flexcloud : reliable and secure cloud overlay infrastructures
DESCRIPTION
FlexCloud : Reliable and Secure Cloud Overlay Infrastructures. Prof. Dr. Alexander Schill. 2013. Outline. Cloud Computing … What is it all about ? Problems π -Box : Building your personal secure cloud π -Data Controller: Secure Cloud Storage Conclusion & Future Work. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/1.jpg)
Department of Computer Science | Institute of Systems Architecture | Chair of Computer Networks
FlexCloud: Reliable and Secure Cloud Overlay Infrastructures
2013
Prof. Dr. Alexander Schill
![Page 2: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/2.jpg)
# 3
Cloud Computing …
• What is it all about?
• Problems
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
Outline
![Page 3: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/3.jpg)
# 4
The shape of a cloud …
… is in the eye of the beholder.
IaaS/PaaS*
Cloud Operating System, part of Azure Platform
* SaaS = Software as a Service PaaS = Platform as a Service IaaS = Infrastructure as a Service
PaaS*
Development and hosting of web applicationsSaaS/PaaS*
Business cloud services focussing on customer
relationship management
IaaS*
Migration of virtual machines between private
and public clouds
SaaS*
Customized applications for business and home user, based on Google
App Engine, e.g. collaboration tools
![Page 4: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/4.jpg)
# 5
Cloud Computing Characteristics
Cloud Computing is …
… the on-demand and pay-per-use application of
virtualised IT services over the Internet.
On-demandself service
Broadband networkaccess
Resource pooling
Measured andoptimized service
Rapid elasticity
Adopted from the NIST Definition of Cloud Computing [MeGr2011]
![Page 5: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/5.jpg)
# 6
Service & Deployment Models
Software Services (SaaS)
Platform Services (PaaS)
Infrastructure Services (IaaS)
User Interface Machine Interface
Components Services
Compute Network Storage
User/Clients
Adop
ted
from
[MeG
r201
1] a
nd [B
KNT2
010]
Cloud Architecture Stack
Public
Hybrid
Private
CommunityConvenience
User Control
Cloud Organization
Physical Resource Set (PRS)
Virtual Resource Set (VRS)
Programming EnvironmentExecution Environment
Applications ServicesApplications
![Page 6: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/6.jpg)
# 7
Cloud Computing …
• What is it all about?
• Problems
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
![Page 7: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/7.jpg)
# 8
Reliability and security when giving up physical possession> Failure of monocultures> Cloud providers‘ trustworthiness> Staying in control
Problems of Cloud Computing
![Page 8: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/8.jpg)
# 9
FlexCloud Objectives
π-Cloud: Establishing a secure cloud computing life cycleHybrid cloud platform to integrate a user’s (cloud) resources, services and data.
> Unified CloudPrevent Vendor-Lock-in + Integration of existing IT
> Secure CloudEnsure data privacy and security
> Managed CloudKeep the user in command
> Efficient CloudAdapt to user preferences and cloud's vital signs
![Page 9: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/9.jpg)
# 10
Cloud Computing …
• What is it all about?
• Problems
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
![Page 10: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/10.jpg)
# 11
Subsume all end devices within a Personal Secure Cloud (π-Cloud) controlled by the π-Box.
π-Cloud
π-Box
FlexCloud's Approach
![Page 11: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/11.jpg)
# 13
Analysis of structured, unstructured data andcontext information
PKIπ-Cloud
?
Document classification concerning security requirements.
Addressee identification and derivation of respective keys.
Transparent Encryption
![Page 12: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/12.jpg)
# 15
Cloud Computing …
• What is it all about?
• Problems?
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
![Page 13: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/13.jpg)
# 16
Unreliable, proprietary
and insecure
cloud storage
Unreliable, low quality hard disk
Increasing Availability: from RAID to RAIC
RAID:Redundant Array of Independent Disks
RAIC:Redundant Array of Independent Clouds
Integration Layer
Logical partition
Preprocessing Layer
RAID level redundancy routine (mirror, stripe, …)
Transport Layer
Block resources
Reliable, universal
and secure cloud
storage
Integration Layer
Versioning
Distributed file system
Webaccess
Preprocessing Layer
Fragment level transformation (e.g. encryption)
File level transformation(e.g. compression)Dispersal routine
Transport LayerCaching
Local persistenceProvider Storage API adapter
Reliable disk storage
![Page 14: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/14.jpg)
# 17
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Secure Cloud Storage Integrator for Enterprises (System Architecture)
WebDAV
HTTP
APIFTP
WebDAVHTTP
CIFS
![Page 15: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/15.jpg)
# 18
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Storing Files (1/5)
![Page 16: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/16.jpg)
# 19
• Technology: FUSE (Filesystem in Userspace)
• CIFS/SMB network share on proxy file server
• Unified user interface for arbitrary cloud storage services
• Utilizing CIFS access control mechanisms
User spaceKernel
VFS
FUSE
NFSExt3…
ls - /tmp/fuse
./xmp /tmp/fuse
glibcglibclibfuse
CIFS = Common Internet File System NFS = Network File SystemExt3 = Third Extended File System SMB = Server Message BlockFUSE = Filesystem in Userspace VFS = Virtual File Systemglibc = GNU C library
Implementation of the Shared Folder
![Page 17: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/17.jpg)
# 20
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Storing Files (2/5)
![Page 18: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/18.jpg)
# 21
Ensure availability despite ofunreliable cloud storage providers …
ntotal # of shares a file is split into
kthreshold, i.e. # of necessary shares to reconstruct
E.g. k=6, n=8 If k < n, we need redundant information.
File Dispersion
![Page 19: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/19.jpg)
# 22
Objective: Divide a secret in shares with 1. Knowledge of any or more shares makes easily computable.2. Knowledge of any or fewer shares leave completely undetermined (in
the sense that all its possible values are equally likely).
Input:
𝑠1 𝑠2 𝑠𝑛…
Dealer
Share holders store
Sharing
… Share holders
Reconstructor
Reconstruction
Output:
si1𝑠𝑖2 sik
Secret Sharing aka Threshold Schemes
![Page 20: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/20.jpg)
# 23
[Sou
rce:
http
://go
o.gl
/wat
JC]
Secret Sharing:An informal example with 2 shares
Visual Cryptography [NaSh1994]
Simplification: n = k = 2
Secret cannot be determined independently!
… revealed!
![Page 21: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/21.jpg)
# 24
Shamir's scheme [Shamir1979]Idea: It takes k points to define a polynomial of degree k-1.Sharing: Be a0:=s є S the secret to be shared where S is
an infinite field known to all share holders.Randomly choose (k-1) coefficients a1,a2,…ak-1 є S to build f(x):=Σai·x
i.Calculate shares sj:=[j,f(j)] with j є ℕn.
Recovering: Use Lagrange interpolation to find coefficients of the polynomial including constant term a0.
s1
s2
Secret Sharing: More formalism
s3
Gra
phic
s ta
ken
from
Wik
iped
ia.
s
Blakley's scheme [Blakley1979]Idea: Any n nonparallel n-dimensional hyper-planes intersect at a
specific point.Sharing: Encode the secret as any single coordinate of the point of
intersection.Recovering: 1. Calculating the planes' point of intersection.
2. Take a specified coordinate of that intersection.
Example:n≥3, k=3
1 share available 2 shares available 3 shares available
![Page 22: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/22.jpg)
# 25
Information Dispersal:Computationally secure secret sharing
Rabin's scheme [Rabin1989]• Guarantees only availability but no secrecy.• Construction
Be where , i.e. .Rest as with Shamir's secret sharing.
• Properties• With a polynomial and shares of the same size as before, we can now
share a value times as long as before.• Length of each share is only -th of the length of the secret, and
if shares must be sufficient for reconstruction, one can obviously not get shorter.➔ Space optimal
• However, one might gain some information if he gets access to several shares.➔ Computationally secure
More efficient information dispersal schemes• Need to be maximum distance separable to use arbitrary shares for
reconstruction.• Examples: Cauchy-Reed-Solomon, Liberation, Blaum-Roth [PSS2008]
![Page 23: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/23.jpg)
# 26
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Storing Files (3/5)
![Page 24: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/24.jpg)
# 27
+ SHA256
+ SHA256
+ SHA256
+ SHA256
AES-CBC
AES-CBC
AES-CBC
AES-CBC
Cryptography: Confidentiality & Integrity
![Page 25: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/25.jpg)
# 28
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Storing Files (4/5)
![Page 26: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/26.jpg)
# 29
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Storing Files (5/5)
Stored Meta Data per component• Shared Folder: General file system information, e.g. file size, access
rights …• File Dispersion: Used dispersion algorithm/parameters (n, k), shares‘
locations• Cryptography: Used cryptographic keys and calculated checksums
per share• Cloud Storage
Protocol Adapter: Storage protocol parameters and provider login data
![Page 27: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/27.jpg)
# 30
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Retrieving Files (1/3)
Dispersion parameters: n=6
![Page 28: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/28.jpg)
# 31
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Retrieving Files (2/3)
Dispersion parameters: n=6, k=3
![Page 29: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/29.jpg)
# 32
π-Data Controller
π-Cloud =Company Intranet
Clou
d St
orag
ePr
otoc
ol A
dapt
er
Shar
ed F
olde
r
Meta DataFil
e Di
sper
sion
Cryp
togr
aphy
Retrieving Files (3/3)
![Page 30: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/30.jpg)
# 33
[SGS11] web interface for π-Cockpit
[SBM+11]π-Cockpit desktop application
ResUbic Cloud Storage Allocator for Cyber Physical Systems
Prototype Implementation
![Page 31: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/31.jpg)
# 34
Performance Evaluation Upload
Towards User Centric Data Governance and Control in the Cloud
Test case π-Box used # local storage # cloud storage # encrypted shares
1 No 0 1 02 Yes 0 1 03 Yes 8 0 04 Yes 4 4 45 Yes 0 8 8
File size: 24 MB; Dispersion parameters: n=8, k=6;Cryptography parameters: AES (256 bit, 14 iterations), SHA256;Network Up/Downlink: 10/20 Mbit/s
![Page 32: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/32.jpg)
# 35
Performance Evaluation Download
Towards User Centric Data Governance and Control in the Cloud
Test case π-Box used # local storage # cloud storage # encrypted shares
1 No 0 1 02 Yes 0 1 03 Yes 8 0 04 Yes 4 4 45 Yes 0 8 8
File size: 24 MB; Dispersion parameters: n=8, k=6;Cryptography parameters: AES (256 bit, 14 iterations), SHA256;Network Up/Downlink: 10/20 Mbit/s
![Page 33: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/33.jpg)
# 37
Cloud Computing …
• What is it all about?
• Problems?
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
![Page 34: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/34.jpg)
# 38
Results so far & future work (π-Data Controller)
• Integration of existing cloud storage services (Cloud-of-Clouds)• Proxy server for transparent mediation
➔ easy to use for end-user, common scheme for enterprises• Good performance, high security & data control for the user
• Data store for database system (block-based dispersion)• Collaboration scenarios, file sharing, access by external
entities• Securing the meta data database• Automatic classification of data• Improving performance, e.g. scheduling algorithms,
caching/prefetching, parallelization• Optimized cloud storage
![Page 35: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/35.jpg)
# 40
Towards a secure cloud life cycle
Cloud Adaption and Optimization
Strategies for the compensation ofSLA violationsStrategies for minimization ofenergy consumptionMechanisms for the visuali-zation of complex CloudMonitoring data
Fine-grained Service Level Agreements
Methods to determine fine-grained non-functional properties of Cloud Services
Identification of assets andcorresponding requirements
Deduction of monitoringtargets from SLAs
Cloud Surveillanceand Incident Detection
Specification of monitoringtargets and SLA violationsModels for the proactive recognition ofSLA violations and the evaluation of aCloud‘s energy efficiencyMechanisms for reliable distributed Monitoring
Dynamic ProviderSelection and Cloud Setup
Flexible distribution mechanisms forCloud Platforms
Strategies for the performance optimization ofCloud Applications
Reputation consideration to improve reliabilityand trustworthiness
![Page 36: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/36.jpg)
# 41
Tomorrow's forecast: still cloudy but sunny spots Contact: [email protected]@tu-dresden.dehttp://flexcloud.eu/
![Page 37: FlexCloud : Reliable and Secure Cloud Overlay Infrastructures](https://reader031.vdocument.in/reader031/viewer/2022013004/568167e6550346895ddd51a4/html5/thumbnails/37.jpg)
# 42
References
[BKNT2010] C. Baun, M. Kunze, J. Nimis and S. Tai: Cloud Computing. Web-basierte dynamische IT-Services. Springer Verlag, 2010.
[Blakley1979] G. R. Blakley: Safeguarding cryptographic keys; AFIPS Conference Proceedings Vol. 48, National Computer Conference (NCC) 1979, 313-317.
[MeGr2011] P. Mell and T. Grace: The NIST Definition of Cloud Computing. NIST Special Publication 800-145, September 2011.
[NaSh1994] M. Naor and A. Shamir, Visual Cryptography , Eurocrypt 94.[PSS2008] J. S. Plank, S. Simmerman, C. D. Schuman: Jerasure: A Library in C/C++
Facilitating Erasure Coding for Storage Applications – Version 1.2. Technical Report CS-08-627, University of Tennessee, 2008.
[Rabin1989] M. O. Rabin: Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance; Journal of the ACM 36/2 (1989) 335-348.
[SBM+2011] J. Spillner, G. Bombach, S. Matthischke, R. Tzschicholz, and A. Schill: Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users. In: IEEE International Conference on Utility and Cloud Computing. Melbourne, Australien, December 2011.
[SGS2011] R. Seiger, S. Groß, and A. Schill: A Secure Cloud Storage Integrator for Enterprises. In: International Workshop on Clouds for Enterprises. Luxemburg, September 2011.
[Shamir1979] A. Shamir: How to Share a Secret; Communications of the ACM 22/11 (1979) 612- 613.