21-12-2012, 03:14 PM
Ensuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability.pdf (Size: 807.97 KB / Downloads: 154)
INTRODUCTION
CLOUD computing presents a new way to supplement the
current consumption and delivery model for IT
services based on the Internet, by providing for dynamically
scalable and often virtualized resources as a service over the
Internet. To date, there are a number of notable commercial
and individual cloud computing services, including Amazon,
Google, Microsoft, Yahoo, and Salesforce [19]. Details
of the services provided are abstracted from the users who
no longer need to be experts of technology infrastructure.
Moreover, users may not know the machines which actually
process and host their data. While enjoying the convenience
brought by this new technology, users also start worrying
about losing control of their own data. The data processed
on clouds are often outsourced, leading to a number of
issues related to accountability, including the handling of
personally identifiable information. Such fears are becoming
a significant barrier to the wide adoption of cloud
services [30].
RELATED WORK
In this section, we first review related works addressing the
privacy and security issues in the cloud. Then, we briefly
discuss works which adopt similar techniques as our
approach but serve for different purposes.
Cloud Privacy and Security
Cloud computing has raised a range of important privacy
and security issues [19], [25], [30]. Such issues are due to the
fact that, in the cloud, users’ data and applications
reside—at least for a certain amount of time—on the cloud
cluster which is owned and maintained by a third party.
Concerns arise since in the cloud it is not always clear to
individuals why their personal information is requested or
how it will be used or passed on to other parties. To date,
little work has been done in this space, in particular with
respect to accountability. Pearson et al. have proposed
accountability mechanisms to address privacy concerns of
end users [30] and then develop a privacy manager [31].
Their basic idea is that the user’s private data are sent to the
cloud in an encrypted form, and the processing is done on
the encrypted data. The output of the processing is
deobfuscated by the privacy manager to reveal the correct
result. However, the privacy manager provides only limited
features in that it does not guarantee protection once the
data are being disclosed.
Other Related Techniques
With respect to Java-based techniques for security, our
methods are related to self-defending objects (SDO) [17].
Self-defending objects are an extension of the object-oriented
programming paradigm, where software objects that offer
sensitive functions or hold sensitive data are responsible for
protecting those functions/data. Similarly, we also extend
the concepts of object-oriented programming. The key
difference in our implementations is that the authors still
rely on a centralized database to maintain the access records,
while the items being protected are held as separate files. In
previous work, we provided a Java-based approach to
prevent privacy leakage from indexing [39], which could be
integrated with the CIA framework proposed in this work
since they build on related architectures.
In terms of authentication techniques, Appel and Felten
[13] proposed the Proof-Carrying authentication (PCA)
framework. The PCA includes a high order logic language
that allows quantification over predicates, and focuses on
access control for web services. While related to ours to the
extent that it helps maintaining safe, high-performance,
mobile code, the PCA’s goal is highly different from our
research, as it focuses on validating code, rather than
monitoring content. Another work is by Mont et al. who
proposed an approach for strongly coupling content with
access control, using Identity-Based Encryption (IBE) [26].
We also leverage IBE techniques, but in a very different
way. We do not rely on IBE to bind the content with the
rules. Instead, we use it to provide strong guarantees for the
encrypted content and the log files, such as protection
against chosen plaintext and ciphertext attacks.