An Architecture for Trusted PaaS Cloud Computing for Personal Data

  • Lorena González-Manzano
  • Gerd Brost
  • Matthias Aumueller
Chapter

Abstract

Cloud computing (CC) has gained much popularity. Large amounts of data, many of them personal, are consumed by CC services. Yet, data security and, derived from that, privacy are topics that are not satisfyingly covered. Especially usage control and data leakage prevention are open problems. We propose the development of a trusted Platform as a Service CC architecture that addresses selected Data security and privacy threats (Data breaches, Insecure interfaces and APIs, Malicious insiders of service providers and Shared technology vulnerabilities). Services that consume personal data and are hosted in the proposed architecture are guaranteed to handle these data according to users’ requirements. Our proof of concept shows the feasibility of implementing the presented approach.

Keywords

Cloud Computing Access Control Personal Data Access Control Policy Threat Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Achemlal, M., Gharout, S., Gaber, C.: Trusted platform module as an enabler for security in cloud computing. In: Network and Information Systems Security (SAR-SSI), 2011 Conference on, pp. 1–6. IEEE (2011)Google Scholar
  2. 2.
    Allard, T., Anciaux, N., Bouganim, L., Guo, Y., al. et: Secure personal data servers: a vision paper. Proceedings of the VLDB Endowment 3(1-2), 25–35 (2010)Google Scholar
  3. 3.
    Beato, F., Kohlweiss, M., Wouters, K.: Scramble! your social network data. In: Privacy Enhancing Technologies, pp. 211–225. Springer (2011)Google Scholar
  4. 4.
    Bertholon, B., Varrette, S., Bouvry, P.: Certicloud: a novel tpm-based approach to ensure cloud iaas security. In: Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 121–130. IEEE (2011)Google Scholar
  5. 5.
    Brodie, B.C., Taylor, D.E., Cytron, R.K.: A scalable architecture for high-throughput regularexpression pattern matching. In: ACM SIGARCH Computer Architecture News, vol. 34, pp. 191–202. IEEE Computer Society (2006)Google Scholar
  6. 6.
    Brown, A., Chase, J.S.: Trusted platform-as-a-service: a foundation for trustworthy cloudhosted applications. In: Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pp. 15–20. ACM (2011)Google Scholar
  7. 7.
    Chang, W., Streiff, B., Lin, C.: Efficient and extensible security enforcement using dynamic data flow analysis. In: Proceedings of the 15th ACM conference on Computer and communications security, pp. 39–50. ACM (2008)Google Scholar
  8. 8.
    Cheng, G., Ohoussou, A.: Sealed storage for trusted cloud computing. In: Computer Design and Applications (ICCDA), 2010 International Conference on, vol. 5, pp. V5–335. IEEE (2010)Google Scholar
  9. 9.
    Cloud Computer Alliance: The notorious nine cloud computing top threats in 2013 (2013)Google Scholar
  10. 10.
    Fritz, C.: Flowdroid: A precise and scalable data flow analysis for android. Master’s thesis, Technische universitat Darmstadt (2013)Google Scholar
  11. 11.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, vol. 37, pp. 193–206. ACM (2003)Google Scholar
  12. 12.
    Ghorbel, M., Aghasaryan, A., Betg´e-Brezetz, S., Dupont, M., Kamga, G., Piekarec, S.: Privacy data envelope: Concept and implementation. In: Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on, pp. 55–62. IEEE (2011)Google Scholar
  13. 13.
    Gonz´alez-Manzano, L., Gonz´alez-Tablas, A., de Fuentes, J., Ribagorda, A.: Security and Privacy Preserving in Social Networks, chap. User-Managed Access Control inWeb Based Social Networks. Springer (2013)Google Scholar
  14. 14.
    Kirkham, T., Winfield, S., Ravet, S., Kellomaki, S.: A personal data store for an internet of subjects. In: Information Society (i-Society), 2011 International Conference on, pp. 92–97. IEEE (2011)Google Scholar
  15. 15.
    Li, H., Sarathy, R., Xu, H.: Understanding situational online information disclosure as a privacy calculus. Journal of Computer Information Systems 51(1), 62 (2010)Google Scholar
  16. 16.
    Maniatis, P., Akhawe, D., Fall, K., Shi, E., McCamant, S., Song, D.: Do you know where your data are? secure data capsules for deployable data protection. In: Proc. 13th Usenix Conf. Hot Topics in Operating Systems (2011)Google Scholar
  17. 17.
    Mell, P., Grance, T.: The nist definition of cloud computing (draft). NIST special publication 800(145), 7 (2011)Google Scholar
  18. 18.
    Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on, pp. 377–382. IEEE (2003)Google Scholar
  19. 19.
    Papagiannis, I., Pietzuch, P.: Cloudfilter: practical control of sensitive data propagation to the cloud. In: Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, pp. 97–102. ACM (2012)Google Scholar
  20. 20.
    Pearson, S.: Taking account of privacy when designing cloud computing services. In: Software Engineering Challenges of Cloud Computing, 2009. CLOUD’09. ICSEWorkshop on, pp. 44– 52. IEEE (2009)Google Scholar
  21. 21.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing, pp. 3–3 (2009)Google Scholar
  22. 22.
    Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: A new abstraction for building trusted cloud services. In: Usenix Security (2012)Google Scholar
  23. 23.
    Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 43–46. ACM (2010)Google Scholar
  24. 24.
    Scowen, R.S.: Extended bnf-a generic base standard. Tech. rep., Technical report, ISO/IEC 14977. http://www.cl.cam.ac.uk/mgk25/iso-14977. pdf (1998)
  25. 25.
    Shi, E., Perrig, A., Van Doorn, L.: Bind: A fine-grained attestation service for secure distributed systems. In: Security and Privacy, 2005 IEEE Symposium on, pp. 154–168. IEEE (2005)Google Scholar
  26. 26.
    Sirer, E.G., de Bruijn, W., Reynolds, P., Shieh, A., Walsh, K., Williams, D., Schneider, F.B.: Logical attestation: an authorization architecture for trustworthy computing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 249–264. ACM (2011)Google Scholar
  27. 27.
    Takabi, H., Joshi, J.B.: Semantic–based policy management for cloud computing environments. International Journal of Cloud Computing 1(2), 119–144 (2012)CrossRefGoogle Scholar
  28. 28.
    Velten, M., Stumpf, F.: Secure and privacy-aware multiplexing of hardware-protected tpm integrity measurements among virtual machines. In: Information Security and Cryptology–ICISC 2012, pp. 324–336. Springer (2013)Google Scholar
  29. 29.
    Xin, S., Zhao, Y., Li, Y.: Property-based remote attestation oriented to cloud computing. In: Computational Intelligence and Security (CIS), 2011 Seventh International Conference on, pp. 1028–1032. IEEE (2011)Google Scholar
  30. 30.
    Xu, G., Borcea, C., Iftode, L.: Satem: Trusted service code execution across transactions. In: Reliable Distributed Systems, 2006. SRDS’06. 25th IEEE Symposium on, pp. 321–336. IEEE (2006)Google Scholar
  31. 31.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, pp. 1–9. IEEE (2010)Google Scholar
  32. 32.
    Yuan, E., Tong, J.: Attributed based access control (abac) for web services. In: Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on. IEEE (2005)Google Scholar
  33. 33.
    Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 203–216. ACM (2011)Google Scholar
  34. 34.
    Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: Tainteraser: protecting sensitive data leaks using application-level taint tracking. ACM SIGOPS Operating Systems Review 45(1), 142–154 (2011)CrossRefGoogle Scholar
  35. 35.
    Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Generation Computer Systems 28(3), 583–592 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Lorena González-Manzano
    • 1
  • Gerd Brost
    • 2
  • Matthias Aumueller
    • 2
  1. 1.University Carlos III of MadridLeganésSpain
  2. 2.Fraunhofer Research Institution for Applied and Integrated SecurityGarching Bei MünchenGermany

Personalised recommendations