Abstract
Cloud Computing is a technology with vast impact on IT systems. Costs can be significantly reduced through on demand purchase of CPU time, memory and storage, offering high flexibility. The main reason to avoid cloud technology still is security. This leads to a lack of trust in cloud services. Most cloud providers secure their systems only against external adversaries by using firewalls and secure connections. Internal adversaries, however, remain a big threat in this scenario. Especially when using mobile devices as clients, usable security with a low performance impact remains a challenge. In this paper, we present concepts for using software as a service with mobile devices while guaranteeing a high level of data protection. MimoSecco uses an innovative encryption scheme and hard to clone secure hardware to guarantee data protection. Top secret data is encrypted directly, processible confidential data is encrypted and fragmented by the database proxy and transferred to different servers. Context based access control makes the misuse of mobile devices for unauthorized data access difficult. These set of measures raises the privacy level of cloud computing significantly.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
S.D.C. Vimercati, S. Paraboschi, P. Samarati: Access Control: Principles and Solutions. Software—Practice and Experience, vol. 33, no. 5, 2003, p. 397-421.
M. Benantar: Mandatory-Access-Control Model. Access Control Systems: Security, Identity Management and Trust Models, 2006, p. 129-146.
B.W. Lampson: Protection. Operation Systems Review, vol. 1., no. 8, 1974, p. 18-24.
R.S. Sandhu, P. Samarati: Access control: principle and practice, Communications Magazine, IEEE, vol.32, no.9, Sept. 1994, p. 40-48.
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman: Role-based access control models. Computer, 29(2), 1996, p. 38-47.
A.K. Dey: Understanding and Using Context. Personal and Ubiquitous Computing Journal, vol. 5, no. 1, 2001, p. 3-7.
G. Chen, D. Kotz: A Survey of Context-Aware Mobile Computing Research. Technical Report TR2000-381, Department of Computer Science, Dartmouth College, Hanover, NH, USA, 2000.
O. Stiemerling, J. Hartung: Computer und Recht: Zeitschrift f¨ur die Praxis des Rechts der Informationstechnologien, K¨oln, 1/2012, p. 60-68.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Lehner, J., Oberweis, A., Schiefer, G. (2014). Data Protection in the Cloud - The MimoSecco Approach. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-12718-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12717-0
Online ISBN: 978-3-319-12718-7
eBook Packages: Computer ScienceComputer Science (R0)