Silverline: Toward Data Confidentiality in Storage-Intensive Cloud Applications Krishna P. N. Puttaswamy Christopher Kruegel Ben Y. Zhao Computer Science Dept. Computer Science Dept. Computer Science Dept. UC Santa Barbara UC Santa Barbara UC Santa Barbara Santa Barbara, CA 93106 Santa Barbara, CA 93106 Santa Barbara, CA 93106
[email protected] [email protected] [email protected] ABSTRACT Keywords By offering high availability and elastic access to resources, third- Cloud computing, Data confidentiality, Program analysis party cloud infrastructures such as Amazon EC2 are revolutioniz- ing the way today’s businesses operate. Unfortunately, taking ad- 1. INTRODUCTION vantage of their benefits requires businesses to accept a number of Third-party computing clouds, such as Amazon’s EC2 and Mi- serious risks to data security. Factors such as software bugs, oper- crosoft’s Azure, provide support for computation, data manage- ator errors and external attacks can all compromise the confiden- ment in database instances, and Internet services. By allowing tiality of sensitive application data on external clouds, by making organizations to efficiently outsource computation and data man- them vulnerable to unauthorized access by malicious parties. agement, they greatly simplify the deployment and management of In this paper, we study and seek to improve the confidentiality Internet applications. Examples of success stories on EC2 include of application data stored on third-party computing clouds. We Nimbus Health [4], which manages and distributes patient medical propose to identify and encrypt all functionally encryptable data, records, and ShareThis [5], a social content-sharing network that sensitive data that can be encrypted without limiting the function- has shared 430 million items across 30,000 websites.