Upload
-
View
287
Download
3
Embed Size (px)
Citation preview
A Novel Infrastructure for Data Sanitization
in Cloud Computing
Dr. Cheng-Yuan KuDepartment of Information Management, National Chung Cheng University, Taiwan, R.O.C.Date : Dec. 25, 2013
C. V.
• NCTU, Control Engineering, B.S. in 1987
• Northwestern University, EECS M.S. in 1993
• Northwestern University, EECS Ph.D. in 1995
• Purdue University, Visiting Professor in 2009
• Specialties: Computer and Communication Network, Information Security, Information Security Management, E- and M-commerce, Cloud Computing Security
Outline
1. Introduction1. Introduction
2. Related Technology and Works2. Related Technology and Works
3. Proposed Mechanism3. Proposed Mechanism
4. Experimental Results and Future Work4. Experimental Results and Future Work
1. Introduction1. Introduction
Background
Cloud computing service (Mell & Grance, 2011): IaaS , PaaS , SaaS
Cloud Security (Subashini & Kavitha, 2011): Data security
Personal Data Protection Act in Taiwan (Chang, 2012): Collecting, processing and using personal data A party will be fined up to NT 200 million for violation. Government agencies and non-governmental organizations
must provide evidence for handling personal data with due care in the court. It is not the customer’s responsibility.
Motivations Data Remanence:
Comply with PDPA:
• What is data remanence ?– Data sanitization (Kissel et al., 2006)
– One of the most important security issues for cloud computing
• Solutions for cloud computing– To provide evidence– To audit data security
Outline
1. Introduction1. Introduction
2. Related Works2. Related Works
3. Proposed Mechanism3. Proposed Mechanism
4. Experimental Results and Future Work4. Experimental Results and Future Work
2. Related Technology and Works2. Related Technology and Works
Cloud Computing Operating System
VMware vSphere architecture Source : Modified from the VMware (2011)
• Windows Azure
• Google Apps
• VMware vSphere
• Amazon WebService
Big Data Platform-Hadoop
Hadoop cluster operating Source : White (2012)
• Hadoop Distributed File System (HDFS)
• MapReduce
Public-Key Infrastructure
Public-key infrastructure model Source : Stallings (2012)
Monitoring mode (CSA, 2011)
• Database Activity Monitoring (DAM)
• File Activity Monitoring (FAM)
Monitoring Approach for Cloud
McAfee database activity monitoring architecture Source : McAfee (2012)
Data Security Lifecycle
Source : Modified from the CSA (2011)
Data Sanitization (1/2)
Definition (Kissel, Scholl, Skolochenko, & Li, 2006) :• The data sanitization refers to removing remnant
data from storage media.
• Type– Clearing : Overwriting– Purging : Degaussing– Destroying : Disintegration, incineration,
pulverizing, shredding, and melting.
Data Sanitization (2/2)
Overwriting methods :
• Gutmann
• Schneier
• US DoD 5220-22.M
• VSITR
Overwrite Algorithm
Pass 1-35: Writes a random character
• Gutmann
Source : Gutmann (1996)
• Schneier Pass 1: Writes a onePass 2: Writes a zeroPass 3: Writes a random characterPass 4: Writes a random characterPass 5: Writes a random characterPass 6: Writes a random characterPass 7: Writes a random character
Source : Schneier (2004)
• US DoD 5220-22.M
Pass 1: Writes a zero and verifiesPass 2: Writes a one and verifiesPass 3: Writes a random character and verifies the write
Source : DoD and CIA (1995)
• VSITR
Pass 1: Writes a zeroPass 2: Writes a onePass 3: Writes a zeroPass 4: Writes a onePass 5: Writes a zeroPass 6: Writes a onePass 7: Writes a random character
Source : Hintemann and Faßnacht (2008)
Outline
1. Introduction1. Introduction
2. Related Technology and Works2. Related Technology and Works
3. Proposed Mechanism3. Proposed Mechanism
4. Experimental Results and Future Work4. Experimental Results and Future Work
3. Proposed Mechanism3. Proposed Mechanism
Mechanism process
Trust ModelTrust Model
Data Sanitization SchemeData Sanitization Scheme
Monitoring Framework DesignMonitoring Framework Design
Trust Model
Concerns of data sanitization
1) We must know where the data are stored and which data should be cleared.
2) We need to monitor the clearing process.
Design of Monitoring Framework
Monitoring Center
• Monitoring Data
Data Sanitization Scheme (1/2) Data Sanitization Process
Data Sanitization Scheme (2/2) Data Sanitization by Overwriting
• Customer interface and procedure
– Interface provides customer two choices whether the data sanitization should be monitored or not.
– Select the number of overwrites, and confirm the service.
– Customers choose whether the recovery test report is necessary.
Outline
1. Introduction1. Introduction
2. Related Technology and Works2. Related Technology and Works
3. Proposed Mechanism3. Proposed Mechanism
4. Current Status and Future Work4. Current Status and Future Work4. Experimental Results and Future Work4. Experimental Results and Future Work
Implementation and performance evaluation
• Overwriting program– To propose an efficient overwriting scheme in cloud
• Monitoring center– Provide big data to the monitoring center to test
• Monitoring agent– DAM (Database activity monitoring) captures the
metadata packet– FAM (File activity monitoring) captures the log files
Gutmann sanitization performance
Gutmann sanitization performance
Schneier sanitization performance
Schneier sanitization performance
US DoD 5220-22.M sanitization performance
US DoD 5220-22.M sanitization performance
VSITR sanitization performance
VSITR sanitization performance
Performance Analysis of Data Sanitization
Sanitization method Time CPU load
Gutmann 31 min 12
Schneier 6 min 2
US DoD 5220-22.M 3 min 1
VSITR 6 min 2
System Simulation and Implementation
System Simulation and Implementation
Cloud Environment - DNS & iSCSI
System Establishment - Conversion Interface
Data Security Lifecycle Report
Future Work
• Further Performance Evaluation
• Cloud Data Lifecycle Auditing Criteria for ISACA
• Other Cloud Security Issues
Thank you for your attention