Privacy Control in Cloud VM File Systems

Cloud Computing offers great benefits such as reduced IT costs and an improved business agility. Nevertheless, enterprises are still hesitant to put their sensitive data in the cloud as they notably fear privacy issues (e.g., violation of country-based regulations regarding the storage location of a sensitive data). In this context, this paper presents the demonstration of a privacy control technology that allows to protect sensitive files stored, processed, and moved in an IaaS cloud. In our approach, the privacy control is performed within the file system of the Virtual Machines (VM) and allows to control the access done by any application to each sensitive file. It notably covers business applications (e.g., provided by the cloud user) and system applications such as FTP (e.g., to prevent the transfer of a sensitive file in a not authorized country). Moreover, our technology allows to generate tamper-proof traces for any action performed on a sensitive file. In the demonstration, we then also show how the cloud user has a full view of the usage of his sensitive files (e.g., number of copies, storage locations, performed actions). Finally, the demonstration shows these different capabilities through a scenario of file access and cross-country transfer in a multi-platform cloud environment.