Over-Encryption in Swift
EncSwift presents the realization of an encryption solution, based on the Over-Encryption technique, in OpenStack Swift.
The tool released by our consortium guarantees the transparent application of encryption to objects stored in the cloud. It also offers an efficient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users.
We explored several alternatives for the architecture, associated with distinct levels of transparency for the applications, and integrated different options for the management of policy updates.
Leveraging the openness and modular architecture of OpenStack Swift, our EncSwift tool provides a convenient approach for flexible data sharing with current cloud technology.
The figure above gives an architectural overview of our EncSwift tool.
According to the Over-Encryption principles, a first layer of encryption (BEL) is applied at the client side in order to enforce the confidentiality of data, and a second layer of encryption (SEL) is applied at the server side in order to protect a resource from unauthorized access attempts by revoked users.
- Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Daniele Guttadoro, Stefano Paraboschi, Marco Rosa, Pierangela Samarati, Alessandro Saullo "Managing Data Sharing in OpenStack Swift with Over-Encryption" in Proc. of the 3rd ACM Workshop on Information Sharing and Collaborative Security (WISCS 2016), Vienna, Austria, October 24, 2016
- Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, Pierangela Samarati "Access Control Management for Secure Cloud Storage" in Proc. of the 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), Guangzhou, China, October 10-12, 2016
- EncSwift software is available at https://github.com/escudocloud/encSwift