Framework for Multilevel Privacy and Backup of Cloud Storage with CDMBackupSim 1

Cloud computing gives an enormous support to an individual and enterprise which can improve their needs in the global market. The customer's data are stored in different location in the cloud either in same or different region. These data should be handled securely from requester to provider end. The cloud security involves protecting and controlling the data, application and associated infrastructures by imposing the policies, technologies etc. The privacy is used to secure processing and handling the personal data in the cloud is not disclosed by the unauthorized parties. The cloud suffers a reliability issues due to lack of security and privacy over the data. The security levels are confined into a particular boundary which does not cover all access levels. The privacy information of various levels is handled by introducing a multilevel privacy technique for protecting user's data in various boundaries. The proposed framework gives an alert whenever the data are accessed by the Cloud Service Provider (CSP) or any other parties, so this will help the Cloud Service User (CSU) to know the status of data. The proposed work is simulated by introducing CDMBackupSim simulator which has various modules and it gives the simulated result for testing process.


INTRODUCTION
Cloud computing evolves from desktop computing in which the data are not shared by other system.The client server model has to overcome the problem of sharing the data between the systems because all the data will depends upon only one system which is called the server.If the server get crashes which leads a severe problem in recovering of data.The Peer-to-Peer (P2P) computing is used to share the data without any master slave relationships.The grid computing holds a high end resources at one end and it solves the real world complex problem.The utility computing provides a way to access resources for the customer who will pay only what he actually consumed.The cloud computing is used to access any resources from the centralized location as a service which follows a pay-as-you-go basis model.There are different service models are available such as SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) and so on.These services are deployed into various deployment model in which the services are accessed through private cloud, public cloud, community cloud and hybrid cloud.The data are stored across the cloud can be protected by applying an effective security over the cloud communication.A single level of security is not suitable for reliable communication between the CSU and CSP.The multilevel security is imposed in various access level such as server access level security, Internet access level security, Database access level security, Program access level security and so on (Kanndukuri et al., 2009).The security policies are imposed in all level from CSU to CSP end.The protection of security is mainly focused on CSP because the CSP may misuse the service policies.The protection of data at the CSU level is kept confidential so that, misusing of services can be avoided.The growth rate of cloud services related to IT starts from 16 billion in 2008 to 42 billion in 2012 and also its share in the global market increases from 4.2 to 8.5% (Leavitt, 2009).The information exchange are also growing in high level which leads a high market demand, so the security and privacy management is necessary for the cloud service access.The conference management system such as EDAS and Easy Chair suffers because of the system administration which maintains a huge volume of data in submitting and reviewing the multiple conferences (Ryan, 2011).This data could be disclosed by any unauthorized parties, so the privacy should be imposed in order to conduct conferences properly.The cloud security is mainly used for data protection, data recovery and enterprise continuity.The customer data are stored into the cloud data center which never violates the privacy policy of government regulations such as the FFIEC (Federal Financial Institutions Examination Council), HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standards) (Katzan, 2010).The existing cloud service suffers an interoperability and portability problem, because the CSU has locked into a single cloud infrastructures, platform or services.The big vendors such as Amazon, Google and Sales force etc., needs a common standard for eliminating the incompatible formats and feature from other CSP (Brian et al., Year).The multi core cloud computing maintains information for the data centers in an encrypted form with client security credentials.The client gets an impossible processing power due to the absence of multicore in the architecture (Hewitt, 2008).Virtual machine replication is used to provide an on demand cloud services and it causes data leakage problem in the cloud.Cloning is a technique for improving the customer service and cloud benefits in the global market level.It violates the privacy policies which also leads a data leakage problem.Amazon EC2 uses a template for virtual machine image which also suffers a privacy problem i.e., machine secrets are never disclosed to the public (for example host key, cryptographic salt value etc.,) (GroBauer et al., 2011).Cloud computing interoperability forum targeted the cloud infrastructure in a transparent platform for protecting the data by solving the security and privacy issues such as data privacy, resource privacy and content copyrights etc., (Pallis, 2010).Service Oriented Computing (SOC) mainly uses a message passing technique for realizing the workflow of services, message passed between services or between service and service container.The proprietary information with privacy is a biggest threat in the cloud security (Wei and Blake, 2010).The cloud computing suffers a major issues like privacy, security, anonymity, telecommunications capacity, liability, reliability, government surveillance and also it outpace information policy (Jaeger et al., 2008).The problem in privacy-preserving management of digital identity attribute with heterogeneous name could be eliminated by using privacy preserving multi-factor identity attribute verification protocol.This protocol supports matching technique based on look-up tables, dictionaries etc. Aggregate Zero Knowledge Proofs the Knowledge of cryptographic protocol (AGZKPK) which allows the user to interact with proof of knowledge and multiple identity attributes (Bertino et al., 2009).The data are stored into the cloud in a particular location would not be identified by the customer unless the request goes to the CSP.The privacy policies such as specific jurisdictions, contractual commitments and local privacy requirements are followed by the CSP without any violations (Brodkin, 2008).The vulnerability occurs in VM during the VM shutdown and starting a new virtual machine which uses the same memory space for storing sensitive information.This information suffers security and privacy implications such as identity theft, fraud and blackmail, stealing and so on.A secure shutdown and data destruction capabilities are proposed to eliminate any data which are available at the time of shutting down the VM (Krautheim, 2012).The deployment model such as private cloud, public cloud, community cloud and hybrid cloud does not offer the level of privacy and security over the cloud service.The privacy level is mainly based on the assurances, privacy policies, robustness of security and privacy control etc., (Jansen and Grance, 2011).The security and data privacy across the cloud services are IaaS, SaaS, PaaS which uses many standards such as Identity and Access Management (IAM), Data Encryption, Key Management, Records and Information Management, E-discovery EDRM (Electronic Discovery Reference Model) for maintaining a proper policies over the cloud access (Mell and Grance, 2010).The existing techniques are used to achieve the security and privacy over the customer's data which are available at the cloud.Nowadays the information grows enormously because of the demand in the cloud services so, some extra care must be taken to protect the data at maximum level in all data centers.Cloud service normally uses security standards and privacy policies within the boundary which leads an unauthorized disclosure of the data with backup mechanism.The proposed work focuses on the multilevel security and privacy for securing the data from unauthorized disclosure of data.

Comparison of online backup services:
Online backup services are used to transmit data in a secure manner through an efficient data centre.The main objective of backup is to secure the data from fire, theft, crashes and disasters and so on.There are plenty of backup solutions in the market to achieve the backup of customer data.BackBlaze is one of the online backup services which has the ability to store 100 GB virtual files and 12 h 1080 p videos without file limit (Fisher, 2014).Crash Plan is an automotive backup service which supports various platforms like Windows, Mac OS X, Linux, Open Solaris and Solaris.The multilayered security model for data security and privacy has been addressed but it is restricted only to the secure java virtual machines by applying cryptographic algorithms with industry standards (CrashPlan, 2014).Carbonite is a backup solution which has the unlimited automatic file encryption for protecting the privacy information features and also the files are accessed using computer or smartphones (Carbonite, 2014).Mozy is an online backup service which offers free storage of 2 GB with certain features like Military-Grade Security and 2X protect local backup (Mozy, 2014).SOS is a backup service which supports unlimited number of devices, unlimited versioning and  ,2014).Sugar Sync is an online backup service which establishes the sync between all customer devices (SugarSync, 2014).Live drive is an online backup service which provides the support for mixing of backup plans in order to add cost effective interface over computer and mobile based applications (Livedrive, 2014).Bitcasa is an infinite external hard drive in the cloud which handle the out of space situation (Bitcasa, 2014).SpiderOak is a private online backup with sync and sharing functionality that offers 2GB free online backup to the customer (SpiderOak, 2014).Acronis is an online backup business services with the features like Disk Imaging, Incremental and Differential Backups, Free Online Storage, Nonstop PC Backup, Time Explorer, Automatic File Sync (Acronis, 2014).Table 1 describes that the comparison of online backup service in the cloud storage.

METHODOLOGY
Multilevel privacy and backup model: Figure 1 shows that the proposed model of multilevel cloud privacy and backup of the cloud storage.The cloud request section maintains the information which is related to the request from the user.This information is handled only by an authorized CSU so, the unauthorized requests are restricted at CSU end.The cloud backup and migration section selects the service, validates the service, preprocesses the data, selects the CSP and attach the tag for local as well as remote backup or migration.The information is handled with privacy so, unauthorized disclosure can be avoided.The local and remote backup of the data are handled in their own boundary which supports an efficient protection over the data.Suppose the CSP or third party needs to perform an operation or to access a data which triggers an alert message to the CSU.The CSU can able to know the status of the data and also know the reason for accessing the data, so that the data are protected from unauthorized disclosure.The alert section sends the status message to the CSU in order to achieve reliability at maximum level.

Privacy boundary levels for cloud service access:
The privacy level depends upon the information which is protected in a particular boundary.Figure 2 shows that the privacy information level for overall cloud access from CSU level to the storage level.There is no disclosure of information from one level to another level and so on.For example, in cloud access the user authentication information (username and password) are used by the CSU interface level to storage level with an efficient manner.The information boundary at the business logic level needs the processing and accessing of data.For example the business logic information is kept confidential while processing and providing vital information to the CSU.The information boundary of private cloud is also kept confidential from unauthorized access of cloud data.Suppose the data is moved from private to public cloud some extra care should be taken in order to protect the data from unauthorized boundary.The sensitive data are kept confidential to make available within the cloud storage information boundary.The overall protection of information gives a reliable access for CSU and also it maintains the information in an appropriate boundary.
Table 2 shows that the privacy information with various boundaries.

Performance comparison of various cloud storage:
The performance of the cloud depends upon the scalability and stability for reading and writing cloud storage from small size to large file size.The following chart shows that the comparison of various cloud service provider which are related to the reading and writing operations of various file sizes (Cloud Performance, 2014).Figure 3 shows that the cloud storage of reading and writing speed over the file size less than 1 MB. Figure 4 shows that the reading and writing speed over the file size greater than 1 MB. Figure 6 shows that the taxonomy of cloud data access.The provider may interact with the cloud storage for performing the backup and migrating the customer's data.The privacy information is protected in different levels so that the efficiency can be achieved over the cloud storage.The provider needs some level of access while handling the cloud storage performance processing.The type of accessing over the cloud storage is categorized into reading, writing, updating, migrating and backuping of data.CDMBackupSim provides the access level to various persons who use the cloud data.The necessities of particular access of data should be restricted then only the privacy information is protected from unauthorized disclosure.These access rights are assigned to the persons in three levels namely restricted, sensitive and allowed.The customer has to get a complete access rights then only the CSU can perform all the operations over the data.The traditional or existing online backup systems provide the services to CSU either local backup or remote backup, but this backup standard faces some issues like customer awareness and monitoring.Normally the customer doesn't know about how, where and what level of security available over the data.This proposed system provides a complete solution by implementing an alert mechanism over the cloud storage to satisfy the customer.If the providers or any users try to access the data, then the alert message will be delivered to the customer via SMS, Email or voice call.For every access of customer's data an alert will be generated.The main objective of the proposed system is to provide awareness among the customer to control their data and also retain the customer.CDMBackupSim simulator: Cloud computing has various simulators which provide the result related to the cloud service models.CloudSim provides a generalized modelling simulation framework for cloud infrastructure with application services.CloudAnalyst analyses the working behavior of large scale internet application in the cloud.GreenCloud is used to analyses the energy efficiency of the data centres.GridSim is an event based simulator for grid and cloud based scientific environment.DCSim is used to evaluate and develop data centre management (Oujani, 2014).This simulator gives the simulation result with various parameters of the cloud computing, but does not concentrate on the disaster management of cloud data.The proposed CDMBackupSim simulator is used to backup the cloud data in local as well as remote location.The CDMBackupSim comprises of various modules such as provider selection, service selection, service validation, backup selection, tag attachment, access level allocation and alert generation.The provider selection is used to select a suitable provider who meets the customer's requirement.The services are selected by using service selection module then the selected services are validated over various parameters.The backup selection module is used to select the backup either in local or remote location.The tag is generated as soon as the backup selection gets completed.The tag contains all performance parameters such as data size, CID, CL, AL, capacity, current response size and identifies the free slots.The CID and CL are Client Identification and Client Location respectively.AL is an allocation of Access Level for

SIMULATION RESULTS AND DISCUSSION
The CDM BackupSim simulator has been implemented using JSP as a front end, MySQL as a back end and server as a Tomcat 7.0 webserver.The data samples used in the simulator is ALL and AML data of the blood cancer.The main objective of this simulator is to achieve maximum reliability over customer data and protect the privacy information from unauthorized disclosure in all boundaries of the cloud The recovery availability estimation is calculated with vaious performance parameters such as recovery Rate and cloud storage shown in Fig. 12.
The performance of the cloud recovery is analyzed based on various cloud storage parameters such as recovery rate and recovery success rate shown in Fig. 13.
The user recovery time with user location is analyzed based on the recovery time with various types shown in Fig. 14.

CONCLUSION AND RECOMMENDATIONS
The cloud computing plays an important role in IT field for providing the services which are needed by the cloud consumers.There are large number of service models and deployment models available to satisfy the demand request of the CSU.The customer's data are stored in the data centre which is located in the geographical location.The customer always has a problem in identifying the location of his data which is only known by the CSP.The location aware cloud computing is needed for an effective usage of data by the customer.The privacy over the cloud is an important factor which protects the information from unauthorized disclosure i.e., it keeps the information within the boundary.The existing security standards and privacy policies are restricted to a single CSP only.The proposed technique is used to impose a multilevel privacy over the cloud information in order to achieve a highest level of protection from unauthorized access.The levels are classified into cloud user level, cloud business level, cloud processing level, cloud storage level.These levels share some information outside the boundary for accessing the cloud service where as sensitive data are kept within their boundary.The proposed framework uses alert mechanism to provide an alert message to the cloud customer for every access of his data by the CSP or third parties.The privacy policies are imposed in various levels to keep track of information within the boundary i.e., whenever the violation occurs; the CSU gets the alert message.The overall objective of the proposed framework is to assess the privacy level over the cloud and also to develop a CDMBackupSim for implementing and testing the performance of the cloud storage.In future the privacy policies will be implemented over mobile cloud i.e. the mobile user can know his data location with maximum privacy level.This study can be extended with various replacement techniques over the cloud backup in the cloud storage.

Fig. 2 :
Fig. 2: Information boundary across various levels of cloud access

Fig. 9 :
Fig. 9: Architecture of CDMBackupSim simulator various users and providers.The capacity of the cloud storage and current expected response size is also fixed in a tag.The freeslots are identified for applying the replacement algorithms.In remote backup the location of the remote storage systems are identified either in the same region or different region.Figure 9 describes that the overall architecture of CDMBackupSim simulator.

Table 1 :
Online backup service feature comparison(Online Backup Service Feature Comparison, 2014)

Table 2 :
Privacy information on cloud boundaries