Title :
End-to-End Policy-Based Encryption and Management of Data in the Cloud
Author :
Pearson, Siani ; Mont, Marco Casassa ; Chen, Liqun ; Reed, Archie
Author_Institution :
Cloud & Security Lab., HP Labs., Bristol, UK
fDate :
Nov. 29 2011-Dec. 1 2011
Abstract :
This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing privacy issues. The central idea is as follows: Customers allow cloud (service) providers to have access to specific data based on agreed policies and by forcing interactions with interchangeable independent third parties called Trust Authorities. The access to data can be as fine-grained as necessary, based on policy definitions, underlying encryption mechanisms (supporting the stickiness of policies to the data) and a related key management approach that allows (sets of) data attribute(s) to be encrypted specifically based on the policy. Access to data is mediated by a Trust Authority that checks for compliance to policies in order to release decryption keys. By these means users can be provided with fine-grained control over access and usage of their data within the cloud, even in public cloud models.
Keywords :
cloud computing; cryptography; database management systems; information retrieval; trusted computing; accountability; cloud data management; cloud provider; data access; data attribute; decryption key; end-to-end policy-based encryption; interchangeable independent third party; key management approach; policy definition; privacy issue; public cloud model; trust authority; Cloud computing; Encryption; ISO standards; Protocols; Public key; cloud; policy enforcement; privacy; sticky policy;
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on
Conference_Location :
Athens
Print_ISBN :
978-1-4673-0090-2
DOI :
10.1109/CloudCom.2011.118
