end to end privacy policy enforcement in cloud infrastructure n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
End-to-End Privacy Policy Enforcement in Cloud Infrastructure PowerPoint Presentation
Download Presentation
End-to-End Privacy Policy Enforcement in Cloud Infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 19

End-to-End Privacy Policy Enforcement in Cloud Infrastructure - PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on

End-to-End Privacy Policy Enforcement in Cloud Infrastructure. S. Betgé-Brezetz, M.P. Dupont, G.B. Kamga, A. Guesmi Alcatel-Lucent Bell Labs, France IEEE CloudNet, San Francisco, November 11 th , 2013. Privacy & Data Protection in the Cloud Business & regulation context (1/2).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'End-to-End Privacy Policy Enforcement in Cloud Infrastructure' - mirabelle-nicolas


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
end to end privacy policy enforcement in cloud infrastructure
End-to-End Privacy Policy Enforcement in Cloud Infrastructure

S. Betgé-Brezetz, M.P. Dupont, G.B. Kamga, A. Guesmi

Alcatel-Lucent Bell Labs, France

IEEE CloudNet, San Francisco, November 11th, 2013

privacy data protection in the cloud business regulation context 1 2
Privacy & Data Protection in the CloudBusiness & regulation context (1/2)

Enterprises are moving in the cloud their data & applications (even for a time-bound project)

Various data sensitivities (eg HR, eHealth data), applications (eg business, communication) and policies (regulation, enterprise, end-user)

Key issue: End-to-end protection of sensitive data stored, processed and moving in the cloud

Who has accessed to my data? From where? How many times?

I control the access to my data.

I know where my data are.

Where are located my data?

Applications

Policy

Data

Cloud-based Enterprise IT

(incl. Private & Public cloud)

Data, apps & policy are controlled by my IT staff.

Traditional Enterprise IT

(on-premise based)

How many pieces of a given data exist in the cloud?

Keep privacy & confidentiality of the sensitive data in the cloud

all along their lifecycle (creation, processing, transfer, deletion)

privacy data protection in the cloud business regulation context 2 2
Privacy & Data Protection in the CloudbusineSs & Regulation context (2/2)

Enterprise (as a Cloud User) is responsible for the right application of the privacy/data protection policies on their customer data (eg, see* for the European regulation context)

 The Cloud Service Provider (CSP) has to provide the adequate protection features so that the Cloud User can appropriately set the privacy policies for each of his sensitive data

These privacy settings have to be specified in the SLA agreed between the CU and the CSP

 The CSP has to enforce the SLA and provide evidences of the SLA fulfillment

Applicable policies

2

Privacy-related

metadata

Cloud privacy

settings

Cloud

Infrastructure

(Computingnode, Storage, Network)

Cloud

Management

(e.g., Orchestration, Monitoring)

Compliance Analysis

Cloud Privacy Settings

Data

1

3

SLA

Cloud User

(Data Controller)

Cloud Service Provider

(Data Processor)

Data protection : a mandatory requirement for the CSP

*Article 29 Data Protection Working Party, “Opinion 05/2012 on cloud computing”, WP 196, Brussels, July 2012

privacy data protection in the cloud key requirements
Privacy & Data Protection in the CloudKey requirements
  • Data storage
    • Data location
    • Data access control per application/per user
    • Data retention and deletion
    • Data usage tracing
    • Data breach notification
    • etc.
  • Data processing (in Virtual Machines)
    • VM location and co-location constraints
    • VM isolation
    • VM security level
    • etc.

This Data Protection should be handled end-to-end

(from the Cloud User through all the cloud nodes/VMs of the CSP)

privacy data protection in the cloud related work
Privacy & Data Protection in the CloudRelated Work

Data obfuscation before sending to the cloud

  • Prevent the CSP to access the plain data
    • Encryption [Diallo 2012, HekaFS], Data Shredding [Rabin 1989]
  • Enable some processing on encrypted data:
    • Homomorphic encryption [Gentry 2009]
  • Adapted for storage service, but not for benefiting from the cloud computation capabilities
  • Not flexible access control
  • Sticky policy approaches:
    • Using consent & revocation module [Casassa 2012]
    • Scalable authorization infrastructure with conflict resolution capabilities [Chadwick 2012]
  • Proprietary solution: Rights Management System (RMS) [Microsoft]
  • Infrastructure-related constraints not enforced
  • Not transparent to the application (application upgrade or applicative plug-in needed)

Privacy policy enforcement

privacy data protection in the cloud our approach end to end data protection
Privacy & Data Protection in the Cloud Our approach: end-to-end data protection

Cloud Provider Services

Cloud User Applications

CustomerSite

Cloud Infrastructure Level

Data Protection Module

PDE

( Privacy Data Envelope)

Plain text data

Privacy policies

Encryption

Client Data Protection Module

Policy

Data

Data usage historic

  • End-to-end policy enforcement from the client device to the cloud infrastructure
  • Controls are governed by the data itself (PDE: sticky policy based approach)
  • In-depth and fine-grained access control within the cloud (based on user ID and location, data location, action purpose, etc.) and transparent to the applications
  • Overall data access tracking in order to build a comprehensive data usage dashboard
privacy data protection in the cloud implementation file data protection module
Privacy& Data Protection in the Cloud Implementation: File data protection MODULE
  • Illustration in the case of VM File System: File Data Protection Module (FDPM)
    • Use FUSE* (Linux standard) for intercepting all File System calls done to the files stored in a protected directory (/protected_dir)
    • Enforce the privacy policies for each action done on a protected file
      • “Replace” the POSIX ACL (eg, “ugo+rw”) by the policy attached to the file

Cloud Compute Node

Virtual Machine (VM)

File Data Protection Module (FDPM)

Trace Manager

User Context Manager

Customer Device

System

Applications

User

Applications

Data Access Manager

Policy

Checking

Client Data Protection Module

(CDPM)

FUSE-J based FS Wrapper

FS requests / responses

Linux Ubuntu

FUSE Kernel

Module

/Backend _Dir

file.pde

/Protected _dir

* File system in user space

privacy data protection in the cloud fdpm prototype characteristics
Privacy & Data Protection in the Cloud FDPM Prototype characteristics
  • Virtual Machines
    • Linux Ubuntu 12.04
    • Deployed on Cloud Platforms in France and in the US
  • File system wrapper
    • FUSE version 2.8
    • FUSE-J (JNI Java/C binding)
  • Policy checking
  • Java SunXacml (XACML 2.0)
  • Data access management: file & policy hybrid encryption
    • Blowfish (FEK/File Encryption Key, PEK/Policy Encryption Key)
    • GPG (PEK and FEK encryption)
privacy data protection in the cloud scenario 1 7 setup
Privacy & Data Protection in the Cloudscenario (1/7): setup

MarcDurand.xml

Client Data

Protection

Module

1

Policy.xml

Client laptop

Nozay-Vx (FR)

2

sftp

US

France

Cloud Compute Node

Cloud Compute Node

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

ALU Bell LabsAxP Cloud

Emulated Other Country

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

5

OS

OS

7

8

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud scenario 2 7 data policy
Privacy & Data Protection in the Cloudscenario (2/7): data & policy

First Name: Marc

Name: Durand

Citizenship: French

Address: 10 rue de la Paix, Paris, France

Phone: 01 40 56 37 32

Purchase history & customer profile: …

Location history & geo-profile: ...

Call history & social profile: ...

MarcDurand.xml

Client Data

Protection

Module

1

Policy.xml

Client laptop

Nozay-Vx (FR)

2

sftp

US

France

Cloud Compute Node

Cloud Compute Node

  • The profile shall only be stored in a protected VM (i.e., in the protected_dir of a VM equipped with the FDPM).
  • The profile shall only be stored in France or in the US.
  • This profile shall be accessed/processed by Application_A (e.g., content recommendation application) but not by the Application_B (e.g., targeted advertising application).

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

ALU Bell LabsAxP Cloud

Emulated Other Country

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

5

OS

OS

7

8

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud scenario 3 7 protected file generation
Privacy & Data Protection in the Cloudscenario (3/7): protected file generation

MarcDurand.xml

Client Data

Protection

Module

1

MarcDurand.pde

Policy.xml

Client laptop

Nozay-Vx (FR)

2

sftp

Generation of the protected file (MarcDurand.pde)

US

France

Cloud Compute Node

Cloud Compute Node

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

ALU Bell LabsAxP Cloud

Emulated Other Country

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

5

OS

OS

7

8

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud scenario 4 7 upload in the cloud
Privacy & Data Protection in the Cloudscenario (4/7): upload in the cloud

Transfer of MarcDurand.pde in VM-FR

MarcDurand.xml

Client Data

Protection

Module

1

MarcDurand.pde

Policy.xml

Client laptop

Nozay-Vx (FR)

VM-FR with MarcDurand.pde file stored in the directory /protected_dir

2

sftp

US

France

Cloud Compute Node

Cloud Compute Node

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

ALU Bell LabsAxP Cloud

Emulated Other Country

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

5

OS

OS

MarcDurand.pde

7

8

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud scenario 5 7 access from appli a b controlled by policy
Privacy & Data Protection in the Cloudscenario (5/7): ACCESS from AppLI A & B controLled by polIcy

MarcDurand.xml

Client Data

Protection

Module

1

MarcDurand.pde

Policy.xml

Client laptop

Nozay-Vx (FR)

2

sftp

US

France

Cloud Compute Node

Cloud Compute Node

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

ALU Bell LabsAxP Cloud

Emulated Other Country

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

5

OS

OS

MarcDurand.pde

Appli_A is authorized to read the file MarcDurand.pde

Appli_B is not authorized to read the file MarcDurand.pde

7

8

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud scenario 6 7 file transfer controlled by policy
Privacy & Data Protection in the Cloudscenario (6/7): file transfer controlled by policy

MarcDurand.xml

Client Data

Protection

Module

1

MarcDurand.pde

Policy.xml

Client laptop

Nozay-Vx (FR)

2

VM-US-1 after authorized sftp transfer of MarcDurand.pde (100% transferred, policy ok)

sftp

US

France

Cloud Compute Node

Cloud Compute Node

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

MarcDurand.pde

ALU Bell LabsAxP Cloud

Emulated Other Country

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

5

OS

OS

MarcDurand.pde

7

8

VM-Other after unauthorized sftp transfer of MarcDurand.pde (0% transferred, policy not ok)

VM-US-2 after unauthorized sftp transfer of MarcDurand.pde (0% transferred, policy not ok)

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud scenario 7 7 generated traces
Privacy & Data Protection in the Cloud scenario (7/7): generated traces

MarcDurand.xml

Client Data

Protection

Module

1

MarcDurand.pde

Policy.xml

Client laptop

Nozay-Vx (FR)

2

sftp

Generated traces

US

Europe

Cloud Compute Node

Cloud Compute Node

VM-US-1

VM-FR

ALU

CLOUDBAND

Naperville (US)

ALU

CLOUDBAND

Naperville (US)

3

FDPM

Application_A

Application_A

FDPM

6

sftp

4

Application_B

Application_B

ALU Bell LabsAxP Cloud

Nozay-Vx (FR)

ALU Bell LabsAxP Cloud

Emulated Other Country

5

OS

OS

MarcDurand.pde

MarcDurand.pde

7

8

sftp

sftp

Other

country

US

Cloud Compute Node

Cloud Compute Node

VM-US-2

VM-Other

FDPM

Application_A

Application_A

Application_B

Application_B

OS

OS

privacy data protection in the cloud performance evaluation
Privacy & Data Protection in the CloudPerformance Evaluation

Computation time split

(500 Kb PDE file, file read access control)

Performance of the FDPM modules according to the PDE file size

Total computation time = 220 ms

(compared to 60 ms for a plaintext file)

conclusion perspectives
Conclusion & perspectives
  • Support of various types of policies encompassing storage and computing (VM, file system)
  • End-to-end monitoring of data allowing to build a comprehensive data usage dashboard (enabling security & privacy audits)
  • Solution fully transparent for the applications (no need to modify the applications)
  • Use of Secure Elements (eg SD card, smart card) embedded in the cloud nodes in order to further enforce security
    • Support of the European SEED4C research project (www.celticplus-seed4c.org)
  • Enforce privacy constraints on the network path notably by relying on SDN technologies
    • E.g., data transferred between VMs should not cross some given unauthorized areas

Conclusion: end-to–end & in-depth protection of sensitive data

Some perspectives