Security And Privacy Of User Data In Public Cloud

As one of the major IT technique trend, the market capital of Cloud Comput-ing is way ahead of the concept of Web 2.0. Through Internet, Cloud Computing provides users with massive scalable computing resources as a service. By flexi-bly scheduling of massive computing resources, Cloud Computing provides users with computing services that can scale up or down on-demand. Meanwhile, it provides large optimization space for Cloud Vendors who can lower the total cost by leveraging the scale effect.Besides cost saving, another selling point of Cloud Computing is that it saves users from complex IT software and hardware maintenance. Users can access to Cloud services whenever and wherever as long as they have accesses to the network. However, network services share the negative side, the issue of user data privacy and security. Actually, as the most widely known concern of Cloud Computing, user data privacy and security imposes a grand challenge.In the environment of public cloud, four major data security issues are:1. In the environment of public cloud, users worry their sensitive data would be disclosed online by cloud vendors, other cloud users or hackers, and they would lost the control of data like creation, propagation and destruction.2. Virtualization technology and virtual machine live migration are the core techniques in the cloud infiastructure. They are essential for dynamic re-source re-scheduling. Virtual machine live migration brings security vulner-abilities that do not exist on non-mobile systems.3. Virtual machine monitor is the core of cloud infrastructure. As its func-tionality growing, its size is expanding explosively, and its security vul-nerabilities are steadily increasing. Once the virtual machine monitor is compromised, all virtual machines running upon and all user data would be controlled by attackers.4. There are possibilites that cloud platforms be attacked directly via physical means, like bus and memory probing, and even compromises to hardware components.Dissolver system is proposed to address the problem of user data privacy and data control in public cloud environment. By leveraging" security enhancement inside virtual machine monitors and Trusted Computing technology, Dissolver system supports user data lifetime protection from the time they are created to the time they are destroyed and data self-destruction on the command of users. The protection granularity of Dissolver system is the process, that includes executable binary and data. Under the condition that the platform hardware is not physically attacked, Dissolver system is able to guarantee that user data is not accessed illegally, even if the operating systems and all other software are compromised.PALM system is proposed to address the problem of user data protection during virtual machine live migration. We analyzed the applicability of secure live migration and the possible problems, designed secure live migration protocol and implemented PALM prototype system. PALM system guarantees the privacy and integrity of user data during and after the virtual machine live migration.MOON system is proposed to address the security vulnerability of virtual machine monitors. MOON system uses a tiny, more privileged monitor underneath the virtual machine monitor to provide memory isolation and I/O cryptography. MOON system is the first to propose not relying on the integrity of virtual machine monitor to provide the memory isolation and I/O protection for guest virtual machines. Even when the virtual machine monitor is compromised, MOON is still able to preserve data privacy of guest virtual machines.Diamond technique is proposed to address the physical threat to cloud plat-form hardware. Under physical attack, assume only the CPU is trusted, we pro-pose security enhancement to CPU. All user data are decrypted inside CPU chip. User data are in cipher text when outside CPU chip. The privacy and integrity protection is of the highest strength. The data protection granularity of Diamond is the virtual machine.Specifically, our contribution includes:1. We proposed the data protection technique that guarantees user data privacy throughout its lifetime in the cloud. The protection technique is done under practical threat model.2. We proposed the technique, that supports user data self-destruction in the cloud. The data self-destruction is enforced even if the cloud platform is compromised.3. We proposed a secure live migration protocol that guarantees user data privacy and integrity throughout the live migration process.4. We are the first to propose using a tiny hypervisor to guarantee the privacy of the whole guest virtual machine, even when the virtual machine monitor is compromised. The proposed technique requires very little modification to the existing system. The tiny hypervisor is the smallest TCB to run commodity virtual machines. The protection granularity is very suitable for IaaS Cloud Computing environment.5. We are the first to propose using security-enhanced CPU to protect the data privacy and integrity in the granularity of the whole guest virtual machine. The protection logic is simpler than related researches. And the protection granularity is very suitable for IaaS Cloud Computing environment...