Title :
Disk storage isolation and verification in cloud
Author :
Zhan Wang ; Kun Sun ; Jajodia, Sushil ; Jiwu Jing
Author_Institution :
State Key Lab. of Inf. Security, Inst. of Inf. Eng., Beijing, China
Abstract :
Multi-tenancy of the cloud maximizes the utility of computation and storage resources by multiplexing the underlying hardware infrastructure amongst cloud customers; however, it also introduces significant security issues such as information leakage between two virtual machines (VMs) even if certain access control policy (e.g., Chinese Wall security policy) has been deployed in the cloud. Physical resource isolation between VMs is an effective mechanism to remove the covert channels in the cloud and prevent information leakage; however, due to economic concerns or negligence, some cheap-and-lazy cloud providers are not motivated to enforce the physical resource isolation as they promised. In this paper, we first develop a mechanism to check the co-residency of two files on local hard disk(s) by measuring the file access time, and then extend our mechanism to check data storage co-residency on Amazon S3 cloud storage.
Keywords :
authorisation; cloud computing; formal verification; resource allocation; storage management; virtual machines; Amazon S3 cloud storage; VM; access control policy; cheap-and-lazy cloud providers; cloud multitenancy; computation resources; covert channels; data storage co-residency; disk storage isolation; disk storage verification; file access time; file co-residency; information leakage; local hard disk; physical resource isolation; security issues; storage resources; virtual machines; Cloud Storage Isolation; Multi-tenancy; Verification;
Conference_Titel :
Global Communications Conference (GLOBECOM), 2012 IEEE
Conference_Location :
Anaheim, CA
Print_ISBN :
978-1-4673-0920-2
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2012.6503206
