Implementation of a Suitable Approach to Promote for Trustworthiness of Transactions on Cloud Servers
Keywords:
Two-Phase Validation Commit Protocols, Broad Network Access, Resource Pooling, Rapid Elasticity, Server Module, Cloud User Module, Transaction Manager, Certificate AuthoritiesAbstract
In distributed transactional database systems deployed over cloud servers, entities cooperate to form proofs of authorizations that are justified by collections of certified credentials. These proofs and credentials may be evaluated and collected over extended time periods under the risk of having the underlying authorization policies or the user credentials being in inconsistent states. It therefore becomes possible for policy-based authorization systems to make unsafe decisions that might threaten sensitive resources. In this research paper, we highlight the criticality of the problem. We then define the notion of trusted transactions when dealing with proofs of authorization. Accordingly, we propose several increasingly stringent levels of policy consistency constraints and present different enforcement approaches to guarantee the trustworthiness of transactions executing on cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, which is a modified version of the basic Two-Phase Validation Commit protocols. We finally analyze the different approaches presented using both analytical evaluation of the overheads and simulations to guide the decision makers to which approach to use.
References
M. Armbrust et al., ―Above the Clouds: A Berkeley View of Cloud Computing,‖ technical report, Univ. of California, Feb. 2009.
S. Das, D. Agrawal, and A.E. Abbadi, ―Elastras: An Elastic Transactional Data Store in the Cloud,‖ Proc. Conf. Hot Topics in Cloud Computing (USENIX HotCloud ‘09), 2009.
D.J. Abadi, ―Data Management in the Cloud: Limitations and Opportunities,‖ IEEE Data Eng. Bull., vol. 32, no. 1, pp. 3-12, Mar. 2009.
A.J. Lee and M. Winslett, ―Safety and Consistency in Policy-Based Authorization Systems,‖ Proc. 13th ACM Conf. Computer and Comm. Security (CCS ‘06), 2006.
M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, ―X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - Ocsp,‖ RFC 2560, http://tools.ietf.org/html/rfc5280, June 1999.
E. Rissanen, ―Extensible Access Control Markup Language (Xacml) Version 3.0,‖ http://docs.oasisopen.org/xacml/3.0/ xacml-3.0-core-spec-os-en.html, Jan. 2013.
D. Cooper et al., ―Internet x.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,‖ RFC 5280, http://tools.ietf.org/html/rfc5280, May 2008.
J. Li, N. Li, and W.H. Winsborough, ―Automated Trust Negotiation Using Cryptographic Credentials,‖ Proc. 12th ACM Conf. Computer and Comm. Security (CCS ‘05), Nov. 2005.
L. Bauer et al., ―Distributed Proving in Access-Control Systems,‖ Proc. IEEE Symp. Security and Privacy, May 2005.
J. Li and N. Li, ―OACerts: Oblivious Attribute Based Certificates,‖ IEEE Trans. Dependable and Secure Computing, vol. 3, no. 4, pp. 340-352, Oct.-Dec. 2006.
J. Camenisch and A. Lysyanskaya, ―An Efficient System for Non-Transferable Anonymous Credentials with Optional Anonymity Revocation,‖ Proc. Int‘l Conf. Theory and Application of Cryptographic Techniques: Advances in Cryptology (EUROCRYPT ‘01), 2001.
P.K. Chrysanthis, G. Samaras, and Y.J. Al-Houmaily, ―Recovery and Performance of Atomic Commit Processing in Distributed Database Systems,‖ Recovery Mechanisms in Database Systems, Prentice Hall PTR, 1998.
M.K. Iskander, D.W. Wilkinson, A.J. Lee, and P.K. Chrysanthis, ―Enforcing Policy and Data Consistency of Cloud Transactions,‖ Proc. IEEE Second Int‘l Workshop Security and Privacy in Cloud Computing (ICDCS-SPCCICDCS-SPCC), 2011.
G. DeCandia et al., ―Dynamo: Amazons Highly Available Key-Value Store,‖ Proc. 21st ACM SIGOPS Symp. Operating Systems Principles (SOSP ‘07), 2007.
F. Chang et al., ―Bigtable: A Distributed Storage System for Structured Data,‖ Proc. Seventh USENIX Symp. Operating System Design and Implementation (OSDI ‘06), 2006.
A. Lakshman and P. Malik, ―Cassandra- A Decentralized Structured Storage System,‖ ACM SIGOPS Operating Systems Rev., vol. 44, pp. 35-40, Apr. 2010.
B.F. Cooper et al., ―PNUTS: Yahoo!‘s Hosted Data Serving Platform,‖ Proc. VLDB Endowment, vol. 1, pp. 1277-1288, Aug. 2008.
W. Vogels, ―Eventually Consistent,‖ Comm. ACM, vol. 52, pp. 40-44, Jan. 2009.
H. Guo, P.-A. Larson, R. Ramakrishnan, and J. Goldstein, ―Relaxed Currency and Consistency: How to Say ―Good Enough‖ in SQL,‖ Proc. ACM Int‘l Conf. Management of Data (SIGMOD ‘04), 2004.
T. Kraska, M. Hentschel, G. Alonso, and D. Kossmann, ―Consistency Rationing in the Cloud: Pay Only When It Matters,‖ Proc. VLDB Endowment, vol. 2, pp. 253-264, Aug. 2009.
G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, ―Provable Data Possession at Untrusted Stores,‖ Proc. 14th ACM Conf. Computer and Comm. Security (CCS ‘07), 2007.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2016 COMPUSOFT: An International Journal of Advanced Computer Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
©2023. COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY by COMPUSOFT PUBLICATION is licensed under a Creative Commons Attribution 4.0 International License. Based on a work at COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY. Permissions beyond the scope of this license may be available at Creative Commons Attribution 4.0 International Public License.
