Vallum: Privacy, Confidentiality and Access Controlfor Sensitive Data in Cloud Environments
Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/Gutachten › Beitrag in Konferenzband › Beigetragen › Begutachtung
Beitragende
Abstract
Managing sensitive data in shared environments such as public clouds is an enduring challenge. While several approaches exist to protect data at rest such as end-to-end encryption, there exist only a few solutions such as homomorphic encryption that offer secure data processing. Unfortunately, these solutions cannot be used in practice as they incur non-negligible run-time overheads and security risks. Moreover, as the majority of data management systems were designed to operate in private cloud environments, which are under the control of the data owner, they often lack appropriate mechanisms for access control as well as privacy assurance. In this paper we propose Vallum, a data access and protection layer that closes these gaps while enabling users to operate data management systems in shared environments such securely as public clouds. Vallum utilizes Intel SGX and remote attestation to ensure confidentiality and integrity of the data being stored and processed. Furthermore, it provides access protection and privacy assurance through a extensible architecture. Our performance evaluation indicates that the overhead introduced by Vallum makes it viable to be deployed in cloud infrastructures.
Details
Originalsprache | Englisch |
---|---|
Titel | 2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) |
Erscheinungsort | Los Alamitos, CA, USA |
Herausgeber (Verlag) | IEEE Computer Society, Washington |
Seiten | 103-110 |
Seitenumfang | 8 |
Publikationsstatus | Veröffentlicht - 1 Dez. 2019 |
Peer-Review-Status | Ja |
Externe IDs
Scopus | 85079062469 |
---|
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
Schlagwörter
- authorisation, cloud computing, data protection, Vallum, Security, Privacy, Trusted-Execution-Environments, data protection layer, data privacy, cloud infrastructures, access protection, data access, privacy assurance, access control, private cloud environments, data management systems, shared environments, data confidentiality