Vallum: Privacy, Confidentiality and Access Controlfor Sensitive Data in Cloud Environments

Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/GutachtenBeitrag in KonferenzbandBeigetragenBegutachtung

Beitragende

Abstract

Managing sensitive data in shared environments such as public clouds is an enduring challenge. While several approaches exist to protect data at rest such as end-to-end encryption, there exist only a few solutions such as homomorphic encryption that offer secure data processing. Unfortunately, these solutions cannot be used in practice as they incur non-negligible run-time overheads and security risks. Moreover, as the majority of data management systems were designed to operate in private cloud environments, which are under the control of the data owner, they often lack appropriate mechanisms for access control as well as privacy assurance. In this paper we propose Vallum, a data access and protection layer that closes these gaps while enabling users to operate data management systems in shared environments such securely as public clouds. Vallum utilizes Intel SGX and remote attestation to ensure confidentiality and integrity of the data being stored and processed. Furthermore, it provides access protection and privacy assurance through a extensible architecture. Our performance evaluation indicates that the overhead introduced by Vallum makes it viable to be deployed in cloud infrastructures.

Details

OriginalspracheEnglisch
Titel2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)
ErscheinungsortLos Alamitos, CA, USA
Herausgeber (Verlag)IEEE Computer Society, Washington
Seiten103-110
Seitenumfang8
PublikationsstatusVeröffentlicht - 1 Dez. 2019
Peer-Review-StatusJa

Externe IDs

Scopus 85079062469

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium

Schlagwörter

  • authorisation, cloud computing, data protection, Vallum, Security, Privacy, Trusted-Execution-Environments, data protection layer, data privacy, cloud infrastructures, access protection, data access, privacy assurance, access control, private cloud environments, data management systems, shared environments, data confidentiality