Agenda Introduction Industrial Motivation Literature Review Problem Statement Proposed Architecture...
-
Upload
cassandra-bernadette-wilson -
Category
Documents
-
view
214 -
download
1
Transcript of Agenda Introduction Industrial Motivation Literature Review Problem Statement Proposed Architecture...
Agenda• Introduction• Industrial Motivation• Literature Review• Problem Statement• Proposed Architecture• Tools and Technologies• Timeline• References
2
NoSQL Database
• Open source• High Scalability and Performance• Flexible Data model• Handles Large volumes of unstructured
data• Best suitable for Cloud• Integrated Caching
3
Sharding
• Horizontal Scalability
• Can be based on Various parameters (Chunk size, data Relevance, key ranges etc)
5
Cloud Computing
7
Essential CharacteristicsEssential Characteristics
Service ModelsService Models
Deployment ModelsDeployment Models
Software as a Service
Platform as a Service
Infrastructure as a Service
Public Private Hybrid Community
Broad Network Access
Rapid Elasticity
On-Demand Self Service
Resource Pooling
Measured Service
Cloud Security Threats
8
Data Breaches
Data Loss
Account Hijacking
Insecure APIs
Denial of Services
Malicious Insider
Abuse of Cloud Services
Insufficient Due Diligence
Shared Technology Issues
Cloud Database Issues
9
Cloud Database
Availability
Performance
Security & Privacy
Consistency
Fault Tolerance
Scalability
Inter-operability
Simplified Queries
Cloud Federation
Cloud service providers collaborate dynamically to share their virtual infrastructure for
Load Balancing Preven
tion from
VendorLock-
ins
Prevention
from Power Outage
s &Failure
s
Capacity
Manageme
nt
Efficient use
of Surplu
s Resources
Scaling
Data to
other CSPs
10
Industrial Motivation
11
Reference: http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/
Industrial Motivation
12
Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214
Industrial Motivation (cont.)
13
Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214
zNcrypt for MongoDB
Reference: MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013].
14
An analysis of security issues in CC
Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4, no. 1 (2013): 1-13..
17
A Study on Cloud Databases
Chandra, Deka Ganesh, Ravi Prakash, and Swati Lamdharia. "A Study on Cloud Database." In Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on , pp. 513-519. IEEE, 2012.
18
MetaStorage
• Replicates data across various service providers
• Extends Traditional quorum systems (N, R,W)
• (Np, R, W) where Np >1 is the total number of replica |Np | that are hosted with the set of n providersBermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage
consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on , pp. 452-459. IEEE, 2011.
19
RACS• Redundant Array of Cloud
Storage
• RAID technique at cloud storage level with redundancy for high availability
• Reduces one time cost of switching storage providers in exchange for additional operational overhead
Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.
20
Management of Symmetric Cryptographic Keys in
cloud• On the fly key computation
on client’s terminal• Enhance Shamir’s
Algorithm for key splitting• Recoverable keys• PKCS7 is used to transfer
key components• Provision of Symmetric
cryptographic key as cloud service
Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013
21
Problem Statement
22
“Security and confidentiality have proven to be an increasing problem for the distribution of sharded data across multiple service providers”
Proposed Architecture
23
For first time data “PUT” request
NoSQL Database
Server
NoSQL Database
Server
NoSQL Database
Server Distributer
Authentication
Authorization
Client Applicatio
n
Key Distributio
n Store
NoSQL Database
Server
NoSQL Database Server NoSQL
Database Server
Encryption/Decryption Engine
Query Router
Distributer
HCSP
FCSP
Config.
Server
Contribution
In our proposed system, security would be ensured by:
• Authentication and authorization• Encryption of data• Distributed and encrypted keys
management
24
Proposed Timeline# Milestone Duration
1 Preliminary Literature Review Done
2 Implementation
2.1 Sharding in NoSQL database 2 weeks
2.2 Encryption and Decryption Module 1 month
2.3 Client side authentication and authorization
2 weeks
2.4 Cloud federation establishment and Distributer implementation
1 month
2.5 Integration of all modules 2 weeks
3 Testing and Evaluation 1 month
4 Final Documentation 1 month
26
References[1] Fox, Armando, Rean Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica. "Above the clouds: A
Berkeley view of cloud computing." Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS 28 (2009).
[2] Arora, Indu, and Anu Gupta. "Cloud Databases: A Paradigm Shift in Databases." International J. of Computer Science Issues 9, no. 4 (2012): 77-83.
[3] https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
[4] Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing (draft)." NIST special publication 800, no. 145 (2011): 7.
[5] MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013].
[6] http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/[7] http://www.darkreading.com/database/does-nosql-mean-no-security/232400214[8] Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to
manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011.
[9] Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.
[10] Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013
[11] Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4, no. 1 (2013): 1-13.
[12] Chandra, Deka Ganesh, Ravi Prakash, and Swati Lamdharia. "A Study on Cloud Database." In Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on, pp. 513-519. IEEE, 2012.
27