Privacy Preserving User Centric Policy Management Framework for
Cloud Computing Environments
Hassan Takabi
University of Pittsburgh
Date and Location: Wednesday, March
13th, 2013, 10:00am - 11:00am @ Stuart Building, Room 113.
Abstract
In order to protect data in cloud computing environments, users must
use diverse access control solutions available for each cloud
service provider (CSP). Consequently, access control policies may be
composed in incompatible ways because of diverse policy languages
that are maintained separately at every CSP. Heterogeneity and
distribution of these policies pose problems in their
administration. Furthermore, although access control mechanisms are
a vital component to protect data from unauthorized users, there are
many cases where the CSPs are not trusted and pose a risk to their
users' privacy.
We introduce a privacy preserving user centric policy management
framework that is designed to give users a unified control point for
managing policies that control access to their data no matter where
the data is stored. It also uses cryptographic mechanisms to prevent
CSPs from accessing the data. Our proposed approach provides two
levels of protection for user's data stored on a CSP. The users'
data is protected from unauthorized users using a CSP-enforced
access control mechanism, while protection from the CSP is achieved
through multiple layers of commutative encryption with the help of a
third-party service provider.
We present lessons we learned from a case study where we implemented
a unified policy management system for various cloud services. Based
on those lessons and motivated by limitations of existing
approaches, we propose a semantic-based policy management framework
that is designed to help cloud users to specify and manage security
policies using semantic web technologies. Then, we describe how to
utilize commutative encryption to preserve privacy of users when
they store their data on untrusted CSPs. Finally, we explain a proof
of concept implementation of the proposed framework to show its
applicability and report results of the experiments we performed to
evaluate performance of the framework.
Biography
Hassan Takabi is a doctoral candidate in the school of Information
Sciences at the University of Pittsburgh where he has been a member
of the Laboratory of Education and Research on Security Assured
Information Systems (LERSAIS) since 2008. Before joining the
University of Pittsburgh, he was with the E-Security Research Centre
at the London South Bank University where he received Overseas
Research Students Awards Scheme (ORSAS) award from UK's Secretary of
State for Education and Science. His research interests include
Cybersecurity and Information Assurance, Security, Privacy, and
Trust Issues in Cloud Computing Environments and Online Social
Networks, Privacy and Web Security, Usable Privacy and Security. He
has published more than 20 papers in peer-reviewed journals and
international conferences, some of which won or been runner up for
Best Paper Awards. Hassan has served as reviewer for several
journals including IEEE Transactions on Information Forensics &
Security, IEEE TDSC, IEEE TKDE, Journal of Computer Security, and
international conferences such as SACMAT, ACSAC, WWW and
CollaborateCom. He also served on organizing committee of IRI 2010,
ACSAC 2012 and ACSAC 2013.