Text 3D. Encrypted Data Storage for Cloud
Essential Vocabulary
alleviate v – облегчить; уменьшить
co-processor n – сопроцессор
disclosing – обнаружение
embed v – распространение; выделение
feasible adj – осуществимый
handle v – обрабатывать
random private keys – произвольные закрытые/ частные ключи
reside v – находиться
shell n – оболочка операционной системы
snapshot n – снимок; снятие
tampering n – искажение
tamper resistant adj – защищённый от несанкционированного доступа
tempt v - испытывать
Since data in the cloud will be placed anywhere, it is important that the data is encrypted. We are using secure co-processor as part of the cloud infrastructure to enable efficient encrypted storage of sensitive data. One could ask us the question: why not implement your software on hardware provided by current cloud computing systems such as Open Cirrus? We have explored this option. First, Open Cirrus provides limited access based on their economic model. Furthermore, Open Cirrus does not provide the hardware support we need (e.g., secure co-processors). By embedding a secure co-processor (SCP) into the cloud infrastructure, the system can handle encrypted data efficiently.
Basically, SCP is a tamper-resistant hardware capable of limited general-purpose computation. For example, IBM 4758 Cryptographic Coprocessor (IBM) is a single-board computer consisting of a CPU, memory and special-purpose cryptographic hardware contained in a tamper-resistant shell, certified to level 4 under FIPS PUB 140-1. When installed on the server, it is capable of performing local computations that are completely hidden from the server. If tampering is detected, then the secure co-processor clears the internal memory. Since the secure coprocessor is tamper-resistant, one could be tempted to run the entire sensitive data storage server on the secure co-processor. Pushing the entire data storage functionality into a secure co-processor is not feasible due to many reasons.
First of all, due to the tamper-resistant shell, secure co-processors have usually limited memory and computational power. Performance will improve over time, but problems such as heat dissipation/power use will force a gap between general purposes and secure computing. Another issue is that the software running on the SCP must be totally trusted and verified. This security requirement implies that the software running on the SCP should be kept as simple as possible. So how does this hardware help in storing large sensitive data sets? We can encrypt the sensitive data sets using random private keys and to alleviate the risk of key disclosure, we can use tamper-resistant hardware to store some of the encryption/decryption keys (i.e., a master key that encrypts all other keys). Since the keys will not reside in memory unencrypted at any time, an attacker cannot learn the keys by taking the snapshot of the system. Also, any attempt by the attacker to take control of (or tamper with) the co-processor, either through software or physically, will clear the co-processor, thus eliminating a way to decrypt any sensitive information. This framework will facilitate (a) secure data storage and (b) assured information sharing.
|
|
|
Task 14. Translate the following word combinations:
To handle data; tampering of data; tamper-resistant hardware; heat dissipation; to avoid disclosing process; the snapshot of the system; to assure information sharing.
Task 15.Answer the questions:
1. What problem is discussed in the text?
2. What’s the function of a secure co-processor (scp)?
3. What can be used to store some of the encryption/decryption keys?
4. What can attacker attempt to take control of the co-processor evoke?
Task 16. Render the text
СПИСОК ЛИТЕРАТУРЫ
1. Большой англо-русский политехнический словарь: в 2 т. Сост.:
С.М.Баринов, А.Б.Борковский, В.А.Владимиров и др. – М.:Русский язык,
1991. 701 с.
2. Современный англо-русский словарь по вычислительной технике.
Составитель С.Б.Орлов. – 2-е изд. – М.: ИП РадиоСофт, 2000. 608 с.
|
|
|
3. Jason Andress. The Basics of Information Security. Understanding the
InfoSec in Theory and Practice. USA, Syngress Press, 2011. 190 p.
4. Sean Price. Adaptive Threats and Defenses. // Information Security
Management Handbook, Sixth Edition, Vol. 4. Auerbach Publications, 2010.
Pp. 29-45.
5. Ricky M.Magalhaes. Has the End of Antivirus Arrived? WindowSecurity.com
Articles & Tutorials, 2013.
Available at: http://www.windowsecurity.com/authors/ricky-magalhaes/,
accessed 29.06.2013.
6. E.Eugene Schultz, Edward Ray. Rootkits: The Ultimate Malware Threat. //
Information Security Management Handbook, Sixth Edition, Vol. 2.
Auerbach Publications, 2008. Pp. 176-182.
7. Expanded Top Ten Big Data Security and Privacy Challenges. Cloud Security
Alliance. Big Data Working Group. USA, 2013. Available at:
https://cloudsecurityalliance.org/research/big-data/, accessed 19.09.2013.
8. Kevin Hamlen, Murat Kantarcioglu, Latifur Khan, Bhavani Thuraisingham.
Security Issues for Cloud Computing. // International Journal of Information
Security and Privacy, Vol.4, Issue 2. USA, 2010. Pp. 36-48.
CONTENTS
Unit 1………………………………………………………………………………………..4
Text 1A. What is Information Security?…………………………………4
Text 1B. Adaptive Threats and Defenses .................................................9
Text 1C. Has the end of Antivirus arrived? ……………………………14
Text 1D. New Trends in Risk Management ……………………………19
Unit 2……………………………………………………………………23
Text 2A. Rootkits: The Ultimate Malware Threat ………………………23
Text 2B. How Rootkits Work…………………………………………....27
Text 2C.Types of Rootkits …………………………………………...... 31
Text 2D.Rootkits and Security-Related Risk ………………………….. 35
|
|
|
Unit 3……………………………………………………………………40
Text 3A.Expanded Top Ten Big Data Security and Privacy Challenges.. 40
Text 3B. Security Issues for Cloud Computing ………………………… 44
Text 3C.Third Party Secure Data Publication Applied to Cloud ………. 47
Text 3D.Encrypted Data Storage for Cloud…………………………….. 50
Список литературы…………………………………………………….. 53
Дата добавления: 2018-04-15; просмотров: 198; Мы поможем в написании вашей работы! |
Мы поможем в написании ваших работ!