DataProtecor Project Page





Outsourcing personal information to web based data services (WDS) is a common recent trend. Websites such as Gmail.com, Flickr.com and Google Docs are examples of such services. Current WDSs provide a variety of data services that allow data storage, backup, sharing, etc. These services have become so popular that they are now a part of our daily life. The biggest drawback of such services is the requirement to trust the service provider. Data outsourced is stored in plaintext and is vulnerable to outsider attacks from hackers/Internet thieves and insider attacks from malicious employees.

To combat the above issues, we propose DataProtector, a security middleware for web based data services. DataProtector acts as a transparent middleman between the browser and the web server and enforces security requirements at the level of HTTP requests. DataProtector utilizes a rule based framework for determining the flow of sensitive information via HTTP requests/responses and protects the confidentiality and integrity of such information using cryptographic techniques. DataProtector is a generic middleware that can protect data outsourced to a wide variety of WDSs. We implemented a proof-of-concept DataProtector prototype to measure its performance.



Coming Soon Full version of the DataProtector paper