Secure Overlay Cloud Storage with Access Control and Assured Deletion

• Published in: IEEE transactions on dependable and secure computing Vol. 9; no. 6; pp. 903 - 916
• Main Authors: Yang Tang, Lee, P. P. C., Lui, J. C. S., Perlman, R.
• Format: Journal Article
• Language: English
• Published: Washington IEEE 01.11.2012; IEEE Computer Society
• Subjects: Access control; assured deletion; Back up systems; backup/recovery; Backups; Cloud computing; cloud storage; Costs; Cryptography; Data integrity; Deletion; Design engineering; Encryption; Information storage; Outsourcing; Peer to peer computing; Policies; Secure storage; Security; Service introduction; Studies
• ISSN: 1545-5971; 1941-0018
• DOI: 10.1109/TDSC.2012.49

We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and implement FADE, a secure overlay cloud storage system that achieves fine-grained, policy-based access control and file assured deletion. It associates outsourced files with file access policies, and assuredly deletes files to make them unrecoverable to anyone upon revocations of file access policies. To achieve such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of third-party clouds. In particular, FADE acts as an overlay system that works seamlessly atop today's cloud storage services. We implement a proof-of-concept prototype of FADE atop Amazon S3, one of today's cloud storage services. We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today's cloud storage services.