| As cloud technology matures and trendsetters like Google, Amazon, Microsoft, Apple, and VMware have become the top-tier cloud services players, public cloud services have turned mainstream for individual users. Many companies and even governments are also adopting cloud services as a solution to reduce costs and improve the quality of their services. However, despite the appealing benets of cloud technologies, inherent in the concept of cloud computing are also the risks associated with entrusting condential and sensitive data to third parties, especially in the case of security-sensitive operations, i.e., banking, medical services. Therefore, it comes as no surprise that the most-often cited barriers against cloud computing are cloud users' lack of trust regarding data condentiality as well as the risk of unauthorized exposure and manipulation of sensitive user data within the cloud, since such incidents cause catastrophic damages to the business interests of an organization, as well as affect the privacy individuals are entitled to.;Most cloud providers and service providers (e.g., Amazon, Google, Dropbox etc.) do take security precautions for protecting users' data and use service level agreements (SLAs) as a means to promise, among other features, availability, reliability and compliance with privacy standards (e.g., HIPPA, PCI-DCS, FISMA etc.). But very limited tools are currently available to cloud users to evaluate their effectiveness and incidents abound that fuel scepticism and distrust towards cloud computing. The many examples of security breaches in major cloud services, that reach the press from time to time, show that despite SLAs and good intentions from the providers' side, protection against data leakage remains a challenging task that needs to be addressed carefully to take full advantage of the cloud computing potential. In this setting, and in lack of a better alternative, other than not using cloud services at all, cloud users have to blindly trust the fate of their data to the best eftorts of service providers to achieve the promised security guarantees.;This dissertation aims to address security issues and concerns that aftect cloud-hosted web services, whose providers do not have malicious intentions but which may be composed by buggy or misconfigured software, vulnerable to attacks and accidental data leaks. My approach was inspired by the observation that cloud users' security concerns could be alleviated if the SLAs between cloud services' providers and their users could be veriable, at least to some extent. More specically, since the verication of adherence to security constraints within cloud services is a very challenging and formidable task, users would benefit if they were offered the tools to monitor the high-level service behavior and at least promptly discover when the security measures are failing. Another important premise of our approach is that cloud providers and service providers faced with the requirement to satisfy customer security concerns, have the incentive to both make real investments in improving the security of their portion of the technology stack as well as incorporate the proposed techniques to their services. It is in their best interest to provide best security practises to maintain reputation as their business depends on this.;In this work, I propose a set of techniques that can be used as the basis for alleviating cloud customers' privacy concerns and elevating their condence in using the cloud for security-sensitive operations as well as trusting it with their sensitive data. The main goal is to provide cloud customers' with a reliable mechanism that will cover the entire path of tracking their sensitive data, while they are collected and used by cloud-hosted services, to the presentation of the tracking results to the respective data owners. In particular, my design accomplishes this goal by retrofitting legacy applications with data flow tracking techniques and providing the cloud customers with comprehensive information flow auditing capabilities. For this purpose, we created CloudFence, a cloud-wide fine-grained data flow tracking (DFT) framework, that allows service providers to monitor and log the use of sensitive data in well-defined domains, offering additional protection against inadvertent leaks and unauthorized access. To achieve cloud-wide data tracking for legacy application without demanding emulation we built TaintExchange, a generic cross-process and cross-host DFT system, which was incorporated in the CloudFence framework. Besides cloud wide information flow tracking for the service providers, we also built Cloudopsy, a service that allows users to independently audit and get a better understanding of the treatment of their cloud-resident private data by the third-party cloud-resident services, through the intervention of the cloud infrastructure provider that hosts these services. While Cloudopsy is targeted mostly towards end users, it provides also the online service providers with an additional layer of protection against illegitimate data flows, e.g., inadvertent data leaks, through a graphical more meaningful representation of the overall service dependencies and the relationships with third-parties outside the cloud premises, as they derive from the CloudFence-generated audit logs. Experimental results are presented to support the effectiveness of these techniques. The results of my evaluation demonstrate the ease of incorporating these techniques on existing real-world applications, their effectiveness in preventing a wide range of security breaches, and their performance impact on real settings. |
