TY - GEN
T1 - Proof of Violation for Trust and Accountability of Cloud Database Systems
AU - Hwang, Gwan Hwan
AU - Fu, Shih Kai
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/18
Y1 - 2016/7/18
N2 - A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as data integrity, write serializability, and read freshness. A proof of violation (POV) scheme enables a client or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this paper, we develop POV schemes for cloud database systems. First, we show that previously proposed cryptographic accountability protocols (CAPs), cannot be applied to cloud database systems directly. A CAP defines a multi-step handshaking protocol for clients and the service provider to exchange signed messages during service request and response so as to generate cryptographic proofs for later auditing. In addition, previously proposed auditing schemes are inappropriate to obtain the auditing requirements of SQL database according to collected cryptographic proofs. We design a new auditing scheme for cloud database systems. Implementation and experimental results are presented that demonstrate the feasibility of the proposed schemes. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.
AB - A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as data integrity, write serializability, and read freshness. A proof of violation (POV) scheme enables a client or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this paper, we develop POV schemes for cloud database systems. First, we show that previously proposed cryptographic accountability protocols (CAPs), cannot be applied to cloud database systems directly. A CAP defines a multi-step handshaking protocol for clients and the service provider to exchange signed messages during service request and response so as to generate cryptographic proofs for later auditing. In addition, previously proposed auditing schemes are inappropriate to obtain the auditing requirements of SQL database according to collected cryptographic proofs. We design a new auditing scheme for cloud database systems. Implementation and experimental results are presented that demonstrate the feasibility of the proposed schemes. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.
KW - Cloud database
KW - cloud security
KW - nonrepudiation
KW - proof of violation
KW - Service-level agreement
UR - http://www.scopus.com/inward/record.url?scp=84983460557&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84983460557&partnerID=8YFLogxK
U2 - 10.1109/CCGrid.2016.27
DO - 10.1109/CCGrid.2016.27
M3 - Conference contribution
AN - SCOPUS:84983460557
T3 - Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016
SP - 425
EP - 433
BT - Proceedings - 2016 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing, CCGrid 2016
Y2 - 16 May 2016 through 19 May 2016
ER -