09-02-2013, 12:51 PM
Cloud Data Protection for the Masses
Cloud Data.pdf (Size: 684.75 KB / Downloads: 62)
INTRODUCTION
Although cloud computing promises lower costs,
rapid scaling, easier maintenance, and service
availability anywhere, anytime, a key challenge
is how to ensure and build confidence that the
cloud can handle user data securely. A recent Microsoft
survey found that “58 percent of the public and 86 percent
of business leaders are excited about the possibilities
of cloud computing. But more than 90 percent of them are
worried about security, availability, and privacy of their
data as it rests in the cloud.”1
This tension makes sense: users want to maintain control
of their data, but they also want to benefit from the rich
services that application developers can provide using that
data. So far, the cloud offers little platform-level support or
standardization for user data protection beyond data encryption
at rest, most likely because doing so is nontrivial.
Protecting user data while enabling rich computation requires
both specialized expertise and resources that might
not be readily available to most application developers.
SECURITY AND PRIVACY CHALLENGES
It’s impossible to develop a single data-protection solution
for the cloud because the term means too many
different things. Any progress must first occur in a particular
domain—accordingly, our work focuses on an
important class of widely used applications that includes
e-mail, personal financial management, social networks,
and business tools such as word processors and
spreadsheets. The following criteria define this class of
applications:
•• provide services to a large number of distinct end
users, as opposed to bulk data processing or workflow
management for a single entity;
•• use a data model consisting mostly of sharable units,
where all data objects have access control lists (ACLs)
with one or more users; and
•• developers could run the applications on a separate
computing platform that encompasses the physical
infrastructure, job scheduling, user authentication,
and the base software environment, rather than implementing
the platform themselves.
WHAT ABOUT ENCRYPTION?
In the realm of data protection, developers often view
encryption as a kind of a silver bullet, but in reality, it’s
just a tool—albeit a powerful one—to help achieve data
protection properties. Although full-disk encryption (FDE)
and computing on encrypted data have recently gained
attention, these techniques have fallen short of answering
all of the security and maintenance challenges mentioned
earlier.
FDE encrypts entire physical disks with a symmetric
key, often in disk firmware, for simplicity and speed. Although
FDE is effective in protecting private data in certain
scenarios such as stolen laptops and backup tapes, the
concern is that it can’t fulfill data protection goals in the
cloud, where physical theft isn’t the main threat.
Splitting the difference
Although FDE offers excellent performance and ease of
development, it does little to protect privacy at the required
granularity. FHE, on the other hand, pushes the privacy
envelope in the other direction by removing data visibility
entirely from both the server and application developer.
However, having a remote machine see and compute on
sensitive data isn’t automatically a privacy violation. FHE’s
guarantees go beyond what’s necessary to protect data,
and in so doing, it incurs significant performance and development
costs.
We believe the DPaaS approach is better suited for the
target applications because it falls between the two. It
keeps the “natural” granularity of FHE by keying on units
of sharable data and maintains the performance of FDE
by using symmetric encryption. It moves key management
and access control to a middle tier—the computing
platform—to balance rapid development and easy maintenance
with user-side verifiability.
Achieving data protection goals
We assume in the analysis that the platform behaves
correctly with respect to code loading, authorization, and
key management, and that the TPM facilitates a runtime
attestation to this effect.
DPaas uses a combination of encryption at rest, application
confinement, information flow checking, and
auditing to ensure the security and privacy of users’ data.
Application confinement isolates faults and compromises
within each SEE, while information flow checking ensures
that any information flowing among SEEs, data capsules,
and users satisfies access-control policies. Controlling and
auditing administrative accesses to data provides accountability.
DPaaS can guarantee the integrity of the data at rest
via cryptographic authentication of the data in storage and
by auditing the application code at runtime.