A unidirectional data-flow model for cloud data security with user involvement during data transit

Abstract

Traditional computational models are rapidly shifting from a centralized computing to a distributed computing paradigm. As a result of this shift, the buzz of cloud computing is heard everywhere these days. The main concern in cloud computing environment is providing security to the user data. Often user data is moved back and forth between Cloud Service Vendor (CSV) and Cloud Service User (CSU). The degree of trust of CSU in CSV varies when it comes to the sensitivity of data. A CSU may or may not trust the CSV. In the latter case, the CSU may be interested to use the security service provided by a Third-Party (TP) like a Certification Authority to whom both the CSU and CSV may trust. Once again here, the CSU may or may not even trust the TP based on the supremacy of the data. In order to provide a flexible and secure management of CSUs data, the proposed model explicitly considers the degree of trust possessed by the CSU in both CSV and TP. The movement of CSU data within the premises of CSV is also strictly controlled with the involvement of CSU so that the data is not moved arbitrarily without the consent of CSU. Majority of the flow of data among entities in the proposed model is kept unidirectional to block the reverse transmission of sensitive information and also to block the return path to shield the secure data source from hidden viruses, Trojans, malicious instructions or other intrusion attempts. The security mechanisms suggested for realization of the proposed model are widely accepted and practically proven. The proposed data security model ensures privacy and security of the data both at CSV side and CSU side.