A Modular Architecture and a Cost-Model to Estimate the Overhead of Implementing Confidentiality in Cloud Computing Environments
Resumo
Cloud computing has become increasingly popular among organizations. As a result, security has become a major concern in the adoption of cloud computing environments. To ensure confidentiality and prevent data leakage, organizations have adopted various security measures, including sophisticated authentication methods and strong cryptography algorithms. However, implementing these measures generates additional overhead that could impact resource consumption and performance at user level. This paper proposes a modular architecture for a full-stack confidentiality cloud and a model to estimate implementation costs for each component that can be used as a blueprint to implement the needed confidentiality in a particular cloud scenario and estimate the resulting overhead. It contributes to the literature by enabling cloud administrators and users to leverage confidentiality based on their security needs and budget. Preliminary experiments show that our cost model achieves a high level of accuracy, up to 95%.Referências
Ali, S., Wadho, S. A., Yichiet, A., Gan, M. L., and Lee, C. K. (2024). Advancing cloud security: Unveiling the protective potential of homomorphic secret sharing in secure cloud computing. Egyptian Informatics Journal, 27:100519.
Arasu, A., Eguro, K., Kaushik, R., and Ramamurthy, R. (2014). Querying encrypted data. In Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data, SIGMOD ’14, pages 1259–1261, New York, NY, USA. ACM.
Blaze, M. (1993). A cryptographic file system for unix. In Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS ’93, pages 9–16, New York, NY, USA. ACM.
Brenner, S., Wulf, C., Goltzsche, D., Weichbrodt, N., Lorenz, M., Fetzer, C., Pietzuch, P., and Kapitza, R. (2016). Securekeeper: Confidential zookeeper using intel sgx. In Proceedings of the 17th International Middleware Conference, Middleware ’16, pages 14:1–14:13, New York, NY, USA. ACM.
Furfaro, A., Garro, A., and Tundis, A. (2014). Towards security as a service: On the modeling of security services for cloud computing. In 2014 Int. Carnahan Conf. on Sec. Tech., pages 1–6.
Gentry, C. (2009). A fully homomorphic encryption scheme. PhD thesis, Stanford University.
Giechaskiel, I., Tian, S., and Szefer, J. (2022). Cross-vm covert- and side-channel attacks in cloud fpgas. ACM Trans. Reconfigurable Technol. Syst., 16(1).
Group, T. C. (2017). Trusted computing.
Kumbhakar, D., Sanyal, K., and Karforma, S. (2023). An optimal and efficient data security technique through crypto-stegano for e-commerce. Multimedia Tools and Applic., 82(14).
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., and Hamburg, M. (2018). Meltdown. ArXiv e-prints.
Lopez, L. J. R., Millan Mayorga, D., Martinez Poveda, L. H., Amaya, A. F. C., and Rojas Reales, W. (2024). Hybrid architectures used in the protection of large healthcare records based on cloud and blockchain integration: A review. Computers, 13(6).
Meyer, V., da Silva, M. L., Kirchoff, D. F., and De Rose, C. A. (2022). Iada: A dynamic interference-aware cloud scheduling architecture for latency-sensitive workloads. Journal of Systems and Software, 194:111491.
Meyer, V., Kirchoff, D. F., Da Silva, M. L., and De Rose, C. A. (2021). Ml-driven classification scheme for dynamic interference-aware resource scheduling in cloud infrastructures. Journal of Systems Architecture, 116:102064.
Noor, T. H., Sheng, Q. Z., Maamar, Z., and Zeadally, S. (2016). Managing trust in the cloud: State of the art and research challenges. Computer, 49(2):34–45.
Paladi, N., Gehrmann, C., and Michalas, A. (2017). Providing user security guarantees in public infrastructure clouds. IEEE Transactions on Cloud Computing, PP(99):1–1.
Poh, G. S., Chin, J.-J., Yau, W.-C., Choo, K.-K. R., and Mohamad, M. S. (2017). Searchable symmetric encryption: Designs and challenges. ACM Comput. Surv., 50(3):40:1–40:37.
Popa, R. A., Zeldovich, N., and Balakrishnan, H. (2011). Cryptdb: A practical encrypted relational dbms. Technical report, MIT Libraries.
Storch, M. and Rose, C. A. F. D. (2017). Cloud storage cost modeling for cryptographic file systems. In 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), pages 9–14.
Tang, X., Liu, Z., Shao, Y., and Di, H. (2022). Side channel attack resistant cross-user generalized deduplication for cloud storage. In ICC 2022 - IEEE International Conference on communications, pages 998–1003.
Vashishtha, L. K., Singh, A. P., and Chatterjee, K. (2023). Hidm: A hybrid intrusion detection model for cloud based systems. Wireless Personal Communications, 128(4):2637–2666.
Venkatesan, B. and Chitra, S. (2022). Retracted: An enhance the data security performance using an optimal cloud network security for big data cloud framework. International Journal of Communication Systems, 35(16):e4854.
Xu, G., Ren, Y., Li, H., Liu, D., Dai, Y., and Yang, K. (2017). Cryptmdb: A practical encrypted mongodb over big data. In 2017 IEEE International Conference on Communications (ICC), pages 1–6.
Arasu, A., Eguro, K., Kaushik, R., and Ramamurthy, R. (2014). Querying encrypted data. In Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data, SIGMOD ’14, pages 1259–1261, New York, NY, USA. ACM.
Blaze, M. (1993). A cryptographic file system for unix. In Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS ’93, pages 9–16, New York, NY, USA. ACM.
Brenner, S., Wulf, C., Goltzsche, D., Weichbrodt, N., Lorenz, M., Fetzer, C., Pietzuch, P., and Kapitza, R. (2016). Securekeeper: Confidential zookeeper using intel sgx. In Proceedings of the 17th International Middleware Conference, Middleware ’16, pages 14:1–14:13, New York, NY, USA. ACM.
Furfaro, A., Garro, A., and Tundis, A. (2014). Towards security as a service: On the modeling of security services for cloud computing. In 2014 Int. Carnahan Conf. on Sec. Tech., pages 1–6.
Gentry, C. (2009). A fully homomorphic encryption scheme. PhD thesis, Stanford University.
Giechaskiel, I., Tian, S., and Szefer, J. (2022). Cross-vm covert- and side-channel attacks in cloud fpgas. ACM Trans. Reconfigurable Technol. Syst., 16(1).
Group, T. C. (2017). Trusted computing.
Kumbhakar, D., Sanyal, K., and Karforma, S. (2023). An optimal and efficient data security technique through crypto-stegano for e-commerce. Multimedia Tools and Applic., 82(14).
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., and Hamburg, M. (2018). Meltdown. ArXiv e-prints.
Lopez, L. J. R., Millan Mayorga, D., Martinez Poveda, L. H., Amaya, A. F. C., and Rojas Reales, W. (2024). Hybrid architectures used in the protection of large healthcare records based on cloud and blockchain integration: A review. Computers, 13(6).
Meyer, V., da Silva, M. L., Kirchoff, D. F., and De Rose, C. A. (2022). Iada: A dynamic interference-aware cloud scheduling architecture for latency-sensitive workloads. Journal of Systems and Software, 194:111491.
Meyer, V., Kirchoff, D. F., Da Silva, M. L., and De Rose, C. A. (2021). Ml-driven classification scheme for dynamic interference-aware resource scheduling in cloud infrastructures. Journal of Systems Architecture, 116:102064.
Noor, T. H., Sheng, Q. Z., Maamar, Z., and Zeadally, S. (2016). Managing trust in the cloud: State of the art and research challenges. Computer, 49(2):34–45.
Paladi, N., Gehrmann, C., and Michalas, A. (2017). Providing user security guarantees in public infrastructure clouds. IEEE Transactions on Cloud Computing, PP(99):1–1.
Poh, G. S., Chin, J.-J., Yau, W.-C., Choo, K.-K. R., and Mohamad, M. S. (2017). Searchable symmetric encryption: Designs and challenges. ACM Comput. Surv., 50(3):40:1–40:37.
Popa, R. A., Zeldovich, N., and Balakrishnan, H. (2011). Cryptdb: A practical encrypted relational dbms. Technical report, MIT Libraries.
Storch, M. and Rose, C. A. F. D. (2017). Cloud storage cost modeling for cryptographic file systems. In 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), pages 9–14.
Tang, X., Liu, Z., Shao, Y., and Di, H. (2022). Side channel attack resistant cross-user generalized deduplication for cloud storage. In ICC 2022 - IEEE International Conference on communications, pages 998–1003.
Vashishtha, L. K., Singh, A. P., and Chatterjee, K. (2023). Hidm: A hybrid intrusion detection model for cloud based systems. Wireless Personal Communications, 128(4):2637–2666.
Venkatesan, B. and Chitra, S. (2022). Retracted: An enhance the data security performance using an optimal cloud network security for big data cloud framework. International Journal of Communication Systems, 35(16):e4854.
Xu, G., Ren, Y., Li, H., Liu, D., Dai, Y., and Yang, K. (2017). Cryptmdb: A practical encrypted mongodb over big data. In 2017 IEEE International Conference on Communications (ICC), pages 1–6.
Publicado
23/10/2024
Como Citar
STORCH, Mauro; MEYER, Vinícius; ZORZO, Avelino; DE ROSE, Cesar A. F..
A Modular Architecture and a Cost-Model to Estimate the Overhead of Implementing Confidentiality in Cloud Computing Environments. In: SIMPÓSIO EM SISTEMAS COMPUTACIONAIS DE ALTO DESEMPENHO (SSCAD), 25. , 2024, São Carlos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 288-299.
DOI: https://doi.org/10.5753/sscad.2024.244780.
