Protecting Data and Queries in Cloud-Based Scenarios
Abstract
The availability of cloud services offered by different providers brings several advantages to users and companies, facilitating the storage, sharing, and processing of data. At the same time, the adoption of cloud services brings new security and privacy risks and challenges. As a matter of fact when leveraging cloud-based services for data storage and processing, data owners loose direct control on their data. Data and queries over them could then be at risk for both potentially improper exposure, compromising their confidentiality, or tampering, compromising their integrity. In this paper, we discuss the main issues to be addressed for guaranteeing data security and privacy in cloud-based storage and processing. We illustrate the different challenges to be considered and the research directions toward their solutions.
References
[1]
De Capitani di Vimercati S, Foresti S, Livraga G, and Samarati P Ryan P, Naccache D, and Quisquater J-J Practical techniques building on encryption for protecting and managing data in the cloud The new codebreakers 2016 Springer
[2]
Jhawar R and Piuri V Vacca J Fault tolerance and resilience in cloud computing environments Computer and information security handbook 2013 2 Morgan Kaufmann 125-141 978-0-1239-4397-2
[3]
Tang J, Cui Y, Li Q, Ren K, Liu J, and Buyya R Ensuring security and privacy preservation for cloud data services ACM CSUR 2016 49 1 1-39
[4]
Jhawar R, Piuri V. Fault tolerance management in IaaS clouds. In: Proc. of ESTEL, Rome, Italy, 2012; pp. 1–6.
[5]
De Capitani di Vimercati S, Foresti S, Livraga G, Piuri V, and Samarati P A fuzzy-based brokering service for cloud plan selection IEEE SJ 2019 13 4 4101-4109
[6]
De Capitani S, Foresti S, Livraga G, Piuri V, and Samarati P Supporting user requirements and preferences in cloud plan selection IEEE TSC 2021 14 1 274-285
[7]
De Capitani S, Foresti S, Livraga G, Piuri V, and Samarati P Security-aware data allocation in multicloud scenarios IEEE TDSC 2021 18 5 2456-2468
[8]
Garg S, Versteeg S, and Buyya R A framework for ranking of cloud computing services FGCS 2013 29 4 1012-1023
[9]
Li A, Yang X, Kandula S, Zhang M. CloudCmp: comparing public cloud providers. In: Proc. of ACM IMC, Melbourne, Australia 2010.
[10]
Jhawar R, Piuri V, Santambrogio M. A comprehensive conceptual system-level approach to fault tolerance in cloud computing. In: Proc. of SysCon, Vancouver, BC, Canada 2012.
[11]
Jhawar R, Piuri V, and Santambrogio M Fault tolerance management in cloud computing: a system-level perspective IEEE SJ 2013 7 2 288-297
[12]
De Capitani di Vimercati S, Foresti S, Livraga G, Samarati P. Supporting users in data outsourcing and protection in the cloud. In: Helfert M, Ferguson D, Munoz V, Cardoso J, editors. International Conference on Cloud Computing and Services Science. USA: Springer; 2017.
[13]
Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D. Provable data possession at untrusted stores. In: Proc. of ACM CCS, Alexandria, VA, USA; 2007.
[14]
Juels A, Kaliski B. PORs: Proofs of retrievability for large files. In: Proc. of ACM CCS, Alexandria, VA, USA; 2007.
[15]
De Capitani di Vimercati S, Erbacher R, Foresti S, Jajodia S, Livraga G, and Samarati P Aldini A, Lopez J, and Martinelli F Encryption and fragmentation for data confidentiality in the cloud Foundations of security analysis and design VII 2014 Springer
[16]
De Capitani di Vimercati S, Foresti S, Paraboschi S, Pelosi G, and Samarati P Ray I, Ray I, and Samarati P Access privacy in the cloud From database to cyber security 2018 Springer
[17]
Aggarwal G, Bawa M, Ganesan P, Garcia-Molina H, Kenthapadi K, Motwani R, Srivastava U, Thomas D, Xu Y. Two can keep a secret: A distributed architecture for secure database services. In: Proc. of CIDR, Asilomar, CA, USA. 2005.
[18]
Ciriani V, De Capitani S, Foresti S, Jajodia S, Paraboschi S, and Samarati P Combining fragmentation and encryption to protect privacy in data storage ACM TISSEC 2010 13 3 22-12233
[19]
Bacis E, De Capitani S, Foresti S, Paraboschi S, Rosa M, and Samarati P Securing resources in decentralized cloud storage IEEE TIFS 2020 15 1 286-298
[20]
Bacis E, De Capitani di Vimercati S, Foresti S, Paraboschi S, Rosa M, Samarati P. Mix &slice: efficient access revocation in the cloud. In: Proc. of CCS, Vienna, Austria; 2016.
[21]
Bacis E, De Capitani di Vimercati S, Foresti S, Paraboschi S, Rosa M, Samarati P. Dynamic allocation for resource protection in decentralized cloud storage. In: Proc. of GLOBECOM, Waikoloa, Hawaii, USA; 2019.
[22]
De Capitani S, Foresti S, Jajodia S, Paraboschi S, and Samarati P Encryption policies for regulating access to outsourced data ACM TODS 2010 35 2 1-46
[23]
Atallah M, Blanton M, Fazio N, and Frikken K Dynamic and efficient key management for access hierarchies ACM TISSEC 2009 12 3 18-11843
[24]
Zhang Y, Deng R, Xu S, Sun J, Li Q, and Zheng D Attribute-based encryption for cloud computing access control: a survey ACM CSUR 2020 53 4 1-41
[25]
De Capitani S, Foresti S, Jajodia S, Livraga G, Paraboschi S, and Samarati P Distributed query execution under access restrictions COSE 2023 127 1-18
[26]
De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Pelosi G, Samarati P. Encryption-based policy enforcement for cloud storage. In: Proc. of SPCC, Genova, Italy; 2010.
[27]
Zhao F, Nishide T, Sakurai K. Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems. In: Proc. of ISPEC, Guangzhou, China; 2011.
[28]
De Capitani di Vimercati S, Foresti S, Paraboschi S, Pelosi G, and Samarati P Shuffle index: efficient and private access to outsourced data ACM TOS 2015 11 4 1-55 Article 19
[29]
Samarati P Protecting respondents’ identities in microdata release IEEE TKDE 2001 13 6 1010-1027
[30]
De Capitani di Vimercati S, Facchinetti D, Foresti S, Oldani G, Paraboschi S, Rossi M, Samarati P. Scalable distributed data anonymization. In: Proc. of PerCom, Kassel, Germany (virtual); 2021.
[31]
De Capitani di Vimercati S, Facchinetti D, Foresti S, Oldani G, Paraboschi S, Rossi M, Samarati P. Artifact: Scalable distributed data anonymization. In: Proc. of PerCom, Kassel, Germany (virtual); 2021.
[32]
De Capitani di Vimercati S, Foresti S, Paraboschi S, Pelosi G, and Samarati P Three-server swapping for access confidentiality IEEE TCC 2018 6 2 492-505
[33]
Gentry C. Fully homomorphic encryption using ideal lattices. In: Proc. of STOC, Bethesda, MA, USA; 2009.
[34]
Li D, Lv S, Huang Y, Liu Y, Li T, Liu Z, and Guo L Frequency-hiding order-preserving encryption with small client storage PVLDB 2021 14 14 3295-3307
[35]
Poh G, Chin J, Yau W, Choo K, and Mohamad M Searchable symmetric encryption: designs and challenges ACM CSUR 2017 50 3 1-37
[36]
De Capitani di Vimercati S, Foresti S, and Samarati P Jajodia S, Kant K, Samarati P, Swarup V, and Wang C Selective and fine-grained access to data in the cloud Secure cloud computing 2014 Springer
[37]
Ceselli A, Damiani E, Capitani De, di Vimercati S, Jajodia S, Paraboschi S, and Samarati P Modeling and assessing inference exposure in encrypted databases ACM TISSEC 2005 8 1 119-152
[38]
Damiani E, De Capitani di Vimercati S, Jajodia S, Paraboschi S, Samarati P. Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of CCS, Washington, DC, USA; 2003.
[39]
Wang P, Ravishankar C. Secure and efficient range queries on outsourced databases using r-trees. In: Proc. of IEEE ICDE, Brisbane, Australia; 2013.
[40]
Wu Z and Li K VBTree: forward secure conjunctive queries over encrypted data for cloud computing VLDB J 2019 28 25-46
[41]
De Capitani di Vimercati S, Facchinetti D, Foresti S, Oldani G, Paraboschi S, Rossi M, Samarati P. Multi-dimensional indexes for point and range queries on outsourced encrypted data. In: Proc. of GLOBECOMM, Madrid, Spain; 2021.
[42]
Hore B, Mehrotra S, Canim M, and Kantarcioglu M Secure multidimensional range queries over outsourced data VLDB J 2012 21 3 333-358
[43]
De Capitani di Vimercati S, Foresti S, Jajodia S, Livraga G, Paraboschi S, Samarati P. Integrity for distributed queries. In: Proc. of CNS, San Francisco, CA, USA; 2014.
[44]
Devanbu P, Gertz M, Martel C, Stubblebine S. Authentic third-party data publication. In: Proc. of DBSec, Schoorl, The Netherlands; 2000.
[45]
De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Sassi R, and Samarati P Sentinels and twins: effective integrity assessment for distributed computation IEEE TPDS 2023 34 1 108-122
[46]
Guarnieri M and Basin D Optimal security-aware query processing PVLDB 2014 7 12 1307-18
[47]
Rizvi S, Mendelzon A, Sudarshan S, Roy P. Extending query rewriting techniques for fine-grained access control. In: Proc. of SIGMOD, Paris, France; 2004.
[48]
Amarilli A, Benedikt M. When can we answer queries using result-bounded data interfaces? In: Proc. of PODS, Houston, TX, USA; 2018.
[49]
Benedikt M, Leblay J, and Tsamoura E Querying with access patterns and integrity constraints PVLDB 2015 8 6 690-701
[50]
Agrawal R, Asonov D, Kantarcioglu M, Li Y. Sovereign joins. In: Proc. of ICDE, Atlanta, GA, USA; 2006.
[51]
De Capitani di Vimercati S, Foresti S, Jajodia S, Livraga G, Paraboschi S, and Samarati P An authorization model for query execution in the cloud The VLDB J 2022 31 3 555-579
[52]
De Capitani di Vimercati S, Foresti S, Jajodia S, Livraga G, Paraboschi S, Samarati P. Distributed query evaluation over encrypted data. In: Proc. of DBSec, Calgary, Canada (virtual); 2021.
Index Terms
- Protecting Data and Queries in Cloud-Based Scenarios
Index terms have been assigned to the content through auto-classification.
Recommendations
Policing as a Service in the Cloud
EIDWT '13: Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web TechnologiesSecurity and Privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for ...
Data Security and Privacy in the Cloud
ISPEC 2014: Proceedings of the 10th International Conference on Information Security Practice and Experience - Volume 8434Achieving data security and privacy in the cloud means ensuring confidentiality and integrity of data and computations, and protection from non authorized accesses. Satisfaction of such requirements entails non trivial challenges, as relying on external ...
Managing and accessing data in the cloud: Privacy risks and approaches
CRISIS '12: Proceedings of the 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)Ensuring proper privacy and protection of the information stored, communicated, processed, and disseminated in the cloud as well as of the users accessing such an information is one of the grand challenges of our modern society. As a matter of fact, the ...
Comments
Information & Contributors
Information
Published In
© The Author(s) 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 10 June 2023
Accepted: 26 April 2023
Received: 26 January 2023
Author Tags
Qualifiers
- Research-article
Funding Sources
- European Commission
- European Commission
- European Commission
- Ministero dell’Istruzione, dell’Università e della Ricerca
- Università degli Studi di Milano
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Dec 2024