Mechanism for Secure Content Publishing for Reporting Platform Hosted on Public Could Infrastructure

摘要

Cloud computing works on various service models like SaaS, PaaS, IaaS. The enterprises can outsource data and computation to cloud and benefit from cloud computing unique attributes. This paradigm also brings forth many challenges for data security and access control. A reporting platform is software which allows users to access content within it. The content hosted on reporting platform is developed by content publishers who are worried about intellectual property rights and content protection. The content contains data configuration information as well as database access query (sql-query) that needs to be run against a database. Upon request from user, the reporting platform connects to a database and executes the content and returns the transformed output. Later the outcome is formatted to user understandable format and delivered to user. When the reporting platform is deployed on public cloud environment one needs to provide stringent security for data in rest and in motion. The different entities accessing the content may reside in an untrusted domain and some of the parties (viz. database provider) may reside in a different enterprise cloud and needs to be accessed while serving the user request. In this work, we propose a generic scheme to enable content protection and fine-grained access control of the published data and protecting the data even from cloud providers. One unique problem for which we provide a solution is that the data confidentiality is ensured even when some computation is required on the content in cloud environment.