Data Storage Security in Cloud Computing - SkillBakery Studios


Post Top Ad

Post Top Ad

Saturday, November 14, 2020

Data Storage Security in Cloud Computing

Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical, and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges that have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including data update, delete, and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Current cloud System:

From the perspective of data security, which has always been an important aspect of quality of service, Cloud Computing inevitably poses new challenging security threats for a number of reasons.

 1 . Firstly, traditional cryptographic primitives for the purpose of data security protection can not be directly adopted due to the users’ loss of control of data under Cloud Computing. Therefore, verification of correct data storage in a cloud must be conducted without explicit knowledge of the whole data. Considering various kinds of data for each user stored in the cloud and the demand for long term continuous assurance of their data safety, the problem of verifying the correctness of data storage in the cloud becomes even more challenging.

 2 . Secondly, Cloud Computing is not just a third party data warehouse. The data stored in the cloud may be frequently updated by the users, including insertion, deletion, modification, appending, reordering, etc. To ensure storage correctness under dynamic data update is hence of paramount importance.

These techniques, while can be useful to ensure the storage correctness without having users possessing data, can not address all the security threats in cloud data storage, since they are all focusing on a single server scenario and most of them do not consider dynamic data operations. As a complementary approach, researchers have also proposed distributed protocols for ensuring storage correctness across multiple servers or peers. Again, none of these distributed schemes is aware of dynamic data operations. As a result, their applicability in cloud data storage can be drastically limited.

 Cloud Characteristics


  • Broad Network Access
  • Resource Pooling
  • Rapid elasticity
  • Measured Service
  • On-demand self-service

Why is cloud security considered hard?

Cloud security is considered challenging is potentially due to the lack of full control of the environment. A cloud environment is a giant resource pool, it affects the ability of the organization to verify the efficacy of their security controls. While adding a cloud-based server to any organization’s workflow.

System Architecture:

Cloud best friend –Virtualization

Virtualization is to run multiple operating systems together on a single hardware. We can run Windows & Linux together simultaneously in a single box without having to worry about much.

Ring Architecture in cloud

User application has very limited privileges where tasks are performed by the operating system code. In this architecture os and CPU work together.

Below we can understand the privileges levels starting from 0 to 3 0 is (most privileged) 3 is (least privileged) and there are three important resources that are protected, memory, I/O ports, and ability to run machine-level instructions. If a user wants to open a file and transfer data over the network and allocate memory for the program, it will have to ask the kernel to allow it and this is why the kernel has full control over the program.


Hardware Virtualization

The x86- based operating system which is also known as x86 architecture is a set of architecture developed by Intel corporation in which it defines how a processor handles 7 executes different instructions.


Enterprise virtualization with ovirt

Ovirt is the open-source virtualization management platforms that were founded by Red-Hat as a community project. Virtualization is genuinely one of the fundamental parts of cloud environments.

There are four main components of virtualization software used for large scale applications

Virtualization Engine: The virtualization engine is responsible for deployment monitoring followed by start & stop, creation of virtual machine along with configuration relation to storage network and many more.

Risk assessment in cloud

European Union agency for network & information security (ENISA) a framework is designed for the organization who plan to evaluate risk related to cloud computing technology.

Various points mentioned in the ENISA framework will help an organization to evaluate appropriate cloud providers.

Service Level Agreement

Service level agreement is between a service provider & client and it basically defines the level of service expected from the service provider.

Service provides have clauses such as beyond our control to compensate for disaster or events beyond their control. In the SLA there is also a term called indemnification. ISP has an SLA of 99.9995 % uptime to the customers.

 SLA has four major aspects

  • Availability
  • Performance/Maximum Response Time
  • Meantime between failures(MTBF)
  • Meantime to repair(MTTR)


Cloud Providers

Service Level Agreement

Amazon EC2




Microsoft Azure




 For more latest courses and topics visit our website

No comments:

Post a Comment

Post Top Ad