Designing novel end-to-end security solutions for scenarios with conflicting functional and security requirements
- Supporting data reduction: enabling cloud providers to perform data reduction (e.g., deduplication and compression) without compromising the confidentiality of outsourced data.
- Enabling secure data processing: focusing on new techniques that enable the processing of encrypted data in an efficient and privacy-preserving manner, guaranteeing efficient data processing that scales with large amounts of outsourced data.
- Enhancing data availability and integrity : ensuring the availability and the integrity of outsourced data against misbehaving cloud providers, allowing users to verify that, relying only on low capacity devices such as smart-phones. This entails that the verification process performed by the end-user should not be greedy in terms of either bandwidth or computation.
- Ensuring user isolation in multi-tenant systems : identifying platform and operating system primitives that provide strong isolation guarantees to individual user’s workloads, and integrate these solutions into current and future infrastructures such that it only minimally impacts their performance and efficiency.
Implementing a unified framework to support the orchestration of the security mechanisms in different scenarios.
- Once different security mechanisms have been designed, our ultimate goal would be to produce a realistic system where various features will work in a holistic manner.
- The integration of the newly proposed features as part of a unique architecture requires a delicate design of the various system components in order to prevent any possible incompatibilities that might arise between them.
By devising and evaluating such primitives, and the framework to orchestrate them we will foster the concepts of "security and privacy by design", which in turn will provide strong incentives for small and medium businesses to securely store and process their outsourced data in the cloud.