60 likes | 82 Views
Data Confidentiality on Clouds. Sharad Mehrotra University of California, Irvine. Cloud Computing. Utility model. X as a service , where X is: Infrastructure, platforms, Software, Storage, Application, test environments… Characteristics : Elastic -- Use as much as your needs
E N D
Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine
Cloud Computing Utility model • X as a service, where X is: • Infrastructure, platforms, Software, • Storage, Application, test environments… • Characteristics: • Elastic-- Use as much as your needs • Pay for onlywhat you use • Don’t worry about: • system management headaches • Failures • loss of data due to failures • .. • Cheaper due to economy of scale • Better controlover IT investments • Challenges • scalability, elasticity, consistency, big data management, interoperability, migration, multi-tenancy, pricing …
Cloud Computing Utility model • X as a service, where X is: • Infrastructure, platforms, Software, • Storage, Application, test environments… • Characteristics: • Elastic -- Use as much as your needs • Pay foronly what you use • Don’t worryabout • No system management headaches • , loss of data due to failures • Cheaper due to economy of scale • Bettercontrol over IT investment • Infrastructure Challenges: • Scale, multi-tenancy, elasticity, consistency, big data management, interoperability, migration, pricing …
Implications of Loss of Control • Integrity • Will the CSP serve my data correctly? • Can my data get corrupted? • Availability • Will I have access to my data and services at all times? • Security • Will the CSP implement its own security policies appropriately? • Privacy & confidentiality • Will sensitive data remain confidential? • Will my data be vulnerable to misuse? By other tenants? By the service provider? Cloud End Users
So will Crypto Researchers Solve the Problem? • Large body of research in applied crypto over 2 decades • Generality, Efficiency, Security • Binary notion of security • Semantic security, Perfect Secrecy • Great for some user-communities (military, government, trade-secrets) • Overprotection if user-community is common users of the cloud. • How much are we willing to pay to prevent leakage of “Mom’s secret recipe”. • . Classification of Research on Encrypted Search [Hacigumus, et. al. Survey, 2007, Bagherzandi et al., Encyclopedia entry 2011]
Risk Based Data Processing in Clouds User Specific constraints on disclosure, costs, etc. Each point represents a different representation of data Empower owners to strike a balance between risk, performance, and costs by steering data & computation appropriately in mixed trust environments Workload (Q) Risk Based Approach Multi Criteria Optimization Data (R) Disclosure Data, Workload Partitions (RCli, RServ, QCli, QServ) and Workload Execution Plan Sensitivity Cost Usability Performance Challenges: • Modeling risks – function of trust, security, data representation, sensitivity, exposure duration, usefulness to adversary, … • Mechanism to trace “sensitivity/risk provenance” • Mechanisms to Partition Computation & data -- Robust, adaptive, efficient, general, .. Systems we are building (RADICLE Project at UCI) • CloudProtect – (usability versus confidentiality tradeoff) • empowers end-users to control loss of data in using web applications such as Box, Google Drive, picasa, shutterfly, etc. • Hybridizer – (Cost, performance, confidentiality tradeoffs) • partitioning Hive & map reduce jobs across hybrid clouds to control information leakage