Home

CloudFence: Enabling Users to Audit the Use of their Cloud-Resident Data

Vasilis Pappas; Vasileios Kemerlis; Angeliki Zavou; Michalis Polychronakis; Angelos D. Keromytis

Title:
CloudFence: Enabling Users to Audit the Use of their Cloud-Resident Data
Author(s):
Pappas, Vasilis
Kemerlis, Vasileios
Zavou, Angeliki
Polychronakis, Michalis
Keromytis, Angelos D.
Date:
Type:
Technical reports
Department:
Computer Science
Permanent URL:
Series:
Columbia University Computer Science Technical Reports
Part Number:
CUCS-002-12
Publisher:
Department of Computer Science, Columbia University
Publisher Location:
New York
Abstract:
One of the primary concerns of users of cloud-based services and applications is the risk of unauthorized access to their private information. For the common setting in which the infrastructure provider and the online service provider are different, end users have to trust their data to both parties, although they interact solely with the service provider. This paper presents CloudFence, a framework that allows users to independently audit the treatment of their private data by third-party online services, through the intervention of the cloud provider that hosts these services. CloudFence is based on a fine-grained data flow tracking platform exposed by the cloud provider to both developers of cloud-based applications, as well as their users. Besides data auditing for end users, CloudFence allows service providers to confine the use of sensitive data in well-defined domains using data tracking at arbitrary granularity, offering additional protection against inadvertent leaks and unauthorized access. The results of our experimental evaluation with real-world applications, including an e-store platform and a cloud-based backup service, demonstrate that CloudFence requires just a few changes to existing application code, while it can detect and prevent a wide range of security breaches, ranging from data leakage attacks using SQL injection, to personal data disclosure due to missing or erroneously implemented access control checks.
Subject(s):
Computer science
Item views:
494
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use