Cloud Computing
In the context of cloud computing, providers offer resources and electronic services for being used through the Internet. They are provided in line with the customers demands and billed and billed on a pay-per-use basis. While cloud computing promises savings both in resource usage and cost, it requires sensitive data to be stored on external servers. Current threads and prevailing challenges to security, as well as complex and uncertain legal situation hamper more wide-spread application of cloud computing.
Cloud Computing from a Legal Perspective
From a legal viewpoint, cloud computing raises numerous questions. This is especially the case for legal data protection aspects as well as for evidence and liability questions that generally have not yet been addressed within the legal discussions. The question arises how the liability and evidence situation of the cloud user can be adequately strengthened. Furthermore, evaluation of different cloud computing systems with regard to data protection law is need to be conducted. KASTEL investigates how technical transparency about the system state and the relevant data processing, which are necessary for liability reasons, can be brought into balance with the anonymization of personal data demanded by data protection law.
Contact
References
- Non simplificate nubes! Ein rechtlicher Blick hinter die Kulissen informatischer Cloud-Forschung. Herbsttagung der Deutschen Stiftung für Recht und Informatik. 2013, S. 325-342.
- Haftung und Beweis bei geschachtelt komponierten Cloud-Services. Zeitschrift zum Innovations- und Technikrecht (InTeR), Nr. 4, pp. 193-198, 2013.
- An Architectural Model for Deploying Critical Infrastructure Services in the Cloud. Proceedings of the 5th International Conference on Cloud Computing Technology and Science (CloudCom) 2013, Bd. 1, pp. 458-466, 2013.
Secure Cloud Storage Services
The employed data storage system is an integral component of almost any cloud application. The security of this storage system, in turn, is of crucial relevance for the security of the overall system. Therefore, the working group Cloud Computing focuses on cloud storage services.
Cloud storage services – KASTEL here mostly refers to NoSQL-systems
and -services – usually claim virtually
unlimited capacity and feature significant scalability, performance, and availability.
Depending on the customers requirements, these can be of fundamentally different nature.
Hence, a number of different services are exist, for example:
Dropbox,
Google Cloud Storage,
Amazon Simple Storage Service (S3),
Apache Cassandra,
Project Voldemort,
Rackspace Cloud Files,
Microsoft Azure Cache,
Amazon Relational Database Service (RDS),
Google Cloud SQL,
Rackspace Cloud Database or
Microsoft Azure SQL-Datenbank.
There are also a numerous allegedly secure
alternatives to these services, such as the
Cryptographic Cloud Storage,
SecCSIE,
Cloud-RAID,
CryptDB,
HAIL,
MetaStorage,
MimoSecco or
Wuala.
The various secure
cloud storage services do, however, strongly differ in matters of the (security) requirements or objectives being addressed.
Analytical Scheme for Secure Cloud Storage Services
KASTEL analyzed and characterized various already existing prototypes of secure cloud storage services and their security mechanisms were analyzed, for example Cryptographic Cloud Storage or CryptDB. KASTEL develops and applies an analytical scheme for secure cloud storage services. We derived a structured catalogue of secure cloud storage services and their security mechanisms, which comprises different dimensions for characterizing and distinguishing such services. It allows the identification both of weaknesses of existing services, and worthwhile candidates for the development of secure cloud storage protoypes
Contact
Cloud-Prototyping
Prototype-related research from the working group Cloud Computing is being conducted experimentally and iteratively, following an approach of rapid prototyping. In particular, the different prototypes focus on differentiated weightings and gradations of the security goals confidentiality and availability. The experimental examination of these prototypes allows us to draw in-depth conclusions on the various interrelations between security objectives, security mechanisms, and other qualitative properties such as performance.
Prototyp MimoSecco
MimoSecco allows users to relocate structured data into the untrustworthy public cloud. For this purpose, MimoSecco provides an interface with a relational data model that can be accessed with SQL (see: MimoSecco).
KASTEL extends MimoSecco and uses it as basis for further cloud storage prototypes.
Ansprechpartner
References
- MimoSecco: A Middleware for Secure Cloud Storage. Improving Complex Systems Today, Springer London, 2011, S. 175-181.
- Secure Database Outsourcing to the Cloud using the MimoSecco Middleware. Workshop Trusted Cloud 2013. Aug. 2013.
- Side Channels in Secure Database Outsourcing on the Example of the MimoSecco Scheme. Workshop Trusted Cloud 2013. 2013.
- Cumulus4j: A Provably Secure Database Abstraction Layer. Security Engineering and Intelligence Informatics, Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2013, S. 180-193.
Additional Links
Prototyp MetaStorage
MetaStorage
is a cloud storage service with a key-value interface. MetaStorage
acts as a proxy that replicates stored data across multiple public cloud storage services (horizontal federation of different cloud storage services
)
, such as
Amazon S3,
Google Cloud Storage or
Rackspace Cloud Files.
MetaStorage ensures consistency between the different
replicas. Data stored in MetaStorage, thus, stays available even in case of outages of
single cloud providers.
MetaStorage is further developed within KASTEL and made available as open source project (see: MetaStorage at SourceForge.net).
Contact
References
- MetaStorage: A Federated Cloud Storage System to Manage Consistency-Latency Tradeoffs. Proceedings of the 2011 IEEE International Conference on Cloud Computing (CLOUD), 2011, S. 452-459.
- Cloud Federation. Proceedings of the 2011 IARIA International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2011), 2011.
Additional Links
MetaStorage at SourceForge.net
Prototype UC4MetaStorage
The full replication of data across several connected cloud storage services implemented
by MetaStorage can lead to security or compliance issues.
For instance, a private cloud storage
service is typically preferred over a public one if confidential data are to be stored.
Horizontally federated cloud storage services, such as MetaStorage, usually lack appropriate control mechanisms.
The prototype Usage Control for
MetaStorage
(UC4MetaStorage
) integrates a distributed usage control framework into MetaStorage and, thereby, allows for the incorporation of local, temporal, and qualitative constraints in the form of policies for fine-tuned
control of the data replication and distribution.
Contact
References
- Compliance-Preserving Cloud Storage Federation Based on Data-Driven Usage Control Proceedings of the 5th IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2013, 2013, S. 285-288.
Additional Links
Prototyp MimoSecco + Cassandra
In cooperation with the Trusted Cloud project PeerEnergyCloud, KASTEL has added Apache Cassandra to MimoSecco as potential cloud storage backend.
Contact
Additional Links
Analysis Tool TLSBench
Transport Layer Security (TLS) is widely used for securing network connections. The activation of TLS does, however, usually cause a reduction of throughput and a latency increase. With TLSBench the usually unknown performance impact of TLS activation can be measured and, thus, quantified for cloud storage services such asApache Cassandra or Amazon DynamoDB.
Contact
References
- Benchmarking the Performance Impact of Transport Layer Security in Cloud Database Systems. Proceedings of the 2nd IEEE International Conference on Cloud Engineering (IC2E) 2014, 11 03 2014.
Additional Links
TLSBench at SourceForge.net