Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis a major feature of the cloud services is that usersí data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, usersí fears of losing control of their own data (particularly, financial and health data) can become a significant barrier to the wide adoption of cloud services. To address this problem, here, we propose a novel highly decentralized information accountability framework to keep track of the actual usage of the usersí data in the cloud.
In particular, we propose an object-centered approach that enables enclosing our logging mechanism together with usersí data and policies. We leverage the JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to usersí data will trigger authentication and automated logging local to the JARs. To strengthen userís control, we also provide distributed auditing mechanisms. We provide extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches.
To allay usersí concerns, it is essential to provide an effective mechanism for users to monitor the usage of their data in the cloud. For example, users need to be able to ensure that their data are handled according to the servicelevel agreements made at the time they sign on for services in the cloud. Conventional access control approaches developed for closed domains such as databases and operating systems, or approaches using a centralized server in distributed environments, are not suitable, due to the following features characterizing cloud environments.
We propose a novel approach, namely Cloud Information Accountability (CIA) framework, based on the notion of information accountability. Unlike privacy protection technologies which are built on the hide-it-or-lose-it perspective, information accountability focuses on keeping the data usage transparent and trackable. Our proposed CIA framework provides end-toend accountability in a highly distributed fashion. One of the main innovative features of the CIA framework lies in its ability of maintaining lightweight and powerful accountability that combines aspects of access control, usage control and authentication.
By means of the CIA, data owners can track not only whether or not the service-level agreements are being honored, but also enforce access and usage control rules as needed. Associated with the accountability feature, we also develop two distinct modes for auditing: push mode and pull mode. The push mode refers to logs being periodically sent to the data owner or stakeholder while the pull mode refers to an alternative approach whereby the user (or another authorized party) can retrieve the logs as needed.
- CIA (Cloud Information Accountability) Framework
- Distinct Mode for Auditing
- Logging and Auditing Techniques
- Major Components of CIA
||HTML, Java, JSP