ABSTRACT
In this paper, we focus on the problem of data privacy on the cloud, particularly on access controls over stream data. The nature of stream data and the complexity of sharing data make access control a more challenging issue than in traditional archival databases. We present Streamforce -- a system allowing data owners to securely outsource their data to an untrusted (curious-but-honest) cloud. The owner specifies fine-grained policies which are enforced by the cloud. The latter performs most of the heavy computations, while learning nothing about the data content. To this end, we employ a number of encryption schemes, including deterministic encryption, proxy-based attribute based encryption and sliding-window encryption. In Streamforce, access control policies are modeled as secure continuous queries, which entails minimal changes to existing stream processing engines, and allows for easy expression of a wide-range of policies. In particular, Streamforce comes with a number of secure query operators including Map, Filter, Join and Aggregate. Finally, we implement Streamforce over an open-source stream processing engine (Esper) and evaluate its performance on a cloud platform. The results demonstrate practical performance for many real-world applications, and although the security overhead is visible, Streamforce is highly scalable.
- Key-policy attribute-based encryption scheme implementation. http://www.cnsr.ictas.vt.edu/resources.html.Google Scholar
- Apache. S4 - distributed stream computing platform. incubator.apache.org/s4.Google Scholar
- N. Attrapadung. Revocation scheme for attribute-based encryption. RCIS Workshop, 2008.Google Scholar
- B. Carminati, E. Ferrari, J. Cao, and K. L. Tan. A framework to enforce access control over data streams. ACM ToIS, 2010.Google ScholarDigital Library
- G. P. Cheek and M. Shehab. Policy-by-example for online social networks. In SACMAT, 2012. Google ScholarDigital Library
- Yao Chen and Radu Sion. On securing untrusted clouds with cryptography. DEB, 2012.Google Scholar
- T. T. A. Dinh and A. Datta. The blind enforcer: on fine-grained access control enforcement on untrusted clouds. DEB, 2013.Google Scholar
- C. Dwork. Differential privacy. In ICALP, 2006. Google ScholarDigital Library
- Rault Castro Fernandez, Metteo Migliavacca, Evangelia Kalyvianaki, and Peter Pietzuch. Integrating scale out and fault toelerance in stream processing using operator state management. In SIGMOD, 2013. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In SOTC, 2009. Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In CCS'06, 2006. Google ScholarDigital Library
- M. Green, S. Hohenberger, and B. Waters. Outsourcing the decryption of abe ciphertexts. In USENIX Security, 2011. Google ScholarDigital Library
- M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: scalable secure file sharing on untrusted storage. In FAST, pages 29--42, 2003. Google ScholarDigital Library
- H. Lim, Y. Han, and S. Babu. How to fit when no one size fits. In CIDR, 2013.Google Scholar
- Y. Lu. Privacy-preserving logarithmic-time search on encrypted data in cloud. In NDSS, 2013.Google Scholar
- R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic access structures. In CCS'07, 2007. Google ScholarDigital Library
- R. A. Popa, N. Zeldovich, and H. Balakrishnan. Cryptdb: a practical encrypted relational dbms. Technical Report MIT-CSAIL-TR-2011-005, CSAIL, MIT, 2011.Google Scholar
- E. Shi, T. H. Chan, E. R. FxPal, R. Chow, and D. Song. Privacy-preserving aggregation of time-series data. In NDSS, 2011.Google Scholar
- S. Yu, C. Wang, K. Ren, and W. Lou. Achieving secure, scalable and fine-grained data access control in cloud computing. In INFOCOM, 2010. Google ScholarDigital Library
Index Terms
- Streamforce: outsourcing access control enforcement for stream data to the clouds
Recommendations
Towards secure outsourcing of collaborative sensing and analytic applications to the cloud - the pCloud approach
MCS '13: Proceedings of the First International Workshop on Middleware for Cloud-enabled SensingThe advent of cloud computing is driving a paradigm shift in the computing landscape. An increasing number of businesses and individuals are moving their data and computation to the cloud. While the benefits of cloud computing are numerous, security ...
An efficient signcryption for data access control in cloud computing
Data storage is one of main services in cloud computing. How to ensure the confidentiality and authorized access of data is the central issue of data storage. In this paper, we propose a novel data access control scheme that can simultaneously achieve ...
Distributed data stream processing and edge computing
Under several emerging application scenarios, such as in smart cities, operational monitoring of large infrastructure, wearable assistance, and Internet of Things, continuous data streams must be processed under very short delays. Several solutions, ...
Comments