Silverline: Toward data confidentiality in storage-intensive cloud applications

Proceedings of the 2nd ACM Symposium on Cloud Computing, SOCC 2011

Volumn , Issue , 2011, Pages

  Puttaswamy, Krishna P N ^a   Kruegel, Christopher ^a   Zhao, Ben Y ^a  

^a University of California   (United States)

Author keywords

Cloud computing; Data confidentiality; Program analysis

Indexed keywords

AMAZON EC2; APPLICATION DATA; COMPLEX PROCESSES; DATA ACCESS; DATA CONFIDENTIALITY; DATA SHARING; DATA SUBSETS; ENCRYPTION KEY; HIGH AVAILABILITY; KEY COMPROMISE; KEY MANAGEMENT; OPERATOR ERROR; PROGRAM ANALYSIS; REAL APPLICATIONS; SENSITIVE APPLICATION; SENSITIVE DATAS; SOFTWARE BUG; USER DEVICES; WEB APPLICATION;

CLOUD COMPUTING; CLOUDS; CRYPTOGRAPHY; ERRORS; PROGRAM DEBUGGING;

SECURITY OF DATA;

EID: 82155187176     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2038916.2038926     Document Type: Conference Paper

References (53)

1. ABDALLA, M., ET AL. Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. Journal of Cryptology (2008).
2. AGRAWAL, R., IMIELI ŃSKI, T., AND SWAMI, A.Mining association rules between sets of items in large databases. Proc. of ACM SIGMOD (1993).
3. AMAZON. Amazon SimpleDB.
4. AMAZON. Nimbus health. http://aws.amazon.com/solutions/case-studies/ nimbus-health/.
5. AMAZON. Sharethis. http://aws.amazon.com/solutions/case-studies/ sharethis/.
6. AMAZON. Thread: Does amazon ec2 meet pci compliance guidelines?http:// developer.amazonwebservices.com/connect/message.jspa?messageID=139547.
7. ATENIESE, G., ET AL. Provable data possession at untrusted stores. In Proc. of ACM Conference on Computer and Communications Security (CCS) (2007).
8. BACKES, M., CACHIN, C., AND OPREA, A. Secure key-updating for lazy revocation. In Proc. of ESORICS (2006).
9. BADEN, R., BENDER, A., SPRING, N., BHATTACHARJEE, B., AND STARIN, D. Persona: An online social network with user defined privacy. In Proc. of SIGCOMM (2009).
10. BELLARE, M., CANETTI, R., AND KRAWCZYK, H. Keying hash functions for message authentication. In Proc. Of Annual International Conference on Cryptology (CRYPTO) (1996).
11. BONEH, D., DI CRESCENZO, G., OSTROVSKY, R., AND PERSIANO, G. Public key encryption with keyword search. In Advances in Cryptology-Eurocrypt 2004 (2004).
12. BONEH, D., AND WATERS, B. Conjunctive, subset, and range queries on encrypted data.
13. CACHIN, C., KEIDAR, I., AND SHRAER, A. Trusting the Cloud. ACM SIGACT News 40, 2 (2009).
14. CHANG, F., ET AL. Bigtable: A distributed storage system for structured data. In Proc. of Operating Systems Design and Implementation (OSDI) (2006).
15. CHANG, Y., AND MITZENMACHER, M. Privacy preserving keyword searches on remote encrypted data. In Applied Cryptography and Network Security (2005), Springer.
16. CHONG, S., LIU, J., MYERS, A. C., QI, X., VIKRAM, K., ZHENG, L., AND ZHENG, X. Secure web applications via automatic partitioning. In Proc. of ACM Symposium on Operating Systems Principles (SOSP) (Oct. 2007).
17. CIRCLEID. Survey: Cloud computing 'no hype', but fear of security and control slowing adoption. http://www.circleid.com/posts/ 20090226ficloudficomputingfihypefisecurity/.
18. CLAUSE, J., AND ORSO, A. Penumbra: automatically identifying failure-relevant inputs using dynamic tainting. In Proc. of ISSTA (2009).
19. DAMIANI, E., VIMERCATI, S., JAJODIA, S., PARABOSCHI, S., AND SAMARATI, P. Balancing confidentiality and efficiency in untrusted relational DBMSs. In Proc. of ACM Conference on Computer and Communications Security (CCS) (2003).
20. DOUCEUR, J. R. The Sybil attack. In Proc. of IPTPS (March 2002).
21. EMMI, M., MAJUMDAR, R., AND SEN, K. Dynamic test input generation for database applications. In Proc. of International Symposium on Software Testing and Analysis (ISSTA) (2007).
22. ERWAY, C., KUPCU, A., PAPAMANTHOU, C., AND TAMASSIA, R. Dynamic provable data possession. In Proc. of ACM Conference on Computer and Communications Security (CCS) (2009).
23. FU, K., KAMARA, S., AND KOHNO, T. Key regression: Enabling efficient key distribution for secure distributed storage. In Proc. of Network and Distributed System Security Symposium (NDSS) (February 2006).
24. GENTRY, C. A fully homomorphic encryption scheme. PhD thesis, Stanford, 2009. http://crypto.stanford.edu/craig.
25. GOLLE, P., STADDON, J., AND WATERS, B. Secure conjunctive keyword search over encrypted data. In Applied Cryptography and Network Security (2004).
26. HACIGUMUS, H., IYER, B., AND MEHROTRA, S. Providing database as a service. In Proc. of IEEE International Conference on Data Engineering (ICDE) (2002).
27. HAEBERLEN, A. A case for the accountable cloud. In Proc. of Workshop on Large Scale Distributed Systems and Middleware (LADIS) (2009).
28. JIM, T., SWAMY, N., AND HICKS, M. BEEP: Browser-enforced embedded policies. In Proc. of WWW (2007).
29. JUELS, A., AND KALISKI JR, B. PORs: Proofs of retrievability for large files. In Proc. of ACM Conference on Computer and Communications Security (CCS) (2007).
30. KATZ, J., SAHAI, A., AND WATERS, B. Predicate encryption supporting disjunctions, polynomial equations, and inner products. Proc. of EUROCRYPT 2008.
31. LI, J., KROHN, M., MAZIÈRES, D., AND SHASHA, D. Secure untrusted data repository (SUNDR). In Proc. Of Operating Systems Design and Implementation (OSDI) (2004).
32. MERKLE, R. A digital signature based on a conventional encryption function. In Proc. of Annual International Conference on Cryptology (CRYPTO) (1987).
33. MESSMER, E. Are security issues delaying adoption of cloud computing? http://www.networkworld.com/news/2009/042709-burning-security-cloud-computing. html.
34. MICROSOFT. Microsoft SQL Azure.
35. MOLNAR, D., AND SCHECHTER, S. Self Hosting vs. Cloud Hosting: Accounting for the security impact of hosting in the cloud. In Proceedings of the Ninth Workshop on the Economics of Information Security (2010).
36. MYERS, A., AND LISKOV, B. A decentralizedmodel for information flow control. In Proc. of ACM Symposium on Operating Systems Principles (SOSP) (1997), ACM.
37. MYERS, A., ZHENG, L., ZDANCEWIC, S., CHONG, S., AND NYSTROM, N. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif 2005 (2001).
38. NEWSOME, J., AND SONG, D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. of Network and Distributed System Security Symposium (NDSS) (2005).
39. RICCA, F., AND TONELLA, P. Analysis and testing of web applications. In Proc. of the International Conference on Software Engineering (ICSE) (2001).
40. RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. Hey, You, Get Off ofMy Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proc. of ACM Conference on Computer and Communications Security (CCS) (2009).
41. ROITER, N. How to secure cloud computing. http: //searchsecurity. techtarget.com/generic/ 0,295582,sid14figci1349550,00.html.
42. SANTOS, N., GUMMADI, K., AND RODRIGUES, R. Towards trusted cloud computing. Proc. of HotCloud (2009).
43. SHI, E. Evaluating Predicates over Encrypted Data. PhD thesis, PhD Thesis, Carnegie Mellon University, 2008.
44. SONG, D., WAGNER, D., AND PERRIG, A. Practical techniques for searches on encrypted data. In Proc. of Security and Privacy (2000).
45. SUÁREZ-CABAL, M., AND TUYA, J. Using an SQL coverage measurement for testing database applications. ACM SIGSOFT Software Engineering Notes 29, 6 (2004), 253-262. (Pubitemid 40787587)
46. VENEMA, W. Taint support for php. http://wiki.php.net/rfc/taint.
47. WASSERMANN, G., ET AL. Dynamic test input generation for web applications. In Proc. of International Symposium on Software Testing and Analysis (ISSTA) (2008).
48. WESTERVELT, R. Researchers say search, seizure protection may not apply to saas data. http://searchsecurity.techtarget.com/news/article/0,289142, sid14figci1363283,00.html.
49. WONDRACEK, G., COMPARETTI, P. M., KRUEGEL, C., AND KIRDA, E. Automatic network protocol analysis. In Proc. of Network and Distributed System Security Symposium (NDSS) (2008).
50. XU, W., BHATKAR, E., AND SEKAR, R. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proc. of USENIX Security Symposium (2006).
51. YIN, H., SONG, D., EGELE, M., KRUEGEL, C., AND KIRDA, E. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proc. of ACM Conference on Computer and Communications Security (CCS) (2007).
52. YIP, A., NARULA, N., KROHN, M., AND MORRIS, R. Privacy-preserving browser-side scripting with BFlow. In Proc. of EuroSys (2009).
53. ZELDOVICH, N., BOYD-WICKIZER, S., KOHLER, E., AND MAZIERES, D.Making information flow explicit inHiStar. In Proc. of Operating Systems Design and Implementation (OSDI) (2006).