Cloud storage services offer a variety of benefits that make them extremely attractive for the management of large amounts of data. These services, however, raise some concerns related to the proper protection of data that, being stored on servers of third party cloud providers, are no longer under the data owner control. The research and development community has addressed these concerns by proposing solutions where encryption is adopted not only for protecting data but also for regulating accesses. Depending on the trust assumption on the cloud provider offering the storage service, encryption can be applied at the server side, client side, or through an hybrid approach. In this book, for each of these three scenarios, we present a novel approach, supported by its implementation, for providing data-at-rest protection and efficient access control. First, we introduce and implement a novel hybrid approach, named EncSwift. EncSwift relies on client side encryption for protecting data-at-rest, and on server-side encryption to enforce efficient access revocation. Second, we introduce a novel technique, i.e., Mix&Slice, belonging to the family of all-or-nothing transforms (AONTs), and we present an interesting application of AONTs to Decentralized Cloud Storage (DCS) networks. Indeed, an AONT provides stronger security guarantees on the data it wraps, and it can be exploited for enforcing efficient access revocation without requiring the support of the cloud provider. Finally, we target efficient access control on data aggregations, when relying on a trusted provider. Indeed, despite the availability of information, situations like fragmented ownership and legal frameworks hinder data processing, requiring companies to design complex human-driven processes in order to gather, aggregate, and process data in a compliant way. We address this lack of automation with an access control mechanism extending the XACML policy language, and enforcing a novel decision process.

(2021). Data-at-Rest Protection and Efficient Access Control in the Cloud . Retrieved from http://hdl.handle.net/10446/200548

Data-at-Rest Protection and Efficient Access Control in the Cloud

Rosa, Marco
2021

Abstract

Cloud storage services offer a variety of benefits that make them extremely attractive for the management of large amounts of data. These services, however, raise some concerns related to the proper protection of data that, being stored on servers of third party cloud providers, are no longer under the data owner control. The research and development community has addressed these concerns by proposing solutions where encryption is adopted not only for protecting data but also for regulating accesses. Depending on the trust assumption on the cloud provider offering the storage service, encryption can be applied at the server side, client side, or through an hybrid approach. In this book, for each of these three scenarios, we present a novel approach, supported by its implementation, for providing data-at-rest protection and efficient access control. First, we introduce and implement a novel hybrid approach, named EncSwift. EncSwift relies on client side encryption for protecting data-at-rest, and on server-side encryption to enforce efficient access revocation. Second, we introduce a novel technique, i.e., Mix&Slice, belonging to the family of all-or-nothing transforms (AONTs), and we present an interesting application of AONTs to Decentralized Cloud Storage (DCS) networks. Indeed, an AONT provides stronger security guarantees on the data it wraps, and it can be exploited for enforcing efficient access revocation without requiring the support of the cloud provider. Finally, we target efficient access control on data aggregations, when relying on a trusted provider. Indeed, despite the availability of information, situations like fragmented ownership and legal frameworks hinder data processing, requiring companies to design complex human-driven processes in order to gather, aggregate, and process data in a compliant way. We address this lack of automation with an access control mechanism extending the XACML policy language, and enforcing a novel decision process.
File allegato/i alla scheda:
File Dimensione del file Formato  
CollanaSAFD_Volume36_2021.pdf

accesso aperto

Versione: publisher's version - versione editoriale
Licenza: Creative commons
Dimensione del file 3.95 MB
Formato Adobe PDF
3.95 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/200548
Citazioni
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact