Cloud computing offers many benefits to users, including increased availability and flexibility of resources, and efficiency of equipment. However, privacy concerns are becoming a major barrier to users transitioning to cloud computing. The privilege design of existing cloud platforms creates great challenges in ensuring the trustworthiness of cloud by granting too much power to the cloud administrators, who could launch serious insider attacks by abusing the administrative privileges. This project uses a well-understood philosophy, separation-of-privilege, in the architectural design of a cloud platform. The architectural design and the strong homomorphic cryptographic approach protect data privacy in cloud environments from different angles. This project develops an innovative privacy-driven architectural design, with one focus on the privilege-level design of each software component of a cloud platform, and another on defending insider attacks. This project investigates new mechanisms to de-privilege the cloud administrator and enable more fine grained access control among the software components of a cloud platform. More specifically, the new mechanisms enable agile configuration of the platform; user-configurable privacy protection; and strong isolation in the user space. The techniques developed under this project are immensely important as users place more of their data into the cloud and rely upon cloud providers to keep that data private.
TWC: Small: Collaborative: Towards Agile and Privacy-Preserving Cloud Computing