文档详细内容(约49页)
Security Challenges Can we reliably remove data from cloud? We don't want backups to exist after pre-defined time e.g.,to avoid future exposure due to data breach or error management of operators If an employee quits,we want to remove his/her data e.g.,to avoid legal liability >Cloud makes backup copies.We don't know if all backup copies are reliably removed. We need assured deletion: Data becomes inaccessible upon requests of deletion 6
6 Security Challenges � Can we reliably remove data from cloud? • We don’t want backups to exist after pre-defined time • e.g., to avoid future exposure due to data breach or error management of operators • If an employee quits, we want to remove his/her data • e.g., to avoid legal liability � Cloud makes backup copies. We don’t know if all backup copies are reliably removed. � We need assured deletion: • Data becomes inaccessible upon requests of deletion
Previous Work >Cryptographic protection on outsourced data storage [Ateniese et al.,SecureComm'08;Wang et al.,CCSW09] Require new protocol support on the cloud infrastructure >Security solutions compatible with existing cloud (e.g.,Cumulus,JungleDisk) [Yun et al.,CCSW09;Vrable et al.,ToS'09] No guarantees of reliable deletion of data 7
7 Previous Work �Cryptographic protection on outsourced data storage [Ateniese et al., SecureComm’08; Wang et al., CCSW’09] • Require new protocol support on the cloud infrastructure �Security solutions compatible with existing cloud (e.g., Cumulus, JungleDisk) [Yun et al., CCSW’09; Vrable et al., ToS’09] • No guarantees of reliable deletion of data
Previous Work Perlman's Ephemerizer INDSso7 目目…目⑧ A file is encrypted with a data key expiration date The data key is further encrypted with a time-based control key The control key is deleted when expiration time is reached The control key is maintained by a separate key manager (aka Ephemerizer) Weaknesses: Target only time-based assured deletion No fine-grained control of different file access policies ·No implementation 8
8 Previous Work � Perlman’s Ephemerizer [NDSS’07] • A file is encrypted with a data key • The data key is further encrypted with a time-based control key • The control key is deleted when expiration time is reached • The control key is maintained by a separate key manager (aka Ephemerizer) � Weaknesses: • Target only time-based assured deletion • No fine-grained control of different file access policies • No implementation expiration date … …
Previous Work >Vanish [USENIX'09] Divide the data key into many key shares Store key shares in nodes of a deployed P2P network Nodes remove key shares that reside in cache for 8 hours >Weaknesses: Time-based,no fine-grained control 9
9 Previous Work �Vanish [USENIX’09] • Divide the data key into many key shares • Store key shares in nodes of a deployed P2P network • Nodes remove key shares that reside in cache for 8 hours �Weaknesses: • Time-based, no fine-grained control
Our Work FADE:a secure overlay cloud storage system with file assured deletion >Design feature of FADE: work atop today's cloud as an overlay >Security features of FADE: Data confidentiality and integrity Fine-grained access control:files are accessible only when authorized Fine-grained file assured deletion:files are permanently inaccessible and unrecoverable based on policies Yang Tang,Patrick P.C.Lee,John C.S.Lui,Radia Perlman, "Secure Overlay Cloud Storage with File Assured Deletion",SecureComm 2010. 10
10 Our Work � Design feature of FADE: • work atop today’s cloud as an overlay � Security features of FADE: • Data confidentiality and integrity • Fine-grained access control: files are accessible only when authorized • Fine-grained file assured deletion: files are permanently inaccessible and unrecoverable based on policies FADE: a secure overlay cloud storage system with file assured deletion Yang Tang, Patrick P. C. Lee, John C. S. Lui, Radia Perlman, “Secure Overlay Cloud Storage with File Assured Deletion”, SecureComm 2010
