How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
Presentazione pagano1
1. Using In-Memory Encrypted Databases on the Cloud Francesco (and Davide) Pagano [email_address] Department of Information Technology Università degli Studi di Milano - Italy
2.
3. Access control problem Cloud Platform Desktop Desktop controlled accesses for external users uncensored access for cloud provider
4. Privacy within the cloud: on the same side of the wall Presentation Layer privacy Data Layer performance
5. An agent-based approach Untrusted Synchronizer never holds plaintext data Local agent with local db
My name is Francesco Pagano and I come from University of Milan – Italy. Today, I present the paper “Handling Confidential Data on the Untrusted Cloud: an agent-based approach”, written with Prof. Ernesto Damiani from the same university.
The agenda of my speech: First, I'll analyze the issue of privacy in cloud computing, showing some classical solutions from literature. Then, I'll show an intrinsic problem that clears the effort of those solutions. Followed by a detailed presentation of our solution. Finally, it will be “question time”.
In cloud computing there is a clear distinction between the Platform, hosted in the cloud, and the clients, distributed in Internet. The clients access the outsourced data, stored in the Platform via applications, in the Cloud too. External user identification and access control are very well studied and diffused, so that EXTERNAL malicious users are easily stopped. But what about internal access? We don't want that Cloud Providers have access to our sensitive data!
The previous techniques ensure outsourced data integrity, but this is not enough since the data has a long way to go after the data layer. In a Java application, for example, it passes through JDBC, Hibernate, and so on, up to presentation layer. And at that level, certainly, data is clear text. An attacker can attack one of the weakest levels, for example, using aspect programming. <Click> So, for privacy, we have to move “presentation layer” to client side <click> but now data and presentation are divided. If we want performance <click> we have to move also data to client side <click>.
And this is our proposal. We suggest to atomize the couple application/database, providing a copy per user. Every instance runs locally, and maintains only authorized data that is replicated and synchronized among all authorized users. A centralized node hosts an untrusted Synchronizer which never holds plain-text data.
Each user has a local copy of his data. We use the term dossier to indicate a group of correlated informations such as a medical record or a court file. If 2 users can access the same dossier, each of them has a copy of the dossier. We suppose that only one user (called “the owner”) can modify the dossier.
The local nodes synchronize that data by a central repository that stores the updated records. To prevent this synchronizer to access the data, it is encrypted. The decryption keys, protected in the way that we will see later, are also stored into the synchronizer.