Outsourcing personal information to web based data services (WDS) is
a common recent trend. Websites such as Gmail.com, Flickr.com and
Google Docs are examples of such services. Current WDSs provide a
variety of data services that allow data storage, backup, sharing,
etc. These services have become so popular that they are now a part
of our daily life. The biggest drawback of such services is the
requirement to trust the service provider. Data outsourced is
stored in plaintext and is vulnerable to outsider attacks from
hackers/Internet thieves and insider attacks from malicious
employees.
To combat the above issues, we propose DataProtector, a security middleware for web based data services.
DataProtector acts as a transparent middleman between the browser
and the web server and enforces security requirements at the level
of HTTP requests. DataProtector utilizes a rule based framework for
determining the flow of sensitive information via HTTP
requests/responses and protects the confidentiality and integrity of
such information using cryptographic techniques. DataProtector is a
generic middleware that can protect data outsourced to a wide
variety of WDSs. We implemented a proof-of-concept DataProtector
prototype to measure its performance.
Coming Soon Full version of the DataProtector paper