In this project, we are studying an architecture and concrete security mechanisms that are targeted at the specific problems inherent in cloud environments. Our primary focus is maintaining confidentiality, integrity, source verifiability, and recovery of sensitive information that resides in the cloud, where both the cloud provider and other applications can potentially gain access to cloud resources that are used to host the health services. Specific research thrusts include: 1) the encryption-utility tradeoff in encrypted databases, 2) data fragmentation techniques that build on the distributed storage resources of the cloud while achieving confidentiality, high availability, and excellent performance, 3) redactable digital signatures that maintain data utility while providing data integrity and source verification even when data passes through multiple intermediaries, 4) hybrid plaintext and encryption-based services that build on new protected memory capabilities of cloud virtualization layers, and 5) flexible information flow control techniques for heterogeneous cloud environments.
The architecture and mechanisms we are developing are being prototyped and evaluated on the CERCS 82-node, 784-core Jedi Cluster running OpenStack, which is an open-source cloud infrastructure implementation. End-device solutions are demonstrated on a tablet running open source Android.
The project is being carried out in collaboration with our industry partners, IBM and Microsoft, and is sponsored by the National Science Foundation through Grant IIP-1230740.