TY - GEN
T1 - Security in outsourced storage: Efficiently checking integrity and service level agreement compliance
AU - Bragantini, Roberto
AU - Conti, Mauro
AU - Di Pietro, Roberto
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2010/11/23
Y1 - 2010/11/23
N2 - The storage as a service paradigma has recently raised interest in the security community, where a few works have been proposed to check whether an outsourcer has tampered with the integrity of the outsourced data. In this paper, we assume that storage is outsourced in accordance to some integrity enforcing protocol. Under this assumption, we focus on a specific issue; that is, when the outsourcer is requested to provide access to the outsourced data within a given time-bound-for instance, set in a Service Level Agreement (SLA). This paper provides several contributions: first, we identify and motivate the above requirement in the outsourced storage context; second, we show that current integrity enforcing protocols fail in detecting the violation of the time-bound limit against a rationale malicious outsourcer; third, we show how the outsourcer can actively perform such an attack. Results are supported by thorough analysis and extensive simulations. © 2010 IEEE.
AB - The storage as a service paradigma has recently raised interest in the security community, where a few works have been proposed to check whether an outsourcer has tampered with the integrity of the outsourced data. In this paper, we assume that storage is outsourced in accordance to some integrity enforcing protocol. Under this assumption, we focus on a specific issue; that is, when the outsourcer is requested to provide access to the outsourced data within a given time-bound-for instance, set in a Service Level Agreement (SLA). This paper provides several contributions: first, we identify and motivate the above requirement in the outsourced storage context; second, we show that current integrity enforcing protocols fail in detecting the violation of the time-bound limit against a rationale malicious outsourcer; third, we show how the outsourcer can actively perform such an attack. Results are supported by thorough analysis and extensive simulations. © 2010 IEEE.
UR - http://ieeexplore.ieee.org/document/5578563/
UR - http://www.scopus.com/inward/record.url?scp=78449244509&partnerID=8YFLogxK
U2 - 10.1109/CIT.2010.200
DO - 10.1109/CIT.2010.200
M3 - Conference contribution
SN - 9780769541082
SP - 1096
EP - 1101
BT - Proceedings - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, ScalCom-2010
ER -