Security layer and methods for protecting tenant data in a cloud-mediated computing network

US 9,710,664 B2
Filed: 09/07/2012
Issued: 07/18/2017
Est. Priority Date: 09/07/2012
Status: Active Grant

First Claim

Patent Images

1. A system for protecting data managed in a cloud-computing network from malicious data operations comprising:

an Internet-connected server hosted by a service provider providing the cloud-computing network;

an Internet-connected computer appliance operated by a tenant of the cloud-computing network;

a third party generating security tokens that both the tenant and the service provider trusts to generate security tokens; and

software executing on the server from a non-transitory physical medium, the software;

providing a control interface enabling a tenant access to and control over data owned by the tenant and cloud-computing services;

generating a policy definition according to a service level agreement (SLA) for the tenant, wherein security tokens are generated to enable initiation and performance of individual operations or sets of operations defined in the policy definition;

ordering or accessing from a token store one or more security tokens, the tokens generated at least from the SLA for the tenant, having stored data including defining the scope of services offered, detailing all permitted operations that may be performed relative to the tenant'"'"'s data and identifying who may perform the operations that validate one or more sets of computing operations defined in the policy definition to be performed on the data owned by the tenant;

generating a hash for each token generated, the hash detailing, in a secure fashion, the computing operation type or types embedded in the one or more tokens;

brokering two-party signature of the one or more tokens, wherein the tenant and service provider sign the one or more tokens; and

dynamically activating the one or more signed tokens for a specific time window, the time window selected based upon time required to perform the operations permitted by the token, the operations prevented with expiration of the time window;

wherein the tenant receives an alert at the control interface wherein an unauthorized request for one or more data specific operations on the tenant data is received outside of the policy definition in accordance to the SLA, and the tenant interacts with the control interface to deny the request or approve the request to perform one or more specific operations on the tenant data by at least generating one or more new security tokens enabling performance of the request, thereby modifying the policy definition in accordance to the SLA to reflect the data operations related to the request stored in the SLA.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for protecting data managed in a cloud-computing network from malicious data operations includes an Internet-connected server and software executing on the server from a non-transitory physical medium, the software providing a first function for generating one or more security tokens that validate one or more computing operations to be performed on the data, a second function for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens, a third function for brokering two-party signature of the one or more tokens, and a fourth function for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token.

Citations

15 Claims

1. A system for protecting data managed in a cloud-computing network from malicious data operations comprising:
- an Internet-connected server hosted by a service provider providing the cloud-computing network;
  
  an Internet-connected computer appliance operated by a tenant of the cloud-computing network;
  
  a third party generating security tokens that both the tenant and the service provider trusts to generate security tokens; and
  
  software executing on the server from a non-transitory physical medium, the software;
  
  providing a control interface enabling a tenant access to and control over data owned by the tenant and cloud-computing services;
  
  generating a policy definition according to a service level agreement (SLA) for the tenant, wherein security tokens are generated to enable initiation and performance of individual operations or sets of operations defined in the policy definition;
  
  ordering or accessing from a token store one or more security tokens, the tokens generated at least from the SLA for the tenant, having stored data including defining the scope of services offered, detailing all permitted operations that may be performed relative to the tenant'"'"'s data and identifying who may perform the operations that validate one or more sets of computing operations defined in the policy definition to be performed on the data owned by the tenant;
  
  generating a hash for each token generated, the hash detailing, in a secure fashion, the computing operation type or types embedded in the one or more tokens;
  
  brokering two-party signature of the one or more tokens, wherein the tenant and service provider sign the one or more tokens; and
  
  dynamically activating the one or more signed tokens for a specific time window, the time window selected based upon time required to perform the operations permitted by the token, the operations prevented with expiration of the time window;
  
  wherein the tenant receives an alert at the control interface wherein an unauthorized request for one or more data specific operations on the tenant data is received outside of the policy definition in accordance to the SLA, and the tenant interacts with the control interface to deny the request or approve the request to perform one or more specific operations on the tenant data by at least generating one or more new security tokens enabling performance of the request, thereby modifying the policy definition in accordance to the SLA to reflect the data operations related to the request stored in the SLA.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the cloud-computing network is a public network based on an Infrastructure as a Service (laaS) model.
  - 3. The system of claim 1, implemented in a virtual machine monitoring layer.
  - 4. The system of claim 3, further integrated into a Dom0 system kernel.
  - 5. The system of claim 1, wherein the available computing operations attributed to the one or more generated tokens are pre-defined attributes of a parent object model, the operations agreed to in the service level agreement (SLA) between the cloud computing tenant and the cloud computing service provider.
  - 6. The system of claim 1, wherein the one or more generated tokens are stored in an inactive and signed state until they are required to validate a requested operation.
  - 7. The system of claim 1, wherein one or more of the tokens are reusable tokens that are uniquely identified at each instance of use.
  - 8. The system of claim 1, wherein the one or more dynamically generated new security tokens are added to the token store containing the pre-negotiated tokens, the one or more tokens incorporating one or more new operations into the SLA as one or more modifications.
  - 9. The system of claim 1, wherein the one or more tokens are signed using privately held keys.
  - 10. The system of claim 1, wherein the hash for each token is compared to an embedded value of the hash to validate the content and operation integrity of the token before activation for use.
  - 11. The system of claim 1 further including a function for validating one or more tokens for operation against a pre-negotiated list of permitted operations in the SLA policy governing the provider/tenant relationship.

12. A method, provided by software executing from an Internet-connected computerized server, for securing against internal malicious operations against data stored on a cloud-computing network comprising the steps:
- providing a control interface enabling a tenant access to and control over data owned by the tenant and cloud-computing services;
  
  generating a policy definition according to a service level agreement (SLA) for the tenant, wherein security tokens are generated to enable initiation and performance of individual operations or sets of operations defined in the policy definition;
  
  ordering or accessing from a token store one or more security tokens, the tokens generated at least from the SLA for the tenant, having stored data including defining the scope of services offered, detailing all permitted operations that may be performed relative to the tenant'"'"'s data and identifying who may perform the operations that validate one or more sets of computing operations defined in the policy definition to be performed on the data owned by the tenant;
  
  generating a hash for each token generated, the hash detailing, in a secure fashion, the computing operation type or types embedded in the one or more tokens;
  
  brokering two-party signature of the one or more tokens, wherein the tenant and service provider sign the one or more tokens; and
  
  dynamically activating the one or more signed tokens for a specific time window, the time window selected based upon time required to perform the operations permitted by the token, the operations prevented with expiration of the time window;
  
  wherein the tenant receives an alert at the control interface wherein an unauthorized request for one or more data specific operations on the tenant data is received outside of the policy definition in accordance to the SLA, and the tenant interacts with the control interface to deny the request or approve the request to perform one or more specific operations on the tenant data by at least generating one or more new security tokens enabling performance of the request, thereby modifying the policy definition in accordance to the SLA to reflect the data operations related to the request stored in the SLA.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the cloud-computing network is a public network based on an Infrastructure as a Service (laaS) model.
  - 14. The method of claim 12, wherein the available computing operations attributed to the one or more generated tokens are pre-defined attributes of a parent object, the operations agreed to in the SLA between a cloud computing tenant and a cloud computing service provider.
  - 15. The method of claim 12, wherein the one or more generated tokens are stored in an inactive and signed state until they are required to validate a requested operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amrita Vishwa Vidyapeetham Deemded University
Original Assignee
Amrita Vishwa Vidyapeetham Deemded University
Inventors
Sathyadevan, Shiju, Rangan, P. Venkat, Achuthan, Krishnashree
Primary Examiner(s)
GRACIA, GARY S

Application Number

US13/606,979
Publication Number

US 20140075568A1
Time in Patent Office

1,775 Days
Field of Search

726 27
US Class Current
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 21/6218 to a system of files or obj...

Security layer and methods for protecting tenant data in a cloud-mediated computing network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Security layer and methods for protecting tenant data in a cloud-mediated computing network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links