The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many sce- narios, this adoption could be hampered by possible con- cerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Espe- cially when the data are organized in objects, the application of an encryption layer is an interesting solution to this prob- lem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an ade- quate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of trans- parency for the applications, and integrate different options for the management of policy updates. Our implementa- tion and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.

(2016). Managing data sharing in OpenStack swift with over-encryption . Retrieved from http://hdl.handle.net/10446/80936

Managing data sharing in OpenStack swift with over-encryption

Bacis, Enrico;Foresti, Sara;Guttadoro, Daniele;Paraboschi, Stefano;Rosa, Marco;Samarati, Pierangela;Saullo, Alessandro
2016-01-01

Abstract

The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many sce- narios, this adoption could be hampered by possible con- cerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Espe- cially when the data are organized in objects, the application of an encryption layer is an interesting solution to this prob- lem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an ade- quate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of trans- parency for the applications, and integrate different options for the management of policy updates. Our implementa- tion and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.
2016
Bacis, Enrico; De Capitani Di Vimercati, Sabrina; Foresti, Sara; Guttadoro, Daniele; Paraboschi, Stefano; Rosa, Marco; Samarati, Pierangela; Saullo, Alessandro
File allegato/i alla scheda:
File Dimensione del file Formato  
bdfgprss-wiscs2016.pdf

accesso aperto

Versione: publisher's version - versione editoriale
Licenza: Licenza default Aisberg
Dimensione del file 1.49 MB
Formato Adobe PDF
1.49 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/80936
Citazioni
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 0
social impact