Using Hybrid Clouds for Secure and Efficient Data Processing
Fueled with the advances in virtualization and high-speed networking, cloud computing has emerged as a dominant computing paradigm. Loss of control over the data due to migration to the cloud poses numerous concerns about data privacy and confidentiality, e.g.,the sensitive data could be misused by the attackers, other tenants or service provider itself. A possible approach to overcome such concerns is to encrypt the data prior to outsourcing it to the cloud and to perform data processing over encrypted data in the cloud. Although the database and cryptography communities have made significant progress on developing systems that allow limited computation over encrypted data, no generic and efficient solution for practical use has emerged yet.
In this thesis, we explore a radically different approach by using hybrid clouds as a vehicle to achieve secure and efficient data processing in the cloud. We explore a design of secure and efficient systems that steers the data and computation through public and private machines in such a way that no (or user-specified amount of) sensitive data is leaked to public machines. For this purpose, we first propose a fully secure and efficient MapReduce framework over hybrid clouds, named as SEMROD. Second, we design a fully secure and efficient execution strategy, called split-strategy, to partition relational data and SQL style queries across a hybrid cloud. Third, we propose a principled conceptual framework, called as Hybridizer,
that adjusts the data and workload that will be outsourced to the public cloud based on maximizing the workload performance while meeting user’s risk and cost constraints. In Hybridizer, our aim is to provide more performance gain by allowing to expose a user- bounded amount of sensitive data to the public cloud (risk).
Overall, our experiments demonstrate outstanding results in terms of performance – that is, organizations can have significant performance gains compared to other secure solutions by using our secure and risk-aware data processing frameworks over their hybrid clouds.