M. Azraoui, M. Önen, R. Molva, “Framework for Searchable Encryption with SQL Databases”, Conference CLOSER 2018, 19-21 March 2018, Medeira, Portugal. [Conference website http://closer.scitevents.org/]
The Administration module aims at helping the IT team to manage the CLARUS proxy on the local (trusted) IT system. The IT team will be able to configure the User Repository, the User Authentication module and the access to CSPs; they will also be able to configure the failover mode if the CLARUS proxy is deployed as part of a cluster.
The security manager is provided with an administration interface in order for him/her to:
- configuring the repository used by the CLARUS proxy for the access rights management
- configuring the user authentication module
- configuring the Cloud Service Providers
- to register a Cloud Service Provider (CSP)
- delete a CSP
- update a CSP configuration
- enable or disable a CSP
- configuring the failover mode
- configuring the deployment of modules
- registering a new module
- deleting a module
- updating a module
Security policy management module
The security manager is provided with a security policy management tool in order for him/her to define the CLARUS security policies, i.e. what to protect in the outsourced datasets and how to protect it.
The definition of a security policy is a multi-step process:
- define protocol and endpoints
- define data types (optional)
- define data attributes to protect
- define data usage
- elicit the most appropriate protection technique
- define the protection parameters (e.g. outcome accuracy).
While the definition of a security policy is not complete, the security manager is able to make changes. The definition is stored in a protected temporary file.
Then, the security manager registers the security policy in the CLARUS system. From that moment, the definition of a security policy cannot be changed anymore. However, the security manager can delete any registered security policy.
Monitoring is intended to supervise the correct operation of the whole system by continuously collecting and analysing the data flows and information exchanges to early detect any security and privacy issue that might compromise the overall system security and data confidentiality and integrity.
The Monitoring module in CLARUS is linked to the Administration module and they work together to guarantee that the system works properly according to the established security and access control policies.
In CLARUS, the Monitoring module observes at runtime input and output events without disturbing the normal operation of the system, and analyses this information to detect security threats, privacy issues, attacks, and suspicious behaviour that might put at risk the security of the system. In addition, the Monitoring module integrated in CLARUS is able to decide the best strategy to repel the detected security issues, and to trigger countermeasures to let the system continue working properly, without being affected by the security threats.
The Monitoring module is composed of a monitoring server installed in the CLARUS platform, and distributed probes. The distributed probes can be installed in the CLARUS proxies, in the cloud services interacting with it, and in intermediate network points. These probes sniff network traffic that is analysed by the monitoring server to check that security properties are fulfilled. The monitoring server includes a database to store the sniffed data (monitoring database), and another database with security information and rules to detect security issues (security database). The monitoring server receives the data from the probes and correlates the information to detect security incidents that may put the integrity of the information in the system at risk. When an attack is detected, automatic countermeasures are triggered to mitigate its effects and allow the normal operation of the system without interruption.