Risk Aware Approach to Data Confidentiality in Cloud Computing

This paper explores the issue of “loss of control” that results when users outsource data and computation to the clouds. While loss of control has multiple manifestations, we focus on the data privacy and confidentiality implications when cloud providers are untrusted. Instead of following the well studied (but still unsolved) path of encrypting data when outsourcing and computing on the encrypted domain, the paper advocates a risk-based approach over a hybrid cloud architecture as a possible solution. Hybrid clouds are a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability. Hybrid clouds offer an opportunity to selectively outsource data and computation based on the level of sensitivity involved. The paper postulates a risk-aware approach to partitioning computation over hybrid clouds that provides an abstraction to address secure cloud data processing in a variety of system and application contexts.