A secured metadata and data separation model for cloud storage

The increasing popularity of cloud service is leading people to concentrate more on cloud storage than traditional storage. Cloud storage platform is confronted with great challenges as the core infrastructure of all kinds of Internet applications, especially, the security of the out-sourced data (the data that is not stored/retrieved from the tenants´ own servers). Thus, to address the security issue, we proposed a metadata and real data separation model of cloud storage named MeSe. Metadata and real data are maintained separately in MeSe, it aims to provide tenants a secured and integrated cloud storage service with two parts of separate servers, the metadata server clusters and data server clusters. Considering tenants´ security requirement MeSe based on these two separate server clusters provided a better decision of cloud storage architecture for our tenants. Furthermore, we summarized protection challenges to MeSe and designed a threat model SEEIT, which thoroughly considers the security properties: Single Point of Failure, Eavesdropping, Elevation of Privilege, Information Disclosure and Tampering. SEEIT analyzed all kinds of threats and gave some inspirations that how to implement protection solutions for our metadata and data separation model MeSe.