Vallum: Privacy, Confidentiality and Access Controlfor Sensitive Data in Cloud Environments
Research output: Contribution to book/Conference proceedings/Anthology/Report › Conference contribution › Contributed › peer-review
Contributors
Abstract
Managing sensitive data in shared environments such as public clouds is an enduring challenge. While several approaches exist to protect data at rest such as end-to-end encryption, there exist only a few solutions such as homomorphic encryption that offer secure data processing. Unfortunately, these solutions cannot be used in practice as they incur non-negligible run-time overheads and security risks. Moreover, as the majority of data management systems were designed to operate in private cloud environments, which are under the control of the data owner, they often lack appropriate mechanisms for access control as well as privacy assurance. In this paper we propose Vallum, a data access and protection layer that closes these gaps while enabling users to operate data management systems in shared environments such securely as public clouds. Vallum utilizes Intel SGX and remote attestation to ensure confidentiality and integrity of the data being stored and processed. Furthermore, it provides access protection and privacy assurance through a extensible architecture. Our performance evaluation indicates that the overhead introduced by Vallum makes it viable to be deployed in cloud infrastructures.
Details
Original language | English |
---|---|
Title of host publication | 2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) |
Place of Publication | Los Alamitos, CA, USA |
Publisher | IEEE Computer Society, Washington |
Pages | 103-110 |
Number of pages | 8 |
Publication status | Published - 1 Dec 2019 |
Peer-reviewed | Yes |
External IDs
Scopus | 85079062469 |
---|
Keywords
Research priority areas of TU Dresden
DFG Classification of Subject Areas according to Review Boards
Keywords
- authorisation, cloud computing, data protection, Vallum, Security, Privacy, Trusted-Execution-Environments, data protection layer, data privacy, cloud infrastructures, access protection, data access, privacy assurance, access control, private cloud environments, data management systems, shared environments, data confidentiality