Proof of Violation for Trust and Accountability of Cloud Database Systems

Gwan Hwan Hwang, Shih Kai Fu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as data integrity, write serializability, and read freshness. A proof of violation (POV) scheme enables a client or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this paper, we develop POV schemes for cloud database systems. First, we show that previously proposed cryptographic accountability protocols (CAPs), cannot be applied to cloud database systems directly. A CAP defines a multi-step handshaking protocol for clients and the service provider to exchange signed messages during service request and response so as to generate cryptographic proofs for later auditing. In addition, previously proposed auditing schemes are inappropriate to obtain the auditing requirements of SQL database according to collected cryptographic proofs. We design a new auditing scheme for cloud database systems. Implementation and experimental results are presented that demonstrate the feasibility of the proposed schemes. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.

Original languageEnglish
Title of host publicationProceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages425-433
Number of pages9
ISBN (Electronic)9781509024520
DOIs
Publication statusPublished - 2016 Jul 18
Event16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016 - Cartagena, Colombia
Duration: 2016 May 162016 May 19

Publication series

NameProceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016

Other

Other16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016
CountryColombia
CityCartagena
Period16/5/1616/5/19

Fingerprint

Network protocols
Cloud computing
Application programming interfaces (API)
Interfaces (computer)

Keywords

  • Cloud database
  • Service-level agreement
  • cloud security
  • nonrepudiation
  • proof of violation

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Hwang, G. H., & Fu, S. K. (2016). Proof of Violation for Trust and Accountability of Cloud Database Systems. In Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016 (pp. 425-433). [7515718] (Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CCGrid.2016.27

Proof of Violation for Trust and Accountability of Cloud Database Systems. / Hwang, Gwan Hwan; Fu, Shih Kai.

Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 425-433 7515718 (Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hwang, GH & Fu, SK 2016, Proof of Violation for Trust and Accountability of Cloud Database Systems. in Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016., 7515718, Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016, Institute of Electrical and Electronics Engineers Inc., pp. 425-433, 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016, Cartagena, Colombia, 16/5/16. https://doi.org/10.1109/CCGrid.2016.27
Hwang GH, Fu SK. Proof of Violation for Trust and Accountability of Cloud Database Systems. In Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 425-433. 7515718. (Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016). https://doi.org/10.1109/CCGrid.2016.27
Hwang, Gwan Hwan ; Fu, Shih Kai. / Proof of Violation for Trust and Accountability of Cloud Database Systems. Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 425-433 (Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016).
@inproceedings{4a284bd701d94b049a9a2a7c213d0fbe,
title = "Proof of Violation for Trust and Accountability of Cloud Database Systems",
abstract = "A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as data integrity, write serializability, and read freshness. A proof of violation (POV) scheme enables a client or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this paper, we develop POV schemes for cloud database systems. First, we show that previously proposed cryptographic accountability protocols (CAPs), cannot be applied to cloud database systems directly. A CAP defines a multi-step handshaking protocol for clients and the service provider to exchange signed messages during service request and response so as to generate cryptographic proofs for later auditing. In addition, previously proposed auditing schemes are inappropriate to obtain the auditing requirements of SQL database according to collected cryptographic proofs. We design a new auditing scheme for cloud database systems. Implementation and experimental results are presented that demonstrate the feasibility of the proposed schemes. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.",
keywords = "Cloud database, Service-level agreement, cloud security, nonrepudiation, proof of violation",
author = "Hwang, {Gwan Hwan} and Fu, {Shih Kai}",
year = "2016",
month = "7",
day = "18",
doi = "10.1109/CCGrid.2016.27",
language = "English",
series = "Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "425--433",
booktitle = "Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016",

}

TY - GEN

T1 - Proof of Violation for Trust and Accountability of Cloud Database Systems

AU - Hwang, Gwan Hwan

AU - Fu, Shih Kai

PY - 2016/7/18

Y1 - 2016/7/18

N2 - A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as data integrity, write serializability, and read freshness. A proof of violation (POV) scheme enables a client or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this paper, we develop POV schemes for cloud database systems. First, we show that previously proposed cryptographic accountability protocols (CAPs), cannot be applied to cloud database systems directly. A CAP defines a multi-step handshaking protocol for clients and the service provider to exchange signed messages during service request and response so as to generate cryptographic proofs for later auditing. In addition, previously proposed auditing schemes are inappropriate to obtain the auditing requirements of SQL database according to collected cryptographic proofs. We design a new auditing scheme for cloud database systems. Implementation and experimental results are presented that demonstrate the feasibility of the proposed schemes. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.

AB - A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as data integrity, write serializability, and read freshness. A proof of violation (POV) scheme enables a client or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this paper, we develop POV schemes for cloud database systems. First, we show that previously proposed cryptographic accountability protocols (CAPs), cannot be applied to cloud database systems directly. A CAP defines a multi-step handshaking protocol for clients and the service provider to exchange signed messages during service request and response so as to generate cryptographic proofs for later auditing. In addition, previously proposed auditing schemes are inappropriate to obtain the auditing requirements of SQL database according to collected cryptographic proofs. We design a new auditing scheme for cloud database systems. Implementation and experimental results are presented that demonstrate the feasibility of the proposed schemes. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.

KW - Cloud database

KW - Service-level agreement

KW - cloud security

KW - nonrepudiation

KW - proof of violation

UR - http://www.scopus.com/inward/record.url?scp=84983460557&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84983460557&partnerID=8YFLogxK

U2 - 10.1109/CCGrid.2016.27

DO - 10.1109/CCGrid.2016.27

M3 - Conference contribution

AN - SCOPUS:84983460557

T3 - Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016

SP - 425

EP - 433

BT - Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -