Privacy Control in Cloud VM File Systems

Cloud Computing offers great benefits such as reduced IT costs and an improved business agility. Nevertheless, enterprises are still hesitant to put their sensitive data in the cloud as they notably fear privacy issues (e.g., violation of country-based regulations regarding the storage location of a sensitive data). In this context, this paper presents the demonstration of a privacy control technology that allows to protect sensitive files stored, processed, and moved in an IaaS cloud. In our approach, the privacy control is performed within the file system of the Virtual Machines (VM) and allows to control the access done by any application to each sensitive file. It notably covers business applications (e.g., provided by the cloud user) and system applications such as FTP (e.g., to prevent the transfer of a sensitive file in a not authorized country). Moreover, our technology allows to generate tamper-proof traces for any action performed on a sensitive file. In the demonstration, we then also show how the cloud user has a full view of the usage of his sensitive files (e.g., number of copies, storage locations, performed actions). Finally, the demonstration shows these different capabilities through a scenario of file access and cross-country transfer in a multi-platform cloud environment.

[1]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[2]  M. Dupont,et al.  Privacy Data Envelope: Concept and implementation , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[3]  David W. Chadwick,et al.  A privacy preserving authorisation system for the cloud , 2012, J. Comput. Syst. Sci..

[4]  Marcos A. Simplício,et al.  A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing , 2011, CloudCom.

[5]  Elaine Shi,et al.  Cloud Data Protection for the Masses , 2012, Computer.

[6]  Stéphane Betgé-Brezetz,et al.  End-to-end privacy policy enforcement in cloud infrastructure , 2013, 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet).

[7]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[8]  Marcos A. Simplício,et al.  A quantitative analysis of current security concerns and solutions for cloud computing , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[9]  Siani Pearson,et al.  Privacy and Security for Cloud Computing , 2012, Computer Communications and Networks.

[10]  Stéphane Betgé-Brezetz,et al.  Privacy control in the cloud based on multilevel policy enforcement , 2012, 2012 IEEE 1st International Conference on Cloud Networking (CLOUDNET).

[11]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[12]  Nalini Venkatasubramanian,et al.  CloudProtect: Managing Data Privacy in Cloud Applications , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[13]  Slim Trabelsi,et al.  Sticky policies for data control in the cloud , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[14]  Bertrand Marquet,et al.  Seeding the Cloud: An Innovative Approach to Grow Trust in Cloud Based Infrastructures , 2013, Future Internet Assembly.

[15]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[16]  Mukesh Singhal,et al.  Collaboration in multicloud computing environments: Framework and security issues , 2013, Computer.

[17]  Martin Gilje Jaatun,et al.  Accountability for cloud and other future Internet services , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.