Project

Back to overview

Trustworthy Cloud Storage

Applicant Ailamaki Anastasia
Number 136318
Funding scheme Sinergia
Research institution Laboratoire de systèmes et applications de traitement de données massives EPFL - IC - IIF - DIAS
Institution of higher education EPF Lausanne - EPFL
Main discipline Information Technology
Start/End 01.03.2012 - 29.02.2016
Approved amount 1'500'000.00
Show all

Keywords (8)

cloud computing ; data; trust; security; robustness; verifiability; prototype; cloud storage

Lay Summary (English)

Lead
Lay summary
Cloud Computing offers its users centralized and inexpensive computing services, facilitating the development of large and scalable applications. Despite the advent of cloud computing, many individuals and companies are reluctant to entrust the cloud with their data. We briefly describe three “nightmare” scenarios that illustrate typical concerns and which discourage wider adoption of cloud computing services:

Malicious users. An employee of a cloud provider secretly installs software in the cloud servers to mine the data from commercial users. This software is carefully disguised as part of a set of complex monitoring scripts. He then silently sells the stolen information to competitors for profit.

Software bugs. After accidentally uploading incriminating data to the cloud, a user quickly submits a deletion request, which completes successfully. Unfortunately, an unknown bug in the cloud software stack causes data deletion actions to fail silently in rare occasions. The incriminating data is left on the cloud and is later found by a cloud provider system administrator.

Low performance. Following a positive media report, a cloud provider increases computing resources to accommodate a growing number of users. A decision is made to expand the infrastructure with higher-end hardware, which was chosen after in-house testing. However, when the new hardware is put in production, it underperforms in certain scenarios. The provider struggles with a publicity nightmare, with users quickly moving to alternative providers.

The “nightmare” scenarios above demonstrate the need for secure, verifiable and robust services for storing data on the cloud. Our goal in this proposal is to invent broadly applicable concepts that address similar scenarios to those. In particular, we propose to (a) design a secure cloud data storage system; (b) develop unique tools that advance the state-of-the-art for profiling and validating applications running on the cloud; (c) integrate new hardware storage technologies that improve overall performance for cloud storage; (d) devise techniques to predict the performance of a cloud application; and (e) create new mechanisms that allow cloud providers to augment their infrastructure seamlessly.

We will implement all concepts as part of a prototype, hopefully encouraging cloud providers to adopt similar concepts in their commercial offerings. This adoption will allow reluctant communities to take advantage of the opportunities created by cloud computing. We expect our work to become influential both in academia and industry, particularly within sectors that are an important part of the Swiss industrial sector.
 
Direct link to Lay Summary Last update: 21.02.2013

Responsible applicant and co-applicants

Employees

Publications

Publication
Ensuring Data Durability with Increasingly Interdependent Content
Galinanes Veronica Estrada, Felber Pascal (2015), Ensuring Data Durability with Increasingly Interdependent Content, in Proceedings of the IEEE International Conference on Cluster Computing (CLUSTER), -, -.
Just-In-Time Data Virtualization: Lightweight Data Management with ViDa
Karpathiotakis Manos, Alagiannis Ioannis, Heinis Thomas, Branco Miguel, Ailamaki Anastasia (2015), Just-In-Time Data Virtualization: Lightweight Data Management with ViDa, in Proceedings of the 7th Biennial Conference on Innovative Data Systems Research (CIDR) , 7th Biennial Conference on Innovative Data Systems Research (CIDR), Asilomar, California, USA, JanuaNA, NA.
STeP-archival: Storage Integrity and Anti-Tampering using Data Entanglement
Mercier Hugues, Augier Maxime, Lenstra Arjen K (2015), STeP-archival: Storage Integrity and Anti-Tampering using Data Entanglement, in Proceedings of ISIT 2015, Hong-Kong-, -.
Adaptive query processing on RAW data
Karpathiotakis Manos, Branco Miguel, Alagiannis Ioannis, Ailamaki Anastasia (2014), Adaptive query processing on RAW data, in Proceedings of the VLDB Endowment, 40th International Conference on Very Large Databases, Hangzhou, China, September 1-5, 2014NA, NA.
Finding Trojan Message Vulnerabilities in Distributed Systems
Banabic Radu, Candea George, Guerraoui Rachid (2014), Finding Trojan Message Vulnerabilities in Distributed Systems, in ASPLOS '14 Proceedings of the 19th international conference on Architectural support for programming, Salt Lake City Utah USA-, -.
Parallel Deferred Update Replication
Pacheco Leandro, Sciascia Daniele, Pedone Fernando (2014), Parallel Deferred Update Replication, in 13th IEEE International Symposium on Network Computing and Applications, BostonNA, NA.
ZooFence: Principled Service Partitioning and Application to the ZooKeeper Coordination Service
Halalai Raluca, Sutra Pierre, Riviere Etienne, Felber Pascal (2014), ZooFence: Principled Service Partitioning and Application to the ZooKeeper Coordination Service, in 2014 IEEE 33rd International Symposium on Reliable Distributed Systems, -, -.
Helical Entanglement Codes: An Efficient Approach for Designing Robust Distributed Storage Systems
Estrada Galinanes Veronica, Felber Pascal (2013), Helical Entanglement Codes: An Efficient Approach for Designing Robust Distributed Storage Systems, in Stabilization, Safety, and Security of Distributed Systems, -, -.
Secure data deletion from persistent media
Reardon Joel, Ritzdorf Hubert, Basin David A., Capkun Srdjan (2013), Secure data deletion from persistent media, in ACM Conference on Computer and Communication Security , -, -.
Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments
Marforio Claudio, Karapanos Nikolaos, Soriente Claudio, Kostiainen Kari, Capkun Srdjan (2013), Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments, in ACM workshop on Security and privacy in smartphones and mobile devices , -, -.
Fast Black-Box Testing of System Recovery Code
Banabic Radu, Candea George (2012), Fast Black-Box Testing of System Recovery Code, in ACM EuroSys Conference on Computer Systems (EuroSys), -, -.
NoDB in Action: Adaptive Query Processing on Raw Data
Alagiannis Ioannis, Borovica Renata, Branco Miguel, Idreos Stratos, Ailamaki Anastasia (2012), NoDB in Action: Adaptive Query Processing on Raw Data, in VLDB 2012, NA, NA.
Enforcing Location and Time-based Access Control on Cloud-stored Data
Androulaki Elli, Soriente Claudio, Malisa Luka, Capkun Srdjan, Enforcing Location and Time-based Access Control on Cloud-stored Data, in IEEE International Conference on Distributed Computing Systems, -, -.
Evaluating the Price of Consistency in Distributed File Storage Services
Valerio Jose, Sutra Pierre, Rivière Etienne, Felber Pascal, Evaluating the Price of Consistency in Distributed File Storage Services, in 13th International IFIP Conference on Distributed Applications and Interoperable Systems, Florence, Italy-, -.
On Secure Data Deletion
Reardon Joel, Basin David, Capkun Srdjan, On Secure Data Deletion, in IEEE Security and Privacy , 1.
Smartphones as Practical and Secure Location Verification Tokens for Payments
Marforio Claudio, Karapanos Nikolaos, Soriente Claudio, Kostiainen Kari, Capkun Srdjan, Smartphones as Practical and Secure Location Verification Tokens for Payments, in Network and Distributed System Security Symposium , -, -.
STREX: Boosting Instruction Cache Reuse in OLTP Workloads Through Stratified Transaction Execution
Atta Islam, Pinar Tozun, Xin Tong, Ailamaki Anastasia, Moshovos Andreas, STREX: Boosting Instruction Cache Reuse in OLTP Workloads Through Stratified Transaction Execution, in ISCA 2013, -, -.

Associated projects

Number Title Start Funding scheme
162014 Next generation erasure coding methods for cloud storage 01.02.2016 Doc.Mobility

Abstract

Cloud Computing offers its users centralized and inexpensive computing services through the integration of hardware and middleware into a complete computing stack, thereby facilitating the development of large and scalable applications. Clouds also run applications efficiently and inexpensively, by leveraging the technical expertise of cloud computing providers and by enabling a significant reduction in energy consumption, since computing resources can be better utilized across users. This reduction of IT costs is motivating Swiss companies to invest considerably in cloud computing [11].Despite the advent of cloud computing, many users are reluctant to entrust the cloud with their data. We briefly describe three “nightmare” scenarios that illustrate typical user concerns and which discourage wider adoption of cloud computing services:- Malicious users. An employee of a cloud provider secretly installs software in the cloud storage servers to mine the data from commercial users. This software is carefully disguised as part of a set of complex monitoring scripts. He then silently sells the stolen information to competitors for profit.- Software bugs. After accidentally uploading incriminating data to the cloud, a user quickly submits a deletion request, which completes successfully. Unfortunately, an unknown bug in the cloud software stack causes data deletion actions to fail silently in rare occasions. The incriminating data is left on the cloud and is later found by a cloud provider system administrator.- Low performance. Following a positive media report, a cloud provider increases computing resources to accommodate a growing number of users. A decision is made to expand the nearly bottlenecked storage system with front-end Flash-based storage, which was recommended after in-house testing. However, when the new design is put in production it proves inadequate for the read/write profiles of the cloud applications. The provider struggles with a publicity nightmare, with users quickly moving to other providers.The “nightmare” scenarios above demonstrate the need for secure, verifiable and robust cloud storage; to our knowledge, no existing system fulfills all three requirements simultaneously. Our goal in this proposal is to make cloud storage trustworthy by inventing broadly applicable concepts or primitives, which address similar scenarios to those described above. In particular, we propose to (a) design a secure cloud storage system, which supports both anonymity and confidentiality, ensures long-term cryptographic safety, provides secure and verifiable data deletions and is able to geographically restrict data storage and access; (b) develop unique performance profiling tools that advance the state-of-the-art for cloud profiling, and apply symbolic execution techniques to compare and validate individual components of the cloud storage stack; (c) efficiently integrate emerging storage technologies, such as Flash and PCM, and develop new algorithms to improve data processing on the cloud; (d) devise techniques to predict the performance of queries on the cloud, leading to a predictable, robust system; and (e) create high-level facilities for implementing decentralized and scalable services, and propose novel mechanisms for high availability.We will implement all novel primitives as part of a prototype, hence creating an open trustworthy cloud storage system that simultaneously addresses security, verifiability and robustness. Our prototype will demonstrate the practical feasibility of this work, hopefully encouraging cloud providers to adopt similar concepts in their commercial offerings. This adoption will in turn allow reluctant communities to take advantage of the opportunities created by cloud computing. We expect our work to become influential both in academia and industry, particularly within sectors such as finance and banking, which are an important part of the Swiss industrial sector. More importantly, we expect this project’s results to increase the willingness of the Swiss taxpayer to exploit the growing country’s investment in cloud infrastructures.
-