research-article

Streamforce: outsourcing access control enforcement for stream data to the clouds

Authors:
Dinh Tien Tuan Anh

National University of Singapore, Singapore, Singapore

National University of Singapore, Singapore, Singapore
View Profile

,
Anwitaman Datta

Nanyang Technological University, Singapore, Singapore

Nanyang Technological University, Singapore, Singapore
View Profile

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacyMarch 2014Pages 13–24https://doi.org/10.1145/2557547.2557556

Published:03 March 2014Publication History

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

Pages 13–24

ABSTRACT

In this paper, we focus on the problem of data privacy on the cloud, particularly on access controls over stream data. The nature of stream data and the complexity of sharing data make access control a more challenging issue than in traditional archival databases. We present Streamforce -- a system allowing data owners to securely outsource their data to an untrusted (curious-but-honest) cloud. The owner specifies fine-grained policies which are enforced by the cloud. The latter performs most of the heavy computations, while learning nothing about the data content. To this end, we employ a number of encryption schemes, including deterministic encryption, proxy-based attribute based encryption and sliding-window encryption. In Streamforce, access control policies are modeled as secure continuous queries, which entails minimal changes to existing stream processing engines, and allows for easy expression of a wide-range of policies. In particular, Streamforce comes with a number of secure query operators including Map, Filter, Join and Aggregate. Finally, we implement Streamforce over an open-source stream processing engine (Esper) and evaluate its performance on a cloud platform. The results demonstrate practical performance for many real-world applications, and although the security overhead is visible, Streamforce is highly scalable.

References

Key-policy attribute-based encryption scheme implementation. http://www.cnsr.ictas.vt.edu/resources.html.Google Scholar
Apache. S4 - distributed stream computing platform. incubator.apache.org/s4.Google Scholar
N. Attrapadung. Revocation scheme for attribute-based encryption. RCIS Workshop, 2008.Google Scholar
B. Carminati, E. Ferrari, J. Cao, and K. L. Tan. A framework to enforce access control over data streams. ACM ToIS, 2010.Google ScholarDigital Library
G. P. Cheek and M. Shehab. Policy-by-example for online social networks. In SACMAT, 2012. Google ScholarDigital Library
Yao Chen and Radu Sion. On securing untrusted clouds with cryptography. DEB, 2012.Google Scholar
T. T. A. Dinh and A. Datta. The blind enforcer: on fine-grained access control enforcement on untrusted clouds. DEB, 2013.Google Scholar
C. Dwork. Differential privacy. In ICALP, 2006. Google ScholarDigital Library
Rault Castro Fernandez, Metteo Migliavacca, Evangelia Kalyvianaki, and Peter Pietzuch. Integrating scale out and fault toelerance in stream processing using operator state management. In SIGMOD, 2013. Google ScholarDigital Library
C. Gentry. Fully homomorphic encryption using ideal lattices. In SOTC, 2009. Google ScholarDigital Library
V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In CCS'06, 2006. Google ScholarDigital Library
M. Green, S. Hohenberger, and B. Waters. Outsourcing the decryption of abe ciphertexts. In USENIX Security, 2011. Google ScholarDigital Library
M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: scalable secure file sharing on untrusted storage. In FAST, pages 29--42, 2003. Google ScholarDigital Library
H. Lim, Y. Han, and S. Babu. How to fit when no one size fits. In CIDR, 2013.Google Scholar
Y. Lu. Privacy-preserving logarithmic-time search on encrypted data in cloud. In NDSS, 2013.Google Scholar
R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic access structures. In CCS'07, 2007. Google ScholarDigital Library
R. A. Popa, N. Zeldovich, and H. Balakrishnan. Cryptdb: a practical encrypted relational dbms. Technical Report MIT-CSAIL-TR-2011-005, CSAIL, MIT, 2011.Google Scholar
E. Shi, T. H. Chan, E. R. FxPal, R. Chow, and D. Song. Privacy-preserving aggregation of time-series data. In NDSS, 2011.Google Scholar
S. Yu, C. Wang, K. Ren, and W. Lou. Achieving secure, scalable and fine-grained data access control in cloud computing. In INFOCOM, 2010. Google ScholarDigital Library

Index Terms

Streamforce: outsourcing access control enforcement for stream data to the clouds
1. Security and privacy
  1. Database and storage security
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

Towards secure outsourcing of collaborative sensing and analytic applications to the cloud - the pCloud approach
MCS '13: Proceedings of the First International Workshop on Middleware for Cloud-enabled Sensing

The advent of cloud computing is driving a paradigm shift in the computing landscape. An increasing number of businesses and individuals are moving their data and computation to the cloud. While the benefits of cloud computing are numerous, security ...
Read More
An efficient signcryption for data access control in cloud computing

Data storage is one of main services in cloud computing. How to ensure the confidentiality and authorized access of data is the central issue of data storage. In this paper, we propose a novel data access control scheme that can simultaneously achieve ...
Read More
Distributed data stream processing and edge computing

Under several emerging application scenarios, such as in smart cities, operational monitoring of large infrastructure, wearable assistance, and Internet of Things, continuous data streams must be processed under very short delays. Several solutions, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy
March 2014
368 pages
ISBN:9781450322782
DOI:10.1145/2557547
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 March 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control
cloud computing
outsourced databases
stream processing
Qualifiers
- research-article
Conference

Acceptance Rates
CODASPY '14 Paper Acceptance Rate19of119submissions,16%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 9
  Total Citations
  View Citations
- 250
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Streamforce: outsourcing access control enforcement for stream data to the clouds

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

Towards secure outsourcing of collaborative sensing and analytic applications to the cloud - the pCloud approach

An efficient signcryption for data access control in cloud computing

Distributed data stream processing and edge computing