the cloud. More specifically, log files should be tightly bounded with

the

corresponding data being controlled, and require minimal infrastructural support

from any server.
2. Every access to the users data should be correctly and automatically logged.
This requires integrated techniques to authenticate the entity who accesses the data,
verify, and record the actual operations on the data as well as the time that the data
have been accessed.
3. Log files should be reliable and tamper proof to avoid illegal insertion, deletion,
and modification by malicious parties. Recovery mechanisms are also desirable to
restore damaged log files caused by technical errors.
4. Log files should be sent back to their data owners periodically to inform them of
the current usage of their data. More importantly, log files should be retrievable
anytime by their data owners when needed regardless the location where the files
are stored.
5. The proposed technique should not intrusively monitor data recipients systems,
nor it should introduce heavy communication and computation overhead, which
otherwise will hinder its feasibility and adoption in practice.

20
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

21
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

22
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

5.4. MAJOR COMPONENTS OF CIA

There are two major components of the CIA, the first being the logger, and
the second being the log harmonizer.
The logger is strongly coupled with users data (either single or multiple
data items). Its main tasks include automatically logging access to data items that it
contains, encrypting the log record using the public key of the content owner, and
periodically sending them to the log harmonizer. It may also be configured to ensure
that access and usage control policies associated with the data are honored. For
example, a data owner can specify that user X is only allowed to view but not to
modify the data. The logger will control the data access even after it is downloaded by
user X. The log harmonizer forms the central component which allows the user access
to the log files. The log harmonizer is responsible for auditing.

23
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

6. WORKING OF CIA FRAMEWORK

1. Cloud enables efficient data sharing in the cloud
2. Users fear that data are accessed and outsourced without their permission
3. To overcome this problem accountability mechanism for data owners and
client are provided
4. Client needs to get access privilege from data owner for accessing data in
cloud
5. Client gets access privilege from data owner and retrieves data from CSP
6. Data owners should login to CSP and stores their data in encrypted form
along with client access privilege
7. Client logins to CSP only if he gets permission from data owner

24
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

Fig: Data flow diagram

25
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

7. FLOWCHARTS IN CIA FRAMEWORK:

Flowchart i,

26
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

Flowchart ii,

27
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

8. ADVANTAGES OF CIA FRAMEWORK

We propose a novel automatic and enforceable logging mechanism in

the cloud.

Our proposed architecture is platform independent and highly

decentralized, in that it does not require any dedicated authentication
or storage system in place.

We go beyond traditional access control in that we provide a certain

degree of usage control for the protected data after these are delivered
to the receiver.

We conduct experiments on a real cloud testbed. The results

demonstrate the efficiency, scalability, and granularity of our
approach. We also provide a detailed security analysis and discuss the
reliability and strength of our architecture. We propose a novel
automatic and enforceable logging mechanism in the cloud.

Our proposed architecture is platform independent and highly

decentralized, in that it does not require any dedicated authentication
or storage system in place.

We go beyond traditional access control in that we provide a certain

degree of usage control for the protected data after these are delivered
to the receiver.

28
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

9. APPLICATIONS AND FUTURE SCOPE:

In the future, we plan to refine our approach to verify the integrity of

the JRE and the authentication of JARs and to deal with the problems of the Third
Party monitoring accounts. For example, we will investigate whether it is possible to
leverage the notion of a secure JVM being developed by IBM. This research is aimed
at providing software tamper resistance to Java applications. In the long term, we plan
to design a comprehensive and more generic object-oriented approach to facilitate
autonomous protection of traveling content. We would like to support a variety of
security policies, like indexing policies for text files, usage control for executable, and
generic accountability and provenance controls.
Also it aim to provide a framework to supply a secure cloud database
that will guarantee to prevent security risks facing the cloud computing community.
This

framework will apply multi-clouds and the secret sharing algorithm to reduce

the risk of data intrusion and the loss of service availability in the cloud and ensure
data integrity. In relation to data intrusion and data integrity, assume we want to
distribute the data into three different cloud providers and we apply the secret sharing
algorithm on the stored data in the cloud provider. An intruder needs to retrieve at least
three values to be able to find out the real value that we want to hide from the
intruder. This depends on Shamirs secret sharing algorithm with a polynomial
function technique which claims that even with full knowledge of (k 1) clouds, the
service provider will not have any knowledge of vs (vs is the secret value). We have
used this technique in previous databases-as-aserves research [5]. In other words,
hackers need to retrieve all the information from the cloud providers to know the real
value of the data in the cloud. Therefore, if the attacker hacked one cloud providers
password or even two cloud providers passwords, they still need to hack the third
cloud provider (in the case where k = 3) to know the secret which is the worst case
scenario. Hence, replicating data into multi-clouds by using a multi-share technique
may reduce the risk of data intrusion and increase data integrity. In other words, it will
decrease the risk of the Hyper-Visor being hacked and Byzantine fault-tolerant data
29
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

being stolen from the cloud provider. Regarding service availability risk or loss of
data, if we replicate the data into different cloud providers, we could argue that the
data loss risk will be reduced. If one cloud provider fails, we can still access our data
live in other cloud providers. This fact has been discovered from this survey and we
will explore dealing with different cloud provider interfaces and the network traffic
between cloud providers.

30
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

10. CONCLUSION

Innovative approaches for automatically logging any access to the data in

the cloud together with an auditing mechanism. The data owner to not only audit his
content but also enforce strong back-end protection if needed. Moreover, one of the
main features of our work is that it enables the data owner to audit even those copies
of its data that were made without his knowledge. In future plan to refine our
approach to verify the integrity of the JRE and the authentication of JARs. For
example, investigate whether it is possible to leverage the notion of a secure JVM
being developed by IBM. This research is aimed at providing software tamper
resistance to Java applications. Design a comprehensive and more generic objectoriented approach to facilitate autonomous protection of traveling content. To support
a variety of security policies, like indexing policies for text files, usage control for
executables, and generic accountability and provenance controls.

31
Dept. of CSE
Munnar

College of Engineering

Seminar 2015
Cloud

Ensuring Distributed Accountability for Data Sharing in

11. REFERENCES

1. Smitha Sundareswaran, Anna C. Squicciarini, Member, IEEE, and

Dan Lin, Ensuring Distributed Accountability for Data Sharing in
the Cloud, IEEE Transactions on Dependable and Secure
Computing, Vol. 9, No. 4, July/August 2012.
2. P. Ammann and S. Jajodia, Distributed Timestamp Generation in
Planar Lattice Networks, ACM Trans. Computer Systems, vol. 11,
pp. 205-225, Aug. 1993.
3. 3.G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z.
Peterson, and D. Song, Provable Data Possession at Untrusted
Stores, Proc. ACM Conf. Computer and Comm. Security, pp.
598609, 2007.
4. The Design and Evaluation of Accountable Grid Computing
System, Proc. 29thIEEE Intl Conf. Distributed Computing
Systems (ICDCS 09),pp. 145-154, 2009.
5. Wikipedia.com/CIA Framework

32
Dept. of CSE
Munnar

College of Engineering