Data Confidentiality on Clouds

Sharad MehrotraSharad MehrotraUniversity of California, IrvineUniversity of California, Irvine

Cloud ComputingCloud Computing

• X as a serviceX as a service, where , where X X is:is:– Infrastructure, platforms, Software,– Storage, Application, test environments…

• CharacteristicsCharacteristics::– Elastic-- Use as much as your needs – Pay for only what you use– Don’t worry about:

– system management headaches– Failures– loss of data due to failures – ..

– Cheaper due to economy of scale– Better control over IT investments

• ChallengesChallenges– scalability, elasticity, consistency, big data management,

interoperability, migration, multi-tenancy, pricing …

2

Utility model

Cloud ComputingCloud Computing

• X as a service, where X is:X as a service, where X is:– Infrastructure, platforms, Software,– Storage, Application, test environments…

• Characteristics:Characteristics:– Elastic -- Use as much as your needs – Pay for only what you use– Don’t worry about

– No system management headaches– , loss of data due to failures

– Cheaper due to economy of scale– Better control over IT investment

• Infrastructure Challenges:Infrastructure Challenges:– Scale, multi-tenancy, elasticity, consistency, big data management,

interoperability, migration, pricing …

3

Utility model

Implications of Loss of Control

4

End Users

Cloud

• IntegrityIntegrity

• Will the CSP serve my data correctly?Will the CSP serve my data correctly?

• Can my data get corrupted?Can my data get corrupted?

• AvailabilityAvailability

• Will I have access to my data and Will I have access to my data and services at all times?services at all times?

• SecuritySecurity• Will the CSP implement its own security Will the CSP implement its own security policies appropriately?policies appropriately?

•Privacy & confidentialityPrivacy & confidentiality

• Will sensitive data remain confidential?Will sensitive data remain confidential?

• Will my data be vulnerable to misuse? By Will my data be vulnerable to misuse? By other tenants? By the service provider?other tenants? By the service provider?

So will Crypto Researchers Solve the Problem?

5

• Large body of research in applied crypto over 2 decades

• Generality, Efficiency, Security

• Binary notion of security• Semantic security, Perfect

Secrecy• Great for some user-

communities (military, government, trade-secrets)

• Overprotection if user-community is common users of the cloud.

- How much are we willing to pay to prevent leakage of “Mom’s secret recipe”.

- .

Classification of Research on Encrypted Search [Hacigumus, et. al. Survey, 2007, Bagherzandi et al., Encyclopedia entry 2011]

Risk Based Data Processing in CloudsRisk Based Data Processing in Clouds

Risk Based

Approach

Data (R)

Workload (Q)

Sensitivity

Disclosure

Perfo

rman

ce

Cost

Usability

Each point represents a different representation of data

User Specific constraints on

disclosure, costs, etc.

Multi Criteria Optimization

Data, Workload Partitions (RCli, RServ, QCli, QServ) and

Workload Execution PlanChallenges: Challenges: •Modeling risks – Modeling risks – function of trust, security, data representation, sensitivity, function of trust, security, data representation, sensitivity, exposure duration, usefulness to adversaryexposure duration, usefulness to adversary, …, …

•Mechanism to trace Mechanism to trace “sensitivity/risk provenance”“sensitivity/risk provenance”

• Mechanisms to Partition Computation & data Mechanisms to Partition Computation & data -- -- Robust, adaptive, Robust, adaptive, efficient, generalefficient, general, .., ..

Systems we are building (RADICLE Project at UCI)Systems we are building (RADICLE Project at UCI)• CloudProtect – (usability versus confidentiality tradeoff)CloudProtect – (usability versus confidentiality tradeoff)– empowers end-users to control loss of data in using web applications such as Box, empowers end-users to control loss of data in using web applications such as Box,

Google Drive, picasa, shutterfly, etc.Google Drive, picasa, shutterfly, etc.

•Hybridizer – (Cost, performance, confidentiality tradeoffs)Hybridizer – (Cost, performance, confidentiality tradeoffs)– partitioning Hive & map reduce jobs across hybrid clouds to control information partitioning Hive & map reduce jobs across hybrid clouds to control information

leakageleakage

Empower owners to strike a balance between risk, performance, and costs by steering data & computation appropriately in mixed trust environments