Auditing to Keep Online Storage Services Honest

Mehul A. Shah, Mary Baker, Jeffrey C. Mogul, Ram Swaminathan

BY VISHAL VERMA 1ST08CS116

SEMINAR GUIDE SREEJA E.M.

INDEX
v v v v v v v v v v v v v

MEANING CLOUD COMPUTING ARCHITECTURE INTRODUCTION AN EXAMPLE THIRD PARTY AUDITOR (TPA) SYSTEM AND THREAT MODEL A NOTE ON AUDITING INTERNAL VS. EXTERNAL AUDITING THREATS FOR AUDITS DESIRABLE PROPERTIES IMPLEMENTATION CONCLUSION

What the title actually means?
AUDITING TO KEEP ONLINE STORAGE SERVICES HONEST AUDITING-:The general ONLINE STORAGE SERVICES-:It allows users to store data online.Exdropbox,skydrive,Google docs, adrive..

definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. Ex-TAX AUDITS,

CLOUD COMPUTING

What is a Cloud computing?
Cloud computing is Internet ("CLOUD-") based development and use of computer technology ("COMPUTING") Cloud computing is a general term for anything that involves delivering hosted services over the Internet. The term "cloud" is used as a metaphor for the Internet

Architecture

INTRODUCTION

With cloud computing, users can remotely store their data into the cloud and use ondemand high-quality applications When users put their data on the cloud, the data integrity protection is challenging Enabling public audit for cloud data storage security is important Users can ask an external audit party to check the integrity of their outsourced data

AN EXAMPLE

!
Alice

My ing Wedd os Phot

PHOTOBUC KET OSP
MiniFile Inc.
Bangalore, India

Peer-topeer network

Bob
Liverpool, UK

One day, Alice’s machine crashes, so she contacts PHOTOBUCKET

THIS IS WHAT SHE SEE’S

Cloud computing gives flexibility to users •Users pay as much as they use •Users don’t need to set up the large computers •Operation is managed by the Cloud Service Provider (CSP) •The user give their data to CSP,CSP has control on the data •The user needs to make sure the data is correct on the cloud •Internal (some employee at CSP) and external (hackers) threats for data integrity

OBJECTIVES

• •

How to efficiently verify the correctness of outsourced data? – Simply downloading the data by the user is not practical TPA can do it and provide an audit report TPA should not read the data content TPA should not disclose Customers info..

System and Threat Model
• •

USER: Cloud user has a large amount of data files to store in the cloud CLOUD SERVER: Cloud server which is managed by the CSP has significant data storage and computing power. TPA: Third party auditor has expertise and capabilities that User and CSP don’t have. TPA is trusted to assess the CSP’s storage security upon request from USER.

A note on auditing
Ø

What is auditing?
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. Third-party auditing is an accepted method for establishing trust between business and its data. Auditors assess and expose risk, enabling customers to choose rationally between competing services.

Internal vs. external auditing

Internal audits evaluate the structure and processes within a service to ensure that the service can continue to meet its objectives (SLAs) External audits evaluate the quality of service through externally available interfaces We need both internal and external audits of OSPs.

Threats for audits

Latent faults: Many potential sources of data corruption are not immediately visible. Correlated faults: Correlated failures increase the risk of data loss. Recovery faults: Data is often more insecure to corruption and loss during recovery procedures.

Desirable properties for both internal and external audits

Establish standards for comparison. Minimize auditing cost. Protect customer data privacy. Audit results must be trustworthy.

IMPLEMENTATION

Conclusion

Our protocols detect data loss and are not vulnerable to a cheating storage service. In this paper, we motivate the need for auditing to support an online serviceoriented economy. We highlight issues around both internal and external auditing and detail ways of auditing online storage services.

ADVANTAGE & DISADVANTAGE

Scalability, Flexibility, Security, Reduction of hardware costs.

Auditing of OSPs is not feasible yet. First, customers are not yet sophisticated enough to demand risk assessment. Second, OSPs do not yet provide support for third-party audits.

Sign up to vote on this title
UsefulNot useful