Cloud computing has become an alternative IT infrastructure where users, infrastructure providers, and service providers all share and deploy resources for their business processes and applications. In order to deliver cloud services cost effectively, users' data is stored in a cloud where applications are able to perform requests from clients efficiently. As data is transferred to the cloud, data owners are concerned about the loss of control of their data and cloud service providers (CSPs) are concerned about their ability to protect data when it is moved about both within and out of its own environment. Many security and protection mechanisms have been proposed to protect cloud data by employing various policies, encryption techniques, and monitoring and auditing approaches. However, data is still exposed to potential disclosures and attacks if it is moved and located at another cloud where there is no equivalent security measure at visited sites. In a realistic cloud scenario with hierarchical service chain, the handling of data in a cloud can be delegated by a CSP to a subprovider or another. However, CSPs do not often deploy the same protection schemes. Movement of user's data is an important issue in cloud, and it has to be addressed to ensure the data is protected in an integrated manner regardless of its location in the environment. The user is concerned whether its data is located in locations covered by the service level agreement, and data operations are protected from unauthorized users. When user's data is moved to data centers located at locations different from its home, it is necessary to keep track of its locations and data operations. This chapter discusses data protection and mobility management issues in cloud environment and in particular the implementation of a trust-oriented data protection framework.

Chapter Contents:

• Abstract
• Keyword
• 6.1 Introduction
• 6.2 Data mobility
• 6.2.1 Components of a data mobility model
• 6.2.2 Data mobility scenarios
• 6.3 Security mechanisms for data-in-transit
• 6.3.1 Geographic location-based mechanisms
• 6.3.2 Data-mobility-based policy and encryption mechanisms
• 6.3.3 Binding user and data location
• 6.3.4 Protecting cloud data using trusted third-party technologies
• 6.3.5 Data mobility based on location register database
• 6.4 A trust-oriented data protection framework
• 6.4.1 Mobility management model
• 6.4.2 Trust-oriented data protection framework
• 6.4.3 Implementation
• 6.4.3.1 Data structure design
• 6.4.3.2 Location register database design
• 6.4.3.3 Data mobility management workflows
• 6.4.4 Evaluation and results
• 6.4.4.1 Experiment setup
• 6.4.4.2 Evaluation
• 6.4.4.3 Processing data-moving case tests
• 6.4.4.4 Attack test and security analysis
• 6.4.4.5 Direct access and intrusion attacks
• 6.4.4.6 TDFS external attacks
• 6.5 Discussion and conclusion
• 6.5.1 Discussion
• 6.5.2 Conclusion
• References

Inspec keywords: cloud computing; data protection; trusted computing; mobility management (mobile radio)

Other keywords: mobility management; CSP; infrastructure providers; cloud computing; realistic cloud scenario; service level agreement; alternative IT infrastructure; business processes; data operations; security measure; hierarchical service chain; cloud data; cloud service providers; trust-oriented data protection framework; cloud environment

Subjects: Data security; Internet software