Dynamic Allocation for Resource Protection in Decentralized Cloud Storage

Decentralized Cloud Storage (DCS) networks represent an interesting solution for data storage and management. DCS networks rely on the voluntary effort of a considerable number of (possibly untrusted) nodes, which may dynamically join and leave the network at any time. To profitably rely on DCS for data storage, data owners therefore need solutions that guarantee confidentiality and availability of their data. In this paper, we present an approach enabling data owners to keep data confidentiality and availability under control, limiting the owners intervention with corrective actions when availability or confidentiality is at risk. Our approach is based on the combined adoption of AONT (All-Or-Nothing-Transform) and fountain codes. It provides confidentiality of outsourced data also against malicious coalitions of nodes, and guarantees data availability even in case of node failures. Our experimental evaluation clearly shows the benefits of using fountain codes with respect to other approaches adopted by current DCS networks

Multi-Provider Secure Processing of Sensors Data

We describe the implementation of an approach for supporting secure query processing over sensors data in a multi-provider scenario. Our solution relies on the definition of authorizations regulating access to data according to three different visibility levels (no visibility, encrypted visibility, and plaintext visibility). Data processing is performed by multiple providers based on the restrictions imposed by authorizations, which may require to adjust data visibility on the fly. We describe the structure of the query optimizer and show how the operations of a computation can be assigned to different cloud providers to build an efficient, secure, and economical plan for collaborative data processing

Access Control Management for Secure Cloud Storage

With the widespread success and adoption of cloud-based solutions, we are witnessing an ever increasing reliance on external providers for storing and managing data. This evolution is greatly facilitated by the availability of solutions - typically based on encryption - ensuring the confidentiality of externally outsourced data against the storing provider itself. Selective application of encryption (i.e., with different keys depending on the authorizations holding on data) provides a convenient approach to access control policy enforcement. Effective realization of such policy-based encryption entails addressing several problems related to key management, access control enforcement, and authorization revocation, while ensuring efficiency of access and deployment with current technology. We present the design and implementation of an approach to realize policy-based encryption for enforcing access control in OpenStack Swift. We also report experimental results evaluating and comparing different implementation choices of our approach

Securing Resources in Decentralized Cloud Storage

Decentralized Cloud Storage services represent a promising opportunity for a different cloud market, meeting the supply and demand for IT resources of an extensive community of users. The dynamic and independent nature of the resulting infrastructure introduces security concerns that can represent a slowing factor towards the realization of such an opportunity, otherwise clearly appealing and promising for the expected economic benefits. In this paper, we present an approach enabling resource owners to effectively protect and securely delete their resources while relying on decentralized cloud services for their storage. Our solution combines All-Or-Nothing-Transform for strong resource protection, and carefully designed strategies for slicing resources and for their decentralized allocation in the storage network. We address both availability and security guarantees, jointly considering them in our model and enabling resource owners to control their setting

Mix&Slice: efficient access revocation in the Cloud

We present an approach to enforce access revocation on resources stored at external cloud providers. The approach relies on a resource transformation that provides strong mutual inter-dependency in its encrypted representation. To revoke access on a resource, it is then sufficient to update a small portion of it, with the guarantee that the resource as a whole (and any portion of it) will become unintelligible to those from whom access is revoked. The extensive experimental evaluation on a variety of configurations confirmed the effectiveness and efficiency of our solution, which showed excellent performance and compatibility with several implementation strategies

Protecting resources and regulating access in cloud-based object storage

Cloud storage services offer a variety of benefits that make them extremely attractive for the management of large amounts of data. These services, however, raise some concerns related to the proper protection of data that, being stored on servers of third party cloud providers, are no more under the data owner control. The research and development community has addressed these concerns by proposing solutions where encryption is adopted not only for protecting data but also for regulating accesses. Depending on the trust assumption on the cloud provider offering the storage service, encryption can be applied at the server side, client side, or through an hybrid approach. The goal of this chapter is to survey these encryption-based solutions and to provide a description of some representative systems that adopt such solutions

Distributed Shuffle Index in the Cloud: Implementation and Evaluation

The distributed shuffle index strengthens the guarantees of access confidentiality provided by the shuffle index through the distribution of data among three cloud providers. In this paper, we analyze architectural and design issues and describe an implementation of the distributed shuffle index integrated with different cloud providers (i.e., Amazon S3, OpenStack Swift, Google Cloud Storage, and EMC Elastic Cloud Storage). The experimental results obtained with our implementation confirm the protection guarantees provided by the distributed shuffle index and its limited performance overhead, demonstrating its practical applicability in cloud scenarios

Distributed shuffle index: Analysis and implementation in an industrial testbed

The protection of content confidentiality as well as of access and pattern confidentiality of data moved to the cloud have been recently the subject of several investigations. The distributed shuffle index addresses these issues by randomly partitioning data among three independent cloud providers. In this paper, we describe the implementation of the distributed shuffle index in the high-performance Dell EMC platform. We first illustrate the main characteristics of the industry testbed and then show the results of our experiments, confirming the limited performance overhead and the practical applicability of the distributed shuffle index in industrial environments

Managing data sharing in OpenStack Swift with Over-Encryption

The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many scenarios, this adoption could be hampered by possible concerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Especially when the data are organized in objects, the application of an encryption layer is an interesting solution to this problem, because it offers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an adequate support for key derivation and for managing policy evolution. We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of transparency for the applications, and integrate different options for the management of policy updates. Our implementation and experiments demonstrate the easy integration of the approach with existing cloud storage solutions

Avaliação de diferentes tubos de acesso para medição da umidade do solo através do uso de sonda de nêutrons.

bitstream/CNPAB-2010/27253/1/doc059.pd