TrustStore

The motivation for the TrustStore work came from three externally funded projects carried out by the group: a lightweight secure data sharing protocol (for Boeing), a secure distributed storage (SDS) for sharing the data in the post-production industries (for Animal Logics) and a patient control electronic medical record (for Department of Health and Ageing). From these projects, it is evident that businesses would like to share data securely with their collaborators (often competitors) during a set period of a collaborative project. The data would often be stored in a distributed storage facility provided by an untrusted third party. In commercial cloud storage, cloud users typically have no control over the cloud storage servers used. There are thus inherent risks pertaining to the data’s confidentiality, integrity and availability. To address this, the data should be encrypted properly both in motion (when transmitted) and at rest (when stored). This trusted encryption process should limit the inherent risk of data exposure to, data tampering by, or denial of access to data by third parties on the cloud or by the cloud provider itself.

DSS has developed a loosely coupled, service oriented secure storage solution for cloud, called TrustStoreTM, which can ensure safety, confidentiality and integrity of stored data in a way that is independent of the actual storage services. At its core, TrustStore is a lightweight middleware solution with four key layers: an application layer, the TrustStore client, the TrustStore server-side services, and the cloud storage services. The server-side services act as middleware layer between the applications and the cloud storage services. It has three loosely coupled services to the system to enhance the trustworthiness of the cloud storage transparently. Key features of our TrustStore solution include:

  • Multiple storage services from different cloud vendors; hence, it is possible to develop hybrid, redundant virtual file systems using replication for high data availability.
  • Key management as an independent service can be deployed in a (semi-)trusted environment that supports confidentiality.
  • Independent integrity management service that supports both online and offline integrity verification.
  • Different APIs to support the development and deployment of a variety of applications in different platforms; CloudDoc and TruXy were developed for commercialisation.
  • Given that each entity within the data sharing framework is subject to fraud and deception with given probabilities, the chance that multiple entities collude with each other and tamper a given user’s data without being detected becomes significantly smaller with the application of TrustStore.

 

  • The TrustStore technology helped to build our continuous collaboration with Prof Richard Sinnott, Director eResearch, University of Melbourne.
  • The CloudDoc application based on the TrustStore technology is licensed to VeroSystem (Point-of-Pay).
  • The TruXy application based on the TrustStore technology is used by endocrine genomics virtual research laboratory (endoVL) to support secure scientific workflow.
  • The work is supported by the following two grants:
    • Australian National eResearch Collaborative Tools And Resources (NeCTAR) Virtual Laboratory endoVL – providing cloud security http://endovl.org.au/documents/endovl-overview.pdf.
    • Australian Access Federation (AAF) access to TruXy (NeCTAR tool – second round).

 
  • Surya Nepal, Richard Sinnott, Carsten Friedrich, Catherine Wise, Shiping Chen, Sehrish Kanwal, Jinhui Yao, Andrew Lonie. TruXy: Trusted storage cloud for scientific workflows. IEEE Transactions on Cloud Computing (online).
  • Jinhui Yao, Shiping Chen, Surya Nepal, David Levy, John Zic: TrustStore: Making Amazon S3 Trustworthy with Services Composition. CCGRID 2010: 600-605
  • Shiping Chen, Surya Nepal, Jonathan Chan, David Moreland, John Zic: Virtual Storage Services for Dynamic Collaborations. WETICE 2007: 186-191 [Best Paper Award]