A Novel Infrastructure for Data Sanitization

in Cloud Computing

Dr. Cheng-Yuan KuDepartment of Information Management, National Chung Cheng University, Taiwan, R.O.C.Date ： Dec. 25, 2013

C. V.

• NCTU, Control Engineering, B.S. in 1987

• Northwestern University, EECS M.S. in 1993

• Northwestern University, EECS Ph.D. in 1995

• Purdue University, Visiting Professor in 2009

• Specialties: Computer and Communication Network, Information Security, Information Security Management, E- and M-commerce, Cloud Computing Security

Outline

1. Introduction1. Introduction

2. Related Technology and Works2. Related Technology and Works

3. Proposed Mechanism3. Proposed Mechanism

4. Experimental Results and Future Work4. Experimental Results and Future Work

1. Introduction1. Introduction

Background

Cloud computing service (Mell & Grance, 2011): IaaS , PaaS , SaaS

Cloud Security (Subashini & Kavitha, 2011): Data security

Personal Data Protection Act in Taiwan (Chang, 2012): Collecting, processing and using personal data A party will be fined up to NT 200 million for violation. Government agencies and non-governmental organizations

must provide evidence for handling personal data with due care in the court. It is not the customer’s responsibility.

Motivations Data Remanence：

Comply with PDPA：

• What is data remanence ?– Data sanitization (Kissel et al., 2006)

– One of the most important security issues for cloud computing

• Solutions for cloud computing– To provide evidence– To audit data security

Outline

1. Introduction1. Introduction

2. Related Works2. Related Works

3. Proposed Mechanism3. Proposed Mechanism

4. Experimental Results and Future Work4. Experimental Results and Future Work

2. Related Technology and Works2. Related Technology and Works

Cloud Computing Operating System

VMware vSphere architecture Source ： Modified from the VMware (2011)

• Windows Azure

• Google Apps

• VMware vSphere

• Amazon WebService

Big Data Platform-Hadoop

Hadoop cluster operating Source ： White (2012)

• Hadoop Distributed File System (HDFS)

• MapReduce

Public-Key Infrastructure

Public-key infrastructure model Source ： Stallings (2012)

Monitoring mode (CSA, 2011)

• Database Activity Monitoring (DAM)

• File Activity Monitoring (FAM)

Monitoring Approach for Cloud

McAfee database activity monitoring architecture Source ： McAfee (2012)

Data Security Lifecycle

Source ： Modified from the CSA (2011)

Data Sanitization (1/2)

Definition (Kissel, Scholl, Skolochenko, & Li, 2006) ：• The data sanitization refers to removing remnant

data from storage media.

• Type– Clearing ： Overwriting– Purging ： Degaussing– Destroying ： Disintegration, incineration,

pulverizing, shredding, and melting.

Data Sanitization (2/2)

Overwriting methods ：

• Gutmann

• Schneier

• US DoD 5220-22.M

• VSITR

Overwrite Algorithm

Pass 1-35: Writes a random character

• Gutmann

Source ： Gutmann (1996)

• Schneier Pass 1: Writes a onePass 2: Writes a zeroPass 3: Writes a random characterPass 4: Writes a random characterPass 5: Writes a random characterPass 6: Writes a random characterPass 7: Writes a random character

Source ： Schneier (2004)

• US DoD 5220-22.M

Pass 1: Writes a zero and verifiesPass 2: Writes a one and verifiesPass 3: Writes a random character and verifies the write

Source ： DoD and CIA (1995)

• VSITR

Pass 1: Writes a zeroPass 2: Writes a onePass 3: Writes a zeroPass 4: Writes a onePass 5: Writes a zeroPass 6: Writes a onePass 7: Writes a random character

Source ： Hintemann and Faßnacht (2008)

Outline

1. Introduction1. Introduction

2. Related Technology and Works2. Related Technology and Works

3. Proposed Mechanism3. Proposed Mechanism

4. Experimental Results and Future Work4. Experimental Results and Future Work

3. Proposed Mechanism3. Proposed Mechanism

Mechanism process

Trust ModelTrust Model

Data Sanitization SchemeData Sanitization Scheme

Monitoring Framework DesignMonitoring Framework Design

Trust Model

Concerns of data sanitization

1) We must know where the data are stored and which data should be cleared.

2) We need to monitor the clearing process.

Design of Monitoring Framework

Monitoring Center

• Monitoring Data

Data Sanitization Scheme (1/2) Data Sanitization Process

Data Sanitization Scheme (2/2) Data Sanitization by Overwriting

• Customer interface and procedure

– Interface provides customer two choices whether the data sanitization should be monitored or not.

– Select the number of overwrites, and confirm the service.

– Customers choose whether the recovery test report is necessary.

Outline

1. Introduction1. Introduction

2. Related Technology and Works2. Related Technology and Works

3. Proposed Mechanism3. Proposed Mechanism

4. Current Status and Future Work4. Current Status and Future Work4. Experimental Results and Future Work4. Experimental Results and Future Work

Implementation and performance evaluation

• Overwriting program– To propose an efficient overwriting scheme in cloud

• Monitoring center– Provide big data to the monitoring center to test

• Monitoring agent– DAM (Database activity monitoring) captures the

metadata packet– FAM (File activity monitoring) captures the log files

Gutmann sanitization performance

Gutmann sanitization performance

Schneier sanitization performance

Schneier sanitization performance

US DoD 5220-22.M sanitization performance

US DoD 5220-22.M sanitization performance

VSITR sanitization performance

VSITR sanitization performance

Performance Analysis of Data Sanitization

Sanitization method Time CPU load

Gutmann 31 min 12

Schneier 6 min 2

US DoD 5220-22.M 3 min 1

VSITR 6 min 2

System Simulation and Implementation

System Simulation and Implementation

Cloud Environment - DNS & iSCSI

System Establishment - Conversion Interface

Data Security Lifecycle Report

Future Work

• Further Performance Evaluation

• Cloud Data Lifecycle Auditing Criteria for ISACA

• Other Cloud Security Issues

Thank you for your attention