Sensitive Data Protection Based on Intrusion Tolerance in Cloud Computing

Full Text (PDF, 454KB), PP.58-66

Views: 0 Downloads: 0

Author(s)

Jingyu Wang 1,* xuefeng Zheng 1 Dengliang Luo 2

1. School of Information Engineering, University of Science and Technology Beijing, Beijing, China

2. Information and Network Center, Inner Mongolia University of Science and Technology, Baotou, China

* Corresponding author.

DOI: https://doi.org/10.5815/ijisa.2011.01.08

Received: 15 Jun. 2010 / Revised: 12 Sep. 2010 / Accepted: 1 Dec. 2010 / Published: 8 Feb. 2011

Index Terms

Cloud Computing, Virtualization, Intrusion Tolerance, Cloud Security, Virtual Adversary Structure

Abstract

Service integration and supply on-demand coming from cloud computing can significantly improve the utilization of computing resources and reduce power consumption of per service, and effectively avoid the error of computing resources. However, cloud computing is still facing the problem of intrusion tolerance of the cloud computing platform and sensitive data of new enterprise data center. In order to address the problem of intrusion tolerance of cloud computing platform and sensitive data in new enterprise data center, this paper constructs a virtualization intrusion tolerance system based on cloud computing by researching on the existing virtualization technology, and then presents a method of intrusion tolerance to protect sensitive data in cloud data center based on virtual adversary structure by utilizing secret sharing. This system adopts the method of hybrid fault model, active and passive replicas, state update and transfer, proactive recovery and diversity, and initially implements to tolerate F faulty replicas in N=2F+1 replicas and ensure that only F+1 active replicas to execute during the intrusion-free stage. The remaining replicas are all put into passive mode, which significantly reduces the resource consuming in cloud platform. At last we prove the reconstruction and confidentiality property of sensitive data by utilizing secret sharing.

Cite This Paper

Jingyu Wang, xuefeng Zheng, Dengliang Luo,"Sensitive Data Protection Based on Intrusion Tolerance in Cloud Computing“, International Journal of Intelligent Systems and Applications(IJISA), vol.3, no.1, pp.58-66, 2011. DOI: 10.5815/ijisa.2011.01.08

Reference

[1] Peng Liu. The definition and characteristics of cloud computing [EB/OL].(2009-02-15). http://www.chinacloud. cn/ show.aspx ? id=741&cid=17.

[2] Hans P.Reiser,Rüdiger Kapitza. VM-FIT: Supporting Intrusion Tolerance with Virtualization Technology [J]. In Proceedings of the 1st Workshop on Recent Advances on Intrusion-Tolerant Systems, March 23 2007. pp.18-22.

[3] Chu-Hsing Lin, Wei Lee. Efficient Secret Sharing with Access Structures in a Hierarchy. Proceedings of the 19th International Conference on Advanced Information Networking and Applications, March 2005, vol.2, pp.123-126.

[4] C. C. Chang, C. H. Lin, W. Lee, and P. C. Hwang. Secret Sharing with Access Structures in a Hierarchy. International Conference on Advanced Information Networking and Applications 2004 (AINA), Japan, Mar 2004, Vol. 2, pp.31-34.

[5] Yuan-Bo Guo, Jian-Feng Ma. Practical Secret Sharing Scheme Realizing Generalized Adversary Structure [J]. J. Comput. Sci. & Technol, July 2004, Vol.19, No.4, pp.564-569.

[6] Y.Desmedt, Y.Wang, M.Burmester. A Complete Characterization of Tolerable Adversary structures for secure Point-to-Point Transmissions without Feedback [J]. 16th Annual International Conference, ISAAC 2005, pp. 277-287.

[7] H.P.Reiser, F.J.Hauck, R.Kapitza,and W.Schrder-Preikschat. Hypervisor-based redundant execution on a single physical host [J]. In Proc. of the 6th European Dependable Computing Conf.,Supplemental Volume-EDCC’06(Oct 18-20,2006,Coimbra,Portugal),2006. 67~68.

[8] Tobias Distler, Rüdiger Kapitza,Hans P.Reiser. Efficient State Transfer for Hypervisor-Based Proactive Recovery[J].WRAITS’08.2~4,April 1,2008 Glasgow, Scotland Copyright 2008 ACM 978-1-59593-986-9.

[9] C. Cachin and J. A. Poritz. Secure intrusion-tolerant replication on the internet. In Intl. Conf. on Dependable Systems and Networks,pages 167-176, 2002.

[10] M. Castro and B. Liskov. Practical Byzantine fault tolerance. In OSDI ’99: Proc. of the 3rd Symp. on Operating Systems Design and Implementation, pages 173–186. USENIX Association, 1999.

[11] Hans P.Reiser, Rüdiger Kapitza.Hypervisor-Based Efficient Proactive Recovery[J]. In Proc. of the 26th IEEE Symposium on Reliable Distributed Systems - SRDS’07 (Oct 10-12, 2007, Beijing, China),2007.83~92.

[12] Byung-Gon Chun, Petros Maniatis, Scott Shenker. Diverse Replication for Single-Machine Byzantine-Fault Tolerance [J].Proceedings of USENIX Annual Technical Conference, Boston, Massachusetts,June 2008. 287~292 .

[13] Shamir.A .How to share a secret [J].Communication of the ACM, 1979, 22 (11), pp.612-613.

[14] Blakley G R. Safeguarding cryptographic keys[C]. Proceedings of the National Computer Conference. Montvale: AFIPS Press, 1979, pp.313-317.