Confidentiality with Multitenancy

Cloud systems are composed of several, often complex software modules: in the presence of vulnerabilities or colluding privileged users, a malicious entity can subvert the correct execution of the system and compromise confidentiality and integrity.

Perhaps counter-intuitively, when it comes to a storage system, access control rules must include the support for secure data deletion; that is, the rightful owner must be able to instruct the system to destroy any copy of their data, regardless of caching, snapshots, replicated or erasure-coded copies. Traditional solutions (e.g. digital shredding with overwrite patterns) are either widely impractical when we meet the scale of today's cloud storage systems, or are not fine-grained enough, or fail on specific media (e.g. log-structured systems used in modern SSDs). Cryptographic solutions to this problem have been found (Cachin, et al., 2013), but as we shall see later, they are ineffective when combined with storage efficiency functions, and deduplication in particular.

We postulate that existing cloud storage platforms are still too weak when it comes to isolating tenants and containing attacks, and argue that the threat of unknown vulnerabilities and the subsequent loss of data governance is still one of the main reasons why businesses are still afraid of the cloud. Yet, without resource sharing, the cloud model cannot be successfully implemented.