When moving large and heterogeneous data collections to the cloud, a key requirement concerns the selection of the most suitable (set of) cloud service(s) for outsourcing. In this paper, we address this problem and present a flexible and expressive, yet simple model for supporting data owners in identifying a proper allocation of their resources to a set of cloud services. Our model allows data owners to specify in an easy and intuitive way protection requirements operating at the granularity level of single resource (or class thereof), and representing the minimum security guarantees that a cloud service must offer to store resources. Resources can be outsourced in plaintext or encrypted form, depending on their requirements and on what is the most convenient allocation. Data owners can then also specify global allocation requirements that apply to the overall allocation, to reduce the burden on their side and to avoid excessive fragmentation of the resource collection. We solve the problem of finding an allocation that satisfies both the protection and the global allocation requirements, while minimizing economic costs, by formulating it as a binary programming problem, thus allowing the use of existing techniques for its efficient solution.
Security-aware data allocation in multicloud scenarios / S. De Capitani di Vimercati, S. Foresti, G. Livraga, V. Piuri, P. Samarati. - In: IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING. - ISSN 1545-5971. - 18:5(2021 Sep), pp. 2456-2468. [10.1109/TDSC.2019.2953068]
Security-aware data allocation in multicloud scenarios
S. De Capitani di VimercatiPrimo
;S. ForestiSecondo
;G. Livraga;V. PiuriPenultimo
;P. Samarati
Ultimo
2021
Abstract
When moving large and heterogeneous data collections to the cloud, a key requirement concerns the selection of the most suitable (set of) cloud service(s) for outsourcing. In this paper, we address this problem and present a flexible and expressive, yet simple model for supporting data owners in identifying a proper allocation of their resources to a set of cloud services. Our model allows data owners to specify in an easy and intuitive way protection requirements operating at the granularity level of single resource (or class thereof), and representing the minimum security guarantees that a cloud service must offer to store resources. Resources can be outsourced in plaintext or encrypted form, depending on their requirements and on what is the most convenient allocation. Data owners can then also specify global allocation requirements that apply to the overall allocation, to reduce the burden on their side and to avoid excessive fragmentation of the resource collection. We solve the problem of finding an allocation that satisfies both the protection and the global allocation requirements, while minimizing economic costs, by formulating it as a binary programming problem, thus allowing the use of existing techniques for its efficient solution.
| File | Dimensione | Formato | |
|---|---|---|---|
|
TDSC-2019-07-0351.pdf
accesso aperto
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
798.96 kB
Formato
Adobe PDF
|
798.96 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
