As cloud computing hosts massive shared data and applications, it is essential to protect user data, ensure privacy, and secure proprietary software from misuse or leakage. This section introduces key techniques like data coloring, watermarking, and solutions to data lock-in problems.
Data Integrity and Privacy Protection
Cloud users need a secure software environment along with tools like MapReduce, BigTable, AWS, GAE, etc., to build cloud apps over large datasets. Key features required in such environments include:
| Security Feature | Explanation |
|---|---|
| User Authentication APIs | Allow safe login and email services via trusted platforms |
| Fine-grained Access Control | Gives different access levels to different users; protects data integrity |
| Shared Data Protection | Prevents unauthorized editing, deletion, or copyright violation |
| Privacy from ISPs | Ensures cloud service providers don’t misuse user data |
| Personal Firewalls | Blocks harmful scripts (e.g., Java, JavaScript, ActiveX) on client devices |
| Privacy Policy Alignment | Ensures cloud user policies and provider policies are consistent |
| VPN Channels | Encrypt data transfer across resource sites to prevent tampering or theft |
Data Coloring and Cloud Watermarking
Data coloring and cloud watermarking are innovative security techniques for protecting shared data in the cloud.
A. Data Coloring
- Data coloring = Tagging or labeling each data object with a unique color/identifier.
- This color is also associated with the user identity.
- Helps in:
- Tracking data origin
- Preventing unauthorized access
- Auditing and trust events
Advantage: Unlike encryption, data coloring is lightweight and uses fewer computations, making it suitable for large datasets.
B. Cloud Watermarking
- Watermarks are embedded into software or data files to prove ownership and detect unauthorized sharing.
- Common in digital media, watermarking is now applied to cloud data and applications.
- Watermarked data can be tracked even if it’s copied or distributed.
- Can be combined with encryption for double-layer security.
Data Lock-in Problem and Proactive Solutions
Data Lock-in:
Once user data is uploaded to a cloud, it becomes difficult to extract or migrate that data to other platforms due to:
| Problem | Explanation |
|---|---|
| Proprietary APIs | Different providers use different APIs, preventing data portability |
| Application Incompatibility | Apps built for one cloud often don’t work on others without rewriting |
Proactive Solutions to Data Lock-in
| Solution | How it Helps |
|---|---|
| Standardized Cloud APIs | Allows data exchange between different cloud platforms |
| OVF (Open Virtualization Format) | Enables VM migration across cloud providers |
| Cross-cloud Application Mobility | Allows workload migration and avoids vendor lock-in |
| Improved QoS | Ensures better reliability, portability, and performance |