skip to main content
research-article

Search-as-a-service: Outsourced search over outsourced storage

Published:24 September 2009Publication History
Skip Abstract Section

Abstract

With fast-paced growth of digital data and exploding storage management costs, enterprises are looking for new ways to effectively manage their data. One such cost-effective paradigm is the cloud storage model also referred to as Storage-as-a-Service, in which enterprises outsource their storage to a storage service provider (SSP) by storing data (usually encrypted) at a remote SSP-managed site and accessing it over a high speed network. Along with storage capacity used, the SSP often charges clients on the amount of data that is accessed from the SSP site. Thus, it is in the interest of the client enterprise to download only relevant content. This makes search over outsourced storage an important capability. Searching over encrypted outsourced storage, however, is a complex challenge. Each enterprise has different access privileges for different users and this access control needs to be preserved during search (for example, ensuring that a user cannot search through data that is inaccessible from the filesystem due to its permissions). Secondly, the search mechanism has to preserve confidentiality from the SSP and indices can not be stored in plain text.

In this article, we present a new filesystem search technique that integrates access control and indexing/search mechanisms into a unified framework to support access control aware search. Our approach performs indexing within the trusted enterprise domain and uses a novel access control barrel (ACB) primitive to encapsulate access control within these indices. The indices are then systematically encrypted and shipped to the SSP for hosting. Unlike existing enterprise search techniques, our approach is resilient to various common attacks that leak private information. Additionally, to the best of our knowledge, our approach is a first such technique that allows search indices to be hosted at the SSP site, thus effectively providing search-as-a-service. This does not require the client enterprise to fully trust the SSP for data confidentiality. We describe the architecture and implementation of our approach and a detailed experimental analysis comparing with other approaches.

References

  1. Amazon Simple Storage Service. http://aws.amazon.com/s3. (Accessed May 2009).Google ScholarGoogle Scholar
  2. Bawa, M., Bayardo, R., and Agarwal, R. 2003. Privacy-preserving indexing of documents on the network. In Proceedings of the International Conference on Very Large Databases (VLDB). Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Boneh, D., Crescenzo, G., Ostrovsky, R., and Persiano, G. 2004. Public key encryption with keyword search. In Proceedings of the International Cryptology Conference (EUROCRYPT).Google ScholarGoogle Scholar
  4. Brick, F. 2003. Are you ready to outsource your storage? Computer Technology Review.Google ScholarGoogle Scholar
  5. Büttcher, S. and Clarke, C. 2005. A security model for full-text file system search in multi-user environments. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST). Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Chang, Y. and Mitzenmacher, M. 2005. Privacy preserving keyword searches on remote encrypted data. In Proceedings of the Applied Cryptography and Network Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Chor, B., Goldreich, O., Kushilevitz, E., and Sudan, M. 1995. Private information retrieval. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Coveo Enterprise Search. http://www.coveo.com. (Accessed May 2009).Google ScholarGoogle Scholar
  9. Gartner Group. http://www.gartner.com. (Accessed May 2009).Google ScholarGoogle Scholar
  10. Goh, E., Shacham, H., Modadugu, N., and Boneh, D. 2003. SiRiUS: Securing remote untrusted storage. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google ScholarGoogle Scholar
  11. Google Desktop. http://desktop.google.com. (Accessed May 2009).Google ScholarGoogle Scholar
  12. Google Enterprise Search. http://www.google.com/enterprise. (Accessed May 2009).Google ScholarGoogle Scholar
  13. Grunbacher, A. and Nuremberg, A. POSIX Access Control Lists on Linux. http://www.suse.de/~agruen/acl/linux-acls/online. (Accessed May 2009).Google ScholarGoogle Scholar
  14. Hacigumus, H., Iyer, B., Li, C., and Mehrotra, S. 2002. Executing SQL over encrypted data in the database service provider model. In Proceedings of the ACM SIGMOD International Conference on Management of Data. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. He, D. Cleaned W3C Subcollections. http://www.sis.pitt.edu/~daqing/w3c-cleaned.html. (Accessed May 2009).Google ScholarGoogle Scholar
  16. Ibm Protection Services. http://www-935.ibm.com/services/us/index.wss/offerfamily/bcrs/a1026934. (Accessed May 2009).Google ScholarGoogle Scholar
  17. Index Engines Enterprise Search. http://www.indexengines.com/product_enterprise_search_appliance.htm. (Accessed May 2009).Google ScholarGoogle Scholar
  18. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu, K. 2003. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST). Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Krawczyk, H., Bellare, M., and Canetti, R. HMAC: Keyed-hashing for message authentication. http://www.faqs.org/rfcs/rfc2104.html. (Accessed May 2009).Google ScholarGoogle Scholar
  20. Kretser, O., Moffat, A., Shimmin, T., and Zobel, J. 1998. Methodologies for distributed information retrieval. In Proceedings of the International Conference on Distributed Computing Systems (ICDCS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Li, J., Krohn, M., and Mazieres, D. 2004. Secure untrusted data repository SUNDR. In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Linux Manual Pages. man command-name.Google ScholarGoogle Scholar
  23. McCallum, A. Bow: A toolkit for statistical language modeling, text retrieval, classification and clustering. http://www.cs.cmu.edu/~mccallum/bow. (Accessed May 2009).Google ScholarGoogle Scholar
  24. Ritchie, D. and Thompson, K. 1974. The UNIX Time-Sharing System. Comm. ACM 17, 7. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Robertson, S., Walker, S., and Beaulieu, M. 1998. Okapi at trec-7: Automatic ad hoc, filtering, vlc and interactive. In Proceedings of the Text Retrieval Conference (TREC).Google ScholarGoogle Scholar
  26. Singh, A. and Liu, L. 2008. Sharoes: A data sharing platform for outsourced enterprise storage environments. In Proceedings of the IEEE International Conference on Data Engineering (ICDE). Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Singh, A., Srivatsa, M., and Liu, L. 2007. Efficient and Secure Search of Enterprise File Sytems. Proceedings of the IEEE International Conference on Web Services (ICWS).Google ScholarGoogle Scholar
  28. Song, D., Wagner, D., and Perrig, A. 2000. Practical techniques for searches over encrypted data. In Proceedings of the IEEE Security and Privacy Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. SUN Grid. http://www.sun.com/solutions/cloudcomputing/index.jsp. (Accessed May 2009).Google ScholarGoogle Scholar
  30. TREC Enterprise Track. http://www.ins.cwi.nl/projects/trec-ent. (Accessed May 2009).Google ScholarGoogle Scholar
  31. Windows Desktop Search for Enterprise.http://www.microsoft.com/windows/desktopsearch. (Accessed May 2009).Google ScholarGoogle Scholar
  32. Witten, I., Moffat, A., and Bell, T. C. 1999. Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kaufmann. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Search-as-a-service: Outsourced search over outsourced storage

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on the Web
          ACM Transactions on the Web  Volume 3, Issue 4
          September 2009
          100 pages
          ISSN:1559-1131
          EISSN:1559-114X
          DOI:10.1145/1594173
          Issue’s Table of Contents

          Copyright © 2009 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 24 September 2009
          • Accepted: 1 May 2009
          • Revised: 1 November 2007
          • Received: 1 July 2007
          Published in tweb Volume 3, Issue 4

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!