TerraCheck: Verification of Dedicated Cloud Storage

  • Zhan Wang
  • Kun Sun
  • Sushil Jajodia
  • Jiwu Jing
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7964)

Abstract

When hardware resources are shared between mutually distrustful tenants in the cloud, it may cause information leakage and bring difficulties to regulatory control. To address these concerns, cloud providers are starting to offer hardware resources dedicated to a single user. Cloud users have to pay more for such dedicated tenancy; however, they may not be able to detect the unexpected misuse of their dedicated storage due to the abstraction layer of the cloud. In this paper, we propose TerraCheck to help cloud users verify if their dedicated storage devices have been misused to store other users’ data. TerraCheck detects the malicious occupation of the dedicated device by monitoring the change of the shadow data that are residual bits intentionally left on the disk and are invisible by the file system. When the cloud providers share the dedicated disk with other users, such misuses can be detected since the shadow data will be overwritten and become irretrievable. We describe the theoretical framework of TerraCheck and show experimentally that TerraCheck works well in practice.

Keywords

Dedicated Storage Cloud Security Verification 

References

  1. 1.
    Amazon Web Services, http://aws.amazon.com
  2. 2.
  3. 3.
    Benson, K., Dowsley, R., Shacham, H.: Do you know where your cloud files are? In: CCSW, pp. 73–82 (2011)Google Scholar
  4. 4.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)MATHCrossRefGoogle Scholar
  5. 5.
    Bowers, K.D., van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: How to tell if your cloud files are vulnerable to drive crashes. In: ACM Conference on Computer and Communications Security, pp. 501–514 (2011)Google Scholar
  6. 6.
    Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)Google Scholar
  7. 7.
    Dent, A.W.: The Cramer-Shoup encryption scheme is plaintext aware in the standard model. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 289–307. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Dijk, M.V., Juels, A., Oprea, A., Rivest, R.L., Stefanov, E., Triandopoulos, N.: Hourglass schemes: How to prove that cloud files are encrypted. In: ACM Conference on Computer and Communications Security (2012)Google Scholar
  9. 9.
    Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 109–127. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. SIGOPS Oper. Syst. Rev. 37(5), 193–206 (2003)CrossRefGoogle Scholar
  11. 11.
    Jhawar, R., Piuri, V.: Fault tolerance management in iaas clouds. In: Proc. of the 1st IEEE-AESS Conference in Europe about Space and Satellite Telecommunications (ESTEL 2012), Rome, Italy (October 2012)Google Scholar
  12. 12.
    Kurmus, A., Gupta, M., Pletka, R., Cachin, C., Haas, R.: A comparison of secure multi-tenancy architectures for filesystem storage clouds. In: Kon, F., Kermarrec, A.-M. (eds.) Middleware 2011. LNCS, vol. 7049, pp. 471–490. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
  14. 14.
    Richard III, G.G., Roussev, V.: Scalpel: A frugal, high performance file carver. In: DFRWS (2005)Google Scholar
  15. 15.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: ACM Conference on Computer and Communications Security, pp. 199–212 (2009)Google Scholar
  16. 16.
    Spafford, E.: Opus: Preventing weak password choicesGoogle Scholar
  17. 17.
    Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: Improve your cloud performance (at your neighbor’s expense). In: ACM Conference on Computer and Communications Security (2012)Google Scholar
  18. 18.
    Wang, Z., Sun, K., Jajodia, S., Jing, J.: Disk storage isolation and verification in cloud. In: Globecom 2012, Anaheim, CA, USA (2012)Google Scholar
  19. 19.
    Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In: The 21st USENIX Security Symposium (Security 2012) (August 2012)Google Scholar
  20. 20.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K.R., Hiltunen, M.A., Schlichting, R.D.: An exploration of L2 cache covert channels in virtualized environments. In: CCSW, pp. 29–40 (2011)Google Scholar
  21. 21.
    Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: Co-residency detection in the cloud via side-channel analysis. In: IEEE Symposium on Security and Privacy, pp. 313–328 (2011)Google Scholar
  22. 22.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS, pp. 305–316 (2012)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Zhan Wang
    • 1
    • 2
  • Kun Sun
    • 2
  • Sushil Jajodia
    • 2
  • Jiwu Jing
    • 1
  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations