Trustworthy Cloud Storage — security, privacy and performance
Prof. Anastasia Ailamaki ~ Project Website
Cloud Computing offers its users centralized and inexpensive computing services through the integration of hardware and middleware into a complete computing stack, thereby facilitating the development of large and scalable applications. Clouds also run applications efficiently and inexpensively, by leveraging the technical expertise of cloud computing providers and by enabling a significant reduction in energy consumption, since computing resources can be better utilized across users. This reduction of IT costs is motivating Swiss companies to invest considerably in cloud computing. Despite the advent of cloud computing, many users are reluctant to entrust the cloud with their data.
We briefly describe three “nightmare” scenarios that illustrate typical user concerns and which discourage wider adoption of cloud computing services:
– Malicious users. An employee of a cloud provider secretly installs software in the cloud storage servers to mine the data from commercial users. This software is carefully disguised as part of a set of complex monitoring scripts. He then silently sells the stolen information to competitors for profit.
– Software bugs. After accidentally uploading incriminating data to the cloud, a user quickly submits a deletion request, which completes successfully. Unfortunately, an unknown bug in the cloud software stack causes data deletion actions to fail silently in rare occasions. The incriminating data is left on the cloud and is later found by a cloud provider system administrator.
– Low performance. Following a positive media report, a cloud provider increases computing resources to accommodate a growing number of users. A decision is made to expand the nearly bottlenecked storage system with front-end Flash-based storage, which was recommended after in-house testing. However, when the new design is put in production it proves inadequate for the read/write profiles of the cloud applications. The provider struggles with a publicity nightmare, with users quickly moving to other providers.
The “nightmare” scenarios above demonstrate the need for secure, verifiable and robust cloud storage; to our knowledge, no existing system fulfills all three requirements simultaneously. Our goal in this proposal is to make cloud storage trustworthy by inventing broadly applicable concepts or primitives, which address similar scenarios to those described above. In particular, we propose to (a) design a secure cloud storage system, which supports both anonymity and confidentiality, ensures long-term cryptographic safety, provides secure and verifiable data deletions and is able to geographically restrict data storage and access; (b) develop unique performance profiling tools that advance the state-of-the-art for cloud profiling, and apply symbolic execution techniques to compare and validate individual components of the cloud storage stack; (c) efficiently integrate emerging storage technologies, such as Flash and PCM, and develop new algorithms to improve data processing on the cloud; (d) devise techniques to predict the performance of queries on the cloud, leading to a predictable, robust system; and (e) create high-level facilities for implementing decentralized and scalable services, and propose novel mechanisms for high availability.
We will implement all novel primitives as part of a prototype, hence creating an open trustworthy cloud storage system that simultaneously addresses security, verifiability and robustness. Our prototype will demonstrate the practical feasibility of this work, hopefully encouraging cloud providers to adopt similar concepts in their commercial offerings. This adoption will in turn allow reluctant communities to take advantage of the opportunities created by cloud computing. We expect our work to become influential both in academia and industry, particularly within sectors such as finance and banking, which are an important part of the Swiss industrial sector. More importantly, we expect this project’s results to increase the willingness of the Swiss taxpayer to exploit the growing country’s investment in cloud infrastructures.
- Anastasia Ailamaki, EPFL (Principal Investigator)
- George Candea, EPFL
- Arjen K. Lenstra, EPFL
- Pascal Felber, Université de Neuchâtel
- Fernando Pedone, Università della Svizzera italiana
- Srdjan Capkun, ETHZ
- José Valerio, Pierre Sutra, Étienne Rivière, and Pascal Felber. Evaluating the Price of Consistency in Distributed File Storage Services. 13th International IFIP Conference on Distributed Applications and Interoperable Systems (DAIS).
- I. Alagiannis, R. Borovica, M. Branco, S. Idreos, A. Ailamaki. “NoDB in action: adaptive query processing on raw data”. SIGMOD 2012. (A demo of the “Positional Maps” component.)
- I. Atta, P. Tözün, X. Tong, A. Ailamaki and A. Moshovos. STREX: Boosting Instruction Cache Reuse in OLTP Workloads Through Stratified Transaction Execution. Proceedings of the 40th International Symposium on Computer Architecture, 2013.
- Elli Androulaki, Claudio Soriente, Luka Malisa, Srdjan Capkun. Enforcing Location and Time Based Access Control to Cloud-stored data. Technical Report ETHZ
- M. Branco, M. Karpathiotakis, A. Ailamaki. PostgresRaw (Demo). XLDB 2013 Workshop Europe, CERN