CloudSec - Um Middleware para Compartilhamento de Informações Sigilosas em Nuvens Computacionais
Abstract
The need to share and manipulate sensitive data is a challenge for most content providers using the cloud for storage. However, developing applications that guarantee confidentiality in the cloud are complex and require integration of multiple aspects of security and interoperability. To circumvent these challenges, this paper aims to propose a middleware architecture to ensure secure sharing of documents using public cloud providers for data storage and hardware secure modules for cryptographic key management. This work has as main features: the use of identity-based encryption, use of hybrid clouds, simplified management of cryptographic keys, peer-to-peer security assurance and use of cryptographic security modules.
References
Bessani, A., Correia, M., Quaresma, B., André, F., and Sousa, P. (2011). Depsky: dependable and secure storage in a cloud-of-clouds. In Proceedings of the sixth conference on Computer systems, pages 31–46. ACM.
Boneh, D. and Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in Cryptology CRYPTO 2001, pages 213–229. Springer.
de Souza, R. L. (2014). Um Middleware para Compartilhamento de Documentos Sigilosos em Nuvens Computacionais. Master’s thesis, Departamento de Informática e Estatística, Universidade Federal de Santa Catarina.
Hess, F. (2003). Efficient identity based signature schemes based on pairings. In Selected Areas in Cryptography, pages 310–324. Springer.
Itani, W., Kayssi, A., and Chehab, A. (2009). Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures. In International Conference on Dependable, Autonomic and Secure Computing, pages 711–716. IEEE.
Jansen, W. and Grance, T. (2011). Guidelines on security and privacy in public cloud computing. NIST special publication, pages 800–144.
Jung, T., Li, X.-Y., Wan, Z., and Wan, M. (2013). Privacy preserving cloud data access with multi-authorities. In IEEE INFOCOM.
Kate, A., Huang, Y., and Goldberg, I. (2012). Distributed key generation in the wild. IACR Cryptology ePrint Archive, 2012:377.
Lynn, B. (Novembro, 2013). The pairing-based cryptography (pbc) library. Available on http://crypto.stanford.edu/pbc.
Padilha, R. and Pedone, F. (2011). Belisarius: Bft storage with confidentiality. In Network Computing and Applications (NCA), 2011 10th IEEE International Symposium on, pages 9–16. IEEE.
Pearson, S., Shen, Y., and Mowbray, M. (2009). A privacy manager for cloud computing. In Cloud Computing, pages 90–106. Springer.
Plank, J. S., Simmerman, S., and Schuman, C. D. (2008). Jerasure: A library in c/c++ facilitating erasure coding for storage applications-version 1.2. University of Tennessee, Tech. Rep. CS-08-627, 23.
Ruj, S., Nayak, A., and Stojmenovic, I. (2011). Dacc: Distributed access control in clouds. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on, pages 91–98. IEEE.
Singh, Y., Kandah, F., and Zhang, W. (2011). A secured cost-effective multi-cloud storage in cloud computing. In Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on, pages 619–624. IEEE.
Yang, K., Jia, X., and Ren, K. (2012a). Dac-macs: Effective data access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive, 2012:419.
Yang, K., Liu, Z., Cao, Z., Jia, X., Wong, D. S., and Ren, K. (2012b). Taac: Temporal attribute-based access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive, 2012:651.
Zhou, L., Varadharajan, V., and Hitchens, M. (2011). Enforcing role-based access control for secure data storage in the cloud. The Computer Journal, 54(10):1675–1687.
Boneh, D. and Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in Cryptology CRYPTO 2001, pages 213–229. Springer.
de Souza, R. L. (2014). Um Middleware para Compartilhamento de Documentos Sigilosos em Nuvens Computacionais. Master’s thesis, Departamento de Informática e Estatística, Universidade Federal de Santa Catarina.
Hess, F. (2003). Efficient identity based signature schemes based on pairings. In Selected Areas in Cryptography, pages 310–324. Springer.
Itani, W., Kayssi, A., and Chehab, A. (2009). Privacy as a service: Privacy-aware data storage and processing in cloud computing architectures. In International Conference on Dependable, Autonomic and Secure Computing, pages 711–716. IEEE.
Jansen, W. and Grance, T. (2011). Guidelines on security and privacy in public cloud computing. NIST special publication, pages 800–144.
Jung, T., Li, X.-Y., Wan, Z., and Wan, M. (2013). Privacy preserving cloud data access with multi-authorities. In IEEE INFOCOM.
Kate, A., Huang, Y., and Goldberg, I. (2012). Distributed key generation in the wild. IACR Cryptology ePrint Archive, 2012:377.
Lynn, B. (Novembro, 2013). The pairing-based cryptography (pbc) library. Available on http://crypto.stanford.edu/pbc.
Padilha, R. and Pedone, F. (2011). Belisarius: Bft storage with confidentiality. In Network Computing and Applications (NCA), 2011 10th IEEE International Symposium on, pages 9–16. IEEE.
Pearson, S., Shen, Y., and Mowbray, M. (2009). A privacy manager for cloud computing. In Cloud Computing, pages 90–106. Springer.
Plank, J. S., Simmerman, S., and Schuman, C. D. (2008). Jerasure: A library in c/c++ facilitating erasure coding for storage applications-version 1.2. University of Tennessee, Tech. Rep. CS-08-627, 23.
Ruj, S., Nayak, A., and Stojmenovic, I. (2011). Dacc: Distributed access control in clouds. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on, pages 91–98. IEEE.
Singh, Y., Kandah, F., and Zhang, W. (2011). A secured cost-effective multi-cloud storage in cloud computing. In Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on, pages 619–624. IEEE.
Yang, K., Jia, X., and Ren, K. (2012a). Dac-macs: Effective data access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive, 2012:419.
Yang, K., Liu, Z., Cao, Z., Jia, X., Wong, D. S., and Ren, K. (2012b). Taac: Temporal attribute-based access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive, 2012:651.
Zhou, L., Varadharajan, V., and Hitchens, M. (2011). Enforcing role-based access control for secure data storage in the cloud. The Computer Journal, 54(10):1675–1687.
Published
2014-11-03
How to Cite
SOUZA, Rick Lopes de; NETTO, Hylson Vescovi; LUNG, Lau Cheuk; CUSTÓDIO, Ricardo Felipe.
CloudSec - Um Middleware para Compartilhamento de Informações Sigilosas em Nuvens Computacionais. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 14. , 2014, Belo Horizonte.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2014
.
p. 279-292.
DOI: https://doi.org/10.5753/sbseg.2014.20137.
