Towards Efficient and Secure Data Storage in Multi-tenant Cloud-Based CRM Solutions

Even though enterprises increasingly recognize the benefits of cloud computing, many are still reluctant using cloud-based applications or services like customer relationship management (CRM) solutions due to security and privacy concerns. This article aims at defining a roadmap to derive a holistic framework providing data privacy and security by design in the context of cloud-based multi-tenant CRM systems. As a CRM system developed for SMEs CAS PIA serves as an example for typically occurring data structures and use cases including the innovative concept of user-defined security levels for different data types. We present a scenario and requirements analysis for motivating the need for a suitable user-context-specific security concept and a data and privacy preserving framework.

[1]  Gregory D. Abowd,et al.  Charting past, present, and future research in ubiquitous computing , 2000, TCHI.

[2]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Claudia Linnhoff-Popien,et al.  A Context Modeling Survey , 2004 .

[4]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[5]  Antonio Bucchiarone,et al.  A context-driven adaptation process for service-based applications , 2010, PESOS '10.

[6]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[7]  Jadwiga Indulska,et al.  A survey of context modelling and reasoning techniques , 2010, Pervasive Mob. Comput..

[8]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[9]  Letizia Tanca,et al.  A methodology for preference-based personalization of contextual data , 2009, EDBT '09.

[10]  Michael Decker Modelling of Location-Aware Access Control Rules , 2011 .

[11]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[12]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[13]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[14]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.