{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:16:38Z","timestamp":1772039798963,"version":"3.50.1"},"reference-count":84,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2022,1,29]],"date-time":"2022-01-29T00:00:00Z","timestamp":1643414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["2018R1D1A1B07047601"],"award-info":[{"award-number":["2018R1D1A1B07047601"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>AI has been implemented in many sectors such as security, health, finance, national defense, etc. However, together with AI\u2019s groundbreaking improvement, some people exploit AI to do harmful things. In parallel, there is rapid development in cloud computing technology, introducing a cloud-based AI system. Unfortunately, the vulnerabilities in cloud computing will also affect the security of AI services. We observe that compromising the training data integrity means compromising the results in the AI system itself. From this background, we argue that it is essential to keep the data integrity in AI systems. To achieve our goal, we build a data integrity architecture by following the National Institute of Standards and Technology (NIST) cybersecurity framework guidance. We also utilize blockchain technology and smart contracts as a suitable solution to overcome the integrity issue because of its shared and decentralized ledger. Smart contracts are used to automate policy enforcement, keep track of data integrity, and prevent data forgery. First, we analyze the possible vulnerabilities and attacks in AI and cloud environments. Then we draw out our architecture requirements. The final result is that we present five modules in our proposed architecture that fulfilled NIST framework guidance to ensure continuous data integrity provisioning towards secure AI environments.<\/jats:p>","DOI":"10.3390\/sym14020273","type":"journal-article","created":{"date-parts":[[2022,1,30]],"date-time":"2022-01-30T00:12:56Z","timestamp":1643501576000},"page":"273","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Toward Data Integrity Architecture for Cloud-Based AI Systems"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1085-4272","authenticated-orcid":false,"given":"Elizabeth Nathania","family":"Witanto","sequence":"first","affiliation":[{"name":"College of Software Convergence, Dongseo University, Busan 47011, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3574-7820","authenticated-orcid":false,"given":"Yustus Eko","family":"Oktian","sequence":"additional","affiliation":[{"name":"College of Software Convergence, Dongseo University, Busan 47011, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6678-0500","authenticated-orcid":false,"given":"Sang-Gon","family":"Lee","sequence":"additional","affiliation":[{"name":"College of Software Convergence, Dongseo University, Busan 47011, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2022,1,29]]},"reference":[{"key":"ref_1","unstructured":"Anyoha, R. (2021, March 03). The History of Artificial Intelligence. Available online: https:\/\/bit.ly\/3x2jid7."},{"key":"ref_2","unstructured":"Marr, B. (2020, December 01). The Most Amazing Artificial Intelligence Milestones So Far. Available online: https:\/\/bit.ly\/3oLq2s3."},{"key":"ref_3","unstructured":"West, D.M., and Allen, J.R. (2020, December 01). How Artificial Intelligence Transforming the World. Available online: https:\/\/brook.gs\/3CyGQrp."},{"key":"ref_4","unstructured":"Herpig, D.S. (2020, September 15). Securing Artificial Intelligence. Available online: https:\/\/bit.ly\/3nMt2F9."},{"key":"ref_5","unstructured":"Brundage, M., Avin, S., Clark, J., Toner, H., Eckersley, P., Garfinkel, B., Dafoe, A., Scharre, P., Zeitzoff, T., and Filar, B. (2018). The malicious use of artificial intelligence: Forecasting, prevention, and mitigation. arXiv."},{"key":"ref_6","unstructured":"Tom Foremski (2021, May 18). Survey: Trust in Tech Giants Is \u2018Broken\u2019. Available online: https:\/\/zd.net\/3mCATVe."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Wang, Y., Wen, J., Zhou, W., and Luo, F. (2018, January 1\u20133). A novel dynamic cloud service trust evaluation model in cloud computing. Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science Furthermore, Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00012"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Dave, M., and Saxena, A.B. (2017, January 12\u201314). Loss of trust at IAAS level: Causing factors & mitigation techniques. Proceedings of the 2017 International Conference on Computing and Communication Technologies for Smart Nation (IC3TSN), Gurgaon, India.","DOI":"10.1109\/IC3TSN.2017.8284465"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Huang, J., and Nicol, D.M. (2013). Trust mechanisms for cloud computing. J. Cloud Comput. Adv. Syst. Appl., 2.","DOI":"10.1186\/2192-113X-2-9"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1197","DOI":"10.1109\/TNET.2021.3058130","article-title":"A Compressive Integrity Auditing Protocol for Secure Cloud Storage","volume":"29","author":"Yang","year":"2021","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1016\/j.future.2020.03.032","article-title":"An efficient data integrity auditing protocol for cloud computing","volume":"109","author":"Garg","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1016\/j.future.2016.02.003","article-title":"Cloud data integrity checking with an identity-based auditing mechanism from RSA","volume":"62","author":"Yu","year":"2016","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_13","unstructured":"Fonseca, J., and Vieira, M. (2020, December 01). A Survey on Secure Software Development Lifecycles. Available online: https:\/\/bit.ly\/3fOyumr."},{"key":"ref_14","unstructured":"(2020, December 01). 5 Key Changes Made to the NIST Cybersecurity Framework V1.1. Available online: https:\/\/bit.ly\/3FtfWD4."},{"key":"ref_15","unstructured":"(2020, December 01). Cybersecurity Framework. Available online: https:\/\/bit.ly\/3oM7XKH."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"23-es","DOI":"10.1145\/1278366.1278372","article-title":"Toward trustworthy recommender systems: An analysis of attack models and algorithm robustness","volume":"7","author":"Mobasher","year":"2007","journal-title":"ACM Trans. Internet Technol. (TOIT)"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Fang, M., Yang, G., Gong, N.Z., and Liu, J. (2018, January 3\u20137). Poisoning attacks to graph-based recommender systems. Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA.","DOI":"10.1145\/3274694.3274706"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Fang, M., Gong, N.Z., and Liu, J. (2020, January 20\u201324). Influence function based data poisoning attacks to top-n recommender systems. Proceedings of the Web Conference 2020, Taipei, Taiwan.","DOI":"10.1145\/3366423.3380072"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Huang, H., Mu, J., Gong, N.Z., Li, Q., Liu, B., and Xu, M. (2021). Data Poisoning Attacks to Deep Learning Based Recommender Systems. arXiv.","DOI":"10.14722\/ndss.2021.24525"},{"key":"ref_20","unstructured":"Gu, T., Dolan-Gavitt, B., and Garg, S. (2017). Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","article-title":"Badnets: Evaluating backdooring attacks on deep neural networks","volume":"7","author":"Gu","year":"2019","journal-title":"IEEE Access"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Sinha, A., and Wellman, M.P. (2018, January 24\u201326). Sok: Security and privacy in machine learning. Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK.","DOI":"10.1109\/EuroSP.2018.00035"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"14410","DOI":"10.1109\/ACCESS.2018.2807385","article-title":"Threat of adversarial attacks on deep learning in computer vision: A survey","volume":"6","author":"Akhtar","year":"2018","journal-title":"IEEE Access"},{"key":"ref_24","unstructured":"Lu, J., Sibai, H., Fabry, E., and Forsyth, D. (2017). No need to worry about adversarial examples in object detection in autonomous vehicles. arXiv."},{"key":"ref_25","unstructured":"Brown, T.B., Man\u00e9, D., Roy, A., Abadi, M., and Gilmer, J. (2017). Adversarial patch. arXiv."},{"key":"ref_26","unstructured":"Iter, D., Huang, J., and Jermann, M. (2021, February 02). Generating Adversarial Examples for Speech Recognition. Available online: https:\/\/bit.ly\/3IMpSJJ."},{"key":"ref_27","unstructured":"Ketith Manville (2021, February 18). Adversarial Machine Learning 101. Available online: https:\/\/bit.ly\/3oFMzXr."},{"key":"ref_28","unstructured":"ETSI (2021, April 01). Securing AI: Problem Statement. Available online: https:\/\/bit.ly\/3cuv1rG."},{"key":"ref_29","unstructured":"Hapke, H., and Nelson, C. (2020). Building Machine Learning Pipeline, O\u2019Reilly Media Inc."},{"key":"ref_30","unstructured":"Goodfellow, I.J., Shlens, J., and Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1007\/s11633-019-1211-x","article-title":"Adversarial attacks and defenses in images, graphs and text: A review","volume":"17","author":"Xu","year":"2020","journal-title":"Int. J. Autom. Comput."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.M., Fawzi, A., and Frossard, P. (2016, January 27\u201330). Deepfool: A simple and accurate method to fool deep neural networks. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA.","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., and Swami, A. (2016, January 21\u201324). The limitations of deep learning in adversarial settings. Proceedings of the 2016 IEEE European Symposium on Security and Privacy (EuroS&P), Saarbruecken, Germany.","DOI":"10.1109\/EuroSP.2016.36"},{"key":"ref_34","unstructured":"Kurakin, A., Goodfellow, I., and Bengio, S. (2021, March 17). Adversarial Examples in the Physical World. Available online: https:\/\/bit.ly\/3qSB0yf."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1016\/j.eng.2019.12.012","article-title":"Adversarial attacks and defenses in deep learning","volume":"6","author":"Ren","year":"2020","journal-title":"Engineering"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.M., Fawzi, A., Fawzi, O., and Frossard, P. (2017, January 21\u201326). Universal adversarial perturbations. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Honolulu, HI, USA.","DOI":"10.1109\/CVPR.2017.17"},{"key":"ref_37","unstructured":"Tram\u00e8r, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P. (2017). Ensemble adversarial training: Attacks and defenses. arXiv."},{"key":"ref_38","unstructured":"Na, T., Ko, J.H., and Mukhopadhyay, S. (2017). Cascade adversarial machine learning regularized with a unified embedding. arXiv."},{"key":"ref_39","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., and Vladu, A. (2017). Towards deep learning models resistant to adversarial attacks. arXiv."},{"key":"ref_40","unstructured":"Farnia, F., Zhang, J.M., and Tse, D. (2018). Generalizable adversarial training via spectral normalization. arXiv."},{"key":"ref_41","unstructured":"Das, N., Shanbhogue, M., Chen, S.T., Hohman, F., Chen, L., Kounavis, M.E., and Chau, D.H. (2017). Keeping the bad guys out: Protecting and vaccinating deep learning with jpeg compression. arXiv."},{"key":"ref_42","unstructured":"Xie, C., Wang, J., Zhang, Z., Ren, Z., and Yuille, A. (2017). Mitigating adversarial effects through randomization. arXiv."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Ross, A.S., and Doshi-Velez, F. (2018, January 2\u20137). Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, LA, USA. Available online: https:\/\/bit.ly\/341U9oq.","DOI":"10.1609\/aaai.v32i1.11504"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Lu, J., Issaranon, T., and Forsyth, D. (2017, January 22\u201329). Safetynet: Detecting and rejecting adversarial examples robustly. Proceedings of the IEEE International Conference on Computer Vision, Venice, Italy.","DOI":"10.1109\/ICCV.2017.56"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Li, X., and Li, F. (2017, January 22\u201329). Adversarial examples detection in deep networks with convolutional filter statistics. Proceedings of the IEEE International Conference on Computer Vision, Venice, Italy.","DOI":"10.1109\/ICCV.2017.615"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Akhtar, N., Liu, J., and Mian, A. (2018, January 18\u201323). Defense against universal adversarial perturbations. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA.","DOI":"10.1109\/CVPR.2018.00357"},{"key":"ref_47","unstructured":"Lee, H., Han, S., and Lee, J. (2017). Generative adversarial trainer: Defense to adversarial perturbations with gan. arXiv."},{"key":"ref_48","unstructured":"Shen, S., Jin, G., Gao, K., and Zhang, Y. (2017). Ape-gan: Adversarial perturbation elimination with gan. arXiv."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Xu, W., Evans, D., and Qi, Y. (2017). Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv.","DOI":"10.14722\/ndss.2018.23198"},{"key":"ref_50","unstructured":"Xu, W., Evans, D., and Qi, Y. (2017). Feature squeezing mitigates and detects carlini\/wagner adversarial examples. arXiv."},{"key":"ref_51","unstructured":"Alex Stamos (2021, December 23). Cloud Computing Security. Available online: https:\/\/bit.ly\/3Euu5Px."},{"key":"ref_52","unstructured":"Ezhil Arasan Babaraj (2021, December 23). Cloud Security\u2014An Overview. Available online: https:\/\/bit.ly\/3EvjPX9."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Ludovic Petit (2021, December 23). OWASP Top 10 Cloud Security Risks. Available online: https:\/\/bit.ly\/3mVx1in.","DOI":"10.1016\/S1353-4858(21)00095-7"},{"key":"ref_54","unstructured":"Hitachi Systems Security (2021, December 23). The Top 10 OWASP Cloud Security Risks. Available online: https:\/\/bit.ly\/3qkkNR6."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3390\/computers3010001","article-title":"Cloud computing security: A survey","volume":"3","author":"Khalil","year":"2014","journal-title":"Computers"},{"key":"ref_56","first-page":"21","article-title":"Framework for secure cloud computing","volume":"3","author":"Munir","year":"2013","journal-title":"Adv. Int. J. Cloud Comput. Serv. Archit. (IJCCSA)"},{"key":"ref_57","first-page":"3","article-title":"Cloud computing security: Latest issues & countermeasures","volume":"4","author":"Pandey","year":"2015","journal-title":"Int. J. Sci."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1016\/j.measurement.2018.01.022","article-title":"A machine learning model for improving healthcare services on cloud computing environment","volume":"119","author":"Abdelaziz","year":"2018","journal-title":"Measurement"},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"18681","DOI":"10.1109\/ACCESS.2020.2964386","article-title":"A cloud-based framework for machine learning workloads and applications","volume":"8","author":"Antonacci","year":"2020","journal-title":"IEEE Access"},{"key":"ref_60","unstructured":"(2021, March 01). DEEP Hybrid Data Cloud. Available online: https:\/\/bit.ly\/3FsfQM3."},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"26372","DOI":"10.1109\/ACCESS.2020.2971519","article-title":"Distributed Machine Learning Oriented Data Integrity Verification Scheme in Cloud Computing Environment","volume":"8","author":"Zhao","year":"2020","journal-title":"IEEE Access"},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Nepal, S., Chen, S., Yao, J., and Thilakanathan, D. (2011, January 4\u20139). DIaaS: Data integrity as a service in the cloud. Proceedings of the 2011 IEEE 4th International Conference on Cloud Computing, Washington, DC, USA.","DOI":"10.1109\/CLOUD.2011.35"},{"key":"ref_63","unstructured":"Gu, Z., Huang, H., Zhang, J., Su, D., Lamba, A., Pendarakis, D., and Molloy, I. (2018). Securing input data of deep learning inference systems via partitioned enclave execution. arXiv."},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Kim, J., and Park, N. (2020). Blockchain-Based Data-Preserving AI Learning Environment Model for AI Cybersecurity Systems in IoT Service Environments. Appl. Sci., 10.","DOI":"10.3390\/app10144718"},{"key":"ref_65","unstructured":"CodeNotary (2022, January 04). Immudb Introduction. Available online: https:\/\/bit.ly\/3JYdzuW."},{"key":"ref_66","unstructured":"AWS (2022, January 05). Amazon Quantum Ledger Database (QLDB). Available online: https:\/\/go.aws\/3f9sFzw."},{"key":"ref_67","unstructured":"Microsoft (2022, January 05). Azure SQL Database Append-Only Ledger Tables. Available online: https:\/\/bit.ly\/3r7WFkV."},{"key":"ref_68","unstructured":"Ethereum (2022, January 09). Ethereum Proof-of-Stake. Available online: https:\/\/ethereum.org\/en\/developers\/docs\/consensus-mechanisms\/pos\/."},{"key":"ref_69","unstructured":"(2021, April 01). How IAM Works. Available online: https:\/\/bit.ly\/3HDYm1d."},{"key":"ref_70","unstructured":"(2021, October 01). Introduction to JSON Web Tokens. Available online: https:\/\/bit.ly\/30BJCiN."},{"key":"ref_71","unstructured":"(2021, October 01). What Is IPFS. Available online: https:\/\/bit.ly\/3HEPAQj."},{"key":"ref_72","unstructured":"Swarm (2022, January 06). Ethereum Swarm. Available online: https:\/\/bit.ly\/3f9BZDw."},{"key":"ref_73","unstructured":"Storj (2022, January 06). Available online: https:\/\/bit.ly\/3zIR7l0."},{"key":"ref_74","unstructured":"MaidSafe (2022, January 06). Intro to MaidSafe. Available online: https:\/\/bit.ly\/33lSvOe."},{"key":"ref_75","unstructured":"wolfSSL (2022, January 14). wolfCrypt Benchmarking. Available online: https:\/\/www.wolfssl.com\/docs\/benchmarks\/."},{"key":"ref_76","unstructured":"Paul Wackerow (2022, January 06). Gas and Fees. Available online: https:\/\/bit.ly\/3zCzS4D."},{"key":"ref_77","unstructured":"(2020, February 20). Ganache Overview. Available online: https:\/\/www.trufflesuite.com\/docs\/ganache\/overview."},{"key":"ref_78","unstructured":"(2021, November 07). Truffle Overview. Available online: https:\/\/bit.ly\/3q03i9O."},{"key":"ref_79","unstructured":"Concourse Open Community (2022, January 15). ETH Gas Station. Available online: https:\/\/bit.ly\/3zySXVm."},{"key":"ref_80","unstructured":"Truffe Suite (2022, January 15). Truffle Suite Configuration. Available online: https:\/\/bit.ly\/3qRHsWr."},{"key":"ref_81","unstructured":"Ethereum (2022, January 09). Blocks Ethereum. Available online: https:\/\/ethereum.org\/en\/developers\/docs\/blocks\/."},{"key":"ref_82","unstructured":"Paul Wackerow (2022, January 06). Layer 2 Rollup. Available online: https:\/\/bit.ly\/3HNXOFf."},{"key":"ref_83","unstructured":"NIST (2021, July 30). Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide. Available online: https:\/\/bit.ly\/3oLeh50."},{"key":"ref_84","unstructured":"National Institute of Standards and Technology (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, National Institute of Standards and Technology. Technical Report NIST CSWP 04162018."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/2\/273\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:11:06Z","timestamp":1760134266000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/2\/273"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,29]]},"references-count":84,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2022,2]]}},"alternative-id":["sym14020273"],"URL":"https:\/\/doi.org\/10.3390\/sym14020273","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,29]]}}}