Abstract
With the advent of cloud computing, data and computation outsourcing is fast emerging as a dominant trend for both individual users for personal data management as well as for enterprises wishing to exploit the cloud to limit investment and costs in IT. A fundamental challenge that arises when entities outsource data is the “loss of control over data”. The paper focuses on the privacy and confidentiality implications of loss of control. Techniques/mechanisms to ensure data confidentiality have been studied in the literature in the context of database as a service (DAS). The paper identifies new opportunities and challenges that arise in the context of the cloud. In particular, the paper advocates a risk-based approach to data security in the context of cloud computing.
This work has been funded through NSF grants CNS 118127, CNS 1212943, and CNS 1059436.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bagherzandi, A., Hore, B., Mehrotra, S.: Search over encrypted data. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 1088–1093. Springer, New York (2011)
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-Preserving Encryption, Cryptology ePrint Archive, Report 2009/251. http://eprint.iacr.org
Diallo, M.H., Hore, B., Chang, E.-C., Mehrotra, S., Venkatasubramanian, N.: CloudProtect: managing data privacy in cloud applications. In: 2012 IEEE Fifth International Conference on Cloud Computing, CLOUD, pp. 303–310 (2012)
Hybrid Cloud. The NIST Definition of Cloud Computing. National Institute of Science and Technology, Special, Publication, pp. 800–145 (2011)
Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD, pp. 216–227 (2002)
Hacigumus, H., Hore, B., Mehrotra, S.: Privacy of outsourced data. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 965–969. Springer, New York (2011)
Hacigumus, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: IEEE International Conference in Data Engineering (2002)
Hore, B., Mehrotra, S., Hacigmus, H.: Managing and querying encrypted data. In: Gertz, M., Jajodia, S. (eds.) Handbook of Database Security, pp. 163–190. Springer, New York (2008)
Lev-Ram, M.: Why Zynga loves the hybrid cloud. http://techfortune.cnn.com/2012/04/09/zynga-2/?iid=HP_LN (2012)
Mearian, L.: EMC’s Tucci sees hybrid cloud becoming de facto standard. http://www.computerworld.com/s/article/9216573/EMC_s_Tucci_sees_hybrid_cloud_becoming_de_facto_standard (2011)
Oktay, K.Y., Khadilkar, V., Hore, B., Kantarcioglu, M., Mehrotra, S., Thuraisingham, B.: Risk-aware workload distribution in hybrid clouds. In: IEEE CLOUD, pp. 229–236 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Mehrotra, S. (2014). Towards a Risk-Based Approach to Achieving Data Confidentiality in Cloud Computing. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2013. Lecture Notes in Computer Science(), vol 8425. Springer, Cham. https://doi.org/10.1007/978-3-319-06811-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-06811-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06810-7
Online ISBN: 978-3-319-06811-4
eBook Packages: Computer ScienceComputer Science (R0)