The exemplary embodiment relates to service platforms and finds particular application in connection with a system and method for providing security to a DaaS platform.
The expansion of Cloud Computing, where computing resources are provided on demand to the user, has allowed providers to offer different services to groups of users. Examples of these include Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and more recently, Data-as-a-Service (DaaS).
A Data-as-a-Service platform provides access to data sets, i.e., databases and files, through a remote access. In such a system, there are one or several data providers, who publish and control the data on the platform, and one or several data consumers, who can query, download and use the data. Like the other “as a service” offerings, DaaS relies on dedicated platforms that do not need to be located near the place where the data is actually used and which are accessed through web services, mashups (web application hybrids), mobile applications, and the like. Such platforms are not typically operated by the owners of the data.
The DaaS solution offers many benefits to data users and providers. For data providers, it brings flexibility and cost effectiveness without the need for upfront investment. Providers do not need to buy and maintain dedicated hardware or software, since a simple subscription service provides all the resources needed, for example, with a service level agreement. The resources are usually made available within a few minutes, depending on the solution provider. The subscription can be stopped at any time, since it is generally a pay-per-use model. For data consumers, the DaaS solution also makes the use of the system much easier by providing a uniform and well-documented API (as it is standardized across all providers) and generally by providing a better quality of service as compared to private servers. Another benefit for both data consumers and providers is often better security and a more standardized configuration over the platform, since public cloud systems are much more visible and susceptible to unauthorized access.
However, there are some disadvantages with DaaS platforms. For example, even though the security aspects have been addressed in part, most DaaS services lack the means to address data privacy and security solutions over the stored data sets. As a result, an attack could result in the disclosure of data and the users' privacy being compromised. This creates a problem of trust. When using a DaaS, the user's data resides on the computer infrastructure of the platform provider. While the provider may implement security measures to provide data privacy, this can come at a cost. One issue is therefore how much privacy is sufficient. The provider may need to consider protection against external attacks and also internal attacks coming for the service provider's employees or others with access to the user's data. Thus, depending on the level of trust that the user has in the platform, there may be a need for demonstrating that the service provider is protecting the data and user's privacy against the service provider itself.
The level of the trust that a user has in a system has an impact on the way that the security architecture of a platform is designed. Currently, computing platforms are classified, in terms of trust, in two ways: trusted and non-trusted. A “trusted system” is a system that is relied upon to a specified extent to enforce a specified security policy. The user, in turn, trusts the service to handle the security aspect properly. A trusted DaaS platform may provide confidentiality and privacy of the data by implementing encryption solutions in which an encryption key resides on and is managed by the platform. This kind of system simplifies the user experience, as the user does not need to handle the complications of key management, encryption mechanisms, and so forth. However, there is still the risk that administrators of the platform, as well as attackers who gain administrator privileges, may be able to access the user's data and decrypt it. A “non-trusted system” is one where the user does not trust the service to handle the data privacy and security properly, and thus the user implements a desired privacy mechanism, e.g., by encrypting the data before it is sent to the system. In this situation, it is up to the user to manage the encryption keys (generation, storage and sharing). While this solution generally provides the best privacy from the user perspective, it is also much more complicated to implement as the users need to have a good security knowledge. Moreover, while are already many DaaS vendors, few of them provide cryptographic solutions to users.
As an example, one cloud solution provider of data storage services, Amazon, offers two solutions for data encryption: Server Side Encryption and Client Side Encryption. In the former, the company handles both the key management and the cryptographic mechanisms (trusted platform), while in the second, it only provides storage for encrypted data, and it is up to the end-user to manage keys and implement cryptographic procedures (non-trusted platform). Another service offered is a Relational Database Service, which provides an SQL storage platform. In this option, data can be stored in plaintext or in ciphered form using Oracle Transparent Data Encryption. The Oracle engine encrypts the entire database files on disk (a trusted platform). However, there is no option for single column encryption. Microsoft is another DaaS solution provider. Its SQL Azure platform does not currently support encryption and decryption of the data at the database level (a non-trusted platform). Another platform provider, CipherCloud, provides access to non-trusted DaaS providers via a cryptographic gateway. The gateway provides the cryptographic mechanisms while the key management is performed locally on the client side. This solution provides some assistance to users in handling the cryptographic complications that clients face in using non-trusted platforms.
The trust that providers of the data have in authorized users is another consideration. There is a risk that data consumers may handle the data in an unauthorized manner, such as by distributing the data publicly. Various solutions have been proposed for watermarking and fingerprinting of databases. In such techniques, database rows are chosen sequentially or are grouped or partitioned. Then, the fingerprint or watermark string is hidden in attributes of those rows where their data type is String, Integer or Date. See, for example, Odeh, et al., “Watermarking relational database systems,” First International Conf. on the Applications of Digital Information and Web Technologies (ICADIWT 2008), pp. 270-274 (August 2008); Hanyurwimfura, et al., “Text format based relational database watermarking for non-numeric data,” Intern'l Conf. on Computer Design and Applications (ICCDA), vol. 4, pp. 312-316 (2010); Zhang, et al., “Relational databases watermarking for textual and numerical data,” Intern'l Conf. on Mechatronic Science, Electric Engineering and Computer (MEC), pp. 1633-1636 (2011). However, adapting such techniques to the DaaS platform automatically is challenging, since the platform is generally composed of various databases with different data type structures.
There remains a need for a system and method which provides users with a level of assurance that their data will not be misused without the complexities of existing systems.