University of Konstanz
Graduiertenkolleg / PhD Program
Computer and Information Science

Graduation Talks


Secure Storage on the Cloud


Sebastian Graf, University Konstanz
Konstanz, Germany

date & place

Wednesday, 29.06.2011, 16:15 h
Room C 252


Storing data on the cloud offers a scalable and easy way to handle large amounts of data guaranteeing availability and scalability by the hosting Cloud Service Providers. The price for the gained availability is uncertainness about the integrity and confidentiality of the data. Even if common approaches provide high availability and end-to-end encryption necessary to achieve Availability and Confidentiality as security goals, other security requirements like Integrity and Accountability are neglected. The key-management of those clients for encrypting data to satisfy Confidentiality must furthermore support join-/leave-operations within the client-set. This work presents an architecture for a secure cloud gateway satisfying the common security goals Availability, Confidentiality, Integrity and Accountability. Mapping these security goals, XML as storage base is equipped with recursive integrity checks, encryption and versioning based on the native XML storage Treetank. A Key Manager extends this approach to provide the deployment of multiple clients sharing keys to the storage in a secure way. New key material is pushed to a server instance deployed as Platform-as-a-Service (PaaS) propagating this update to the clients. The server furthermore applies integrity checks on encrypted data within transfer and storage. The proposed architecture thereby enables collaborative work on shared cloud storages within multiple clients ensuring