Get Your Head Out of the Clouds: The Illusion of Confidentiality & Privacy

2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2) Pub Date : 2018-11-01 DOI:10.1109/SC2.2018.00015

V. Urias, W. Stout, Caleb Loverro, B. V. Leeuwen

{"title":"Get Your Head Out of the Clouds: The Illusion of Confidentiality & Privacy","authors":"V. Urias, W. Stout, Caleb Loverro, B. V. Leeuwen","doi":"10.1109/SC2.2018.00015","DOIUrl":null,"url":null,"abstract":"The cloud has been leveraged for many applications across different industries. Despite its popularity, the cloud technologies are still immature. The security implications of cloud computing also dominate the research space. Many confidentiality-and integrity-based (C-I) security controls concerning data-at-rest and data-in-transit are focused on encryption. In the world where social-media platforms transparently gather data about user behaviors and user interests, the need for user privacy and data protection is of the utmost importance. However, how can a user know that his data is safe, that her data is secure, that his data's integrity is upheld; to be confident that her communications only reach the intended recipients? We propose: they can't. Many threats have been hypothesized in the shared-service arena, with many solutions formulated to avert those threats; however, we illustrate that many technologies and standards supporting C-I controls may be ineffective, not just against the adversarial actors, but also against trusted entities. Service providers and malicious insiders can intercept and decrypt network-and host-based data without any guest or user knowledge.","PeriodicalId":340244,"journal":{"name":"2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SC2.2018.00015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The cloud has been leveraged for many applications across different industries. Despite its popularity, the cloud technologies are still immature. The security implications of cloud computing also dominate the research space. Many confidentiality-and integrity-based (C-I) security controls concerning data-at-rest and data-in-transit are focused on encryption. In the world where social-media platforms transparently gather data about user behaviors and user interests, the need for user privacy and data protection is of the utmost importance. However, how can a user know that his data is safe, that her data is secure, that his data's integrity is upheld; to be confident that her communications only reach the intended recipients? We propose: they can't. Many threats have been hypothesized in the shared-service arena, with many solutions formulated to avert those threats; however, we illustrate that many technologies and standards supporting C-I controls may be ineffective, not just against the adversarial actors, but also against trusted entities. Service providers and malicious insiders can intercept and decrypt network-and host-based data without any guest or user knowledge.

查看原文本刊更多论文

把你的头从云里拿出来:保密和隐私的错觉

云已经被用于不同行业的许多应用程序。尽管云技术很受欢迎，但它仍然不成熟。云计算的安全含义也主导了研究领域。关于静止数据和传输数据的许多基于机密性和完整性(C-I)的安全控制都侧重于加密。在社交媒体平台透明地收集用户行为和用户兴趣数据的世界中，对用户隐私和数据保护的需求至关重要。然而，用户如何知道他的数据是安全的，她的数据是安全的，他的数据的完整性得到维护;确保她的信息只到达预定的收件人?我们的建议是:他们不能。在共享服务领域，人们假设了许多威胁，并制定了许多解决方案来避免这些威胁;然而，我们说明了许多支持C-I控制的技术和标准可能是无效的，不仅针对敌对行为者，而且针对受信任的实体。服务提供商和恶意的内部人员可以在客户或用户不知情的情况下拦截和解密基于网络和主机的数据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2)

自引率

0.00%

发文量