Ganz privat? : Der Schutz persönlicher Daten in der Cloud
Persönliche Daten in der Cloud zu speichern und zu verarbeiten, kann ein Risiko sein, wenn die Daten vor Manipulation und unerlaubtem Zugriff nicht sicher sind. Spätestens seit der NSA-Affäre interessiert die Nutzer*innen: Wer besitzt meine Daten? Wer kann darauf zugreifen? Was passiert bei deren Verarbeitung und Auswertung? Wissenschaftler*innen am paluno (The Ruhr Institute for Software Technology) der Universität Duisburg-Essen arbeiten an softwaretechnischen Lösungen zur sicheren Datenverarbeitung beim Cloud Computing.
Cloud computing has many benefits for service providers and service users alike. However, by storing and processing data in the cloud, users lose control over their data. The data security breaches that became publicly known in the last couple of years have shown that this is a real threat that can hinder the adoption of cloud computing, especially in domains with strong data security requirements. Researchers at paluno (The Ruhr Institute for Software Technology) are working to address this challenge as part of two ongoing research projects. The developed solutions consist of two main pillars: (1) monitoring the adherence to data protection requirements, which is developed in the iObserve project, and (2) adapting the cloud system to react to – actual or imminent – requirements violations, which is developed in the RestAssured project. In the iObserve project, funded by the DFG, the focus is on monitoring data security in a cloud system. Through appropriate mechanisms, the violation of security requirements can be detected at runtime, making it possible to avoid or mitigate security breaches. In particular, violations of geo-location policies can be detected and appropriate counter-measures may be taken. In the RestAssured project, funded by the European Union, the focus is on adaptation by leveraging innovative security mechanisms such as hardware enclaves and homomorphic encryption to guarantee security in an adaptive and integrated way. By also considering the impact of the used security mechanisms on other quality attributes like costs and performance, security requirements can be fulfilled in a globally optimal way.