Blough Lab Projects

Distributed Security for Cloud and Beyond

Project Overview

Sensitive services, such as health record repositories, are increasingly being hosted in cloud environments and this trend is expected to accelerate in the future. Due to the highly sensitive nature of cloud-resident information such as health records, financial data, etc., security is becoming a preeminent issue for cloud services. In addition, sensitive data from the cloud is increasingly downloaded to a wide variety of end devices and security controls must extend to cover these scenarios as well.

In this project, we are studying an architecture and concrete security mechanisms that are targeted at the specific problems inherent in cloud environments. Our primary focus is maintaining confidentiality, integrity, source verifiability, and recovery of sensitive information that resides in the cloud, where both the cloud provider and other applications can potentially gain access to cloud resources that are used to host the health services. Specific research thrusts include: 1) the encryption-utility tradeoff in encrypted databases, 2) data fragmentation techniques that build on the distributed storage resources of the cloud while achieving confidentiality, high availability, and excellent performance, 3) redactable digital signatures that maintain data utility while providing data integrity and source verification even when data passes through multiple intermediaries, 4) hybrid plaintext and encryption-based services that build on new protected memory capabilities of cloud virtualization layers, and 5) flexible information flow control techniques for heterogeneous cloud environments.

The architecture and mechanisms we are developing are being prototyped and evaluated on the CERCS 82-node, 784-core Jedi Cluster running OpenStack, which is an open-source cloud infrastructure implementation. End-device solutions are demonstrated on a tablet running open source Android.

The project is being carried out in collaboration with our industry partners, IBM and Microsoft, and is sponsored by the National Science Foundation through Grant IIP-1230740.


Georgia Tech



Research Artifacts

Back to Advanced Networking Lab's Main Page