الفهرس | Only 14 pages are availabe for public view |
Abstract Cloud computing is an emerging paradigm that delivers a large pool of virtual, on-demand and dynamically scalable resources to users via Internet technologies, following the notion of pay-as-you-go. Examples of these resources include computational power, storage capabilities, hardware platforms and applications. The key advantages of cloud computing are immense flexibility and monetary savings through minimization of infrastructure and software investments as well as management and maintenance costs. Besides popular cloud infrastructure and platform providers, such as Amazon, Google, and Microsoft, there are many cloud storage providers which offer more accessible and user friendly data storage services to cloud customers. Examples of these services include Dropbox, SkyDrive, Box.net, Zoho, Ubuntu One or Apple iCloud. Along with the widespread interest on cloud computing, however, there are still concerns that hinder the proliferation and the adoption of cloud services. One of the main concerns is data security in cloud storage environments. Numerous research problems belonging to the cloud storage security have been studied intensively before. However, addressing the three dimensions of outsourced data security (i.e., confidentiality, integrity and availability) as a cloud service is still a challenge in cloud storage. As there is always a tradeoff between maintaining security and obtaining efficiency, it is difficult but nevertheless essential to explore how to efficiently address security challenges over dynamic cloud data. iii The thesis first addresses the security requirements for cloud storage as identified from the literature, given the difficulty that data are no longer locally possessed by data owners. Then it aims to design an integrated Security-as-a-Service model for data storage in the cloud that provides authentication, access control, auditing and data management services. We propose a new keystroke authentication system for verifying the identity of cloud users. The proposed keystroke authentication system removes redundant or irrelevant features from the large scale keystroke dynamics by combining different feature selection methods and different fusion rules which, in turn, achieve higher authentication accuracy and performance. Moreover, it eliminates the tradeoff between the authentication accuracy and the elapsed time of the verification process by clustering the user profile templates in the keystroke dataset. Then, a dynamic access control system is proposed to ensure data confidentiality in cloud computing. The proposed access control system supports automatic user role assignments so that it relieves the data owner from the online and computational burdens of user role assignment processes, especially for large scale systems with a huge number of users and continuously changing user role policies. Additionally, the proposed access control system tackles the key escrow and key management problems in a decentralized cloud environment by defining roles in a hierarchy and supporting key delegation. Finally, a public auditing system is proposed to delegate the integrity verification of outsourced data in the cloud storage to a third party auditor. The proposed auditing system is privacy preserving so that keeps the data confidential/invisible to the auditor during the auditing process. Moreover, a data management system is proposed to support data dynamics for replicated and single-copy data files with variable sized blocks on the cloud storage. So, the proposed system supports updates with a size that is not restricted by the size of file blocks. It thereby offers extra flexibility and scalability compared to existing systems. To address the efficiency problem in verifying variable-size updates for cloud storage with multiple replicas, the proposed system incorporates a new authenticated data structure, namely Modified Rank based Authenticated Skip List (MRASL). The proposed MRASL supports verification of all dynamic data replicas at once. It thereby reduces the computation and communication costs. Moreover, the proposed auditing system supports efficient data recovery to repair the corrupted data in the case of single copy data files. Additionally, the proposed auditing system supports batch auditing where multiple auditing tasks with different data files can be performed simultaneously. Extensive experiments and performance analysis demonstrate the effectiveness and efficiency of the proposed model. |