Security-Aware Data Allocation in Multicloud Scenarios

When moving large and heterogeneous data collections to the cloud, a key requirement concerns the selection of the most suitable (set of) cloud service(s) for outsourcing. Not only can different resources have different characteristics and requirements, but different cloud providers can also offer different services and security guarantees, and can have different costs. Selecting a single service for outsourcing an entire data collection can result in a non-optimal solution, as a single service satisfying, at reasonable costs, all the requirements specified by the data owner might not exist. Selecting a set of services could instead ensure the satisfaction of the requirements, possibly with economic advantages. In this article, we address this problem and present a flexible and expressive, yet simple model for supporting data owners in identifying a proper allocation of their resources to a set of cloud services. Our model allows data owners to specify in an easy and intuitive way protection requirements operating at the granularity level of single resource (or class thereof), and representing the minimum security guarantees that a cloud service must offer to store resources. Resources can be outsourced in plaintext or encrypted form, depending on their requirements and on what is the most convenient allocation. Data owners can then also specify global allocation requirements that apply to the overall allocation, to reduce the burden on their side and to avoid excessive fragmentation of the resource collection. We solve the problem of finding an allocation that satisfies both the protection and the global allocation requirements, while minimizing economic costs, by formulating it as a binary programming problem, thus allowing the use of existing techniques for its efficient solution.