| In the past decade, cloud computing service has become very popular and been widely studied and used in both academia and industry. The advantages of cloud computing model are obvious: high computation power, low cost of service, and ease of deployment and maintenance. Typically, customers upload data and/or application programs to cloud service platforms. However, as cloud service platforms are usually public and open to all customers, private data on the cloud faces severe security challenges in the process of computation, storage and communication. Data breach can cause significant and irreversible losses to individuals and organizations. As a result, cloud data security has become an increasingly important and attractive topic for cloud service customers, system architects, software developers, and researchers.;This dissertation presents an approach to analyze and transform Java programs to operate over encrypted data. The approach makes use of partially homomorphic encryption and a trusted client. We propose two systems, JCrypt and SecureMR, which use different analysis techniques and target different applications.;JCrypt is capable of analyzing arbitrary Java programs and minimizes computation over encrypted data. It performs two stages of analysis on Java programs to minimize the encrypted computing and identify encryption schemes for sensitive data. The static analysis techniques in JCrypt include a type-based information flow analysis and an "Available Expressions'' data-flow analysis.;SecureMR targets the widely used MapReduce models and makes use of Reaching definitions analysis. The analysis result is used to infer the encryption scheme for each column of data and the optimal placement of conversions. SecureMR also comprises a cost model to further optimize the program partitioning. The experimental evaluation on a set of complex computation-intensive MapReduce benchmarks demonstrate the transformed MapReduce programs can execute efficiently and effectively with reasonable overhead. |
