Title: Securing data services: a security architecture design for private storage cloud based on HDFS

Authors: Qingni Shen; Yahui Yang; Zhonghai Wu; Dandan Wang; Min Long

Addresses: School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing 100871, China ' School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing 100871, China ' School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing 100871, China ' IBM China Systems & Technology Lab (CSTL), IBM Corporation, Shanghai, China ' IBM China Systems & Technology Lab (CSTL), IBM Corporation, Shanghai, China

Abstract: With the growth of business, an enterprise would like to make its PSC (private storage cloud) approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP (Aspect-Oriented Programming) method. The time cost is given and evaluated efficiently.

Keywords: private storage cloud; data isolation; intra-cloud data migration; inter-cloud data migration; security architecture; HDFS; hadoop distributed file system; data services; cloud computing; data security; AOP; aspect-oriented programming.

DOI: 10.1504/IJGUC.2013.057118

International Journal of Grid and Utility Computing, 2013 Vol.4 No.4, pp.242 - 254

Received: 03 Jul 2012
Accepted: 28 Oct 2012

Published online: 18 Sep 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article