With the continuously decreasing costs of cloud services, many organizations including government agencies, healthcare providers, financial institutions, universities, and enterprises outsource large data repositories to cloud service providers (CSPs). Doing this relieves organizations from the financial burden of deploying and maintaining in-house data infrastructures. However, storing data with third parties exposes organizations to legal and financial liabilities should the data leak, become unavailable, or be lost. To reduce these risks, CSPs employ reliable storage technologies which are outlined in service level agreements (SLAs) negotiated with their clients. An SLA states data availability/reliability guarantees against misconfigurations, attacks, and any other disruption. Current SLAs, however, do not specify mechanisms for verifying that the CSP is adhering to the SLA terms. Accidental misconfigurations or attacks can lead to irrecoverable data loss that is detected only long after it has occurred. Moreover, economically motivated CSPs may choose to circumvent the SLA to reduce their operational costs. This project aims to design and test auditing mechanisms for provably and efficiently verifying adherence to SLA terms. The effort is well-aligned with national priorities on critical infrastructure security and resilience. It will result in cloud architectures, storage algorithms, and network and security protocols that strengthen the security, privacy, and usability of cloud storage systems, advancing the state-of-the-art on reliable and secure data storage. The project team will also use the work to inform the development of related courses and a cybersecurity certificate program, as well as supporting outreach efforts to middle and high school students and to groups traditionally underrepresented in computer science.
The research agenda is organized around two major activities. The first activity investigates storage verification methods that not only prove the existence of the outsourced data but also verify the storage of redundant information for recovering from attacks and failures. Achieving such high levels of assurance is challenging because redundant information can be easily regenerated on-the-fly whenever the CSP is challenged to prove its existence. Effective auditing mechanisms require the joint design of the verification, coding, and data recovery processes to optimize the security-reliability-resource-efficiency tradeoffs while preserving data privacy and supporting data updatability. The second activity explores the physical storage verification at multiple storage nodes within a data center and/or between data centers. The team approaches the physical storage and geodiversity verification problems from the realistic standpoint of utilizing bounds on the physical resources such as network delay (which can be set conservatively). This allows technology-agnostic storage verification methods that are future-proof. A core project goal is the integration of logical and physical storage verification methods under a single suite of protocols. This integration is jointly considered with practical operational aspects of cloud systems, including data maintenance, dynamic data update, and privacy preservation.
|