PhD. Comprehensive Exam "Privacy Preserving in Multi-Cloud " By: Reem Al-Saidi

Wednesday, August 9, 2023 - 12:00 to 14:30

The School of Computer Science would like to present…

Privacy Preserving in Multi-Cloud

PhD. Comprehensive Exam by: Reem Al-Saidi

Date: Wednesday, August 9th, 2023

Time: 12:00 pm-2:30 PM

Location: Essex Hall Room 122

Abstract:

Many organizations have increasingly realized the benefit of Multi-Cloud adoption, which includes increasing scalability, flexibility, and better resource provisioning. In particular, they deploy Multi-Cloud in various application areas. However, there are a number of challenges with this practice. For example, maintaining cloud interoperability while preserving users' privacy and data security features several obstacles. First, without the users' consent, their data can be stored in other CSPs with different access rules and data processing requirements. Second, it becomes difficult to guarantee that data is effectively protected through its entire life cycle, including creation, storage, processing, transfer, and deletion. Third, different CSPs may have other security policies, methods, and data processing procedures. Multi-Cloud facilitates seamless data exchange and sharing across different cloud providers, but it also raises privacy users' concerns, including user authentication, data access, and sharing processes. Unauthorized and unrestricted access could likewise expose users' sensitive attributes, thereby compromising their privacy and data confidentiality. Moreover, unrestricted data access beyond the intended purpose increases privacy risks and the potential for data misuse and sensitive attribute disclosure. Considering the privacy and security issues across various Multi-Cloud types through different applications, it is vital to reduce the risk for sensitive attribute disclosure and highlight the possibilities of vulnerabilities.

From the state of the art, it is important to discuss the necessity of Multi-Cloud over cloud computing to enable cloud interoperability, along with the challenges that are encountered during its deployment, mainly security and privacy as a top priority. In addition, different types of Multi-Cloud have evolved, mainly federated and cross-federated clouds. Each has its own privacy and security requirements and challenges. Most of these types add a new privacy level specifically for the users. They carry out different operations, such as access, query, and search. During various operations, their identities and sensitive attributes are posed to threats in a distributed open Multi-Cloud environment. Thus, preserving their data, identities, and sensitive

attributes is a critical concern. Various malicious entities can also monitor users’ behaviour and their access patterns to derive sensitive information about users and their attributes, which compromises their privacy.
Preserving user privacy, including data and sensitive attributes, is a significant concern while deploying Multi-Cloud. Therefore, it is vital to discuss the privacy term, its types, requirements, and metrics. Moreover, the different approaches used for preserving user privacy must be addressed from the state of the art, including their drawbacks and the potential for future improvement for more reliable and resilient techniques. Recent work, along with the implementation and research project, demonstrates that no particular approach or standard can address the privacy and security concerns of all cases. Rather, it depends on the context and privacy requirements in a specific application domain.
The major two areas that deploy Multi-Cloud are Genomics and Web domains. Genomic benefit from the federated cloud and web realizes the use of the cross-federated cloud to deploy the Single Sign-On (SSO). With regard to Genomics, it is critical to address different attack target user attributes and sensitive data—the necessity for the privacy-preserving technique that best fits the sensitivity nature of DNA. The open directions will be stated in this domain. For the SSO, there are different protocols that are deployed, including SAML and OpenID connect. The authentication and access tokens include sensitive information that could pose different attacks which threaten user identities and attributes. Moreover, most SSO protocols have some implementation flows and vulnerabilities. Thus, it is important to demonstrate the current practice of handling privacy in SSO protocols and highlight future directions.
In conclusion, the success of Multi-Cloud adoption toward building trustworthy environments is primarily driven by cloud user privacy and data security. The Multi-Clouds have no generalization for specific security and privacy-preserving approaches. Such techniques are primarily based on a particular context and the entities involved under a specific Multi-Cloud type and application. Enhancing the current cryptographic privacy-preserving techniques to adapt to the new level of Multi-Cloud evolution is necessary, as reducing its complexity and trade-offs between privacy, cost, efficiency, and scalability is a must.

Keywords:
Privacy-preserving, Multi-Cloud, Identity federation, federated cloud, cross-federated cloud, Single sign-on (SSO), Genomic data.

PhD Doctoral Committee:
External Reader: Dr. Mitra Mirhassani

Internal Reader: Dr. Saeed Samet

Internal Reader: Dr. Pooya Moradian Zadeh

Advisor(s): Dr. Ziad Kobti