Mr.

Hassan Takabi Faculty Candidate Presentation on Wednesday, Jan 30, 2013 Room F223 at 11 am Title: Privacy Preserving User Centric Policy Management Framework for Cloud Computing Environments Summary: Cloud computing environments do not allow use of a single access control mechanism, single policy language or single policy management tool for various cloud services. Currently, users must use diverse access control solutions available for each cloud service provider to protect their data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud service provider (CSP). Heterogeneity and distribution of these policies pose problems in their administration. We introduce a privacy preserving user centric policy management framework that is designed to give users a unified control point for managing policies that control access to their data no matter where the data is stored. It is designed to give cloud users a unified control point for specifying authorization policies, who and what can get access to their data, content, and services, no matter where all those things live on the Cloud. Although access control mechanisms are a vital component to protect data from unauthorized users, there are many cases where the CSPs are not trusted and pose a risk to their users' privacy. Several approaches have been proposed to prevent CSPs from accessing the data where the data is stored in encrypted form and cryptographic mechanisms are used to enforce access control policies. However, most of these approaches incur a huge communication overhead, involve users in a complex and expensive key management process, are burdensome for users and suffer from usability limitations. Our proposed approach provides two levels of protection for user's data stored on a CSP. The users' data is protected from unauthorized users using a CSP-enforced access control mechanism, while protection from the CSP is achieved through multiple layers of commutative encryption with the help of a third-party service provider. We present lessons we learned from a case study where we implemented a unified policy management system for various cloud services. Based on those lessons and motivated by limitations of existing approaches, we propose a semantic-based policy management framework that is designed to help cloud users to specify and manage security policies using semantic web technologies. Then, we describe how to utilize commutative encryption to preserve privacy of users when they store their data on untrusted cloud services. Finally, we explain a proof of concept implementation of the proposed framework to show its applicability and report results of the experiments we performed to evaluate performance of the framework.