ISSN: 1300-2575

G.B. Satya Rajesh et/(IETRJ) International Engineering and Technology Research Journal, Vol. 1(3), 2013, 112-119.

Effective Usage of Cloud Information Accountability (CIA)

Framework to Ensure Distributed Accountability for Data Sharing
G.B. Satya Rajesh1, K. John Paul2
1. G.B. Satya Rajesh, NOVA college of Engineering and Technology, Vegavaram, Jangareddygudem.
2. K.John Paul, Associate Professor, NOVA college of Engineering and Technology, Jangareddygudem, w.g.dist.
{rajesh_gbs2020@yahoo.co.in}

Abstract:

Cloud computing refers to both the

applications delivered as services over the Internet and
the hardware and systems software in the datacenters
that provide those services. Cloud computing is a means
by which highly scalable, technology-enabled services
can be easily consumed over the Internet on an asneeded basis. The convenience and efficiency of this
approach, however, comes with privacy and security
risks. In order to overcome the above said problem a
decentralized information accountability framework
which keeps track of the actual usage of the users data
in the cloud has been developed. A automatic logging
mechanisms has been developed using JAR
programming which improves security and privacy of
data in cloud. Using this mechanism data owner may
know his/her data is handled as per his requirement or
service level agreement.

Keywords:

Cloud computing, Framework, Data,

Accountability, Security.

I. INTRODUCTION
Cloud computing is a means by which highly
scalable, technology-enabled services can be easily
consumed over the Internet on an as-needed basis [1].
The convenience and efficiency of this approach,
however, comes with privacy and security risks [2].A
significant barrier to the adoption of cloud services is
thus user fear of confidential data leakage and loss of
privacy in the cloud. There are a number of notable
commercial there are a number of notable
commercial and individual cloud computing services,
including Amazon, Google, Microsoft, Yahoo, and
Sales force [3]. In short, cloud computing allows for
the sharing and scalable deployment of services, as
needed, from almost any location, and for which the
customer can be billed based on actual usage.

Fig1.Architecture of Cloud Computing

Once a cloud is established, how its cloud

computing services are deployed in terms of business
models can differ depending on requirements. The
primary service models being deployed (see Figure 1)
are commonly known as:
a) Software as a Service (SaaS) Consumers
purchase the ability to access and use an application
or service that is hosted in the cloud. A benchmark
example of this is Salesforce.com, as discussed
previously, where necessary information for the
interaction between the consumer and the service is
hosted as part of the service in the cloud. Also,
Microsoft is expanding its involvement in this area,
and as part of the cloud computing option for
Microsoft Office 2010, its Office Web Apps are
available to Office volume licensing customers and
Office Web App subscriptions through its cloudbased Online Services.
112

Platform as a Service (PaaS) Consumers

purchase access to the platforms, enabling them to
deploy their own software and applications in the
cloud. The operating systems and network access are
not managed by the consumer, and there might be
constraints as to which applications can be deployed.
c) Infrastructure as a Service (IaaS) Consumers
control and manage the systems in terms of the
operating systems, applications, storage, and network
connectivity, but do not themselves control the cloud
infrastructure. Deploying cloud computing can differ
depending on requirements, and the following four
deployment models have been identified, each with
specific characteristics that support the needs of the
services and users of the clouds in particular ways
(see Figure 2).
d) Private Cloud The cloud infrastructure has
been deployed, and is maintained and operated for a
specific organization. The operation may be in-house
or with a third party on the premises.
Community Cloud The cloud infrastructure is
shared among a number of organizations with similar
interests and requirements This may help limit the
capital expenditure costs for its establishment as the
costs are shared among the organizations. The
operation may be in-house or with a third party on
the premises.
Public Cloud The cloud infrastructure is
available to the public on a commercial basis by a
cloud service provider. This enables a consumer to
develop and deploy a service in the cloud with very
little financial outlay compared to the capital
expenditure requirements normally associated with
other deployment options.
Hybrid Cloud The cloud infrastructure consists
of a number of clouds of any type, but the clouds
have the ability through their interfaces to allow data
and/or applications to be moved from one cloud to
another. This can be a combination of private and
public clouds that support the requirement to retain
some data in an organization, and also the need to
offer services in the cloud.
b)

Fig 2.Public, Private, and Hybrid Cloud Deployment

Cloud Computing refers to both the applications

delivered as services over the Internet and the
hardware and systems software in the datacenters that
provide those services. The services themselves have
long been referred to as Software as a Service (SaaS).
The datacenter hardware and software is what we
will call a Cloud. When a Cloud is made available in
a pay-as-you-go manner to the general public, we call
it a Public Cloud; the service being sold is Utility
Computing. We use the term Private Cloud to refer to
internal datacenters of a business or other
organization, not made available to the general
public. Thus, Cloud Computing is the sum of SaaS
and Utility Computing, but does not include Private
Clouds. People can be users or providers of SaaS, or
users or providers of Utility Computing [4].Users
may not know the machines which actually process
and host their data. While enjoying the convenience
brought by this new technology, users also start
worrying about losing control of their own data. The
data processed on clouds are often outsourced,
leading to a number of issues related to
accountability, including the handling of personally
identifiable information. Such fears are becoming a
significant barrier to the wide adoption of cloud
services [5].Conventional access control approaches
developed for closed domains such as databases as a
service, have four parts Encryption and Decryption For security purpose of data stored in cloud,
encryption seems to be perfect security solution.
Key Management - If encryption is necessary to store
data in the cloud, encryption keys cant be store
there, so user requires key management.
Authentication -For accessing stored data in cloud by
authorized users. Authorization Rights given to
user as well as cloud provider. Data handling in the
113

cloud goes through a complex and dynamic

hierarchical service chain which does not exist in
conventional environments. To solve the security
issues in cloud an approach, namely Cloud
Information Accountability (CIA) framework, based
on the notion of information accountability was
developed Data owner should not bother about his
data, and should not get fear about damage of his data
by hacker; there is need of security mechanism which
will track usage of data in the cloud. Accountability
is necessary for monitoring data usage, in this all
actions of users like sending of file are
cryptographically linked to the server, that performs
them and server maintain secured record of all the
actions of past and server can use the past records to
know the correctness of action. It also provides
reliable information about usage of data and it
observes all the records, so it helps in make trust,
relationship and reputation. So accountability is for
verification of authentication and authorization. It is
powerful tool to check the authorization policies
[7].Accountability
describes
authorization
requirement for data usage policies. Accountability
mechanisms, which rely on after the fact verification,
are an attractive means to enforce authorization
policies [6].Associated with the accountability
feature, A technique had been developed in which it
has two distinct modes for auditing: push mode and
pull mode. The push mode refers to logs being
periodically sent to the data owner or stakeholder
while the pull mode refers to an alternative approach
whereby the user(or another authorized party) can
retrieve the logs as needed. The design of the CIA
framework presents substantial challenges, including
uniquely identifying CSPs, ensuring the reliability of
the log, adapting to a highly decentralized
infrastructure, etc. Our basic approach toward
addressing these issues is to leverage and extend the
programmable capability of JAR (Java Archives)
files to automatically log the usage of the users data
by any entity in the cloud .Users will send their data
along with any policies such as access control
policies and logging policies that they want to
enforce, enclosed in JAR files, to cloud service
providers. Any access to the data will trigger an
automated and authenticated logging mechanism
local to the JARs. The JARs are provided with a
central point of contact which forms a link between
them and the user. It records the error correction
information sent by the JARs, which allows it to
monitor the loss of any logs from any of the JARs.
Moreover, if a JAR is not able to contact its central
point, any access to its enclosed data will be denied.
The main focus is kept on the following:

Proposing a novel automatic and

enforceable logging mechanism in the
cloud.
Proposed architecture is a platform
independent and highly decentralized, in
that it does not require any dedicated
authentication or storage system in place.
We go beyond traditional access control in that
we provide a certain degree of usage control
for the protected data after these are delivered
to the receiver.
We conduct experiments on a real cloud test
bed. The results demonstrate the efficiency,
scalability, and granularity of our approach.
We also provide a detailed security analysis
and discuss the reliability and strength of our
architecture.

II. LITERATURE SURVEY

In this section review related works addressing
security in cloud. Security issue is very important in
cloud there are many techniques available so here is
review of all these. Privacy is a key business risk and
compliance issue, as it sits at the intersection of
social norms, human rights and legal mandates [8].In
[9] they have addressed the security issues associated
in cloud data storage and have explored many
security issues, whenever a data vulnerability is
perceived during the storage process a precision
verification across the distributed servers are ensured
by simultaneous identification of the misbehaving
nodes through analysis in term of security
malfunctioning, it is proved that their scheme is
effective to handle certain failures, malicious data
modification attack, and even server colluding
attacks. It has been described in [10] about the
overview of privacy issues within cloud computing
and a detailed analysis on privacy threat based on
different type of cloud scenario was explained, the
level of threat seem to vary according to the
application area. In [11] it clearly stated about the
issues associated in choosing a security mechanisms
or security frameworks in the Cloud computing
context and given a brief outline on flooding attacks.
In [12], the authors present procedural and technical
solution both are producing solution to accountability
to solving security risk in cloud in this mechanism
these policies are decided by the parties that use,
store or share that data irrespective of the jurisdiction
in which information is processed. But it has
limitation that data processed on SP is in unencrypted
at the point of processing so there is a risk of data
114

leakage. In [13], the author gives a language which

permits to serve data with policies by agent; agent
should prove their action and authorization to use
particular data. In this logic data owner attach
Policies with data, which contain a description of
which actions are allowed with which data, but there
is the problem of Continuous auditing of agent, but
they provide solution that incorrect behavior. Should
monitor and agent should give justification for their
action, after that authority will check the justification.
In [14], authors gives a three layer architecture which
protect information leakage from cloud, it provides
three layer to protect data, in first layer the service
provider should not view confidential data in second
layer service provider should not do the indexing of
data, in third layer user specify use of his data and
indexing in policies, so policies always travel with
data. In [15], authors present accountability in
federated system to achieve trust management. The
trust towards use of resources is accomplished
through accountability so to resolve problem for trust
management in federated system they have given
three layers architecture, in first layer is
authentication and authorization in this authentication
does using public key cryptography. Second layer is
accountability which perform monitoring and
logging. The third layer is anomaly detection which
detects misuse of resources. This mechanism requires
third party services to observe network resources.

side decryption it sends key to client. In this

mechanism data owner will create private key and
public key, using generated key owner will create
logger which is a JAR file (JAVA Archives), it
includes his policies like access policies and logging
policies with data send to cloud service provider.
Authentication of cloud service provider has been
done using open SSL based certificates after
authentication of cloud service provider user can be
able to access data in JAR, log of each data usage has
been created and encrypted using public key and it
automatically send to log harmonizer for integrity log
records are signed by entity which is using the data
and log records are decrypted and access by owner.
In push mode logs are automatically send to data
owner and in pull mode owner can demand logs, so
he can see access of his data at anytime, anywhere
and he can do monitoring of his data [16]. In Fig 2
working of accountability mechanism in cloud is
given in this when user will access data then log of
each access is created by logger and periodically sent
to log harmonizer, log harmonizer send this logs to
data owner and data owner can see logs and take
appropriate action if he wants[17].

III. PROPOSED SYSTEM

a) Cloud Information Accountability (CIA)
Framework: CIA framework lies in its ability of
maintaining lightweight and powerful accountability
that combines aspects of access control, usage control
and authentication. By means of the CIA, data
owners can track not only whether or not the servicelevel agreements are being honored, but also enforce
access and usage control rules as needed. The Cloud
Information Accountability framework proposed in
this work conducts automated logging and distributed
auditing of relevant access performed by any entity,
carried out at any point of time at any cloud service
provider. It has two major components: logger and
log harmonizer. The logger is with the data owner's
data, it provides logging access to data and encrypts
log record by using public key which is given by data
owner and send it to log harmonizer. The log
harmonizer is performing the monitoring and
rectifying, it generates the master key it holds
decryption key decrypting the logs, and at the client

Fig 3: Overview of the cloud information accountability

framework.

The overall CIA framework, combining data,

users, logger and harmonizer is sketched in Fig. 2. At
the beginning, each user creates a pair of public and
private keys based on Identity-Based Encryption [18]

115

(step 1 in Fig. 3). The JAR file includes a set of

simple access control rules specifying whether and
how the cloud servers, and possibly other data
stakeholders (users, companies) are authorized to
access the content itself. Then, he sends the JAR file
to the cloud service provider that he subscribes to. To
authenticate the CSP to the JAR (steps 3-5 in Fig. 2),
an open SSL based certificates, where in a trusted
certificate authority certifies the CSP. In the event
that the access is requested by a user, we employ
SAML-based authentication [19], where in a trusted
identity provider issues certificates verifying the
users identity based on his username. As for the
logging, each time there is an access to the data, the
JAR will automatically generate a log record, encrypt
it using the public key distributed by the data owner,
and store it along with the data (step 6 in Fig. 3).
Some error correction information will be sent to the
log harmonizer to handle possible log file corruption
(step 7 in Fig. 3).

Fig 4. Showing the user flow diagram

B) Data Owner Module: In this module, the data

owner uploads their data in the cloud server. The new
users can register with the service provider and create
a new account and so they can securely upload the
files and store it. For the security purpose the data
owner encrypts the data file and then store in the
cloud. The Data owner can have capable of
manipulating the encrypted data file. And the data
owner can set the access privilege to the encrypted
data file.

c) Jar Creation Module: The jar file is created for

every file upload and the user should have the same
jar file to download the file. By using this technique
the data is going to be secured. The logging should
be decentralized in order to adapt to the dynamic
nature of the cloud. More specifically, log files
should be tightly bounded with the corresponding
data being controlled, and require minimal
infrastructural support from any server. Every access
to the users data should be correctly and
automatically logged. This requires integrated
techniques to authenticate the entity that accesses the
data, verify, and record the actual operations on the
data as well as the time that the data have been
accessed. Log files should be reliable and tamper
proof to avoid illegal insertion, deletion, and
modification by malicious parties. Recovery
mechanisms are also desirable to restore damaged log
files caused by technical problems. The proposed
technique should not intrusively monitor data
recipients systems, nor it should introduce heavy
communication and computation overhead, which
116

otherwise will hinder its feasibility and adoption in

practice.

mechanism has two fundamental advantages. First, it

guarantees a high level of availability of the logs.
Second, the usage of the harmonizer minimizes the
amount of workload for human users in going
through long log files sent by different copies of JAR
files.

d) Cloud Service Provider Module: Cloud Server

is the area where the user going to request the data
and also the data owner will upload their data. Once
the user send the request regarding the data they
want, the request will be first send to the Cloud
Server and the Cloud Server will forward your
request to the data owner. The data Owner will send
the data the data the user via Cloud Server. The
Cloud Server will also manage the Data owner and
Users information in their Database for future
purpose.

IV. SECURITY
We now analyze possible attacks to our
framework We assume that attackers may have
sufficient Java programming skills to disassemble a
JAR file and prior knowledge of our CIA
architecture.

a) Copying Attack: The most spontaneous attack

is that the attacker copies entire J AR files. The
attacker feels that accessing the data in the JAR file is
done without being noticed by the data owner.
However, such attack will be detected by our
auditing mechanism. Already it has been mentioned
that every JAR file is required to send log records to
the harmonizer. In particular, with the push mode, the
harmonizer will send the logs to data owners
periodically. That is, even if the data owner is not
aware of the existence of the additional copies of its
JAR files, he will still be able to receive log files
from all existing copies.

e) Algorithm:

The algorithm here used is Log

Retrieval Algorithm for push and pull modes. The
algorithm presents logging and synchronization steps
with the harmonizer in case of Pure Log. First, the
algorithm checks whether the size of the JAR has
exceeded a stipulated size or the normal time
between two consecutive dumps has elapsed. The
size and time threshold for a dump are specified by
the data owner at the time of development of the
JAR. The algorithm also determines whether the data
owner has requested a dump of the log files. If none
of these events has happened, it proceeds to encrypt
the record and write the error-correction information
to the harmonizer. The interaction with the
harmonizer begins with a simple handshake. If no
response is received, the log file records an error. The
data owner is then alerted via emails, if the JAR is
configured to send error notifications. Once the
handshake is done, the interaction with the
harmonizer proceeds, using a TCP/IP protocol. If
either of the aforementioned events (i.e., there is
request of the log file or the size or time exceeds the
threshold) has happened, the JAR simply dumps the
log files and resets all the variables, to make a space
for new records. In case of Access Log, the above
algorithm is modified by adding an additional check
after step 6. Precisely, the Access Log checks
whether the CSP accessing the log satisfies all the
conditions specified in the policies pertaining to it. If
the conditions are fulfilled, access is granted;
otherwise, access is declined. Irrespective of the
access control outcome, the attempted access to the
data in the JAR file will be logged. Our auditing

b) Disassembling Attack: This is an type of attack

that can be made to disassemble the JAR file of the
logger and then tries to extract the information out of
it or he can spoil the information. This type of attack
is one of the most serious threats to our architecture.
Attacker can gain the possession of the JARs and we
cannot prevent it, so cryptographic schemes applied
to preserve the integrity and confidentiality of the
logs. On disassembling the JAR files the attacker is
in possession of the public IBE key used for
encrypting the log files, the encrypted log file itself,
and the *.class files. Therefore, the attacker has to
rely on learning the private key or subverting the
encryption to read the log records. Weil Pairing
algorithm is used in the CIA framework for both
cipher text security and chosen plaintext security in
the random oracle model [20]

c) Man-in-the-Middle Attack: Here the attacker

may intercept messages during the authentication of a
service provider with the certificate authority, and
117

reply the messages in order to masquerade as a

legitimate service provider. In this type there will be
two methods for the attack to take place. One method
can be when the service provider has completely
disconnected and ended a session with certificate
authority. There are two points in time that the
attacker can replay the messages. In this type of
attack attacker cannot succeed because of the
certificate typically has a time stamp which will
become obsolete at the time point of reuse. The
second way of the attack is service provider is
disconnected but the session is not over, so the
attacker may try to renegotiate the connection. Here
to make the attack fail renegotiation is banned in the
latest version of Open SSL and cryptographic checks
have been added.

VI. REFERENCES
[1]
HP
cloud
website,
http://h71028.www7.hp.com/enterprise/us/en/technologies/cloud-computing
html?jumpid=ex_r2858_us/en/large/tsg/go_cloud.
[2]. . Pearson, S.: Taking Account of Privacy when
Designing Cloud Computing Services. In: ICSECloud09, Vancouver, IEEE. Also available as HP
Labs
Technical
Report,
HPL-2009-54,
http://www.hpl.hp.com/techreports/2009/HPL-200954.html (2009).
[3].P.T. Jaeger, J. Lin, and J.M. Grimes, Cloud
Computing and Information Policy: Computing in a
Policy Cloud?, J. Information Technology and
Politics, vol. 5, no. 3, pp. 269-283, 2009.
[4].Michael Armbrust et.al, Above the Clouds: A
Berkeley View of Cloud Computing Technical
Report
No.
UCB/EECS-200928http://www.eecs.berkeley.edu/Pubs/TechRpts/2009
/EECS-2009-28.htmlFebruary 10, 2009
[5].S. Pearson and A. Charlesworth, Accountability
as a Way Forward for Privacy Protection in the
Cloud, Proc. First IntlConf. Cloud Computing,
2009.
[6].B. Crispo and G. Ruffo, Reasoning about
Accountability within Delegation, Proc. Third Intl
Conf. Information and Comm. Security (ICICS), pp.
251-260, 2001.
[7].D.J. Weitzner, H. Abelson, T. Berners-Lee, J.
Feigen-baum, J. Hendler, and G.J. Sussman,
Information Accountability, Comm. ACM, vol. 51,
no. 6, pp. 82-87, 2008.
[8].Ackerman, M., Darrell, T., Weitzner, D.: Privacy
in Context. Human Computer Interaction, vol. 16,
no.2, pp. 167-176 (2001) .
[9].Cong Wang, Qian Wang and KuiRen,Ensuring
Data Storage Security in Cloud computing978-14244 -3876-1/2009 IEEE.
[10].SianiPearson Taking account of Privacy when
Designing Cloud computing Services CLOUD09,
May 23, 2009, Vancouver, Canada ,2009IEEE
[11] Meiko Jensen, JorgSchwenk, Nils Gruschka,
Luigi Lo Iacono, On technical security issues in
cloud computing 2009, IEEE Computer Society
[12]. S. Pearson and A. Charles worth,
"Accountability as a Way Forward for Privacy
Protection in the Cloud, "Proc First Int'l conf. Cloud
Computing, 2009.
[13] R. Corin, S. Etalle, J.I. den Hartog, G. Lenzini,
and I. Staicu, A Logic for Auditing Accountability
in Decentralized Systems, Proc. IFIP TC1 WG1.7
Workshop Formal Aspects in Security and Trust, pp.
187-201, 2005.
[14] A. Squicciarini , S. Sundareswaran and D. Lin, "
Preventing Information Leakage from Indexing in the

d) Compromised JVM Attack: Attacker can use

the method to compromise the JVM, so in order to
quickly detect and correct these issues, an
integration of oblivious hashing to guarantee the
correctness of the JRE [21] .and how to correct the
JRE prior to execution, in case any error is detected.
As the computation proceeds OH adds hash code to
capture the computation results of each instruction
and computes the oblivious-hash value. These two
techniques allow for a first quick detection of errors
due to malicious JVM, therefore mitigating the risk
of running subverted JARs. An extended OH usage
was used to further Strengthen our solution, to
guarantee the correctness of the class files loaded by
the JVM.

V. CONCLUSION
An innovative approaches for automatically
logging any access to the data in the cloud together
with an auditing mechanism was proposed. Our
approach allows the data owner to not only audit his
content but also enforce strong back-end protection if
needed. Moreover, one of the main features of our
work is that it enables the data owner to audit even
those copies of its data that were made without his
knowledge.

118

Cloud," Proc. IEEE Int'l Conf. Cloud Computing,

2010.
[15] B. Chun and A. C. Bavier ,"Decentralized Trust
Management and Accountability in Federated
System," Proc. Ann. Hawaii Int'l Conf. System
Science (HICSS), 2004.
[16].Smitha Sundareswaran, Anna C. Squicciarini
and Dan Lin, "Ensuring Distributed Accountability
for Data Sharing in the Cloud,", IEEE Transaction on
dependable a secure computing, VOL. 9, NO. 4, pg
556-568, 2012.
[17].Snehal Suryawanshi and Anant M. Bagade
Distributed Accountability for Data Sharing in
Cloud International Journal of Computer
Applications (0975 8887) Volume 59 No.8,
December 2012
[18].D. Boneh and M.K. Franklin, Identity-Based
Encryption from theWeil Pairing, Proc. Intl
Cryptology Conf. Advances in Cryptology,pp. 213229, 2001.
[19].OASIS Security Services Technical Committee,
Security Assertion Markup Language (saml) 2.0,
http://www.oasisopen.org/committees/tchome.php?wg
abbrev=security, 2012.
[20]. D. Boneh and M.K. Franklin, Identity-Based
Encryption from the Weil Pairing, Proc. Intl
Cryptology Conf. Advances in Cryptology, pp. 213229, 2001.
[21]. Y. Chen et al., Oblivious Hashing: A Stealthy
Software Integrity Verification Primitive, Proc. Intl
Workshop Information Hiding, F. Petit colas, ed., pp.
400-414, 2003).

119