CloudFence: Data Flow Tracking as a Cloud Service [chapter]

Vasilis Pappas, Vasileios P. Kemerlis, Angeliki Zavou, Michalis Polychronakis, Angelos D. Keromytis
2013 Lecture Notes in Computer Science  
The risk of unauthorized private data access is among the primary concerns for users of cloud-based services. For the common setting in which the infrastructure provider and the service provider are different, users have to trust their data to both parties, although they interact solely with the latter. In this paper we propose CloudFence, a framework for cloud hosting environments that provides transparent, fine-grained data tracking capabilities to both service providers, as well as their
more » ... s. CloudFence allows users to independently audit the treatment of their data by third-party services, through the intervention of the infrastructure provider that hosts these services. CloudFence also enables service providers to confine the use of sensitive data in well-defined domains, offering additional protection against inadvertent information leakage and unauthorized access. The results of our evaluation demonstrate the ease of incorporating Cloud-Fence on existing real-world applications, its effectiveness in preventing a wide range of security breaches, and its modest performance overhead on real settings.
doi:10.1007/978-3-642-41284-4_21 fatcat:ndclb2pbnnenha4vcktyddkwb4