Versioning, integrity and access control for collaborative applications over hosted data
Date of Issue2017-11-23
School of Computer Science and Engineering
The objective of this thesis is to design a suite of techniques to facilitate the storage and manipulation of mutable content over untrusted storage (cloud/hosted) services in a more secure and efficient manner. We consider the storage service to be untrusted either because they are typically administered by a third party (as with data outsourcing); or because, even if administered by the data owner, the Byzantine behavior of the storage service due to faults, bugs or attacks cannot be discounted. The security of stored data is a widely acknowledged concern. This thesis primarily focuses on the classic CIA security triad - Confidentiality, Integrity, and Availability. A critical sore point with security mechanisms is their associated overheads, and an important challenge in addition to the functional correctness of the security mechanisms is their efficiency. Thus, this thesis explores data structures and algorithms which enable efficient yet secure primitives for outsourcing of data storage, while supporting mutable and versioned content (as opposed to just static or append-only data). This can ensure that feature-rich applications, such as collaborative and social applications, can be realized by leveraging on the proposed security techniques. We focus first on the integrity of data, which can then be readily used to also ascertain availability; second, we present techniques which incorporate elements of confidentiality; and finally, we focus on the consistency of the data shared among collaborators. For the purposes of this thesis, it is assumed that the collaborators are trusted. In reality, determining who to trust and provide access to a given set of data can be a challenging problem; however this is beyond the scope of the presented work.