Authors:
Kevin Foltz
and
William R. Simpson
Affiliation:
Institute for Defense Analyses, United States
Keyword(s):
Enterprise, Database, System Design, Confidentiality, Integrity, Enterprise Level Security, Homomorphic Encryption, Application Security, Security, Cloud Services, End-to-End Encryption, Key Management, Database Security.
Related
Ontology
Subjects/Areas/Topics:
Cloud Computing
;
Collaboration and e-Services
;
Computer-Supported Education
;
Data Engineering
;
Databases and Data Security
;
Databases and Information Systems Integration
;
e-Business
;
Enterprise Information Systems
;
Information Systems Analysis and Specification
;
Information Technologies Supporting Learning
;
Large Scale Databases
;
Mobile Software and Services
;
Non-Relational Databases
;
Ontologies and the Semantic Web
;
Security
;
Security and Privacy
;
Services Science
;
Software Agents and Internet Computing
;
Software Engineering
;
Software Engineering Methods and Techniques
;
Telecommunications
;
Web Services
;
Wireless Information Networks and Systems
Abstract:
Enterprise Level Security (ELS) is an approach to enterprise information exchange that provides strong security guarantees. It incorporates measures for authentication, encryption, access controls, credential management, monitoring, and logging. ELS has been adapted for cloud hosting using the Virtual Application Data Center (VADC) approach. However, a key vulnerability in placing unprotected data in the cloud is the database that stores each web application’s data. ELS puts controls on the end-to-end connection from requester to application, but an exploit of the back-end database can allow direct access to data and bypass ELS controls at the application. In a public cloud environment the data and web application may be vulnerable to insider attacks using direct hardware access, misconfiguration, and redirection to extract data. Traditional encryption can be used to protect data in the cloud, but it must be transferred out of the cloud and decrypted to perform processing, and then r
e-encrypted and sent back to the cloud. Homomorphic encryption offers a way to not only store encrypted data, but also perform processing directly on the encrypted values. This paper examines the current state of homomorphic encryption and its applicability to ELS.
(More)