Ari Juels
Abstract
Extending the data trust perimeter from the enterprise to the public cloud requires more than encryption.
- Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. A view of cloud computing. Commun. ACM 53, 4 (Apr. 2010), 50--58. Google Scholar
Digital Library
- Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., and Song, D. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, VA, Oct. 28--31). ACM Press, New York, 2007, 598--609. Google ScholarDigital Library
- Ateniese, G., Kamara, S., and Katz, J. Proofs of storage from homomorphic identification protocols. In Proceedings of the Conference on Advances in Cryptology Lecture Notes in Computer Science 5912 (Tokyo, Dec. 6--10). Springer, 2009, 319--333. Google ScholarDigital Library
- Baker, M., Shah, M., Rosenthal, D.S.H., Roussopoulos, M., Maniatis, P., Giuli, T, and Bungale, P. A fresh look at the reliability of long-term digital storage. In Proceedings of the European Conference on Computer Systems (Leuven, Belgium, Apr. 18--21). ACM Press, New York, 2006, 221--234. Google ScholarDigital Library
- Blumenthal, M. Is security lost in the cloud? Communications and Strategies 1, 81 (2011), 69--86.Google Scholar
- Bowers, K.D., Juels, A., and Oprea, A. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (Chicago, Nov. 9--13). ACM Press, New York, 2009, 187--198. Google ScholarDigital Library
- Bowers, K.D., van Dijk, M., Juels, A., Oprea, A., and Rivest, R.L. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM Conference on Computer and Communications Security (Chicago, Oct. 17--21). ACM Press, New York, 2011, 501--514. Google ScholarDigital Library
- Erway, C., Kupcu, A., Papamanthou, C., and Tamassia, R. Dynamic provable data possession. In Proceedings of the 16th ACM Conference on Computer and Communications Security (Chicago, Nov. 9--13). ACM Press, New York, 2009, 213--222. Google ScholarDigital Library
- European Parliament. Directive 95/46/EC of the European Parliament of the Council (Data Protection Directive), 1995; http://bit.ly/5eLDdiGoogle Scholar
- Gentry, C. Computing arbitrary functions of encrypted data. Commun. ACM 53, 3 (Mar. 2010), 97--105. Google ScholarDigital Library
- Helft, M. Google confirms problems with reaching its services. The New York Times (May 14, 2009); http://www.developmentguruji.com/news/99/Google-confirms-problems-with-reaching-its-services.htmlGoogle Scholar
- Juels, A. and Kaliski, B. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, VA, Oct. 28--31). ACM Press, New York, 2007, 584--597. Google ScholarDigital Library
- Kamara, S. and Lauter, K. Cryptographic cloud storage. In Proceedings of Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization, Lecture Notes in Computer Science 6054 (Tenerife, Canary Islands, Spain, Jan. 25--28). Springer, 2010, 136--149. Google ScholarDigital Library
- Kamara, S., Papamanthou, C., and Roeder, T. Cs2: A Searchable Cryptographic Cloud Storage System. Technical Report MSR-TR-2011-58. Microsoft, Redmond, WA, 2011.Google Scholar
- Oprea, A. and Reiter, M.K. Integrity checking in cryptographic file systems with constant trusted storage. In Proceedings of the 16th Usenix Security Symposium (Boston, Aug. 6--10). USENIX Association, Berkeley, CA, 2007, 183--198. Google ScholarDigital Library
- Patterson, D., Gibson, G., and Katz, R. A case for redundant arrays of inexpensive disks (RAID). SIGMOD Record 17, 3 (Sept. 1988), 109--116. Google ScholarDigital Library
- Popa, R.A., Redfield, C.M.S., Zeldovich, N., and Balakrishnan, H. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (Cascais, Portugal, Oct. 23--26). ACM Press, New York, 2011, 85--100. Google ScholarDigital Library
- Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (Chicago, Nov 9--13). ACM Press, New York, 2009, 199--212. Google ScholarDigital Library
- Schroeder, B. and Gibson, G. Disk failures in the real world: What does an MTTF of 1,000,000 hours mean to you? In Proceedings of the Fifth USENIX Conference on File and Storage Technologies (San Jose, CA, Feb. 13--16). USENIX Association, Berkeley, CA, 2007, 1--16. Google ScholarDigital Library
- Stefanov, E., van Dijk, M., Oprea, A., and Juels, A. Iris: A scalable cloud file system with efficient integrity checks. In Proceedings of the 28th Annual Computer Security Applications Conference (Orlando, FL, Dec. 3--7, 2012). Google ScholarDigital Library
- Stern, A. Update from Amazon regarding Friday S3 downtime. CenterNetworks, Feb. 16, 2008; http://www.centernetworks.com/amazon-s3-downtime-updateGoogle Scholar
- van Dijk, M. and Juels, A. On the impossibility of cryptography alone for privacy-preserving cloud computing. In Proceedings of the HOTSEC Workshop on Hot Topics in Security (Washington, D.C., Aug. 11--13). USENIX Association, Berkeley, CA, 2010. Google ScholarDigital Library
- Wingfield, N. Microsoft, T-Mobile stumble with Sidekick glitch. The Wall Street Journal (Oct. 11, 2009); http://online.wsj.com/article/SB10001424052748703790404574467431941990194.htmlGoogle Scholar
- Zhang, Y, Juels, A., Oprea, A., and Reiter, M.K. HomeAlone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the IEEE Symposium on Security and Privacy (Berkeley, CA, May 22--25). IEEE Computer Society Press, 2011, 313--328. Google ScholarDigital Library
Index Terms
- New approaches to security and availability for cloud data
Recommendations
Cloud Computing Security: Amazon Web Service
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication TechnologiesCloud Computing is a recently emerged model which is becoming popular among almost all enterprises. It involves the concept of on demand services which means using the cloud resources on demand and we can scale the resources as per demand. Cloud ...
Cloud computing security: challenges and future trends
Cloud computing is one of the most trendy terminologies. Cloud providers aim to satisfy clients' requirements for computing resources such as services, applications, networks, storage and servers. They offer the possibility of leasing these resources ...
Cloud computing security
Highlights We survey approaches to protecting data from a cloud infrastructure provider. We explain some difficulties with using fully homomorphic encryption for cloud computing applications. We describe a method in which in-browser key translation ...
Reviews
Eduardo B. Fernandez
Given the increasing popularity of cloud computing, it is important to provide the means to make its use as convenient and effective as possible. Two of the main concerns are security and availability, and this article introduces three aspects that contribute to improving the quality of these requirements. An interesting quality aspect of data, rarely mentioned, is freshness, ensuring that retrieved data always reflects the most recent updates. The first idea introduced is an authenticated file system intended for the secure migration of existing file systems that ensures their integrity and freshness. A second approach is to add an external entity acting on behalf of the customers to make sure the provider complies with predefined security policies. The final proposal involves a way to increase data availability by distributing copies of the data over several clouds. The article also mentions some topics that require more research, for example, control of confidentiality. Based on these ideas, the authors propose a security architecture for clouds. However, this architecture leaves out important aspects due to its narrow focus. Cloud security requires a holistic view of the complete architecture. For example, their proposed solution to confidentiality requires processing the data in encrypted form, a currently impractical approach. Why not use an authorization system__?__ Their definition of availability considers only system crashes and not denial-of-service attacks, another aspect needed in a commercial cloud. The article is clear and well organized, and should be of interest to those who study cloud system security. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments