KASTEL

Cloud Computing

Cloud Computing

In the context of cloud computing, providers offer resources and electronic services for being used through the Internet. They are provided in line with the customers demands and billed and billed on a pay-per-use basis. While cloud computing promises savings both in resource usage and cost, it requires sensitive data to be stored on external servers. Current threads and prevailing challenges to security, as well as complex and uncertain legal situation hamper more wide-spread application of cloud computing.

Cloud Computing from a Legal Perspective

From a legal viewpoint, cloud computing raises numerous questions. This is especially the case for legal data protection aspects as well as for evidence and liability questions that generally have not yet been addressed within the legal discussions. The question arises how the liability and evidence situation of the cloud user can be adequately strengthened. Furthermore, evaluation of different cloud computing systems with regard to data protection law is need to be conducted. KASTEL investigates how technical transparency about the system state and the relevant data processing, which are necessary for liability reasons, can be brought into balance with the anonymization of personal data demanded by data protection law.

Contact

Silvia Balaban (ZAR)

References

  1. S. Balaban, F. Pallas. Non simplificate nubes! Ein rechtlicher Blick hinter die Kulissen informatischer Cloud-Forschung. Herbsttagung der Deutschen Stiftung für Recht und Informatik. 2013, S. 325-342.
  2. S. Balaban, F. Pallas. Haftung und Beweis bei geschachtelt komponierten Cloud-Services. Zeitschrift zum Innovations- und Technikrecht (InTeR), Nr. 4, pp. 193-198, 2013.
  3. M. Schöller, R. Bless, F. Pallas, J. Horneber, P. Smith. An Architectural Model for Deploying Critical Infrastructure Services in the Cloud. Proceedings of the 5th International Conference on Cloud Computing Technology and Science (CloudCom) 2013, Bd. 1, pp. 458-466, 2013.

Secure Cloud Storage Services

The employed data storage system is an integral component of almost any cloud application. The security of this storage system, in turn, is of crucial relevance for the security of the overall system. Therefore, the working group Cloud Computing focuses on cloud storage services.

Cloud storage services – KASTEL here mostly refers to NoSQL-systems and -services – usually claim virtually unlimited capacity and feature significant scalability, performance, and availability. Depending on the customers requirements, these can be of fundamentally different nature. Hence, a number of different services are exist, for example: Dropbox, Google Cloud Storage, Amazon Simple Storage Service (S3), Apache Cassandra, Project Voldemort, Rackspace Cloud Files, Microsoft Azure Cache, Amazon Relational Database Service (RDS), Google Cloud SQL, Rackspace Cloud Database or Microsoft Azure SQL-Datenbank. There are also a numerous allegedly secure alternatives to these services, such as the Cryptographic Cloud Storage, SecCSIE, Cloud-RAID, CryptDB, HAIL, MetaStorage, MimoSecco or Wuala. The various secure cloud storage services do, however, strongly differ in matters of the (security) requirements or objectives being addressed.

Analytical Scheme for Secure Cloud Storage Services

KASTEL analyzed and characterized various already existing prototypes of secure cloud storage services and their security mechanisms were analyzed, for example Cryptographic Cloud Storage or CryptDB. KASTEL develops and applies an analytical scheme for secure cloud storage services. We derived a structured catalogue of secure cloud storage services and their security mechanisms, which comprises different dimensions for characterizing and distinguishing such services. It allows the identification both of weaknesses of existing services, and worthwhile candidates for the development of secure cloud storage protoypes

Contact

Steffen Müller (AIFB)

Cloud-Prototyping

Prototype-related research from the working group Cloud Computing is being conducted experimentally and iteratively, following an approach of rapid prototyping. In particular, the different prototypes focus on differentiated weightings and gradations of the security goals confidentiality and availability. The experimental examination of these prototypes allows us to draw in-depth conclusions on the various interrelations between security objectives, security mechanisms, and other qualitative properties such as performance.

Prototyp MimoSecco

MimoSecco allows users to relocate structured data into the untrustworthy public cloud. For this purpose, MimoSecco provides an interface with a relational data model that can be accessed with SQL (see: MimoSecco).

KASTEL extends MimoSecco and uses it as basis for further cloud storage prototypes.

Ansprechpartner

Matthias Gabel (ITI)

References

  1. D. Achenbach, M. Gabel und M. Huber. MimoSecco: A Middleware for Secure Cloud Storage. Improving Complex Systems Today, Springer London, 2011, S. 175-181.
  2. M. Gabel, G. Hübsch. Secure Database Outsourcing to the Cloud using the MimoSecco Middleware. Workshop Trusted Cloud 2013. Aug. 2013.
  3. M. Huber, G. Hartung. Side Channels in Secure Database Outsourcing on the Example of the MimoSecco Scheme. Workshop Trusted Cloud 2013. 2013.
  4. M. Huber, M. Gabel, M. Schulze, A. Bieber. Cumulus4j: A Provably Secure Database Abstraction Layer. Security Engineering and Intelligence Informatics, Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2013, S. 180-193.

Additional Links

Projekt MimoSecco

Prototyp MetaStorage

MetaStorage is a cloud storage service with a key-value interface. MetaStorage acts as a proxy that replicates stored data across multiple public cloud storage services (horizontal federation of different cloud storage services) , such as Amazon S3, Google Cloud Storage or Rackspace Cloud Files. MetaStorage ensures consistency between the different replicas. Data stored in MetaStorage, thus, stays available even in case of outages of single cloud providers.

MetaStorage is further developed within KASTEL and made available as open source project (see: MetaStorage at SourceForge.net).

Contact

Steffen Müller (AIFB)

References

  1. D. Bermbach, M. Klems, S. Tai, M. Menzel. MetaStorage: A Federated Cloud Storage System to Manage Consistency-Latency Tradeoffs. Proceedings of the 2011 IEEE International Conference on Cloud Computing (CLOUD), 2011, S. 452-459.
  2. T. Kurze, M. Klems, D. Bermbach, A. Lenk, S. Tai, M. Kunze. Cloud Federation. Proceedings of the 2011 IARIA International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2011), 2011.

Additional Links

MetaStorage at SourceForge.net

Prototype UC4MetaStorage

The full replication of data across several connected cloud storage services implemented by MetaStorage can lead to security or compliance issues. For instance, a private cloud storage service is typically preferred over a public one if confidential data are to be stored. Horizontally federated cloud storage services, such as MetaStorage, usually lack appropriate control mechanisms. The prototype Usage Control for MetaStorage (UC4MetaStorage) integrates a distributed usage control framework into MetaStorage and, thereby, allows for the incorporation of local, temporal, and qualitative constraints in the form of policies for fine-tuned control of the data replication and distribution.

Contact

Steffen Müller (AIFB)

References

  1. T. Wüchner, S. Müller, R. Fischer Compliance-Preserving Cloud Storage Federation Based on Data-Driven Usage Control Proceedings of the 5th IEEE International Conference on Cloud Computing Technology and Science (CloudCom) 2013, 2013, S. 285-288.

Additional Links

Poster zu UC4MetaStorage

Prototyp MimoSecco + Cassandra

In cooperation with the Trusted Cloud project PeerEnergyCloud, KASTEL has added Apache Cassandra to MimoSecco as potential cloud storage backend.

Contact

Matthias Gabel (ITI)

Additional Links

Projekt Peer Energy Cloud

Projekt Trusted Cloud

Analysis Tool TLSBench

Transport Layer Security (TLS) is widely used for securing network connections. The activation of TLS does, however, usually cause a reduction of throughput and a latency increase. With TLSBench the usually unknown performance impact of TLS activation can be measured and, thus, quantified for cloud storage services such asApache Cassandra or Amazon DynamoDB.

Contact

Steffen Müller (AIFB)

References

  1. S. Müller, D. Bermbach, S. Tai und F. Pallas. Benchmarking the Performance Impact of Transport Layer Security in Cloud Database Systems. Proceedings of the 2nd IEEE International Conference on Cloud Engineering (IC2E) 2014, 11 03 2014.

Additional Links

TLSBench at SourceForge.net