The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) A light Weight Centralized File Monitoring Approach for Securing Files in Cloud Environment Sanchika Gupta Research Scholar, Department of E&CE Indian Institute of Technology, Roorkee Roorkee, Uttarakhand, India Anjali Sardana Assistant Professor, Department of E&CE Indian Institute of Technology, Roorkee Roorkee, Uttarakhand, India Padam Kumar Professor, Department of E&CE Indian Institute of Technology, Roorkee Roorkee, Uttarakhand, India Abstract- Security of Cloud infrastructure and its resources is a recent area of research for computer scientist now days. One of the resource to look ater in Cloud environment are the important coniguration and system speciic iles which are accessed by remote entities such as VM users and whose manipulation can lead to compromise in the security of Cloud. We have designed and successfully developed a lightweight and platform independent low cost ile monitoring approach and tool for securing important iles from modiications in Cloud environment. The tool solves the issue of tampering with important iles from VM users even if the user is intelligent enough to exploit operating system speciic vulnerabilities for getting elevated privileges to perform such operations. The tool is light weight and independent as it does not require any support for ile signature management that requires hash databases for storage of ile integrity, and can be applied to any platform and environment with minimal changes and support. The novelty of approach lies in storing the signature of the ile contents which is utilized for integrity monitoring in the ile itself. The implemented tool is taken into practice on a private Cloud and initial results have been veriied, which shows that the scheme is eicient and can be applied as a utility tool over a fully functional cloud deployment. Keywords- Integrity, File Signature, Intrusion Detection Systems, Cloud insiders, Outside attackers, Cloud, Security, Integrity Monitoring, Integrity Establishment, File Integrity, Signature, Hash. I. INTRODUCTION Cloud computing is a recent and well known technology that provides services such as computing power and Data storage remotely over intenet and on a pay as u go model. Cloud computing provides its services at three layers which are commonly known as sotware as a service (SAAS), platfom as a service (PAAS) and Inrasructure as a service (lAAS). The important thing to note about cloud computing is it provide access to remote resources on a pay per usage scheme where resources can be allocated, dynamically scaled and released on demand with minimum efforts. 978-1-908320-08/7/$2S.00©2012 IEEE All of these services are provided by a Cloud service provider to multiple and a variety of cloud service users. The concept of Cloud computing fmds its base over the concept of virtualization [1]. Virtualization disributes physical resources into their virtual disributions which are allocated to provide services to Cloud users [2]. Some of the biggest cloud service providers include Rack space, Google, Amazon etc. Cloud computing increases the eicient utilization of resources such as computing units and storage inrasructures. As Cloud services are remotely used facility and was used by various users rom different domains it becomes a requirement to look at its security related aspects [3]. Generally the security aspects of Cloud can be categorized into three broad domains: Security of individual hosts, Security of networking inrasructure, Security of ile and important data. For solving the three important risk areas in Cloud computing environment researchers have proposed many solutions including: 1. Host based inrusion detection systems that use the techniques of malicious system call detection so as to detect the system call sequences that are not a part of valid system call sequence for a particular system [4]. Such detection probably gives an indication of security violations that are going on in host to get elevated privileges for doing malicious activities. The host based attacks basically look at operating system speciic security loopholes to exploit them for carying out unwanted operations. Host based Intrusion Detection Systems (IDS) prevent such exploitation by preventing any malicious activity that falls apart rom nomal sequential activity occrring hrough system calls [5]. Based on the srategy used for detecting inrusions (either host or network based) IDS are generally of two types. In the irst case individual IDS are deployed at each individual VM in cloud environment where they analyze and report their knowledge and analysis to cenralized IDS. Such organization is a distributed way of detection. In the other case a single IDS is deployed at centralized 382