Securing data services: a security architecture design for private storage cloud based on HDFS

Authors:
Qingni Shen;Yahui Yang;Zhonghai Wu;Dandan Wang;Min Long
Affiliations:
School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing 100871, China;School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing 100871, China;School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing 100871, China;IBM China Systems & Technology Lab CSTL, IBM Corporation, Shanghai, China;IBM China Systems & Technology Lab CSTL, IBM Corporation, Shanghai, China
Venue:
International Journal of Grid and Utility Computing
Year:
2013

Citing 11
Cited 0

Role-Based Access Control Models

Computer
A cost-effective, high-bandwidth storage architecture

Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Efficient Metadata Management in Large Distributed Storage Systems

MSS '03 Proceedings of the 20 th IEEE/11 th NASA Goddard Conference on Mass Storage Systems and Technologies (MSS'03)
The Google file system

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Ceph: a scalable, high-performance distributed file system

OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Cloud Security Issues

SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing
The Hadoop Distributed File System

MSST '10 Proceedings of the 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)
A way of key management in cloud storage based on trusted computing

NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
SecDM: Securing Data Migration between Cloud Storage Systems

DASC '11 Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing
SAPSC: Security Architecture of Private Storage Cloud Based on HDFS

WAINA '12 Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.