The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many sce- narios, this adoption could be hampered by possible con- cerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Espe- cially when the data are organized in objects, the application of an encryption layer is an interesting solution to this prob- lem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an ade- quate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of trans- parency for the applications, and integrate different options for the management of policy updates. Our implementa- tion and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.
(2016). Managing data sharing in OpenStack swift with over-encryption . Retrieved from http://hdl.handle.net/10446/80936
Managing data sharing in OpenStack swift with over-encryption
Bacis, Enrico;Foresti, Sara;Guttadoro, Daniele;Paraboschi, Stefano;Rosa, Marco;Samarati, Pierangela;Saullo, Alessandro
2016-01-01
Abstract
The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many sce- narios, this adoption could be hampered by possible con- cerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Espe- cially when the data are organized in objects, the application of an encryption layer is an interesting solution to this prob- lem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an ade- quate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of trans- parency for the applications, and integrate different options for the management of policy updates. Our implementa- tion and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.| File | Dimensione del file | Formato | |
|---|---|---|---|
|
bdfgprss-wiscs2016.pdf
accesso aperto
Versione:
publisher's version - versione editoriale
Licenza:
Licenza default Aisberg
Dimensione del file
1.49 MB
Formato
Adobe PDF
|
1.49 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo
