Secure Cloud Storage: A framework for Data Protection as a Service in the multi-cloud environment

This paper introduces Secure Cloud Storage (SCS), a framework for Data Protection as a Service (DPaaS) to cloud computing users. Compared to the existing Data Encryption as a Service (DEaaS) such as those provided by Amazon and Google, DPaaS provides more flexibility to protect data in the cloud. In addition to supporting the basic data encryption capability as DEaaS does, DPaaS allows users to define fine-grained access control policies to protect their data. Once data is put under an access control policy, it is automatically encrypted and only if the policy is satisfied, the data could be decrypted and accessed by either the data owner or anyone else specified in the policy. The key idea of the SCS framework is to separate data management from security management in addition to defining a full cycle of data security automation from encryption to decryption. As a proof-of-concept for the design, we implemented a prototype of the SCS framework that works with both BT Cloud Compute platform and Amazon EC2. Experiments on the prototype have proved the efficiency of the SCS framework.

[1]  Theodosis Dimitrakos,et al.  Seamless Enablement of Intelligent Protection for Enterprise Cloud Applications through Service Store , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[2]  Kefei Chen,et al.  YI Cloud: Improving user privacy with secret key recovery in cloud storage , 2011, Proceedings of 2011 IEEE 6th International Symposium on Service Oriented System (SOSE).

[3]  Xuejie Zhang,et al.  Identity-Based Authentication in Cloud Storage Sharing , 2010, 2010 International Conference on Multimedia Information Networking and Security.

[4]  Dirk Grunwald,et al.  Custos: Increasing Security with Secret Storage as a Service , 2014, TRIOS.

[5]  Yong Tang,et al.  Trusted Data Sharing over Untrusted Cloud Storage Providers , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[6]  Du meng Data security in cloud computing , 2013, ICCSE 2013.

[7]  David W. Chadwick,et al.  Security-as-a-Service in Multi-cloud and Federated Cloud Environments , 2015, IFIPTM.

[8]  VAMSEE KRISHNA YARLAGADDA,et al.  Data Security in Cloud Computing , 2011 .

[9]  Pierangela Samarati Security and Privacy in the Cloud , 2016, CLOSER.

[10]  Chan Yeob Yeun,et al.  New Secure Storage Architecture for Cloud Computing , 2011 .

[11]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[12]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[13]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[14]  Seungmin Kang,et al.  ESPRESSO: An Encryption as a Service for Cloud Storage Systems , 2014, AIMS.

[15]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  Sushil Jajodia,et al.  Integrity for join queries in the cloud , 2013, IEEE Transactions on Cloud Computing.