Ensuring reliable logging for data accountability in untrusted cloud storage

Data accountability can record and track data usage in cloud storage, in order to cope with users' fear of losing control of their own data or even data leakage. However, logs recording unauthorized data access could be omitted or falsified in untrusted cloud storage, which is the critical factor of unreliable data accountability. To address this problem, in this paper, we propose a novel Cloud Data Accountability Framework to ensure reliable logging for data accountability. In particular, we adopt programmable Java JAR file coupling with data to enclose access policy. This mechanism ensures that data access through JAR will trigger authentication and automated logging local to the JAR. To prevent data access without JAR and protect data from key abuse attack, we provide JAR-based Data Access Protocol. Extensive security and performance analysis makes comparison between our logging mechanism and the state-of-the-art. Results indicate that the proposed mechanism is more reliable and achieves space and time efficiency.

[1]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[2]  Xing Zhang,et al.  Ciphertext-Policy Attribute-Based Encryption with User and Authority Accountability , 2015, SecureComm.

[3]  V. T. Kamble,et al.  Ensuring Distributed Accountability for Data Sharing in the Cloud , 2014 .

[4]  Ryan K. L. Ko,et al.  Data Accountability in Cloud Systems , 2014 .

[5]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[6]  John Zic,et al.  Accountability as a Service for the Cloud , 2010, 2010 IEEE International Conference on Services Computing.

[7]  Yong Tang,et al.  Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[8]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[9]  John Kubiatowicz,et al.  Antiquity: exploiting a secure log for wide-area distributed storage , 2007, EuroSys '07.

[10]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[11]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[12]  Fatos Xhafa,et al.  Privacy-aware attribute-based PHR sharing with user accountability in cloud computing , 2014, The Journal of Supercomputing.

[13]  Bu-Sung Lee,et al.  Towards Achieving Accountability, Auditability and Trust in Cloud Computing , 2011, ACC.

[14]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[15]  Elisa Bertino,et al.  The Design and Evaluation of Accountable Grid Computing System , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[16]  Jin Li,et al.  Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems , 2009, SecureComm.

[17]  Dan Lin,et al.  Promoting Distributed Accountability in the Cloud , 2011, 2011 IEEE 4th International Conference on Cloud Computing.