research-article

Controlling data in the cloud: outsourcing computation without outsourcing control

Authors:

Philippe Golle,

Markus Jakobsson,

Jessica Staddon,

Ryusuke Masuoka,

Jesus MolinaAuthors Info & Claims

CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security

Pages 85 - 90

https://doi.org/10.1145/1655008.1655020

Published: 13 November 2009 Publication History

Abstract

Cloud computing is clearly one of today's most enticing technology areas due, at least in part, to its cost-efficiency and flexibility. However, despite the surge in activity and interest, there are significant, persistent concerns about cloud computing that are impeding momentum and will eventually compromise the vision of cloud computing as a new IT procurement model. In this paper, we characterize the problems and their impact on adoption. In addition, and equally importantly, we describe how the combination of existing research thrusts has the potential to alleviate many of the concerns impeding adoption. In particular, we argue that with continued research advances in trusted computing and computation-supporting encryption, life in the cloud can be advantageous from a business intelligence standpoint over the isolated alternative that is more common today.

References

[1]

Amazon EC2 Crosses the Atlantic. http://aws.amazon.com/about-aws/whats-new/2008/12/10/amazon-ec2-crosses-the-atlantic/.

[2]

Amazon S3 Availability Event: July 20, 2008. http://status.aws.amazon.com/s3-20080720.html.

[3]

Amazon's terms of use. http://aws.amazon.com/agreement.

[4]

An Information-Centric Approach to Information Security. http://virtualization.sys-con.com/node/171199.

[5]

AOL apologizes for release of user search data. http://news.cnet.com/2100-1030_3-6102793.html.

[6]

Armbrust, M., Fox, A., Griffith, R. et al. Above the Clouds: A Berkeley View of Cloud Computing. UCB/EECS-2009-28, EECS Department, University of California, Berkeley, 2009.

[7]

Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Z., Peterson, and Song, D. Provable Data Possession at Untrusted Stores. In CCS. 2007.

Digital Library

[8]

Blue Cloud. http://www-03.ibm.com/press/us/en/pressrelease/26642.wss.

[9]

Boneh, B., Di Crescenzo, G., Ostrovsky, R., and Persiano, G. Public Key Encryption with Keyword Search. In EUROCRYPT. 2004.

[10]

Boneh, D and Waters, B. Conjunctive, Subset, and Range Queries on Encrypted Data. In The Fourth Theory of Cryptography Conference (TCC 2007), 2007.

Digital Library

[11]

Chor, B., Kushilevitz, E., Goldreich, O., and Sudan, M. Private Information Retrieval. J. ACM, 45, 6 (1998), 965--981.

Digital Library

[12]

CLOIDIFIN. http://community.zdnet.co.uk/blog/0,1000000567,2000625196b,00.htm?new_comment.

[13]

Cloud Bursts as Coghead Calls It Quits. http://blogs.zdnet.com/collaboration/?p=349.

[14]

Cloud computing: Don't get caught without an exit strategy. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128665&source=NLT_AM.

[15]

Disaster-Proofing The Cloud. http://www.forbes.com/2008/11/24/cio-cloud-disaster-tech-cio-cx_dw_1125cloud.html.

[16]

Don't cloud your vision. http://www.ft.com/cms/s/0/303680a6-bf51-11dd-ae63-0000779fd18c.html?nclick_check=1.

[17]

EMC, Information--Centric Security. http://www.idc.pt/resources/PPTs/2007/IT&Internet_Security/12.EMC.pdf.

[18]

End-User Privacy in Human-Computer Interaction. http://www.cs.cmu.edu/~jasonh/publications/fnt-end-user-privacy-in-human-computer-interaction-final.pdf.

[19]

ESG White Paper, The Information-Centric Security Architecture. http://japan.emc.com/collateral/analyst-reports/emc-white-paper-v4-4-21-2006.pdf.

[20]

Extended Gmail outage hits Apps admins. http://www.computerworld.com/action/article.do command=viewArticleBasic&articleId=9117322.

[21]

Facebook users suffer viral surge. http://news.bbc.co.uk/2/hi/technology/7918839.stm.

[22]

FlexiScale Suffers 18-Hour Outage. http://www.thewhir.com/web-hosting-news/103108_FlexiScale_Suffers_18_Hour_Outage.

[23]

FTC questions cloud-computing security. http://news.cnet.com/8301-13578_3-10198577-38.html?part=rss&subj=news&tag=2547-1_3-0-20.

[24]

Gentry, C. Fully Homomorphic Encryption Using Ideal Lattices. In STOC. 2009.

Digital Library

[25]

GoGrid API. http://www.gogrid.com/company/press-releases/gogrid-moves-api-specification-to-creativecommons.php.

[26]

Google Docs Glitch Exposes Private Files. http://www.pcworld.com/article/160927/google_docs_glitch_exposes_private_files.html.

[27]

Google's response to Google Docs concerns. http://googledocs.blogspot.com/2009/03/just-to-clarify.html.

[28]

How to Secure Cloud Computing. http://searchsecurity.techtarget.com/magOnline/0,sid14_gci1349550,00.html.

[29]

IT Cloud Services User Survey, pt.2: Top Benefits & Challenges. http://blogs.idc.com/ie/?p=210.

[30]

Latest cloud storage hiccups prompts data security questions. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130682&source=NLT_PM.

[31]

Lithuania Weathers Cyber Attack, Braces for Round 2. http://blog.washingtonpost.com/securityfix/2008/07/lithuania_weathers_cyber_attac_1.html.

[32]

Loss of customer data spurs closure of online storage service 'The Linkup'. http://www.networkworld.com/news/2008/081108-linkup-failure.html?page=1.

[33]

Narayanan, A. and Shmatikov, V. Robust De-anonymization of Large Sparse Datasets. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 2008.

Digital Library

[34]

Netflix Prize. http://www.netflixprize.com/.

[35]

Organizations urge Google to suspend GMail. http://www.privacyrights.org/ar/GmailLetter.htm.

[36]

Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf.

[37]

Salesforce.com Warns Customers of Phishing Scam. http://www.pcworld.com/businesscenter/article/139353/salesforcecom_warns_customers_of_phishing_scam.html.

[38]

Security Evaluation of Grid Environments. https://hpcrd.lbl.gov/HEPCybersecurity/HEP-Sec-Miller-Mar2005.ppt.

[39]

Security Guidance for Critical Areas of Focus in Cloud Computing. http://www.cloudsecurityalliance.org/guidance/csaguide.pdf.

[40]

Security issues with Google Docs. http://peekay.org/2009/03/26/security-issues-with-google-docs/.

[41]

Shen, E., Shi, E., and Waters, B. Predicate Privacy in Encryption Systems. In TCC. 2009.

Digital Library

[42]

Shi, E. Bethencourt, J., Chan, H., Song, D., and Perrig, A. Multi-Dimensional Range Query over Encrypted Data. In IEEE Symposium on Security and Privacy. 2007.

Digital Library

[43]

Song, D., Wagner, D., and Perrig, A. Practical Techniques for Searches on Encrypted Data. In IEEE Symposium on Research in Security and Privacy. 2000.

Digital Library

[44]

Storm clouds ahead. http://www.networkworld.com/news/2009/030209-soa-cloud.html?page=1.

[45]

Sweeney, L. Weaving technology and policy together. J. of Law, Medicine and Ethics, 25, 2--3 (1997).

[46]

Third Brigade. http://www.thirdbrigade.com.

[47]

VirtualPC vulnerability. http://www.microsoft.com/technet/security/bulletin/ms07--049.mspx.

[48]

VMWare vulnerability. http://securitytracker.com/alerts/2008/Feb/1019493.html.

[49]

Waters, B. and Shacham, H. Compact Proofs of Retrievability. In ASIACRYPT. 2008.

Digital Library

[50]

Why Google Apps is not being adopted. http://money.cnn.com/2008/08/19/technology/google_apps.fortune/index.htm.

[51]

Xen vulnerability. http://secunia.com/advisories/26986/.

Cited By

M. M. YK. G. FM. CL. C. O(2024)An Efficient Security Routing Protocol for Cloud-Based Networks Using Cisco Packet TracerBritish Journal of Computer, Networking and Information Technology10.52589/BJCNIT-OYIRLAUK7:2(49-67)Online publication date: 12-Jul-2024
https://doi.org/10.52589/BJCNIT-OYIRLAUK
Babu CSubhash SVignesh MJeyavasan TMuthumanikavel V(2024)Securing the CloudAnalyzing and Mitigating Security Risks in Cloud Computing10.4018/979-8-3693-3249-8.ch001(1-23)Online publication date: 5-Jan-2024
https://doi.org/10.4018/979-8-3693-3249-8.ch001
Hombal URangapura Basavaraju DShinde A(2024)Comparative research on block design-based protocol and blowfish for secured key generation and data sharing on cloudSoft Computing10.1007/s00500-024-09749-1Online publication date: 5-Jul-2024
https://doi.org/10.1007/s00500-024-09749-1
Show More Cited By

Index Terms

Controlling data in the cloud: outsourcing computation without outsourcing control
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Open Challenges in Security of Cloud Computing
BDAW '16: Proceedings of the International Conference on Big Data and Advanced Wireless Technologies

Cloud Computing has been on the rise with the advent of Internet of Things and the whole Big Data revolution. There a numerous Cloud Computing Service Providers to choose from. However, the major concern of Cloud Computing is the Security and Privacy ...
A Cloud-Manager-Based Re-Encryption Scheme for Mobile Users in Cloud Environment: a Hybrid Approach

Cloud computing is an emerging computing paradigm that offers on-demand, flexible, and elastic computational and storage services for the end-users. The small and medium-sized business organization having limited budget can enjoy the scalable services ...
Cloud Security Distributary Set (CSDS): A Policy-Based Framework to Define Multi-Level Security Structure in Clouds
COINS '19: Proceedings of the International Conference on Omni-Layer Intelligent Systems

Security challenges are the most important obstacles for the advancement of IT-based on-demand services and cloud computing as an emerging technology. In this paper, a structural policy management engine has been introduced to enhance the reliability of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security

November 2009

144 pages

ISBN:9781605587844

DOI:10.1145/1655008

Program Chairs:
Radu Sion
Stony Brook University, USA
,
Dawn Song
University of California, Berkeley, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

503
Total Citations
View Citations
12,132
Total Downloads

Downloads (Last 12 months)88
Downloads (Last 6 weeks)6

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

M. M. YK. G. FM. CL. C. O(2024)An Efficient Security Routing Protocol for Cloud-Based Networks Using Cisco Packet TracerBritish Journal of Computer, Networking and Information Technology10.52589/BJCNIT-OYIRLAUK7:2(49-67)Online publication date: 12-Jul-2024
https://doi.org/10.52589/BJCNIT-OYIRLAUK
Babu CSubhash SVignesh MJeyavasan TMuthumanikavel V(2024)Securing the CloudAnalyzing and Mitigating Security Risks in Cloud Computing10.4018/979-8-3693-3249-8.ch001(1-23)Online publication date: 5-Jan-2024
https://doi.org/10.4018/979-8-3693-3249-8.ch001
Hombal URangapura Basavaraju DShinde A(2024)Comparative research on block design-based protocol and blowfish for secured key generation and data sharing on cloudSoft Computing10.1007/s00500-024-09749-1Online publication date: 5-Jul-2024
https://doi.org/10.1007/s00500-024-09749-1
Gupta SPani SMuduli KVaish AKumar A(2023)Risk Managed Cloud Adoption: An ANP ApproachInternational Journal of Mathematical, Engineering and Management Sciences10.33889/IJMEMS.2023.8.1.0058:1(78-93)Online publication date: 1-Feb-2023
https://doi.org/10.33889/IJMEMS.2023.8.1.005
Pennekamp JDahlmanns MFuhrmann FHeutmann TKreppein AGrunert DLange CSchmitt RWehrle K(2023)Offering Two-way Privacy for Evolved Purchase InquiriesACM Transactions on Internet Technology10.1145/359996823:4(1-32)Online publication date: 17-Nov-2023
https://dl.acm.org/doi/10.1145/3599968
Veith BKrummacker DSchotten H(2023)The Road to Trustworthy 6G: A Survey on Trust Anchor TechnologiesIEEE Open Journal of the Communications Society10.1109/OJCOMS.2023.32442744(581-595)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2023.3244274
Zhang JWang YMa ZYang XYing ZMa J(2023)A Location-Aware Verifiable Outsourcing Data Aggregation in MultiblockchainsIEEE Internet of Things Journal10.1109/JIOT.2022.322155510:6(4783-4798)Online publication date: 15-Mar-2023
https://doi.org/10.1109/JIOT.2022.3221555
Maluleka SBudree AVan Belle J(2023)A Systematic Literature Review on South African Government to Harness Software as a Service for Enhanced E-Government2023 Ninth International Conference on eDemocracy & eGovernment (ICEDEG)10.1109/ICEDEG58167.2023.10121964(1-6)Online publication date: 3-Apr-2023
https://doi.org/10.1109/ICEDEG58167.2023.10121964
Ajith AMathew AS R(2023)A Brief Study on Cloud Security2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT56998.2023.10307757(1-7)Online publication date: 6-Jul-2023
https://doi.org/10.1109/ICCCNT56998.2023.10307757
Kumar SGupta SSingh A(2023)Cloud Privacy and Security-A Review Paper2023 5th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N)10.1109/ICAC3N60023.2023.10541674(1483-1488)Online publication date: 15-Dec-2023
https://doi.org/10.1109/ICAC3N60023.2023.10541674
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents