Encrypting Analytical Web Applications

Proceedings of the 2016 ACM on Cloud Computing Security Workshop Pub Date : 2016-10-28 DOI:10.1145/2996429.2996438

Benny Fuhry, Walter Tighzert, F. Kerschbaum

{"title":"Encrypting Analytical Web Applications","authors":"Benny Fuhry, Walter Tighzert, F. Kerschbaum","doi":"10.1145/2996429.2996438","DOIUrl":null,"url":null,"abstract":"The software-as-a-service (SaaS) market is growing very fast, but still many clients are concerned about the confidentiality of their data in the cloud. Motivated hackers or malicious insiders could try to steal the clients' data. Encryption is a potential solution, but supporting the necessary functionality also in existing applications is difficult. In this paper, we examine encrypting analytical web applications that perform extensive number processing operations in the database. Existing solutions for encrypting data in web applications poorly support such encryption. We employ a proxy that adjusts the encryption to the level necessary for the client's usage and also supports additively homomorphic encryption. This proxy is deployed at the client and all encryption keys are stored and managed there, while the application is running in the cloud. Our proxy is stateless and we only need to modify the database driver of the application. We evaluate an instantiation of our architecture on an exemplary application. We only slightly increase page load time on average from 3.1 seconds to 4.7. However, roughly 40% of all data columns remain probabilistic encrypted. The client can set the desired security level for each column using our policy mechanism. Hence our proxy architecture offers a solution to increase the confidentiality of the data at the cloud provider at a moderate performance penalty.","PeriodicalId":373063,"journal":{"name":"Proceedings of the 2016 ACM on Cloud Computing Security Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM on Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2996429.2996438","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The software-as-a-service (SaaS) market is growing very fast, but still many clients are concerned about the confidentiality of their data in the cloud. Motivated hackers or malicious insiders could try to steal the clients' data. Encryption is a potential solution, but supporting the necessary functionality also in existing applications is difficult. In this paper, we examine encrypting analytical web applications that perform extensive number processing operations in the database. Existing solutions for encrypting data in web applications poorly support such encryption. We employ a proxy that adjusts the encryption to the level necessary for the client's usage and also supports additively homomorphic encryption. This proxy is deployed at the client and all encryption keys are stored and managed there, while the application is running in the cloud. Our proxy is stateless and we only need to modify the database driver of the application. We evaluate an instantiation of our architecture on an exemplary application. We only slightly increase page load time on average from 3.1 seconds to 4.7. However, roughly 40% of all data columns remain probabilistic encrypted. The client can set the desired security level for each column using our policy mechanism. Hence our proxy architecture offers a solution to increase the confidentiality of the data at the cloud provider at a moderate performance penalty.

查看原文本刊更多论文

加密分析Web应用程序

软件即服务(SaaS)市场正在快速增长，但仍然有许多客户担心云中的数据的机密性。有动机的黑客或恶意的内部人员可能会试图窃取客户的数据。加密是一种潜在的解决方案，但在现有应用程序中也支持必要的功能是困难的。在本文中，我们研究了加密分析web应用程序，这些应用程序在数据库中执行大量的数字处理操作。在web应用程序中加密数据的现有解决方案不支持这种加密。我们使用代理将加密调整到客户端使用所需的级别，并且还支持加法同态加密。该代理部署在客户端，所有加密密钥都存储在那里并进行管理，而应用程序则在云中运行。我们的代理是无状态的，只需要修改应用程序的数据库驱动程序。我们在一个示例应用程序上评估我们架构的实例化。我们只是将页面加载时间从平均3.1秒略微增加到4.7秒。但是，大约40%的数据列仍然是概率加密的。客户端可以使用我们的策略机制为每个列设置所需的安全级别。因此，我们的代理体系结构提供了一种解决方案，以适度的性能损失来增加云提供商的数据机密性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2016 ACM on Cloud Computing Security Workshop

自引率

0.00%

发文量