Protecting private cloud located within public cloud

Abstract

Many studies use cryptographic technologies to protect sensitive data in public cloud. However, these approaches may introduce large overheads. Recently, hybrid cloud started to gain a lot of attentions. A hybrid cloud consists of a private cloud and a public cloud. Hybrid cloud allows users to store sensitive data in their private cloud and hence enables efficient and secure data outsourcing. In this paper, we consider a new hybrid cloud model 'Cloud-in-Cloud' (CIC). Our CIC model uses a new architecture to form a hybrid cloud: placing a small number of private computers (i.e., a small private cloud) within a public cloud. The private cloud can be used to store sensitive user data. Furthermore, it is within the public cloud, so the communications between private and public clouds have small overhead. And then we study how to protect a private cloud that locates within a semi-trusted environment. We present two methods that can detect attacks that try to obtain data and information in the private cloud. Our methods are able to efficiently detect physical attacks, such as the cold boot attack and the USB autorun attack. Experimental results show that our methods have small overhead. 2013 IEEE.