The cloud services provided by TREDISEC should accommodate a multi-tenant environment. That is, an environment in which multiple users share the ownership of outsourced data, or are permitted to operate on the data without being actually owners.
The primitive provides secure deletion on an honest-but-curious cloud storage. Therefore, clients can store all the files on the cloud as usual, but still achieve secure deletion, which cannot be guaranteed otherwise. The solution is based on encryption.
The aim of the primitive is to provide an enforcement component for distributed attribute-based access control (ABAC) policies that ensures that authorized users always get access to the selected cloud resource (either data or service) whilst the access is refused to malicious parties, in the context of a multi-tenant cloud infrastructure.
This mechanism includes a wide set of tools that ensures that an attacker has the smallest amount of resources at its disposal to attack a system. This is valuable because several zero-day exploits target unused features of the kernel.
If data is deployed on a server in an untrusted environment (e.g. the cloud), the data owner might be afraid of honest-but-curious database administrators or other personnel or external attackers who have access to the server. Our processing mechanism uses adjustable query-based encryption: The data is encrypted in so called onion encryption layers where the weakest encryption schemes are the innermost layers, which are then encrypted with other encryption schemes.