Secure Cloud Computing and Cloud Forensics Dr Bhavani Thuraisingham The University of Texas at Dallas UTD April 15 2011 Cloud Computing NIST Definition Cloud computing is a pay per use model for enabling available convenient ondemand network access to a shared pool of configurable computing resources e g networks servers storage applications services that can be rapidly provisioned and released with minimal management effort or service provider interaction This cloud model promotes availability and is comprised of five key characteristics three delivery models and four deployment models Key Characteristics On demand self service Location independent resource pooling Rapid elasticity Pay per use Delivery Models Cloud Software as a Service SaaS Cloud Platform as a Service PaaS Cloud Infrastructure as a Service IaaS Deployment Models Private cloud Community cloud Public cloud Hybrid cloud Our goal is to demonstrate policy based assured information sharing on clouds Security Challenges for Clouds Policy Access Control and Accountability Data Security and Privacy Issues Third party publication of data Security challenges associated with data outsourcing Data at the different sites have to be protected with the end results being made available querying encrypted data Secure Query Processing Updates in Cloud Secure Storage Security Related to Virtualization Cloud Monitoring Protocol and Network Security for Clouds Identity Management Cloud Forensics Layered Framework Policies XACML Application Law Enforcement QoS Resource Allocation HIVE SPARQL Query Hadoop MapReduc Storage XEN Linux VMM Risks Costs Cloud Monitors Secure Virtual Network Monitor Figure 2 Layered Framework for Assured Cloud Approach Study the problem with current principles and technologies and then develop principles for secure cloud computing 01 13 19 4 Secure Query Processing with Hadoop MapReduce We have studied Clouds based on Hadoop Query Rewriting and Optimization Principles defined and implemented for two types of data i Relational data Secure query processing with HIVE ii RDF Data Secure query processing with SPARQL Demonstrated with XACML Policies content temporal association Joint demonstration with Kings College and University of Insubria First demo 2010 Each party submits their data and policies Our cloud will manage the data and policies Second demo 2011 Multiple clouds Principles of Secure Query Optimization Query optimization principles defined and strategies implemented in the 1970s and 1980s for relational data IBM System R and DB2 Ingres Query Rewriting Query Evaluation Procedures Search strategy Cost functions Secure query optimization principles defined and strategies implemented in the 1980s and 1990s Honeywell MITRE Extended secure query optimization for cloud environment Query optimization for RDF data Secure query optimization for RDF data Secure query optimization for RDF data in a cloud environment Fine grained Access Control with Hive Hive is a data warehouse infrastructure built on top of Hadoop that provides tools to enable easy data summarization adhoc querying and analysis of large datasets data stored in Hadoop files It provides a mechanism to put structure on this data and it also provides a simple query language called Hive QL which is based on SQL and which enables users familiar with SQL to query this data Policies include content dependent access control association based access control time dependent access control Table View definition and loading Users can create tables as well as load data into tables Further they can also upload XACML policies for the table they are creating Users can also create XACML policies for tables views Users can define views only if they have permissions for all tables specified in the query used to create the view They can also either specify or create XACML policies for the views they are defining Fine grained Access Control with Hive System Architecture SPARQL Query Optimizer for Secure RDF Data Processing Developed a secure query optimizer and query rewriter for RDF Data with XACML policies and implemented on top of JENA Storage Support Built a storage mechanism for very large RDF graphs for JENA Integrated the system with Hadoop for the storage of large amounts of RDF data e g a billion triples Need to incorporate secure storage strategies developed in FY09 System Architecture Web Interface New Data Answer Query Data Preprocessor MapReduce Framework Parser N Triples Converter Query Validator Rewriter Prefix Generator Predicate Based Splitter Predicate Object Based Splitter Server Backend XACML PDP Query Rewriter By Policy Plan Generator Plan Executor Security for AMAZON S3 Many organizations are using cloud services like Amazon S3 for data storage A few important questions arise here Can we use S3 to store the data sources used by Blackbook Is the data we store on S3 secure Is it accessible by any user outside our organization How do we restrict access to files to the users within the organization BLACKBOOK is a semantic web based tool used by analysts within the Intelligence Community The tool federates queries across data sources These data sources are databases or applications located either locally or remotely on the network BLACKBOOK allows analysts to make logical inferences across the data sources add their own knowledge and share that knowledge with other analysts using the system We use Amazon S3 to store the data sources used by Blackbook To keep our data secure we encrypt the data using AES Advanced Encryption Standard before uploading the data files on Amazon S3 To restrict access to the files to the users within the organization we implemented RBAC policies using XACML XACML Design Implementation in Hadoop Until July 2010 little security in Hadoop We have designed XACML for Hadoop Use of In line Reference Monitor Concept is being explored Examining current Hadoop security released July 2010 and will complete XACML implementation December 2010 Also examining accountability for Hadoop with Purdue Secure VMM Xen Architecture Xen Hypervisor The hypervisor runs just on top of the hardware and traps all calls by VMs to access the hardware Domain 0 Dom0 Domain 0 is a modified version of Linux that is used to manage the other VMs Domain U DomU Domain U is the user domain in Xen DomU is where all of the untrusted guest OSs reside Virtual Machines DomU is broken into two parts Para Virtualized Domains PV and Hardware Assisted Virtualized