Tunable Security for Deployable Data Outsourcing

In today’s networked world the trend to make use of IT services that are provided by external parties accelerates. A variety of offerings that require to outsource data to third parties have emerged both for end users and service providers. For instance, service providers have the option to cut costs by outsourcing databases to various external cloud providers. Furthermore, service providers can avoid having to manage digital identities that are needed to authenticate and authorize end users by relying on identities that the end users have already established with other parties based on federated identity management technologies. To access services, users have to remember a lot of credentials, a task for which they increasingly rely on credential repositories such as password managers that allow to store credentials. Such data outsourcing options imply to outsource data to multiple different parties that are subject to different jurisdictions and have individual policies on how to protect and use the outsourced data. Thus, enforcing traditional security characteristics such as data confidentiality, integrity, and availability constitutes a challenge in such a setting. It is possible to enforce the security characteristics before outsourcing the data by security mechanisms like encryption. However, in many cases these security mechanisms negatively affect other quality characteristics like efficiency. Unnecessary negative effects on quality characteristics can be avoided by tailoring an approach to apply only security mechanisms that are really needed to satisfy the security requirements of the given scenario. However, such an approach that is tailored to satisfy the requirements of a single scenario is often undeployable in scenarios with different requirements. This limits the deployment potential of the approach’s implementation. Furthermore, even in the scenario for which the approach was tailored, applying the approach can become inadequate if the scenario’s requirements evolve over time. To deploy a tailored approach in a scenario with different requirements than the original scenario, the approach has to be re-designed and re-implemented in many cases. Approaches that allow to tune security trade-offs after the design and implementation phase can be used both to cope with evolving scenario requirements and to cover a larger application area. In this thesis we explore a) how a suitable combination of security mechanisms can be determined when designing an approach that is tailored to satisfy specific deployment scenario requirements and b) how to automate the process of finding a suitable security mechanism combination. Based on our insights, approaches can be built that can be to tuned to satisfy deployment scenario requirements without re-design or re-implementation effort. Thus, we address the following fundamental research question: How can security characteristics be made tunable to enable deployable data outsourcing approaches?