More Web Proxy on the site http://driver.im/

research-article

Towards a data-centric view of cloud security

Authors:

William R. Marczak,

Insup LeeAuthors Info & Claims

CloudDB '10: Proceedings of the second international workshop on Cloud data management

Pages 25 - 32

https://doi.org/10.1145/1871929.1871934

Published: 30 October 2010 Publication History

Abstract

Cloud security issues have recently gained traction in the research community, with much of the focus primarily concentrated on securing the operating systems and virtual machines on which the services are deployed. In this paper, we take an alternative perspective and propose a data-centric view of cloud security. In particular, we explore the security properties of secure data sharing between applications hosted in the cloud. We discuss data management challenges in the areas of secure distributed query processing, system analysis and forensics, and query correctness assurance, and describe our current efforts towards meeting these challenges using our Declarative Secure Distributed Systems (DS2) platform.

References

[1]

DS2: Declarative Secure Distributed Systems. http://netdb.cis.upenn.edu/ds2/.

[2]

Stanford WebBase. http://diglib.stanford.edu:8091/~testbed/doc2/WebBase/.

[3]

M. Abadi. Logic in Access Control. In Proc. LICS, 2003.

Digital Library

[4]

P. Alvaro, T. Condie, N. Conway, K. Elmeleegy, J. Hellerstein, and R. Sears. BOOM Analytics: Exploring Data-Centric, Declarative Programming for the Cloud. In Proc. EuroSys, 2010.

Digital Library

[5]

The Appleseed Project. http://opensource.appleseedproject.org/.

[6]

N. Bilton. Price of Facebook Privacy? Start Clicking. The New York Times, 12 May 2010.

[7]

P. Buneman, S. Khanna, and W. C. Tan. Why and where: A characterization of data provenance. In Proc. ICDT, 2001.

Digital Library

[8]

M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni. Cloud Security is not (just) Virtualization Security. In Proc. CCSW, 2009.

Digital Library

[9]

T. Condie, D. Chu, J. M. Hellerstein, and P. Maniatis. Evita raced: Metacompilation for declarative networks. In Proc. VLDB, 2008.

Digital Library

[10]

J. Dean and S. Ghemawat. Mapreduce: Simplified data processing on large clusters. In Proc. OSDI, 2004.

Digital Library

[11]

J. DeTreville. Binder: A logic-based security language. In Proc. IEEE S&P, 2002.

Digital Library

[12]

Diaspora*. http://www.joindiaspora.com.

[13]

J. Dwyer. Four Nerds and a Cry to Arms Against Facebook. The New York Times, 11 May 2010.

[14]

M. H. Feifei Li and G. Kollios. Dynamic authenticated index structures for outsourced databases. In Proc. SIGMOD, 2006.

Digital Library

[15]

T. J. Green, G. Karvounarakis, Z. G. Ives, and V. Tannen. Update exchange with mappings and provenance. In Proc. VLDB, 2007.

Digital Library

[16]

T. J. Green, G. Karvounarakis, and V. Tannen. Provenance semirings. In Proc. PODS, 2007.

Digital Library

[17]

T. J. Green, G. Karvounarakis, N. E. Taylor, O. Biton, Z. G. Ives, and V. Tannen. ORCHESTRA: Facilitating Collaborative Data Sharing. In Proc. SIGMOD, 2007.

Digital Library

[18]

A. Haeberlen, P. Kuznetsov, and P. Druschel. PeerReview: Practical Accountability for Distributed Systems. In Proc. SOSP, 2007.

Digital Library

[19]

R. Hasan, R. Sion, and M. Winslett. The case of the fake picasso: Preventing history forgery with secure provenance. In Proc. FAST, 2009.

Digital Library

[20]

R. Huebsch, J. M. Hellerstein, N. Lanham, B. T. Loo, S. Shenker, and I. Stoica. Querying the Internet with PIER. In Proc. VLDB, 2003.

Digital Library

[21]

Z. Ives, N. Khandelwal, A. Kapur, and M. Cakir. Orchestra: Rapid, collaborative sharing of dynamic data. In Proc. CIDR, 2005.

[22]

M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono. On Technical Security Issues in Cloud Computing. In Proc. CLOUD, 2009.

Digital Library

[23]

G. Karvounarakis, Z. G. Ives, and V. Tannen. Querying data provenance. In Proc. SIGMOD, 2010.

Digital Library

[24]

B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice. ACM TOCS, 1992.

Digital Library

[25]

M. Liu, N. Taylor, W. Zhou, Z. Ives, and B. T. Loo. Recursive computation of regions and connectivity in networks. In Proc. ICDE, 2009.

Digital Library

[26]

B. T. Loo, T. Condie, J. M. Hellerstein, P. Maniatis, T. Roscoe, and I. Stoica. Implementing Declarative Overlays. In Proc. SOSP, 2005.

Digital Library

[27]

B. T. Loo, J. M. Hellerstein, I. Stoica, and R. Ramakrishnan. Declarative Routing: Extensible Routing with Declarative Queries. In Proc. SIGCOMM, 2005.

Digital Library

[28]

W. R. Marczak, S. S. Huang, M. Bravenboer, M. Sherr, B. T. Loo, and M. Aref. SecureBlox: Customizable Secure Distributed Data Processing. In Proc. SIGMOD, 2010.

Digital Library

[29]

W. R. Marczak, D. Zook, W. Zhou, M. Aref, and B. T. Loo. Declarative reconfigurable trust management. In Proc. CIDR, 2009.

[30]

R. C. Merkle. Secrecy, Authentication, and Public Key Systems. PhD thesis, Stanford University, 1979.

Digital Library

[31]

K. Mouratidis, D. Sacharidis, and H. Pang. Partially materialized digest scheme: an efficient verification method for outsourced databases. VLDB Journal, 2009.

Digital Library

[32]

S. C. Muthukumar, X. Li, C. Liu, J. B. Kopena, M. Oprea, and B. T. Loo. Declarative toolkit for rapid network protocol simulation and experimentation. In SIGCOMM (demo), 2009.

[33]

E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. In Proc. NDSS, 2004.

[34]

D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, and D. Zagorodnov. The Eucalyptus Open-Source Cloud-Computing System. In Proc. CCGRID, 2009.

Digital Library

[35]

H. Pang and K.-L. Tan. Verifying Completeness of Relational Query Answers from Online Servers. ACM TISSEC, 2008.

Digital Library

[36]

R. Perez, L. van Doorn, and R. Sailer. Virtualization and Hardware-Based Security. In Proc. IEEE S&P, 2008.

Digital Library

[37]

H. Raj, R. Nathuji, A. Singh, and P. England. Resource Management for Isolation Enhanced Cloud Services. In Proc. CCSW, 2009.

Digital Library

[38]

S. Rizvi, A. O. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In Proc. SIGMOD, 2004.

Digital Library

[39]

M. Sherr, A. Mao, W. R. Marczak, W. Zhou, B. T. Loo, and M. Blaze. A3: An Extensible Platform for Application-Aware Anonymity. In Proc. NDSS, 2010.

[40]

I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. In Proc. SIGCOMM, 2001.

Digital Library

[41]

J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning. Managing Security of Virtual Machine Images in a Cloud Environment. In Proc. CCSW, 2009.

Digital Library

[42]

W. Zhou, Y. Mao, B. T. Loo, and M. Abadi. Unified Declarative Platform for Secure Networked Information Systems. In Proc. ICDE, 2009.

Digital Library

[43]

W. Zhou, M. Sherr, T. Tao, X. Li, B. T. Loo, and Y. Mao. Efficient querying and maintenance of network provenance at internet-scale. In Proc. SIGMOD, 2010.

Digital Library

[44]

M. Zuckerberg. From Facebook, Answering Privacy Concerns with New Settings. The Washington Post, 24 May 2010.

Cited By

Sirapaisan SZhang NHe Q(2020)Communication Pattern Based Data Authentication (CPDA) Designed for Big Data Processing in a Multiple Public Cloud EnvironmentIEEE Access10.1109/ACCESS.2020.30009898(107716-107748)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3000989
Karafili ELupu EBertino ESandhu RWeippl E(2017)Enabling Data Sharing in Contextual EnvironmentsProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078876(231-238)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078876
Karafili ELupu ECullen AWilliams BArunkumar SCalo S(2017)Improving data sharing in data rich environments2017 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2017.8258270(2998-3005)Online publication date: Dec-2017
https://doi.org/10.1109/BigData.2017.8258270
Show More Cited By

Index Terms

Towards a data-centric view of cloud security

Recommendations

Different facets of security in the cloud
CNS '12: Proceedings of the 15th Communications and Networking Simulation Symposium

Cloud computing is a long fantasized visualization of computing as a utility, where data owners can remotely store and access their data in the cloud anytime and from anywhere. Using a shared pool of configurable resources, users can be relieved from ...
A Research on Cloud Computing Security
ITA '13: Proceedings of the 2013 International Conference on Information Technology and Applications

This paper gives an overview on cloud computing security. To clarify cloud security, a definition and scope of cloud computing security is presented. An ecosystem of cloud security is shown to illustrate what each role in industry can do in turn. Then ...
Cloud Computing Security: Opportunities and Pitfalls

The evolution of modern computing systems has lead to the emergence of Cloud computing. Cloud computing facilitates on-demand establishment of dynamic, large scale, flexible, and highly scalable computing infrastructures. However, as with any other ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CloudDB '10: Proceedings of the second international workshop on Cloud data management

October 2010

72 pages

ISBN:9781450303804

DOI:10.1145/1871929

General Chairs:
Xiaofeng Meng
Renmin University of China, China
,
Ying Chen
IBM China Research Lab, China
,
Program Chairs:
Jianliang Xu
Hong Kong Baptist University, Hong Kong
,
Jiaheng Lu
Renmin University of China, China

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CIKM '10

Sponsor:

CIKM '10: International Conference on Information and Knowledge Management

October 30, 2010

ON, Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 12 of 17 submissions, 71%

Upcoming Conference

CIKM '25

Sponsor:
sigir
sigir

The 34th ACM International Conference on Information and Knowledge Management

November 10 - 14, 2025

Seoul , Republic of Korea

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
1,850
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sirapaisan SZhang NHe Q(2020)Communication Pattern Based Data Authentication (CPDA) Designed for Big Data Processing in a Multiple Public Cloud EnvironmentIEEE Access10.1109/ACCESS.2020.30009898(107716-107748)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3000989
Karafili ELupu EBertino ESandhu RWeippl E(2017)Enabling Data Sharing in Contextual EnvironmentsProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078876(231-238)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078876
Karafili ELupu ECullen AWilliams BArunkumar SCalo S(2017)Improving data sharing in data rich environments2017 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2017.8258270(2998-3005)Online publication date: Dec-2017
https://doi.org/10.1109/BigData.2017.8258270
Nagar NSuman U(2016)Two Factor Authentication Using M-Pin Server for Secure Cloud Computing EnvironmentWeb-Based Services10.4018/978-1-4666-9466-8.ch046(1053-1066)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9466-8.ch046
Marangos NRizomiliotis PMitrou L(2016)Time synchronizationSecurity and Communication Networks10.1002/sec.10569:6(571-582)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1002/sec.1056
Roy ASarkar SGanesan RGoel G(2015)Secure the CloudACM Computing Surveys10.1145/269384147:3(1-30)Online publication date: 17-Feb-2015
https://dl.acm.org/doi/10.1145/2693841
Duncan BWhittington M(2015)Enhancing Cloud Security and PrivacyProceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 0110.1109/Trustcom.2015.487(1088-1093)Online publication date: 20-Aug-2015
https://dl.acm.org/doi/10.1109/Trustcom.2015.487
Nagar NSuman U(2014)Two Factor Authentication using M-pin Server for Secure Cloud Computing EnvironmentInternational Journal of Cloud Applications and Computing10.4018/ijcac.20141001044:4(42-54)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.4018/ijcac.2014100104
Goettelmann EDahman KGateau BDubois EGodart C(2014)A Security Risk Assessment Model for Business Process Deployment in the CloudProceedings of the 2014 IEEE International Conference on Services Computing10.1109/SCC.2014.48(307-314)Online publication date: 27-Jun-2014
https://dl.acm.org/doi/10.1109/SCC.2014.48
Sathyanarayana TSheela L(2013)Data security in cloud computing2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE)10.1109/ICGCE.2013.6823547(822-827)Online publication date: Dec-2013
https://doi.org/10.1109/ICGCE.2013.6823547
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents