ABSTRACT
Inadvertent exposure of sensitive data is a major concern for potential cloud customers. Much focus has been on other data leakage vectors, such as side channel attacks, while issues of data disposal and assured deletion have not received enough attention to date. However, data that is not properly destroyed may lead to unintended disclosures, in turn, resulting in heavy financial penalties and reputational damage. In non-cloud contexts, issues of incomplete deletion are well understood. To the best of our knowledge, to date, there has been no systematic analysis of assured deletion challenges in public clouds.
In this paper, we aim to address this gap by analysing assured deletion requirements for the cloud, identifying cloud features that pose a threat to assured deletion, and describing various assured deletion challenges. Based on this discussion, we identify future challenges for research in this area and propose an initial assured deletion architecture for cloud settings. Altogether, our work offers a systematization of requirements and challenges of assured deletion in the cloud, and a well-founded reference point for future research in developing new solutions to assured deletion.
- A. Adams and M. A. Sasse. Users are not the enemy. Communications of the ACM, 42(12):40--46, 1999. Google ScholarDigital Library
- J. Arnold. OpenStack Swift: Using, Administering, and Developing for Swift Object Storage. O'Reilly Media, 2014. Google ScholarDigital Library
- G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provable data possession at untrusted stores. In Proceedings of the 14th ACM conference on Computer and communications security, pages 598--609. Acm, 2007. Google ScholarDigital Library
- M. Backes and F. Bendun. Poster: Forcing the cloud to forget by attesting data deletion.Google Scholar
- M. Barhamgi, A. K. Bandara, Y. Yu, K. Belhajjame, and B. Nuseibeh. On Protecting Privacy in the Cloud. IEEE Computer, 2016. Google ScholarDigital Library
- M. Barhamgi, A. K. Bandara, Y. Yu, K. Belhajjame, and B. Nuseibeh. Protecting privacy in the cloud: Current practices, future directions. Computer, 49(2):68--72, 2016. Google ScholarDigital Library
- A. F. Barsoum and M. A. Hasan. Provable possession and replication of data over cloud servers. Centre For Applied Cryptographic Research (CACR), University of Waterloo, Report, 32:2010, 2010.Google Scholar
- K. Benson, R. Dowsley, and H. Shacham. Do you know where your cloud files are? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pages 73--82. ACM, 2011. Google ScholarDigital Library
- K. D. Bowers, A. Juels, and A. Oprea. Proofs of retrievability: Theory and implementation. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages 43--54. ACM, 2009. Google ScholarDigital Library
- K. D. Bowers, M. Van Dijk, A. Juels, A. Oprea, and R. L. Rivest. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM conference on Computer and communications security, pages 501--514. ACM, 2011. Google ScholarDigital Library
- C. Cachin, K. Haralambiev, H.-C. Hsiao, and A. Sorniotti. Policy-based secure deletion. In Proc of the 2013 ACM SIGSAC conference on Computer & communications security, pages 259--270. ACM, 2013. Google ScholarDigital Library
- J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding your garbage: Reducing data lifetime through secure deallocation. In USENIX Security, pages 22--22, 2005. Google ScholarDigital Library
- R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In Proceedings of the 13th ACM conference on Computer and communications security, pages 79--88. ACM, 2006. Google ScholarDigital Library
- S. Diesburg, C. Meyers, M. Stanovich, M. Mitchell, J. Marshall, J. Gould, A.-I. A. Wang, and G. Kuenning. Trueerase: Per-file secure deletion for the storage data path. In Proceedings of the 28th Annual Computer Security Applications Conference, pages 439--448. ACM, 2012. Google ScholarDigital Library
- S. Diesburg, C. Meyers, M. Stanovich, A.-I. A. Wang, and G. Kuenning. Trueerase: Leveraging an auxiliary data path for per-file secure deletion. ACM Transactions on Storage (TOS), 12(4):18, 2016. Google ScholarDigital Library
- M. V. Dijk, A. Juels, and A. Oprea. Hourglass schemes: how to prove that cloud files are encrypted. Proceedings of the łdots, pages 265--280, 2012. Google ScholarDigital Library
- C. Dong, G. Russello, and N. Dulay. Shared and searchable encrypted data for untrusted servers. Journal of Computer Security, 19(3):367--397, 2011. Google ScholarCross Ref
- J. Fan and F. Vercauteren. Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive, 2012:144, 2012.Google Scholar
- T. Fifield, D. Fleming, A. Gentle, L. Hochstein, J. Proulx, E. Toews, and J. Topjian. OpenStack Operations Guide. O'Reilly Media, 2014. Google ScholarDigital Library
- A. A. Friedman and D. M. West. Privacy and security in cloud computing. Center for Technology Innovation at Brookings, 2010.Google Scholar
- S. Furnell. Why users cannot use security. Computers & Security, 24(4):274--279, 2005. Google ScholarDigital Library
- R. Geambasu, T. Kohno, A. A. Levy, and H. M. Levy. Vanish: Increasing data privacy with self-destructing data. In USENIX Security Symposium, pages 299--316, 2009. Google ScholarDigital Library
- G. Irazoqui, T. Eisenbarth, and B. Sunar. Sa: A shared cache attack that works across cores and defies vm sandboxing--and its application to aes. IEEE: Security & Privacy, 2015. Google ScholarDigital Library
- A. Juels and B. S. Kaliski Jr. Pors: Proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security, pages 584--597. Acm, 2007. Google ScholarDigital Library
- Ł. Krzywiecki and M. Kutyłowski. Proof of possession for cloud storage via lagrangian interpolation techniques. In Network and System Security, pages 305--319. Springer, 2012. Google ScholarDigital Library
- F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In 36th IEEE Symposium on Security and Privacy (S&P 2015), 2015. Google ScholarDigital Library
- Z. Mo, Q. Xiao, Y. Zhou, and S. Chen. On deletion of outsourced data in cloud computing. In 2014 IEEE 7th International Conference on Cloud Computing, pages 344--351. IEEE, 2014. Google ScholarDigital Library
- M. Naehrig, K. Lauter, and V. Vaikuntanathan. Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pages 113--124. ACM, 2011. Google ScholarDigital Library
- D. Ocean. Data leakage, 2013 (accessed May 14, 2015). https://www.digitalocean.com/company/blog/resolved-lvm-data-issue/.Google Scholar
- OpenStack. OpenStack High Availability, 2015 (accessed June 2, 2015). http://docs.openstack.org/high-availability-guide/content/ch-intro.html.Google Scholar
- OpenStack. OpenStack Official, 2015 (accessed June 2, 2015). http://www.openstack.org/.Google Scholar
- OpenStack. OpenStack Architecture, 2015 (accessed May 15, 2015). http://docs.openstack.org/openstack-ops/content/architecture.html.Google Scholar
- OpenStack. OpenStack: Data privacy concerns, 2015 (accessed May 15, 2015). http://docs.openstack.org/security-guide/content/data-privacy-concerns.html.Google Scholar
- OpenStack. OpenStack Image and Instances, 2015 (accessed May 2, 2015). http://docs.openstack.org/admin-guide-cloud/content/section_compute-images-and-instances.html.Google Scholar
- OpenStack. OpenStack Reaper, 2015 (accessed May 28, 2015). http://docs.openstack.org/developer/swift/overview_reaper.html.Google Scholar
- I. Papagiannis and P. Pietzuch. Cloudfilter: practical control of sensitive data propagation to the cloud. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, pages 97--102. ACM, 2012. Google ScholarDigital Library
- V. Pappas, V. P. Kemerlis, A. Zavou, M. Polychronakis, and A. D. Keromytis. Cloudfence: Data flow tracking as a cloud service. In Research in Attacks, Intrusions, and Defenses, pages 411--431. Springer, 2013. Google ScholarDigital Library
- R. Perlman. File system design with assured delete. In Third IEEE International Security in Storage Workshop (SISW'05), pages 6--pp. IEEE, 2005. Google ScholarDigital Library
- C. Priebe, D. Muthukumaran, D. O'Keeffe, D. Eyers, B. Shand, R. Kapitza, and P. Pietzuch. Cloudsafetynet: Detecting data leakage between cloud tenants. In Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security, pages 117--128. ACM, 2014. Google ScholarDigital Library
- A. Rahumed, H. C. Chen, Y. Tang, P. P. Lee, and J. C. Lui. A secure cloud backup system with assured deletion and version control. In Parallel Processing Workshops (ICPPW), 2011 40th International Conference on, pages 160--167. IEEE, 2011. Google ScholarDigital Library
- J. Reardon, D. Basin, and S. Capkun. Sok: Secure data deletion. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 301--315. IEEE, 2013. Google ScholarDigital Library
- J. Reardon, D. Basin, and S. Capkun. On secure data deletion. Security & Privacy, IEEE, 12(3):37--44, 2014.Google ScholarCross Ref
- J. Reardon, S. Capkun, and D. A. Basin. Data node encrypted file system: Efficient secure deletion for flash memory. In USENIX Security Symposium, pages 333--348, 2012. Google ScholarDigital Library
- J. Reardon, H. Ritzdorf, D. Basin, and S. Capkun. Secure data deletion from persistent media. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 271--284. ACM, 2013. Google ScholarDigital Library
- T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199--212. ACM, 2009. Google ScholarDigital Library
- N. Santos, K. P. Gummadi, and R. Rodrigues. Towards trusted cloud computing. HotCloud, 9:3--3, 2009. Google ScholarDigital Library
- A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. Venus: Verification for untrusted cloud storage. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pages 19--30. ACM, 2010. Google ScholarDigital Library
- S. W. Smith. Humans in the loop: Human-computer interaction and security. IEEE Security & privacy, 1(3):75--79, 2003. Google ScholarDigital Library
- Y. Tang, P. P. Lee, J. C. Lui, and R. Perlman. Fade: Secure overlay cloud storage with file assured deletion. In Security and Privacy in Communication Networks, pages 380--397. Springer, 2010.Google ScholarCross Ref
- M. Van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan. Fully homomorphic encryption over the integers. In Advances in cryptology--EUROCRYPT 2010, pages 24--43. Springer, 2010. Google ScholarDigital Library
- P. Van Liesdonk, S. Sedghi, J. Doumen, P. Hartel, and W. Jonker. Computationally efficient searchable symmetric encryption. In Workshop on Secure Data Management, pages 87--100. Springer, 2010. Google ScholarDigital Library
- G. J. Watson, R. Safavi-Naini, M. Alimomeni, M. E. Locasto, and S. Narayan. Lost: location based storage. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, pages 59--70. ACM, 2012. Google ScholarDigital Library
- A. Whitten and J. D. Tygar. Why johnny can't encrypt: A usability evaluation of pgp 5.0. In Usenix Security, volume 1999, 1999. Google ScholarDigital Library
Index Terms
- Assured Deletion in the Cloud: Requirements, Challenges and Future Directions
Recommendations
Enabling Assured Deletion in the Cloud Storage by Overwriting
SCC '16: Proceedings of the 4th ACM International Workshop on Security in Cloud ComputingIn the cloud storage, users lose direct control over their data. How to surely delete data in the cloud becomes a crucial problem for a secure cloud storage system. The existing way to this problem is to encrypt the data before outsourcing and destroy ...
Secure Overlay Cloud Storage with Access Control and Assured Deletion
We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and ...
Secure and effective assured deletion scheme with orderly overwriting for cloud data
AbstractDue to the characteristics of distribution and virtualization, cloud storage is providing almost limitless storage services. Many users choose to upload data to the cloud to reduce storage burden, but the confidentiality of data is also at risk. ...
Comments