Emad Heydari Beni, B. Lagaisse, W. Joosen, A. Aly, Michael Brackx
{"title":"DataBlinder","authors":"Emad Heydari Beni, B. Lagaisse, W. Joosen, A. Aly, Michael Brackx","doi":"10.1145/3366626.3368132","DOIUrl":null,"url":null,"abstract":"Business application owners want to outsource data storage, including sensitive data, to the public cloud for economical reasons. This is often challenging since these businesses are and remain responsible for regulatory compliance and data protection, even though cloud providers may do their best to offer (data) protection. Meanwhile, data protection techniques evolve and get better because of continuous research and improvement of advanced encryption. Numerous cryptographic tactics have been proposed, e.g., searchable symmetric encryption (SSE) and homomorphic encryption (HE), that support search and aggregation functions on encrypted data. Each of these tactics has a trade-off between security, performance and functionality, but there is no one-size-fits-all solution. For the application developer, the underpinning concepts of these tactics are complex to comprehend, complex to integrate in a distributed application, and prone to implementation mistakes. In this paper we present DataBlinder, a distributed data access middleware that provides crypto agility by means of configurable fine-grained data protection at the application level. DataBlinder supports adaptive runtime selection of data protection tactics, and offers a plugin architecture for such tactics based on a key abstraction model for protection level, performance and supported query functionality. We have developed this middleware in close collaboration with businesses that face these challenges and offer cloud-based applications in e-finance, and e-health, by implementing and integrating state-of-the-art cryptographic schemes to DataBlinder. This paper illustrates the case of medical data protection with FHIR-compliant [30] medical data.","PeriodicalId":120474,"journal":{"name":"Proceedings of the 20th International Middleware Conference Industrial Track","volume":"50 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"DataBlinder\",\"authors\":\"Emad Heydari Beni, B. Lagaisse, W. Joosen, A. Aly, Michael Brackx\",\"doi\":\"10.1145/3366626.3368132\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Business application owners want to outsource data storage, including sensitive data, to the public cloud for economical reasons. This is often challenging since these businesses are and remain responsible for regulatory compliance and data protection, even though cloud providers may do their best to offer (data) protection. Meanwhile, data protection techniques evolve and get better because of continuous research and improvement of advanced encryption. Numerous cryptographic tactics have been proposed, e.g., searchable symmetric encryption (SSE) and homomorphic encryption (HE), that support search and aggregation functions on encrypted data. Each of these tactics has a trade-off between security, performance and functionality, but there is no one-size-fits-all solution. For the application developer, the underpinning concepts of these tactics are complex to comprehend, complex to integrate in a distributed application, and prone to implementation mistakes. In this paper we present DataBlinder, a distributed data access middleware that provides crypto agility by means of configurable fine-grained data protection at the application level. DataBlinder supports adaptive runtime selection of data protection tactics, and offers a plugin architecture for such tactics based on a key abstraction model for protection level, performance and supported query functionality. We have developed this middleware in close collaboration with businesses that face these challenges and offer cloud-based applications in e-finance, and e-health, by implementing and integrating state-of-the-art cryptographic schemes to DataBlinder. This paper illustrates the case of medical data protection with FHIR-compliant [30] medical data.\",\"PeriodicalId\":120474,\"journal\":{\"name\":\"Proceedings of the 20th International Middleware Conference Industrial Track\",\"volume\":\"50 1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 20th International Middleware Conference Industrial Track\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3366626.3368132\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 20th International Middleware Conference Industrial Track","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3366626.3368132","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Business application owners want to outsource data storage, including sensitive data, to the public cloud for economical reasons. This is often challenging since these businesses are and remain responsible for regulatory compliance and data protection, even though cloud providers may do their best to offer (data) protection. Meanwhile, data protection techniques evolve and get better because of continuous research and improvement of advanced encryption. Numerous cryptographic tactics have been proposed, e.g., searchable symmetric encryption (SSE) and homomorphic encryption (HE), that support search and aggregation functions on encrypted data. Each of these tactics has a trade-off between security, performance and functionality, but there is no one-size-fits-all solution. For the application developer, the underpinning concepts of these tactics are complex to comprehend, complex to integrate in a distributed application, and prone to implementation mistakes. In this paper we present DataBlinder, a distributed data access middleware that provides crypto agility by means of configurable fine-grained data protection at the application level. DataBlinder supports adaptive runtime selection of data protection tactics, and offers a plugin architecture for such tactics based on a key abstraction model for protection level, performance and supported query functionality. We have developed this middleware in close collaboration with businesses that face these challenges and offer cloud-based applications in e-finance, and e-health, by implementing and integrating state-of-the-art cryptographic schemes to DataBlinder. This paper illustrates the case of medical data protection with FHIR-compliant [30] medical data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
