Abstract
Security and privacy have turned out to be major challenges of the further Internet evolution in general and cloud computing, in particular. This paper proposes a novel approach as to how to safeguard against previously unimpeded insider attacks, referred to as Sealed Cloud. A canonical set of technical measures is described, which, in conjunction, sufficiently complicate and thus economically prevent insider access to unencrypted data. This paper shows the advantages versus end-to-end encryption relative to communication services. Another application of the Sealed Cloud, referred to as Sealed Freeze, provides a seminal solution to privacy issues pertaining to data retention.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: J. Kilian (ed.) Advances in Cryptology – CRYPTO ’01, volume 2139 of Lecture Notes in Computer Science, pp. 1–18. Springer (2001)
Brunette, G., Mogull, R., editors: Security Guidance for Critical Areas of focus in Cloud Computing v2.1. Cloud Security Alliance (2009)
Bryant, E.D., Atallah, M.J., Stytz, M.R.: A Survey of Anti-Tamper Technologies (2004). URL https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2004-55.pdf
Catteddu, D., Hogben, G., Perilli, A., Manieri, A., Algom, A., Rhoton, J., Rohr, M., Biran, O., Samani, R.: Cloud Computing: Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency (ENISA) (2009)
Dawoud, W., Takouna, I., Meinel, C.: Infrastructure as a Service Security: Challenges and Solutions. In Informatics and Systems (infos). In Informatics and Systems (INFOS), 2010 The 7th International Conference on Informatics and Systems (INFOS) p. 1 to 8 (2010)
Eckert, C.: Itk-Kompendium 2010. in: Marlene Neudörffer (Hrsg.), IT-Sicherheit der nächsten Generation – Herausforderungen und Entwicklungen, FAZ-Institut (2009)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a Virtual Machinebased Platform for Trusted Computing. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP’03 p. 193 to 206 (2003)
Gentry, C.: Computing Arbitrary Functions of Encrypted Data (2008). URL http://crypto.stanford.edu/craig/easy-fhe.pdf
Holmlund, L., Mucisko, D., Kimberland, K., Freyre, J.: 2010 Cybersecurity Watch Survey: Cybercrime Increasing Faster than some Company Defenses. Carnegie Mellon University, Software Engineering Institute, CERT Program (2010)
www.idgard.de (2013)
Jaeger, H.A., Monitzer, A.: Device for Generating a Virtual Network User. Patent application WO 2010/084017 (January 22nd 2009)
Keeney, M., Kowalski, E., Cappelli, D., Moore, A., Shimeall, T., Rogers, S.: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Carnegie Mellon University, Software Engineering Institute, CERT Program (2005)
Kroschwald, S.: Anwendung des Daten- und Geheimnisschutzrechts auf “betreibersichere” Clouds am Beispiel der “Sealed Cloud”. In: J. Taeger (ed.) Law as a Service (LaaS): Recht im Internet- und Cloud- Zeitalter, vol. 1, pp. 289–308. Oldenburger Verlag, Edewecht (2013)
Kroschwald, S., Wicker, M.: Kanzleien und Praxen in der Cloud - Strafbarkeit nach § 203 StGB. Computer und Recht 11, 758–764 (2012)
Leutheusser-Schnarrenberger, S.: Regelungsbedarf bei Cloud Computing in Kanzleien. AnwBl 2012 6, 477 (2012)
Mishra, S., Dhillon, G.: Defining Internal Control Objectives for Information Systems Security: A Value Focused Assessment. In: W. Golden, T. Acton, K. Conboy, H. van der Heijden, V.K. Tuunainen (eds.) 16th European Conference on Information Systems, pp. 1334–1345. Galway, Ireland (2008)
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. in Advances in Cryptology. EUROCRYPT’99, LNCS, Volume 1592 p. 223 to 238 (1999)
Santos, N., Gummadi, K.P., Rodrigues, R.: Infrastructure as a Service Security: Challenges and Solutions. In Informatics and Systems (infos). In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud’09, Berkeley, CA, USA (2009)
Smart, N.P., Vercauteren, F.: Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes. In Proceedings of the Conference on Practice and Theory in Public Key Cryptography (2010)
Syverson, P., Reed, M., Goldschlag, D.: Anonymous Connections and Onion Routing. Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA pp. 44–54 (1997) 34 Hubert A. Jäger, Arnold Monitzer, Ralf Rieken, Edmund Ernst, Khiem Dau Nguyen
Bundesministerium f¨urWirtschaft und Technologie (BMWi) Referat Entwicklung konvergenter IKT, D.Z.f.L.u.R.e.P.i.D.: Sichere Internet-Dienste – Sicheres Cloud Computing fu̇r Mittelstand und öffentlichen Sektor (Trusted Cloud). Ein Technologiewettbewerb des Bundesministeriums f¨ur Wirtschaft und Technologie, http://www.bmwi.de (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Jäger, H.A., Monitzer, A., Rieken, R., Ernst, E., Nguyen, K.D. (2014). Sealed Cloud - A Novel Approach to Safeguard against Insider Attacks. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-12718-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12717-0
Online ISBN: 978-3-319-12718-7
eBook Packages: Computer ScienceComputer Science (R0)