Главная страница | Контакты | Случайная страница Автомобили Астрономия Биология География Дом и сад Другие языки Другое Информатика История Культура Литература Логика Математика Медицина Металлургия Механика Образование Охрана труда Педагогика Политика Право Психология Религия Риторика Социология Спорт Строительство Технология Туризм Физика Философия Финансы Химия Черчение Экология Экономика Электроника

Text 3D. Encrypted Data Storage for Cloud

Essential Vocabulary

alleviate v – облегчить; уменьшить

co-processor n – сопроцессор

disclosing – обнаружение

embed v – распространение; выделение

feasible adj – осуществимый

handle v – обрабатывать

random private keys – произвольные закрытые/ частные ключи

reside v – находиться

shell n – оболочка операционной системы

snapshot n – снимок; снятие

tampering n – искажение

tamper resistant adj – защищённый от несанкционированного доступа

tempt v - испытывать

Since data in the cloud will be placed anywhere, it is important that the data is encrypted. We are using secure co-processor as part of the cloud infrastructure to enable efficient encrypted storage of sensitive data. One could ask us the question: why not implement your software on hardware provided by current cloud computing systems such as Open Cirrus? We have explored this option. First, Open Cirrus provides limited access based on their economic model. Furthermore, Open Cirrus does not provide the hardware support we need (e.g., secure co-processors). By embedding a secure co-processor (SCP) into the cloud infrastructure, the system can handle encrypted data efficiently.

Basically, SCP is a tamper-resistant hardware capable of limited general-purpose computation. For example, IBM 4758 Cryptographic Coprocessor (IBM) is a single-board computer consisting of a CPU, memory and special-purpose cryptographic hardware contained in a tamper-resistant shell, certified to level 4 under FIPS PUB 140-1. When installed on the server, it is capable of performing local computations that are completely hidden from the server. If tampering is detected, then the secure co-processor clears the internal memory. Since the secure coprocessor is tamper-resistant, one could be tempted to run the entire sensitive data storage server on the secure co-processor. Pushing the entire data storage functionality into a secure co-processor is not feasible due to many reasons.

First of all, due to the tamper-resistant shell, secure co-processors have usually limited memory and computational power. Performance will improve over time, but problems such as heat dissipation/power use will force a gap between general purposes and secure computing. Another issue is that the software running on the SCP must be totally trusted and verified. This security requirement implies that the software running on the SCP should be kept as simple as possible. So how does this hardware help in storing large sensitive data sets? We can encrypt the sensitive data sets using random private keys and to alleviate the risk of key disclosure, we can use tamper-resistant hardware to store some of the encryption/decryption keys (i.e., a master key that encrypts all other keys). Since the keys will not reside in memory unencrypted at any time, an attacker cannot learn the keys by taking the snapshot of the system. Also, any attempt by the attacker to take control of (or tamper with) the co-processor, either through software or physically, will clear the co-processor, thus eliminating a way to decrypt any sensitive information. This framework will facilitate (a) secure data storage and (b) assured information sharing.

Task 14. Translate the following word combinations:

To handle data; tampering of data; tamper-resistant hardware; heat dissipation; to avoid disclosing process; the snapshot of the system; to assure information sharing.

Task 15. Answer the questions:

1. What problem is discussed in the text?

2. What’s the function of a secure co-processor (scp)?

3. What can be used to store some of the encryption/decryption keys?

4. What can attacker attempt to take control of the co-processor evoke?

Task 16. Render the text

СПИСОК ЛИТЕРАТУРЫ

1. Большой англо-русский политехнический словарь: в 2 т. Сост.:

С.М.Баринов, А.Б.Борковский, В.А.Владимиров и др. – М.:Русский язык,

1991. 701 с.

2. Современный англо-русский словарь по вычислительной технике.

Составитель С.Б.Орлов. – 2-е изд. – М.: ИП РадиоСофт, 2000. 608 с.

3. Jason Andress. The Basics of Information Security. Understanding the

InfoSec in Theory and Practice. USA, Syngress Press, 2011. 190 p.

4. Sean Price. Adaptive Threats and Defenses. // Information Security

Management Handbook, Sixth Edition, Vol. 4. Auerbach Publications, 2010.

Pp. 29-45.

5. Ricky M.Magalhaes. Has the End of Antivirus Arrived? WindowSecurity.com

Articles & Tutorials, 2013.

Available at: http://www.windowsecurity.com/authors/ricky-magalhaes/,

accessed 29.06.2013.

6. E.Eugene Schultz, Edward Ray. Rootkits: The Ultimate Malware Threat. //

Information Security Management Handbook, Sixth Edition, Vol. 2.

Auerbach Publications, 2008. Pp. 176-182.

7. Expanded Top Ten Big Data Security and Privacy Challenges. Cloud Security

Alliance. Big Data Working Group. USA, 2013. Available at:

https://cloudsecurityalliance.org/research/big-data/, accessed 19.09.2013.

8. Kevin Hamlen, Murat Kantarcioglu, Latifur Khan, Bhavani Thuraisingham.

Security Issues for Cloud Computing. // International Journal of Information

Security and Privacy, Vol.4, Issue 2. USA, 2010. Pp. 36-48.