skip to main content
10.1145/3055259.3055265acmconferencesArticle/Chapter ViewAbstractPublication PagessccConference Proceedingsconference-collections
research-article

Reconciling Security and Functional Requirements in Multi-tenant Clouds

Published: 02 April 2017 Publication History

Abstract

End-to-end security in the cloud has gained even more importance after the outbreak of data breaches and massive surveillance programs around the globe last year. While the community features a number of cloud-based security mechanisms, existing solutions either provide security at the expense of the economy of scale and cost effectiveness of the cloud (i.e., at the expense of resource sharing and deduplication techniques), or they meet the latter objectives at the expense of security (e.g., the customer is required to fully trust the provider). In this paper, we shed light on this problem, and we analyze the challenges in reconciling security and functional requirements in existing multi-tenant clouds. We also explore the solution space to effectively enhance the current security offerings of existing cloud storage services. As far as we are aware, this is the first contribution which comprehensively explores possible avenues for reconciling the current cloud trends with end-to-end security requirements.

References

[1]
Armknecht, F., Bohli, J.-M., Karame, G. O., Liu, Z., and Reuter, C. A. Outsourced Proofs of Retrievability. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security (CCS) (2014).
[2]
Armknecht, F., Bohli, J.-M., Karame, G. O., and Youssef, F. Transparent data deduplication in the cloud. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2015), CCS '15, ACM, pp. 886--900.
[3]
Bellare, M., Keelveedhi, S., and Ristenpart, T. DupLESS: Server-aided Encryption for Deduplicated Storage. In Proceedings of the 22Nd USENIX Conference on Security (USENIX SEC) (2013), pp. 179--194.
[4]
Bellare, M., Keelveedhi, S., and Ristenpart, T. Message-Locked Encryption and Secure Deduplication. Springer Berlin Heidelberg, Berlin, Heidelberg, 2013, pp. 296--312.
[5]
Bosman, E., Razavi, K., Bos, H., and Giuffrida, C. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In Proceedings of the IEEE Symposium on Security and Privacy (2016).
[6]
Douceur, J. R., Adya, A., Bolosky, W. J., Simon, D., and Theimer, M. Reclaiming Space from Duplicate Files in a Serverless Distributed File System. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS) (2002).
[7]
Harnik, D., Pinkas, B., and Shulman-Peleg, A. Side channels in cloud services: Deduplication in cloud storage. In Proceedings of the 4th ACM International Wokshop on Storage Security and Survivability (StorageSS) (2008).
[8]
Juels, A., and Jr., B. S. K. PoRs: Proofs of Retrievability for large files. In Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2007), pp. 584--597.
[9]
Kurmus, A., Sorniotti, A., and Kapitza, R. Attack Surface Reduction for Commodity OS Kernels: Trimmed Garden Plants May Attract Less Bugs. In Proceedings of the European Workshop on System Security (2011), ACM.
[10]
Liu, J., Asokan, N., and Pinkas, B. Secure Deduplication of Encrypted Data Without Additional Independent Servers. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS) (2015), pp. 874--885.
[11]
Meyer, D. T., and Bolosky, W. J. A Study of Practical Deduplication. In Proceedings of the 9th USENIX Conference on File and Stroage Technologies (Berkeley, CA, USA, 2011), FAST'11, USENIX Association, pp. 1--1.
[12]
Onarlioglu, K., Mulliner, C., Robertson, W., and Kirda, E. PrivExec: Private Execution As an Operating System Service. In Proceedings of the IEEE Symposium on Security and Privacy (2013).
[13]
Puzio, P., Molva, R., Önen, M., and Loureiro, S. PerfectDedup: Secure data deduplication. In 10th International Workshop on Data Privacy Management (DPM) (2015).
[14]
Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In Proceedings of the ACM Conference on Computer and Communications Security (2009), ACM.
[15]
Shoshitaishvili, Y., Wang, R., Salls, C., Stephens, N., Polino, M., Dutcher, A., Grosen, J., Feng, S., Hauser, C., Kruegel, C., and Vigna, G. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In Proceedings of the Network and Distributed System Security Symposium (2016).
[16]
Song, C., Moon, H., Alam, M., Yun, I., Lee, B., Kim, T., Lee, W., and Paek, Y. HDFI: Hardware-Assisted Data-flow Isolation. In Proceedings of the IEEE Symposium on Security and Privacy (2016).
[17]
Soriente, C., Karame, G. O., Ritzdorf, H., Marinovic, S., and Capkun, S. Commune: Shared ownership in an agnostic cloud. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (New York, NY, USA, 2015), SACMAT '15, ACM, pp. 39--50.
[18]
Stanek, J., Sorniotti, A., Androulaki, E., and Kencl, L. A Secure Data Deduplication Scheme for Cloud Storage. In 18th International Conference on Financial Cryptography and Data Security (FC) (2014), pp. 99--118.
[19]
Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, Ú., Lozano, L., and Pike, G. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In USENIX Security Symposium (2014), USENIX Association.
[20]
Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., and Fullagar, N. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the IEEE Symposium on Security and Privacy (2009).

Cited By

View all
  • (2019)BULUT BİLİŞİMDE GÜVENLIK ZAFİYETLERİ, TEHDİTLERI VE BU TEHDİTLERE YÖNELİK GÜVENLİK ÖNERİLERİUluslararası Bilgi Güvenliği Mühendisliği Dergisi10.18640/ubgmd.5440545:1(8-34)Online publication date: 15-Jun-2019

Index Terms

  1. Reconciling Security and Functional Requirements in Multi-tenant Clouds

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SCC '17: Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing
    April 2017
    100 pages
    ISBN:9781450349703
    DOI:10.1145/3055259
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 02 April 2017

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. cloud security
    2. multi-tenancy
    3. resource isolation
    4. secure deduplication
    5. shared ownership

    Qualifiers

    • Research-article

    Funding Sources

    • European Union (EU) under the Information and Communication Technologies (ICT) theme of the Horizon 2020

    Conference

    ASIA CCS '17
    Sponsor:

    Acceptance Rates

    SCC '17 Paper Acceptance Rate 11 of 27 submissions, 41%;
    Overall Acceptance Rate 64 of 159 submissions, 40%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2019)BULUT BİLİŞİMDE GÜVENLIK ZAFİYETLERİ, TEHDİTLERI VE BU TEHDİTLERE YÖNELİK GÜVENLİK ÖNERİLERİUluslararası Bilgi Güvenliği Mühendisliği Dergisi10.18640/ubgmd.5440545:1(8-34)Online publication date: 15-Jun-2019

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media