Enhancing Cloud SLA with Security: A secure, Searchable, and Practical Cloud Storage System

Cloud technology is rapidly emerging and becoming popular. The cloud promises extensive storage resources, computation cycles, and high availability at a small cost, while allowing companies to focus on their business. However, current service level agreements (Windows Azure, Amazon, etc.), only guarantee availability and reimburse the client when the promise is not respected. These SLAs do not provide any security guarantee (confidentiality, integrity, freshness, consistency). Some of the data may be changed, read requests may return stale results, customer updates may become inconsistent, etc. As a result, customers with sensitive data will refuse to use the services of the cloud.

In our work, we provide the security tools by which a cloud SLA can include security guarantees such as integrity, freshness, and write consistency. The client can prove that the cloud did not respect one of these requirements and obtain reimbursement, and the cloud can disprove false client accusations and avoid invalid charges.

By making use of the security-enhanced SLA, we build the first end-to-end secure, searchable and practical cloud storage for enterprises. It guarantees data confidentiality, integrity, freshness and write-serializability, where the last two properties have not been fully achieved by previous work in secure file systems or storage. By offloading (in a verifiable way) as much of the workload as possible to the cloud, our system is scalable to a large number of users, groups, and users per group of an enterprise.