The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many scenarios, this adoption could be hampered by possible concerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Especially when the data are organized in objects, the application of an encryption layer is an interesting solution to this problem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an adequate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of transparency for the applications, and integrate different options for the management of policy updates. Our implementation and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.

Managing data sharing in OpenStack Swift with Over-Encryption / E. Bacis, S. De Capitani di Vimercati, S. Foresti, D. Guttadoro, S. Paraboschi, M. Rosa, P. Samarati, A. Saullo - In: WISCS '16 : proceedings[s.l] : ACM, 2016 Oct. - ISBN 9781450345651. - pp. 39-48 (( Intervento presentato al 3. convegno WISCS tenutosi a Wien nel 2016 [10.1145/2994539.2994549].

Managing data sharing in OpenStack Swift with Over-Encryption

S. De Capitani di Vimercati;S. Foresti;P. Samarati;
2016-10

Abstract

The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many scenarios, this adoption could be hampered by possible concerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Especially when the data are organized in objects, the application of an encryption layer is an interesting solution to this problem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an adequate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of transparency for the applications, and integrate different options for the management of policy updates. Our implementation and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.
Settore INF/01 - Informatica
Enforceable Security in the Cloud to Uphold Data Ownership
ABC GATES FOR EUROPE
ACM
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
bdfgprss-wiscs2016.pdf

accesso aperto

1.47 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2434/447566
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 0
social impact