Secure access mechanism for cloud storage

Scalable Computing

Volumn 12, Issue 3, 2011, Pages 317-336

  Harnik, Danny ^a   Kolodner, Elliot K ^a   Ronen, Shahar ^a   Satran, Julian ^a   Shulman Peleg, Alexandra ^a   Tal, Sivan ^a  

^a IBM HAIFA RESEARCH LAB   (Israel)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL MECHANISM; ACCESS CONTROL MODELS; ACCESS MECHANISM; ACCESS MODELS; CLOUD SERVICES; CLOUD SYSTEMS; DELEGATION MECHANISMS; SCALABLE STORAGE; SECURITY AND PERFORMANCE; STORAGE SYSTEMS; USAGE SCENARIOS;

ACCESS CONTROL;

EID: 84865066809     PISSN: 18951767     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (43)

1. Trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, Department of Defense, December 1985. http://csrc.nist.gov/publications/history/dod85.pdf, accessed Jan 20, 2010.
2. Amazon Simple Storage Service Developer Guide (API Version 2006-03-01). Amazon, a. http://docs.amazonwebservices.com/AmazonS3/2006-03-01/, accessed Jan 12, 2010.
3. Amazon Simple Storage Service (Amazon S3). Amazon, b. http://aws.amazon.com/s3/.
4. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. Above the clouds: A berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley, February 2009. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html.
5. W. Boebert. On the inability of an unmodified capability machine to enforce the *-property. In 7th DOD/NBS Computer Security Conference, pages 291-293, 1984.
6. R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, pages 136-145, 2001.
7. T. Close. ACLs don't. http://www.hpl.hp.com/techreports/2009/HPL-2009-20.pdf.
8. G. Decandia, D. Hastorun, M. Jampani, G. Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, P. Vosshall, and W. Vogels. Dynamo: amazon's highly available key-value store. In SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pages 205-220. ACM Press, 2007.
9. Atmos Online Programmer's Guide. EMC, a. https://community.emc.com/docs/DOC-3481, accessed Jan 12, 2010.
10. EMC Atmos Online Services. EMC, b. http://www.emccis.com/.
11. M. Factor, D. Nagle, D. Naor, E. Riedel, and J. Satran. The OSD security protocol. In IEEE Security in Storage Workshop, pages 29-39, 2005.
12. M. Factor, D. Naor, E. Rom, J. Satran, and S. Tal. Capability based secure access control to networked storage devices. In MSST '07: Proceedings of the 24th IEEE Conference on Mass Storage Systems and Technologies, pages 114-128, Washington, DC, USA, 2007. IEEE Computer Society. ISBN 0-7695-3025-7. doi: http://dx.doi.org/10.1109/MSST.2007.6.
13. R. T. Fielding and R. N. Taylor. Principled design of the modern web architecture. ACM Trans. Internet Technol., 2(2): 115-150, May 2002. URL http://dx.doi.org/10.1145/514183.514185.
14. O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2000.
15. S. Halevi, P. Karger, and D. Naor. Enforcing confinement in distributed storage and a cryptographic model for access control. Cryptology ePrint Archive, Report 2005/169, 2005. http://eprint.iacr.org/.
16. E. Hammer-Lahav. The OAuth 1.0 Protocol. Internet Engineering Task Force, February 2010. http://tools.ietf.org/html/draft-hammer-oauth-10.
17. H. Han, S. Kim, H. Jung, H. Y. Yeom, C. Yoon, J. Park, and Y. Lee. A RESTful approach to the management of cloud infrastructure. In Proceedings of the 2009 IEEE International Conference on Cloud Computing, CLOUD '09, pages 139-142, Washington, DC, USA, 2009. IEEE Computer Society. ISBN 978-0-7695-3840-2. doi: http://dx.doi.org/10.1109/CLOUD.2009.68. URL http://dx.doi.org/10.1109/CLOUD.2009.68.
18. V. C. Hu, D. F. Ferraiolo, and D. R. Kuhn. Assessment of Access Control Systems. NIST IR 7316, September 2006. csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf.
19. J. Ioannidis, S. Ioannidis, A. D. Keromytis, and V. Prevelakis. Fileteller: Paying and getting paid for file storage. In M. Blaze, editor, Financial Cryptography, volume 2357 of Lecture Notes in Computer Science, pages 282-299. Springer, 2002. ISBN 3-540-00646-X.
20. P. Karger. Improving security and performance for capability systems, ph.d. dissertation. Technical Report 149, Cambridge, England, 1988.
21. P. Karger and A. Herbert. An augmented capability architecture to support lattice security and traceability of access. In IEEE Symposium on Security and Privacy, pages 2-12, 1984.
22. B. Lampson. A note on the confinement problem. Commun. ACM, 16(10):613-615, 1973.
23. A. W. Leung, E. L. Miller, and S. Jones. Scalable security for petascale parallel file systems. In SC '07: Proceedings of the 2007 ACM/IEEE conference on Supercomputing, pages 1-12, New York, NY, USA, 2007. ACM. ISBN 978-1-59593-764-3. doi: http://doi.acm.org/10.1145/1362622.1362644.
24. A. Levine, V. Prevelakis, J. Ioannidis, S. Ioannidis, and A. D. Keromytis. WebDAVA: An administrator-free approach to web file-sharing. In WETICE, pages 59-64. IEEE Computer Society, 2003. ISBN 0-7695-1963-6.
25. E. Messmer. Are security issues delaying adoption of cloud computing? Network World, April 2009. http://www.networkworld.com/news/2009/042709-burning-security-cloud-computing.html, accessed Jan 21, 2010.
26. Windows Azure Platform. Microsoft, a. http://www.microsoft.com/windowsazure/windowsazure/.
27. Windows Azure Storage Services API Reference. Microsoft Corp., b. http://msdn.microsoft.com/en-us/library/dd179355.aspx, accessed Jan 17, 2010.
28. S. Miltchev, V. Prevelakis, S. Ioannidis, J. Ioannidis, A. D. Keromytis, and J. M. Smith. Secure and flexible global file sharing. In USENIX Annual Technical Conference, FREENIX Track, pages 165-178. USENIX, 2003. ISBN 1-931971-11-0.
29. S. Miltchev, J. M. Smith, V. Prevelakis, A. Keromytis, and S. Ioannidis. Decentralized access control in distributed file systems. ACM Comput. Surv., 40(3):1-30, 2008. ISSN 0360-0300. doi: http://doi.acm.org/10.1145/1380584.1380588.
30. R. L. Mitchel. Cloud storage triggers security worries. Computerworld, July 2009. http://www.computerworld.com/s/article/340438/ Confidence_in_the_Cloud, accessed Jan 21, 2010.
31. D. Nagle, M. Factor, S. Iren, D. Naor, E. Riedel, O. Rodeh, and J. Satran. The ANSI T10 object-based storage standard and current implementations. IBM Journal of Research and Development, 52(4-5):401-412, 2008.
32. Nirvanix Web Services API Developer's Guide. Nirvanix, a. http://developer.nirvanix.com/sitefiles/1000/API.html, accessed Jan 13, 2010.
33. Nirvanix Storage Delivery Network. Nirvanix, b. http://www.nirvanix.com/.
34. Z. Niu, H. Jiang, K. Zhou, T. Yang, and W. Yan. Identification and authentication in large-scale storage systems. Networking, Architecture, and Storage, International Conference on, 0:421-427, 2009.
35. ParaScale Storage Cloud Supports Virtual File System. ParaScale. http://www.parascale.com/index.php/products/data-access-security.
36. C. Pautasso, O. Zimmermann, and F. Leymann. Restful web services vs. "big"' web services: making the right architectural decision. In Proceeding of the 17th international conference on World Wide Web, WWW '08, pages 805-814, New York, NY, USA, 2008. ACM. ISBN 978-1-60558-085-2. doi: http://doi.acm.org/10.1145/1367497.1367606. URL http://doi.acm.org/10.1145/1367497.1367606.
37. The Rackspace Cloud: Cloud Files. Rackspace. http://www.rackspacecloud.com/cloud_hosting_products/files/.
38. N. Ragouzis, J. Hughes, R. Philpott, E. Maler, P. Madsen, and T. Scavo. Security Assertion Markup Language (SAML) V2.0 Technical Overview. OASIS Committee Draft, March 2008. http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf.
39. B. C. Reed, E. G. Chron, R. C. Burns, and D. D. Long. Authenticating network-attached storage. IEEE Micro, 20:49-57, 2000. ISSN 0272-1732. doi: http://doi.ieeecomputersociety.org/10.1109/40.820053.
40. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. In Proc. IEEE, 63(9):1278-1308, 1975. http://web.mit.edu/Saltzer/www/publications/protection.
41. W. Vogels. Eventually consistent. Queue, 6(6):14-19, 2008. ISSN 1542-7730.
42. S. A. Weil, S. A. Brandt, E. L. Miller, D. D. E. Long, and C. Maltzahn. Ceph: A scalable, high-performance distributed file system. In OSDI, pages 307-320. USENIX Association, 2006.
43. T. Wilson. Security is chief obstacle to cloud computing adoption, study says. DarkReading: Security, November 2009. http://www.darkreading.com/securityservices/security/perimeter/showArticle.jhtml?articleID=221901195, accessed Jan 21, 2010.