| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | June 21, 2011 |
| Latest Amendment Date: | September 22, 2017 |
| Award Number: | 1054754 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Fen Zhao
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | July 1, 2011 |
| End Date: | September 30, 2017 (Estimated) |
| Total Intended Award Amount: | $530,470.00 |
| Total Awarded Amount to Date: | $501,731.00 |
| Funds Obligated to Date: |
FY 2013 = $7,800.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
323 DR MARTIN LUTHER KING JR BLVD NEWARK NJ US 07102-1824 (973)596-5275 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
323 DR MARTIN LUTHER KING JR BLVD NEWARK NJ US 07102-1824 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Information Technology Researc, Special Projects - CNS |
| Primary Program Source: |
01001314DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
When data is outsourced at a cloud storage provider, data owners lose control over the integrity of their data and must trust the storage provider unconditionally. Coupled with numerous data loss incidents, this prevents organizations from assessing the risk posed by outsourcing data to untrusted clouds, making cloud storage unsuitable for applications that require long-term security and reliability guarantees. This project establishes a practical remote data checking (RDC) framework as a mechanism to provide long-term integrity and reliability for remotely stored data. At the same time, the project seeks to develop new functionality for remote data checking that overcomes limitations of early RDC protocols and improves the usability and deployability of RDC on existing cloud storage infrastructures. Unlike previous work, this research takes a holistic approach and considers RDC protocols that minimize the combined security costs of all data management phases over the lifetime of a distributed storage system. This includes prevention, repair, and retrieval. Maintaining the health of the data in a distributed storage system requires various transformations to be applied on the data and requires data to migrate among storage servers. This project develops novel RDC protocols that are compatible with the full range of replication, erasure coding and network coding operations employed by distributed storage systems, thus enabling owners to maintain better control over their data. This project increases the transparency of cloud storage platforms and improves the security dimension of storage outsourcing enabling wider adoption of cloud storage technologies. To disseminate these ideas, the project's educational activities include curriculum development, mentoring undergraduate and graduate students and engaging them into research, and outreach to high-school teachers.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The main research goal of this project is to create a framework that provides strong integrity, availability and reliability guarantees for long-term storage when data is outsourced to a cloud storage provider (CSP). Behind this seemingly simple goal there are complexities and subtleties that stem from several constraints and requirements: CSPs cannot be trusted, long-term storage outsourcing exacerbates the short-term storage threats, and secure storage outsourcing has uniqueperformance demands in order to be practical. We rely on remote data integrity checking (RDIC) as the main mechanism to ensure thelong-term integrity, availability, and reliability of data outsourced to a distributed storage system.
Reliability in this context is a measure of whether a CSP is still able to provide the correct data upon request by the client. A client that initially stores data with a server (CSP), later checks that the server continues to store the same data that was originally stored. We are interested in protocols that allow a client to periodically challenge the server into proving data possession, i.e. , the ability to produce the client's original data in its entirety. We seek to achieve a data possession guarantee, which implies both the integrity and the availability of the data stored at an untrusted server: The server possesses the same original data (integrity) and can prove it has the ability to produce this data at the moment of the challenge (availability). Such a guarantee will empower data owners to maintain control over how their data is stored and managed. It will also provide data owners with means to assess the risk of outsourcing storage and will increase the transparency of CSPs.
The novel outcomes of this project are:
1) New Remote Data Integrity Checking (RDIC) protocols that substantially improve the guarantees, functionality, and performance when managing data stored at untrusted cloud storage providers (CSPs). This includes:
- extending the RDIC guarantee from a single-server to a more realistic multiple-server setting,
- handling arbitrary amounts of data corruption,
- minimizing the data owner’s involvement in the repair phase over the lifetime of a distributed storage system,
- reconcilig replication with deduplication of data, while providing transparency to data owners.
As a result, RDIC can fully realize our vision of outsourcing both the storage and management of data. Our new RDIC protocols provide important functionality for remote data integrity checking that overcomes limitations of previous RDIC protocols and improves the usability and deployability of RDIC protocols for existing cloud storage infrastructures. By designing remote data integrity checking schemes that support both replication and transparency, can ensure data reliability while enabling a new pricing model which takes into account the level of deduplication of the data: The more users store the same piece of data, the lower each individual user gets charged for storing that piece of data. This can provide significant savings for clients, thus lowering the costs of storing data in the cloud. By allowing the storage providers to preserve the remote data integrity auditing capabilities even when data suffers transformations while in storage, we reduce the cost of managing the data stored at these providers.
2) Improved Security of Version Control Systems:
- We have developed Auditable Version Control Systems (AVCS), which are version control systems (VCS) designed to function under an adversarial setting. We proposed RDC-AVCS, an AVCS scheme for skip delta-based VCS systems, which relies on RDIC mechanisms to ensure all the versions of a file are retrievable from the untrusted VCS server over time. By providing an efficient solution which is optimized for real-world VCS systems, RDC-AVCS improves the usability and deployability of RDIC for existing VCS systems.
- We have improved the security of Apache Subversion (SVN), a popular Version Control System (VCS), by incorporating commit signatures that provide integrity and authenticity to the SVN repository. This will provide integrity, authenticity and accountability for repositories stored at untrusted servers.
3) Cloud Computing Workshop for Teachers (CCWT):
We organized at NJIT a professional development workshop for high school teachers. The workshop exposed high school teachers to the concept of Cloud Computing and the technologies associated with it, from the perspective of using cloud technologies to improve the instructional process. The teachers were then asked to select a lesson taught in their classroom and to write a revised lesson plan based on cloud computing integration and standards-based lesson planning.
Last Modified: 12/29/2017
Modified by: Reza Curtmola
Please report errors in award information by writing to: awardsearch@nsf.gov.
