As tremendous amount of data being generated everyday from human activity andfrom devices equipped with sensing capabilities, cloud computing emerges as ascalable and cost-effective platform to store and manage the data. Whilebenefits of cloud computing are numerous, security concerns arising when dataand computation are outsourced to a third party still hinder the completemovement to the cloud. In this paper, we focus on the problem of data privacyon the cloud, particularly on access controls over stream data. The nature ofstream data and the complexity of sharing data make access control a morechallenging issue than in traditional archival databases. We presentStreamforce - a system allowing data owners to securely outsource their data tothe cloud. The owner specifies fine-grained policies which are enforced by thecloud. The latter performs most of the heavy computations, while learningnothing about the data. To this end, we employ a number of encryption schemes,including deterministic encryption, proxy-based attribute based encryption andsliding-window encryption. In Streamforce, access control policies are modeledas secure continuous queries, which entails minimal changes to existing streamprocessing engines, and allows for easy expression of a wide-range of policies.In particular, Streamforce comes with a number of secure query operatorsincluding Map, Filter, Join and Aggregate. Finally, we implement Streamforceover an open source stream processing engine (Esper) and evaluate itsperformance on a cloud platform. The results demonstrate practical performancefor many real-world applications, and although the security overhead isvisible, Streamforce is highly scalable.
展开▼
