Skip to main content
SpringerLink
Log in

Protecting Resources and Regulating Access in Cloud-Based Object Storage

  • Chapter
  • First Online:
From Database to Cyber Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11170))

Abstract

Cloud storage services offer a variety of benefits that make them extremely attractive for the management of large amounts of data. These services, however, raise some concerns related to the proper protection of data that, being stored on servers of third party cloud providers, are no more under the data owner control. The research and development community has addressed these concerns by proposing solutions where encryption is adopted not only for protecting data but also for regulating accesses. Depending on the trust assumption on the cloud provider offering the storage service, encryption can be applied at the server side, client side, or through an hybrid approach. The goal of this chapter is to survey these encryption-based solutions and to provide a description of some representative systems that adopt such solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/openstack/swift/blob/master/CHANGELOG.

  2. 2.

    http://specs.openstack.org/openstack/swift-specs/specs/in_progress/at_rest_encryption.html.

  3. 3.

    https://github.com/ibm-research/swift-keyrotate.

  4. 4.

    https://besafe.io/.

References

  1. A peer-to-peer cloud storage network, Storj Labs Inc. (2016). https://storj.io/storj.pdf

  2. Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)

    Article  Google Scholar 

  3. Bacis, E., et al.: Managing data sharing in OpenStack swift with over-encryption. In: Proceedings of the 3rd ACM Workshop on Information Sharing and Collaborative Security, Vienna, Austria, October 2016

    Google Scholar 

  4. Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Access control management for secure cloud storage. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds.) SecureComm 2016. LNICST, vol. 198, pp. 353–372. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59608-2_21

    Chapter  Google Scholar 

  5. Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Mix&slice: efficient access revocation in the cloud. In: Proceedings of the 23rd ACM Conference on Computer and Communication Security, Vienna, Austria, October 2016

    Google Scholar 

  6. Bacis, E., Rosa, M., Sajjad, A.: EncSwift and key management: an integrated approach in an industrial setting. In: Proceedings of the 3rd IEEE Workshop on Security and Privacy in the Cloud, Las Vegas, Nevada, October 2017

    Google Scholar 

  7. Björkqvist, M., et al.: Design and implementation of a key-lifecycle management system. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 160–174. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_14

    Chapter  Google Scholar 

  8. Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122

    Chapter  Google Scholar 

  9. Daryabar, F., Dehghantanha, A., Choo, K.K.R.: Cloud storage forensics: MEGA as a case study. Aust. J. Forensic Sci. 49(3), 344–357 (2017)

    Article  Google Scholar 

  10. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, Vienna, Austria, September 2007

    Google Scholar 

  11. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. 35(2), 12:1–12:46 (2010)

    Google Scholar 

  12. De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Selective and private access to outsourced data centers. In: Khan, S.U., Zomaya, A.Y. (eds.) Handbook on Data Centers, pp. 997–1027. Springer, New York (2015). https://doi.org/10.1007/978-1-4939-2092-1_33

    Chapter  Google Scholar 

  13. De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Practical techniques building on encryption for protecting and managing data in the cloud. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers. LNCS, vol. 9100, pp. 205–239. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49301-4_15

    Chapter  MATH  Google Scholar 

  14. Dropbox business security: A Dropbox whitepaper. https://cfl.dropboxstatic.com/static/business/resources/dfb_security_whitepaper-vfllunodj.pdf

  15. Ducatel, G., Daniel, J., Dimitrakos, T., El-Moussa, F.A., Rowlingson, R., Sajjad, A.: Managed security service distribution model. In: Proceedings of the 4th International Conference on Cloud Computing and Intelligence Systems, Beijing, China, August 2016

    Google Scholar 

  16. Filecoin: A decentralized storage network. protocol labs (2017). https://filecoin.io/filecoin.pdf

  17. Information regarding security and privacy by design at MEGA. https://mega.nz/help/client/webclient/security-and-privacy

  18. Jhawar, R., Piuri, V., Samarati, P.: Supporting security requirements for resource management in cloud computing. In: Proceedings of the 15th IEEE International Conference on Computational Science and Engineering, Paphos, Cyprus, December 2012

    Google Scholar 

  19. Jivanyan, A., Yeghiazaryan, R., Darbinyan, A., Manukyan, A.: Secure collaboration in public cloud storages. In: Baloian, N., Zorian, Y., Taslakian, P., Shoukouryan, S. (eds.) CRIWG 2015. LNCS, vol. 9334, pp. 190–197. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22747-4_15

    Chapter  Google Scholar 

  20. Samarati, P., De Capitani di Vimercati, S.: Cloud security: issues and concerns. In: Murugesan, S., Bojanova, I. (eds.) Encyclopedia on Cloud Computing. Wiley, Hoboken (2016)

    MATH  Google Scholar 

  21. Sia: Simple decentralized storage (2014). https://www.sia.tech/whitepaper.pdf

  22. Wilkinson, S., et al.: Storj - a peer-to-peer cloud storage network (2014). https://storj.io/storj.pdf

Download references

Acknowledgments

This work was supported in part by the EC within the H2020 under grant agreement 644579 (ESCUDO-CLOUD) and within the FP7 under grant agreement 312797 (ABC4EU).

Author information

Authors and Affiliations

  1. Università degli Studi di Bergamo, Bergamo, Italy

    Enrico Bacis, Stefano Paraboschi & Marco Rosa

  2. Università degli Studi di Milano, Milan, Italy

    Sabrina De Capitani di Vimercati, Sara Foresti & Pierangela Samarati

Authors
  1. Enrico Bacis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sara Foresti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stefano Paraboschi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marco Rosa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sabrina De Capitani di Vimercati .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Milano, Italy

    Pierangela Samarati

  2. Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Colorado State University, Fort Collins, CO, USA

    Indrakshi Ray

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P. (2018). Protecting Resources and Regulating Access in Cloud-Based Object Storage. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04834-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04833-4

  • Online ISBN: 978-3-030-04834-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation