This project will investigate, prototype and evaluate CloudFence, a proposed framework that allows users to independently audit the treatment of their private data by third-party online services, through the intervention of the cloud provides hosting said services. Specifically, the PI will investigate, novel techniques for conducting fine-grained tracking of ``information of interest'' (as defined by the user of the cloud service, in a flexible, context-sensitive manner) toward (a) providing increased transparency to end users of the handling of their information by the cloud, and (b) enabling the periodic (or even continuous) auditing of said handling, either by the user or an agent acting on her behalf.
The underlying hypothesis is that it is possible to create a general-purpose, application-agnostic information tracking mechanism across the cloud that can operate on both legacy and newly developed applications, such that users can leverage their trust on the infrastructure provider without imposing unreasonable constraints on said provider (e.g., not requiring manual inspection of applications).
The project will take a systems approach, aiming to demonstrate the feasibility, effectiveness, and limitations of CloudFence by applying it to real problems encountered in managing the cloud computing infrastructure of the PI's department; a significant part of the effort will go toward system evaluation. Tangible results of the effort include (a) a new architectural framework for information auditing in a cloud environment, (b) software prototypes demonstrating the concepts, (c) conference and journal publications and reports, and (d) a network security lab focusing on cloud and web security.
