Guy-Bertrand Kamga

End-to-end privacy policy enforcement in cloud infrastructure

Privacy in the cloud is still a strong issue for the large adoption of cloud technologies by enterprises which fear to actually put their sensitive data in the cloud. There is indeed a need to have an efficient access control on the data stored and processed in the cloud infrastructure allowing to support the various business and country-based regulation constraints (e.g., on data location and co-location, data retention duration, data processing, node security level, tracing and audit). In this perspective, this paper presents a novel approach of end-to-end privacy policy enforcement over the cloud infrastructure and based on the sticky policy paradigm (a policy being bound to each sensitive data). In our approach the data protection is performed within the cloud nodes (e.g., within the internal file system of a VM or its attached volume) and is completely transparent for the applications (no need to modify the applications). This paper describes the concept and the proposed end-to-end architecture (from the client to the cloud nodes) as well as an implementation based on the FUSE (Filesystem in Userspace) technology. This implementation is executed on a scenario of data access and transfer control, and is also used to achieve performance evaluations. These evaluations show that, with a reasonable additional computation cost, this approach offers a flexible and transparent way to enforce various privacy constraints within the cloud infrastructure.

Privacy control in the cloud based on multilevel policy enforcement

The cloud computing paradigm is revolutionizing the delivery of information services as it offers several advantages in terms of cost reduction, time-to-market and flexibility. However, such flexibility raises many concerns related to security and privacy which are strong obstacles for the large adoption of the cloud by users who have to delegate too much control to the cloud provider. In this paper, we propose a new privacy control approach notably based on multilevel privacy policies bound to user data and enforced in the cloud at different levels (application and infrastructure). This approach allows the cloud users to control their data stored, processed and moved in the cloud.

Privacy Data Envelope: Concept and implementation

In this paper, we present a privacy control mechanism called PDE (Privacy Data Envelope) allowing users to protect their privacy sensitive content travelling over social and communication networks. Our solution is based on privacy policies expressed by the user and associated with his content. This approach makes use of a decentralized architecture carried out through a PDE feature that has to be added to the existing application access tools like email clients and web browsers. A prototype has been developed to embody the PDE paradigm and to illustrate a scenario where such envelopes cross the boundaries of enterprise social networks and other communications tools. Preliminary performance evaluations were done helping the understanding of the PDE plug-in behaviors and computation overhead.

Privacy Control in Cloud VM File Systems

Cloud Computing offers great benefits such as reduced IT costs and an improved business agility. Nevertheless, enterprises are still hesitant to put their sensitive data in the cloud as they notably fear privacy issues (e.g., violation of country-based regulations regarding the storage location of a sensitive data). In this context, this paper presents the demonstration of a privacy control technology that allows to protect sensitive files stored, processed, and moved in an IaaS cloud. In our approach, the privacy control is performed within the file system of the Virtual Machines (VM) and allows to control the access done by any application to each sensitive file. It notably covers business applications (e.g., provided by the cloud user) and system applications such as FTP (e.g., to prevent the transfer of a sensitive file in a not authorized country). Moreover, our technology allows to generate tamper-proof traces for any action performed on a sensitive file. In the demonstration, we then also show how the cloud user has a full view of the usage of his sensitive files (e.g., number of copies, storage locations, performed actions). Finally, the demonstration shows these different capabilities through a scenario of file access and cross-country transfer in a multi-platform cloud environment.

Control of sensitive traffic in the cloud based on OpenFlow

Security of sensitive data in the cloud is a critical issue as they can easily be transferred between different locations and then violate some constraints such as country-based regulations. There is notably a specific need to control the path followed by the data when they are transferred within the cloud. This paper is then presenting a new approach using OpenFlow and allowing to enforce in the network a Trusted Path compliant with the policy applicable on a sensitive data to transfer. This approach has been implemented within a SDN controller and experimented on a test-bed of physical OpenFlow switches. It is then shown how a sensitive traffic can actually follow a compliant trusted path in the network.

Adaptive notification framework for smart nursing home

This paper presents an adaptive notification framework which allows to optimally deliver and handle multimedia requests and alerts in a nursing home. This framework is operated with various applications (e.g., health alert, medicine reminder, and activity proposition) and has been evaluated with different real end-users (elderly resident and medical staff) in a pilot site. Results of these evaluations are presented and highlight the added value of the framework technology to enhance the quality of life of elderly people as well as the efficiency of the medical staff.

SDN-Based Trusted Path in a Multi-domain Network

The flexibility and dynamicty of the Cloud and SDN-based network infrastructures raise strong issues for sensitive data which can easily be transferred between different locations and then violate some constraints such as country-based regulations. This paper tackles the critical issue related to the path followed by sensitive data transferred in such virtualized environments and which have specific security & regulatory constraints (e.g., avoid some given untrusted domains). We are therefore proposing a new approach aiming to automatically configure in a multi-domain SDN network such a trusted path satisfying the required constraints. This approach relies on a Multi-Domain Trusted Path Application (MD-TPA) based on OpenFlow and deployed upon the SDN controller of each domain. This approach has been implemented within SDN controllers and experimented on a testbed composed of physical OpenFlow switches. It is then shown how such an end-to-end trusted path, compliant with the constraints, can be enforced in a multi-domain SDN network.

SDN-based Trusted Path Control

Security of sensitive data in the network is a key issue in a world where such sensitive data can easily be transferred between different servers and locations (e.g., in networked clouds). In this context, there is a particular need to control the path followed by the data when they move across the cloud (e.g., to avoid crossing -even encrypted- un-trusted nodes or areas). In this paper we proposed therefore a new approach which aims to leverage the programmability offered by the SDN technology in order to enforce a trusted path for the transfer of sensitive data in the network. Given a policy related to the sensitive data (e.g., the data should not cross a given area), our approach allows sending this policy to an extended SDN controller (called Trusted Path Controller) which automatically enforces this policy in the SDN network. Two architectures have been investigated: the Out-of-Band architecture (the policy being sent to the Trusted Path Controller via a Web Service interface) and the In-Band architecture (the policy being sent to the Trusted Path Controller via a dedicated “signaling packet”). These two architectures have been implemented in a SDN controller. Experimentations and evaluations have also been performed on a test-bed of SDN switches which allow showing the feasibility of this approach as well as its performances.