Secure data and computations in the Cloud : risks and opportunities

Partager sur Facebook Partager sur Twitter Partager par mail
By Mario Südholt, professor in the computer science department of Ecole des Mines de Nantes, head of the ASCOLA team (ASpect and COmposition LAnguages).

The growing influence of Cloud programming changes the digital life of private persons and business relationships in important ways. Consumers notably benefit from simple and cheap access to data storage services that include general services, such as “Dropbox”, but also services specialized in the management of, for example, audio libraries. Moreover, the Cloud largely simplifies data exchanges as part of enterprises business transactions and the mutualization of computational resources from third-party providers (thus lowering the IT expenditures of enterprises). In the long run, the Cloud could initiate new ways of using the Internet that are not based on searching for data of the past but harnessing the real-time immersion of citizens and consumers in continuous information flows – a way of life for which, for example, “Facebook” and current product comparison sites constitute first witnesses.

However, the widespread use of the Cloud is subject to important obstacles, notably the difficult security issues that impact shared computations and privacy issues of foreign data. A whole set of different security issues has to be considered:

- Attacks on private data, such as bank coordinates of consumers or information on new commercial products before their official launch

- Aggregation of private data that, individually considered, can be used freely but that, after aggregation, enable for example the establishment of geographical profiles about individual persons or groups of individuals that use the same services.

- The theft of the identities of individuals or enterprises in order to access  other services and products. It is noteworthy that identity theft can be ephemeral in that, for example, an authorized Facebook session is hijacked by an attacker in order to perform operations on another site using the authorized Facebook identity; to the contrary, the consequences of such an attack can require long and expensive investigations and corrective actions.


Accountability for the Cloud (A4Cloud) : a European project coordinated by Hewlett-Packard, UK


Making secure the computations and data in the Cloud requires the handling of very divers attack scenarios, as well as malicious or simply erroneous uses of services.  Consequently, a combination of different methods and techniques has to be frequently applied, starting with data encryption techniques and the control of access to computations and data.

However, more and more frequently different problems become of foremost importance, notably the traceability of data that is used by different services of a complex application and analyses of how that data is used by a multitude of different service providers. Data has to be used by consuming services in a responsible and transparent manner. Currently, the domain of Cloud computing is characterized by a widespread lack of support for appropriate notions of responsibility and transparency (globally called “service accountability”), in particular, in order to ensure the traceability of data across complex  computations that involve multiple service providers.

The European project “Accountability for the Cloud” (A4Cloud), an integrated project involving 14 partners under the coordination of Hewlett-Packard, UK, targets new corresponding legal and technical notions for future services for consumers and enterprises. The ASCOLA (ASpect and COmposition LAnguages) research team of the computer science department of Mines de Nantes participates in the project in order to develop means for the enforcement of security properties, notably data traceability, within the future Internet infrastructures. (web site to be opened in the near future)


Création site internet : Agence web Images Créations