Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.
-
Upload
robert-phelps -
Category
Documents
-
view
212 -
download
0
Transcript of Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.
![Page 1: Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.](https://reader036.fdocuments.in/reader036/viewer/2022083004/56649ee75503460f94bf7b8d/html5/thumbnails/1.jpg)
Data Confidentiality on Clouds
Sharad MehrotraSharad MehrotraUniversity of California, IrvineUniversity of California, Irvine
![Page 2: Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.](https://reader036.fdocuments.in/reader036/viewer/2022083004/56649ee75503460f94bf7b8d/html5/thumbnails/2.jpg)
Cloud ComputingCloud Computing
• X as a serviceX as a service, where , where X X is:is:– Infrastructure, platforms, Software,– Storage, Application, test environments…
• CharacteristicsCharacteristics::– Elastic-- Use as much as your needs – Pay for only what you use– Don’t worry about:
– system management headaches– Failures– loss of data due to failures – ..
– Cheaper due to economy of scale– Better control over IT investments
• ChallengesChallenges– scalability, elasticity, consistency, big data management,
interoperability, migration, multi-tenancy, pricing …
2
Utility model
![Page 3: Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.](https://reader036.fdocuments.in/reader036/viewer/2022083004/56649ee75503460f94bf7b8d/html5/thumbnails/3.jpg)
Cloud ComputingCloud Computing
• X as a service, where X is:X as a service, where X is:– Infrastructure, platforms, Software,– Storage, Application, test environments…
• Characteristics:Characteristics:– Elastic -- Use as much as your needs – Pay for only what you use– Don’t worry about
– No system management headaches– , loss of data due to failures
– Cheaper due to economy of scale– Better control over IT investment
• Infrastructure Challenges:Infrastructure Challenges:– Scale, multi-tenancy, elasticity, consistency, big data management,
interoperability, migration, pricing …
3
Utility model
![Page 4: Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.](https://reader036.fdocuments.in/reader036/viewer/2022083004/56649ee75503460f94bf7b8d/html5/thumbnails/4.jpg)
Implications of Loss of Control
4
End Users
Cloud
• IntegrityIntegrity
• Will the CSP serve my data correctly?Will the CSP serve my data correctly?
• Can my data get corrupted?Can my data get corrupted?
• AvailabilityAvailability
• Will I have access to my data and Will I have access to my data and services at all times?services at all times?
• SecuritySecurity• Will the CSP implement its own security Will the CSP implement its own security policies appropriately?policies appropriately?
•Privacy & confidentialityPrivacy & confidentiality
• Will sensitive data remain confidential?Will sensitive data remain confidential?
• Will my data be vulnerable to misuse? By Will my data be vulnerable to misuse? By other tenants? By the service provider?other tenants? By the service provider?
![Page 5: Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.](https://reader036.fdocuments.in/reader036/viewer/2022083004/56649ee75503460f94bf7b8d/html5/thumbnails/5.jpg)
So will Crypto Researchers Solve the Problem?
5
• Large body of research in applied crypto over 2 decades
• Generality, Efficiency, Security
• Binary notion of security• Semantic security, Perfect
Secrecy• Great for some user-
communities (military, government, trade-secrets)
• Overprotection if user-community is common users of the cloud.
- How much are we willing to pay to prevent leakage of “Mom’s secret recipe”.
- .
Classification of Research on Encrypted Search [Hacigumus, et. al. Survey, 2007, Bagherzandi et al., Encyclopedia entry 2011]
![Page 6: Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.](https://reader036.fdocuments.in/reader036/viewer/2022083004/56649ee75503460f94bf7b8d/html5/thumbnails/6.jpg)
Risk Based Data Processing in CloudsRisk Based Data Processing in Clouds
Risk Based
Approach
Data (R)
Workload (Q)
Sensitivity
Disclosure
Perfo
rman
ce
Cost
Usability
Each point represents a different representation of data
User Specific constraints on
disclosure, costs, etc.
Multi Criteria Optimization
Data, Workload Partitions (RCli, RServ, QCli, QServ) and
Workload Execution PlanChallenges: Challenges: •Modeling risks – Modeling risks – function of trust, security, data representation, sensitivity, function of trust, security, data representation, sensitivity, exposure duration, usefulness to adversaryexposure duration, usefulness to adversary, …, …
•Mechanism to trace Mechanism to trace “sensitivity/risk provenance”“sensitivity/risk provenance”
• Mechanisms to Partition Computation & data Mechanisms to Partition Computation & data -- -- Robust, adaptive, Robust, adaptive, efficient, generalefficient, general, .., ..
Systems we are building (RADICLE Project at UCI)Systems we are building (RADICLE Project at UCI)• CloudProtect – (usability versus confidentiality tradeoff)CloudProtect – (usability versus confidentiality tradeoff)– empowers end-users to control loss of data in using web applications such as Box, empowers end-users to control loss of data in using web applications such as Box,
Google Drive, picasa, shutterfly, etc.Google Drive, picasa, shutterfly, etc.
•Hybridizer – (Cost, performance, confidentiality tradeoffs)Hybridizer – (Cost, performance, confidentiality tradeoffs)– partitioning Hive & map reduce jobs across hybrid clouds to control information partitioning Hive & map reduce jobs across hybrid clouds to control information
leakageleakage
Empower owners to strike a balance between risk, performance, and costs by steering data & computation appropriately in mixed trust environments