STRATUS: Towards Returning Data Control to Cloud Users | SpringerLink
Skip to main content
Springer Nature Link
Log in

STRATUS: Towards Returning Data Control to Cloud Users

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9532))

  • 1875 Accesses

Abstract

When we upload or create data into the cloud or the web, we immediately lose control of our data. Most of the time, we will not know where the data will be stored, or how many copies of our files are there. Worse, we are unable to know and stop malicious insiders from accessing the possibly sensitive data. Despite being transferred across and within clouds over encrypted channels, data often has to be decrypted within the database for it to be processed. Exposing the data at some point in the cloud to a few privileged users is undoubtedly a vendor-centric approach, and hinges on the trust relationships data owners have with their cloud service providers. A recent example of the abuse of the trust relationship is the high-profile Edward Snowden case. In this paper, we propose a user-centric approach which returns data control to the data owners – empowering users with data provenance, transparency and auditability, homomorphic encryption, situation awareness, revocation, attribution and data resilience. We also cover key elements of the concept of user data control. Finally, we introduce how we attempt to address these issues via the New Zealand Ministry of Business Innovation and Employment (MBIE)-funded STRATUS (Security Technologies Returning Accountability, Trust and User-centric Services in the Cloud) research project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 11439
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 14299
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Goldman, D., Pagliery, J., Segall, L.: How celebrities’ nude photos get leaked. CNN Money (2014). http://money.cnn.com/2014/09/01/technology/celebrity-nude-photos/index.html?iid=EL. Accessed 7 September 2015

  2. Quenqua, D.: Guardians of Their Smiles. The New York Times (2009). http://www.nytimes.com/2009/10/25/fashion/25facebook.html. Accessed 7 September 2015

  3. Isidore, C., Goldman, D.: Ashley Madison hackers post millions of customer names. CNN Money (2015). http://money.cnn.com/2015/08/18/technology/ashley-madison-data-dump/. Accessed 7 September 2015

  4. Chen, A.: GCreep: Google Engineer Stalked Teens, Spied on Chats. GAWKER (2010). http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-on-chats. Accessed 7 September 2015

  5. Cloud Controls Matrix v3.0 Info Sheet (2013). https://downloads.cloudsecurityalliance.org/initiatives/ccm/CCM_v3_Info_Sheet.pdf. Accessed 7 September 2015

  6. Calder, A.: Information Security Based on ISO 27001/ISO 1779: A Management Guide. Van Haren Publishing, Zaltbommel (2006)

    Google Scholar 

  7. Morse, E.A., Raval, V.: PCI DSS: payment card industry data security standards in context. Comput. Law Secur. Rev. 24(6), 540–554 (2008)

    Article  Google Scholar 

  8. Alhazmi, O.H., Malaiya, Y.K.: Assessing disaster recovery alternatives: on-site, colocation or cloud. In: The IEEE 23rd International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 19–20 (2012)

    Google Scholar 

  9. Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P., Van der Merwe, J., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. In: Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing (HotCloud 2010), Berkeley, CA, USA (2010)

    Google Scholar 

  10. Ko, R.K.L., Jagadpramana, P., Mowbray, M.: TrustCloud - a framework for accountability and trust in cloud computing. In: IEEE 2nd Cloud Forum for Practitioners (ICFP 2011), pp. 1–5. IEEE, Washington DC (2011)

    Google Scholar 

  11. Ko, R.K.L., Kirchberg, M., Lee, B.S.: From system-centric to data-centric logging-Accountability, trust & security in cloud computing. In: Defense Science Research Conference and Expo (DSR), pp. 1–4 (2011)

    Google Scholar 

  12. Ko, R.K.L., Lee, B.S., Pearson, S.: Towards achieving accountability, auditability and trust in cloud computing. In: International Workshop on Cloud Computing: Architecture, Algorithms and Applications (CloudComp2011), pp. 5–18, Kochi, India (2011)

    Google Scholar 

  13. Tan, Y.S., Ko, R.K.L., Jagadpramana, P., et al.: Tracking of data leaving the cloud. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 137–144 (2012)

    Google Scholar 

  14. Zhang, O.Q., Ko, R.K.L., Kirchberg, M., Suen, C.H., Jagadpramana, P., Lee, B.S.: How to track your data: rule-based data provenance tracing algorithms. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1429–1437 (2012)

    Google Scholar 

  15. RACKSPACE Cloud Monitoring (2015). http://www.rackspace.com/cloud/monitoring/. Accessed 7 September 2015

  16. vRealize Hyperic (2015). http://www.vmware.com/products/vrealize-hyperic/. Accessed 7 September 2015

  17. HyTrust Products (2015). http://www.hytrust.com/products/. Accessed 7 September 2015

  18. Kim, G.H., Spafford, E.H.: Experiences with tripwire: using integrity checkers for intrusion detection. Purdue University Technical Reports (1994)

    Google Scholar 

  19. Ko, R.K.L., Jagadpramana, P., Lee, B.S.: Flogger: a file-centric logger for monitoring file access and transfers within cloud computing environments. In: 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 765–771 (2011)

    Google Scholar 

  20. Ko R.K.L., Goh G., Mather T., Jaini S., Lim R.: Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS) v1.0. Cloud Security Alliance (2011)

    Google Scholar 

  21. Popper, K.R.: The Logic of Scientific Discovery. Taylor and Francis Group, Routledge (1959)

    MATH  Google Scholar 

  22. American Bar Association.: Achieving Legal and Business Order in Cyberspace: A Report on Global Jurisdiction Issues Created by the Internet. The Business Lawyer, vol. 55, pp. 1801–1946 (2000)

    Google Scholar 

  23. Bradshaw, S., Millard, C., Walden, I.: Contracts for clouds: comparison and analysis of the terms and conditions of cloud computing services. Int. J. Law Inf. Technol. 19, 187–223 (2011)

    Article  Google Scholar 

  24. Hon, W.K., Millard, C., Walden, I.: Negotiating cloud contracts - looking at clouds from both sides Now. Queen Mary School of Law Legal Studies Research Paper (2012)

    Google Scholar 

  25. Regulation (EC) No 45/2001 of The European Parliament and of The Council. The European Parliament (2001)

    Google Scholar 

  26. Government of New Zealand. Summary Comparison with Overseas Jurisdictions (2010). http://www.consumeraffairs.govt.nz/legislation-policy/policy-reports-and-papers/discussion-papers/international-comparison-discussion-paper/part-2-summary-comparison-with-overseas-jurisdictions/. Accessed 7 September 2015

  27. Susanto, H., Almunawar, M.N., Tuan, Y.C.: Information security management system standards: a comparative study of the big five (2011)

    Google Scholar 

  28. Eyers, D., Russello, G.: Toward unified and flexible security policies enforceable within the cloud. In: Dowling, J., Taïani, F. (eds.) DAIS 2013. LNCS, vol. 7891, pp. 181–186. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  29. Dong, C., Russello, G., Dulay, N.: Shared and searchable encrypted data for untrusted servers. J. Comput. Secur. 19, 367–397 (2011)

    Article  Google Scholar 

  30. Russello, G., Dong, C., Dulay, N., Chaudron, M.R.V., van Steen, M.: Encrypted shared data spaces. In: Lea, D., Zavattaro, G. (eds.) COORDINATION 2008. LNCS, vol. 5052, pp. 264–279. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  31. Russello, G., Dong, C., Dulay, N., Chaudron, M.R.V., van Steen, M.: Providing data confidentiality against malicious hosts in shared data spaces. Sci. Comput. Program. 75, 426–439 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  32. Asghar, M.R., Ion, M., Russello, G., Crispo, B.: ESPOON: enforcing encrypted security policies in outsourced environments. In: ARES (2011)

    Google Scholar 

  33. Asghar, M.R., Ion, M., Russello, G., Crispo, B.: Securing data provenance in the cloud. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 145–160. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  34. Ion, M., Russello, G., Crispo, B.: An implementation of event and filter confidentiality in pub/sub systems and its application to e-health. In: ACM Conference on Computer and Communications Security (2010)

    Google Scholar 

  35. Ion, M., Russello, G., Crispo, B.: Providing confidentiality in content-based publish/subscribe systems. In: SECRYPT (2010)

    Google Scholar 

  36. Ion, M., Russello, G., Crispo, B.: Supporting publication and subscription confidentiality in pub/sub networks. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 272–289. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  37. Ion, M., Russello, G., Crispo, B.: Enforcing multi-user access policies to encrypted cloud databases. In: POLICY (2011)

    Google Scholar 

  38. Ion, M., Russello, G., Crispo, B.: Design and implementation of a confidentiality and access control solution for publish/subscribe systems. Comput. Netw. 56, 2014–2037 (2012)

    Article  Google Scholar 

  39. Bösch, C., Brinkman, R., Hartel, P., Jonker, W.: Conjunctive wildcard search over encrypted data. In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 114–127. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  40. Popa, R.A., Redfield, C.M.S., Zeldovich N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: SOSP (2011)

    Google Scholar 

  41. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy (2000)

    Google Scholar 

  42. Li, M., Yu, S., Cao, N., Lou, W.: Authorized private keyword search over encrypted data in cloud computing. In: 2011 31st International Conference on Distributed Computing Systems (ICDCS) (2011)

    Google Scholar 

  43. Rhee, H.S., Park, J.H., Susilo, W., Lee, D.H.: Trapdoor security in a searchable public-key encryption scheme with a designated tester. J. Syst. Softw. 83, 763–771 (2010)

    Article  Google Scholar 

  44. Yang, Y., Lu, H., Weng, J.: Multi-user private keyword search for cloud computing. In: 2011 IEEE Third International Conference on the Cloud Computing Technology and Science (CloudCom) (2011)

    Google Scholar 

  45. Zhu, B., Zhu, B., Ren, K.: PEKSrand: providing predicate privacy in public-key encryption with keyword search. In: ICC (2011)

    Google Scholar 

  46. Gentry, C.: A fully homomorphic encryption scheme. Stanford University (2009)

    Google Scholar 

  47. Naehrig M., Lauter K., Vaikuntanathan V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pp. 113–124 (2011)

    Google Scholar 

  48. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: ITCS (2012)

    Google Scholar 

  49. Gentry, C., Halevi, S., Smart, N.P.: Fully homomorphic encryption with polylog overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  50. Witten, I.H., Frank, E., Trig, L.E., Hall, M.A., Holmes, G., Cunningham, S.J.: Weka: practical machine learning tools and techniques with Java implementations (1999)

    Google Scholar 

  51. Nelson, R., Lawson, D., Lorier, P.: Analysis of long duration traces. ACM SIGCOMM Comput. Commun. Rev. 35, 45–52 (2005)

    Article  Google Scholar 

  52. Alcock, S., Nelson, R., Miles, D.: Investigating the impact of service provider NAT on residential broadband users (2010)

    Google Scholar 

  53. Lof, A., Nelson, R.: Comparing anomaly detection methods in computer networks. In: Fifth International Conference on Internet Monitoring and Protection (ICIMP), pp. 7–10 (2010)

    Google Scholar 

  54. Alcock, S., Lorier, P., Nelson, R.: Libtrace: a packet capture and analysis library. ACM SIGCOMM Comput. Commun. Rev. 42, 42–48 (2012)

    Article  Google Scholar 

  55. Cloud Security Alliance. The notorious nine: cloud computing top threats in 2013 (2013). https://cloudsecurityalliance.org/group/top-threats/. Accessed 7 September 2015

  56. Krautheim, F.J.: Private virtual infrastructure for cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing (2009)

    Google Scholar 

  57. Dr Dobbs Journal. SIEM: A Market Snapshot (2007). http://www.drdobbs.com/siem-a-market-snapshot/197002909. Accessed 7 September 2015

  58. Ko, R.K.L., Lee, S.S.G., Rajan, V.: Understanding cloud failures. IEEE Spectr. 49(12), 84 (2013)

    Google Scholar 

  59. Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, Upper Saddle River (2007)

    Google Scholar 

  60. Takanen, A., Demott, J.D., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance. Artech House, Norwood (2008)

    MATH  Google Scholar 

  61. THC.org. THC-IPV6 (2015). http://www.thc.org/thc-ipv6/. Accessed 7 September 2015

  62. Trend Micro. SecureCloud - Securing and Controlling Sensitive Data in the Cloud. SecureCloud (2015). http://www.trendmicro.com/us/enterprise/cloud-solutions/secure-cloud/index.html. Accessed 7 September 2015

  63. Aura Information Security (2012). Aura RedShield (2015). https://auraredshield.com/. Accessed 7 September 2015

  64. Bertino, E., Paci, F., Ferrini, R., Shang, N.: Privacy-preserving digital identity management for cloud computing. IEEE Data Eng. Bull. 32, 21–27 (2009)

    Google Scholar 

  65. Gopalakrishnan, A.: Cloud computing identity management. SETLabs Briefings 7, 45–54 (2009)

    Google Scholar 

  66. Celesti, A., Tusa, F., Villari, M., Puliafito, A.: Security and cloud computing: intercloud identity management infrastructure. In: The 19th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), pp. 263–265 (2010)

    Google Scholar 

  67. Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N., Mont, M.C., Pearson, S.: Defining consent and revocation policies. In: Proceedings of 2010 IFIP/PrimeLife Summer School (2010)

    Google Scholar 

  68. Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 261–270 (2010)

    Google Scholar 

  69. Mont, M.C., Sharma, V., Pearson, S.: EnCoRe: dynamic consent, policy enforcement and accountable information sharing within and across organisations. Technical report, HP Laboratories HPL-2012-36 (2012)

    Google Scholar 

  70. Pang, S.: Research and development on decentralized analytical methods for network traffics with regional information. Unitec-NICT Research Center on Computational Intelligence for CyberSecurity (2012)

    Google Scholar 

  71. Pang, S., Ban, T., Kadobayashi, Y., Kasabov, N.: LDA merging and splitting with applications to multi-agent cooperative learning and system alteration. IEEE Trans. Syst. Man Cybern. Part B. 42(2), 552–564 (2012)

    Article  Google Scholar 

  72. Wood, T., Gerber, A., Ramakrishnan, K., Van der Merwe, J., Shenoy, P.: The case for enterprise ready virtual private clouds. In: Proceedings of the Usenix Workshop on Hot Topics in Cloud Computing (HotCloud), San Diego, CA, USA (2009)

    Google Scholar 

  73. Citrix Systems Inc., Business Continuity (2015). https://www.citrix.com/solutions/business-continuity/overview.html. Accessed 7 September 2015

  74. Pokharel, M., Lee, S., Park, J.S.: Disaster recovery for system architecture using cloud computing. In: The 10th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), pp. 304–307 (2010)

    Google Scholar 

Download references

Acknowledgements

This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz), a science investment project funded by the New Zealand Ministry of Business, Innovation and Employment (MBIE).

Author information

Authors and Affiliations

  1. University of Waikato, 3240, Hamilton, New Zealand

    Ryan K. L. Ko, Richard Nelson, Sivadon Chaisiri & Geoffrey Holmes

  2. University of Auckland, 1142, Auckland, New Zealand

    Giovanni Russello, Gill Dobbie & Muhammad Rizwan Asghar

  3. Unitec Institute of Technology, 1025, Auckland, New Zealand

    Shaoning Pang & Abdolhossein Sarrafzadeh

  4. Cloud Security Alliance (Asia Pacific), Singapore, 247672, Singapore

    Aloysius Cheang

Authors
  1. Ryan K. L. Ko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giovanni Russello
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Richard Nelson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shaoning Pang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Aloysius Cheang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Gill Dobbie
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Abdolhossein Sarrafzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Sivadon Chaisiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Muhammad Rizwan Asghar
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Geoffrey Holmes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ryan K. L. Ko .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Guojin Wang

  2. Sch of Information Technologies, Sydney University, Sydney, New South Wales, Australia

    Albert Zomaya

  3. Department of Information and Commu, University of Murcia, Murcia, Murcia, Spain

    Gregorio Martinez

  4. Changsha, China

    Kenli Li

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ko, R.K.L. et al. (2015). STRATUS: Towards Returning Data Control to Cloud Users. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27161-3_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27160-6

  • Online ISBN: 978-3-319-27161-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation