An Approach to Data Confidentiality Protection in Cloud Environments

نویسندگان

  • Stephen S. Yau
  • Ho G. An
  • Arun Balaji Buduru
چکیده

In current cloud computing systems, because users’ data is stored and processed by computing systems managed and operated by various service providers, users are concerned with the risks of unauthorized usage of their sensitive data by various entities, including service providers. The current cloud computing systems protect users’ data confidentiality from all entities, except service providers. In this paper, an approach is presented for improving the protection of users’ data confidentiality in cloud computing systems from all entities, including service providers. The authors’ approach has the following features: (1) separation of cloud application providers, data processing service providers and data storage providers, (2) anonymization of users’ identities, (3) grouping cloud application components and distributing their execution to distinct cloud infrastructures of data processing service providers, and (4) use of data obfuscation and cryptography for protecting the sensitive data from unauthorized access by all entities, including service providers. The proposed approach ensures that users’ sensitive data can be protected from their service providers even if the users do not have full cooperation from their service providers. DOI: 10.4018/jwsr.2012070104 68 International Journal of Web Services Research, 9(3), 67-83, July-September 2012 Copyright © 2012, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. serious concerns on its capability of protecting the confidentiality of users’ sensitive data from various entities ranging from those developing, managing, serving to those using cloud computing (Rocha, Abreu, & Correia, 2011). Since current access control mechanisms in cloud computing systems used to protect the confidentiality of users’ data from unauthorized entities do not include the service providers of cloud computing systems (Yu, Wang, Ren, & Lou, 2010), and since users’ data can be processed only in unencrypted form, service providers may have unauthorized access and use their users’ confidential data. Hence, an effective approach to protecting users’ data confidentiality from all entities, including the service providers, is needed. Current cloud computing systems have the following properties and consequences for protecting users’ data confidentiality from the service providers of cloud computing systems: • Each service provider has its own software layer, platform layer and infrastructure layer. When a user has a cloud application, the user is forced to use the software, platform and infrastructure provided by the same service provider, and hence the service provider has access privileges to the users’ data. • The user is forced to use the interfaces provided by the service providers, and users’ data has to be in a fixed format specified by the service providers, and hence the service providers can understand users’ data. It is obvious that if the service providers do not have the access privileges to the users’ data and/or cannot understand users’ data, then the service providers will not be able to use users’ data without users’ authorization. In this paper, we will present an approach to develop cloud applications in such a way that will prevent data processing service providers and data storage providers from accessing and understanding users’ confidential data in cloud computing systems. In our approach, cloud application providers, data storage providers and data processing service providers are separated into three distinct entities. In our approach, combination of data obfuscation, cryptography, anonymization of users’ identities and grouping of the components of each cloud application are used to protect confidentiality of users’ sensitive data. It is noted that since there are many existing cryptographic techniques (Stallings, 2010); appropriate cryptographic techniques based on the protection requirements of the transmitted data can be selected and used in our approach. This paper is organized as follows. We will first discuss the current state of art related to our approach and present our overall approach. In the subsequent sections, we will first discuss how to anonymize users’ identities for protecting users’ data confidentiality in cloud computing systems and then discuss how cloud application providers can develop and group the components of a cloud application such that the application software can be executed in distinct infrastructures of data processing service providers without disclosing confidentiality of users’ sensitive data. Then, we will discuss how to use data obfuscation during the execution of application components in cloud computing.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Fuzzy retrieval of encrypted data by multi-purpose data-structures

The growing amount of information that has arisen from emerging technologies has caused organizations to face challenges in maintaining and managing their information. Expanding hardware, human resources, outsourcing data management, and maintenance an external organization in the form of cloud storage services, are two common approaches to overcome these challenges; The first approach costs of...

متن کامل

Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds

Confidentiality and integrity of data in Infrastructure-as-a-Service (IaaS) environments increase in relevance as adoption of IaaS advances towards maturity. While current solutions assume a high degree of trust in IaaS provider staff and infrastructure management processes, earlier incidents have demonstrated that neither are impeccable. In this paper we introduce Domain-Based Storage Protecti...

متن کامل

Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing

Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...

متن کامل

Magic Quadrant for Mobile Data Protection

Gartner defines mobile data protection (MDP) products and services as software security methods that enforce confidentiality policies by encrypting data, and then defending access to that encrypted data on the primary and secondary storage systems of end-user workstations. These storage systems include the primary boot drive of a workstation and removable devices used for portability. Storage t...

متن کامل

Energy Aware Resource Management of Cloud Data Centers

Cloud Computing, the long-held dream of computing as a utility, has the potential to transform a large part of the IT industry, making software even more attractive as a service and shaping the way IT hardware is designed and purchased. Virtualization technology forms a key concept for new cloud computing architectures. The data centers are used to provide cloud services burdening a significant...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Int. J. Web Service Res.

دوره 9  شماره 

صفحات  -

تاریخ انتشار 2012