Skip to main content
SpringerLink
Log in

Multi-cloud applications: data and code fragmentation for improved security

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

When deciding against outsourcing their data to the cloud, organizations often point to security as the primary reason. If cloud is not used as a passive storage only, but rather both the data and the code required for their processing are being outsourced, then the data privacy may get compromised in two ways: (i) in the storage if not being encrypted and (ii) during the processing through various execution-level attacks. Encrypting the data before outsourcing enhances their security while in the storage, but disables their processing in the cloud. On the other hand, if a cloud has the ability to decrypt the data before processing, then they remain vulnerable during the execution. In this paper, we present a paradigm for outsourcing both the data and the code to the cloud in a way that preserves data privacy, while still enabling their processing outside the organization. The paradigm leverages constraint-based data and code fragmentation and deploys these fragments to multiple independent computer clouds. We introduce several architectural patterns for secure computation in a multi-cloud environment, demonstrate the paradigm use, and examine introduced performance penalty on a simple application.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

The data sets generated and analyzed during the current study as well as the source code used for the experiments are available from the corresponding author on reasonable request.

References

  1. Mell, P.M., Grance, T.: The NIST Definition of Cloud Computing. Tech. rep., National Institute of Standards and Technology (2011)

  2. Jansen, W.: Cloud Hooks: security and privacy issues in cloud computing. In: 44th Hawaii International Conference on System Sciences, pp. 1–10. IEEE (2011)

  3. Modi, C., et al.: A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63(2), 561–592 (2013)

    Article  Google Scholar 

  4. Hashizume, K., et al.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 1–13 (2013)

    Article  Google Scholar 

  5. Kelbert, F., et al.: SecureCloud: secure big data processing in untrusted clouds. In: Design, Automation & Test in Europe Conference & Exhibition, pp. 282–285. IEEE (2017)

  6. AlZain, M.A., et al.: Cloud computing security: from single to multi-clouds. In: 45th Hawaii International Conference on System Sciences, pp. 5490–5499. IEEE (2012)

  7. Bernstein, D., et al.: Blueprint for the intercloud—protocols and formats for cloud computing interoperability. In: 4th International Conference on Internet and Web Applications and Services, pp. 328–336. IEEE (2009)

  8. Celesti, A., et al.: How to enhance cloud architectures to enable cross-federation. In: International Conference, pp. 337–345 (2010)

  9. Ciriani, V., et al.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. 13(3), 1–33 (2010)

    Article  Google Scholar 

  10. Raj, S., Arunkumar, B.: Enhanced encryption for light weight data in a multi-cloud system. In: Distributed and Parallel Databases, pp. 1–10 (2021)

  11. Abed, H.N., Mahmood, G.S., Hassoon, N.H.: A secure and efficient data distribution system in a multi-cloud environment. Malays. J. Sci. Adv. Technol. 9(3), 109–117 (2021)

    Article  Google Scholar 

  12. Hudic, A., et al.: Data confidentiality using fragmentation in cloud computing. Int. J. Pervas. Comput. Commun. 9(1), 37–51 (2012)

    Article  Google Scholar 

  13. Lovrencic, R., et al.: Security risk optimization for multi-cloud applications. In: International Conference on the Applications of Evolutionary Computation, pp. 659–669. Springer, Berlin (2020)

  14. Alam, B., Fadlullah, Z., Choudhury, S.: A resource allocation model based on trust evaluation in multi-cloud environments. IEEE Access 9, 105577–105587 (2021)

    Article  Google Scholar 

  15. Wu, S., et al.: ServeDB: secure, verifiable, and efficient range queries on outsourced database. In: 35th International Conference on Data Engineering, pp. 626–637. IEEE (2019)

  16. Emekci, F., et al.: Dividing secrets to secure data outsourcing. Inf. Sci. 263, 198–210 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  17. Xue, K., et al.: Two-cloud secure database for numeric-related SQL range queries with privacy preserving. IEEE Trans. Inf. Forensics Secur. 12(7), 1596–1608 (2017)

    Article  Google Scholar 

  18. Xiang, T., et al.: Processing secure, verifiable and efficient SQL over outsourced database. Inf. Sci. 348, 163–178 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  19. Wang, L., Yang, Z., Song, X.: SHAMC: a secure and highly available database system in multi-cloud environment. Futur. Gen. Comput. Syst. 105, 873–883 (2020)

    Article  Google Scholar 

  20. Poess, M., Nambiar, R.: TPC Benchmark H Standard Specification, tech. rep., Transaction Processing Performance Council (2010)

  21. Halevi, S., Shoup, V.: Algorithms in HElib. Advances in Cryptology, pp. 554–571. Springer, Berlin (2014)

  22. Chillotti, I., et al.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Advances in Cryptology, pp. 3–33. Springer, Berlin (2016)

  23. Chen, H., Laine, K., Player, R.: Simple encrypted arithmetic library—SEAL v2.1. In: International Conference on Financial Cryptography and Data Security, pp. 3–18. Springer, Berlin (2017)

  24. Cheon, J.H., et al.: Homomorphic encryption for arithmetic of approximate numbers. In: Advances in Cryptology, pp. 409–437. Springer, Berlin (2017)

  25. Crockett, E., Peikert, C., Sharp, C.: ALCHEMY: a language and compiler for homomorphic encryption made easy. In: Conference on Computer and Communications Security, pp. 1020–1037. ACM (2018)

  26. Peng, Z.: Danger of using fully homomorphic encryption: A look at Microsoft SEAL. ArXiv (2019)

  27. Van Dijk, M., Juels, A.: On the impossibility of cryptography alone for privacy preserving cloud computing. In: 5th USENIX Conference on Hot Topics in Security, USENIX Association, pp. 1–8 (2010)

  28. Mofrad, S., et al.: A comparison study of Intel SGX and AMD memory encryption technology. In: 7th International Workshop on Hardware and Architectural Support for Security and Privacy. Association for Computing Machinery, pp. 1–8 (2018)

  29. Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Tech. rep., University of Oxford (2014)

Download references

Acknowledgements

This research is co-sponsored by the European Regional Development Fund through a research Grant KK.01.2.1.01. 0109. We acknowledge the support of the Ministry of Economy of the Republic of Croatia as well as our research partners OROUNDO Mobile GmbH Austria and OROUNDO Mobile GmbH Subsidiary Croatia.

Author information

Authors and Affiliations

  1. University of Zagreb, Faculty of Electrical Engineering and Computing, Zagreb, Croatia

    Rudolf Lovrenčić & Dejan Škvorc

Authors
  1. Rudolf Lovrenčić
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dejan Škvorc
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rudolf Lovrenčić.

Ethics declarations

Conflict of interest

The authors have no competing interests to declare that are relevant to the content of this article.

Human and animal rights

We did not use animals and/or human participants in the study reported in this work.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lovrenčić, R., Škvorc, D. Multi-cloud applications: data and code fragmentation for improved security. Int. J. Inf. Secur. 22, 713–721 (2023). https://doi.org/10.1007/s10207-022-00658-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00658-8

Keywords

Search

Navigation