How Not to Be Seen in the Cloud: A Progressive Privacy Solution for Desktop-as-a-Service

  • D. Davide Lamanna
  • Giorgia Lodi
  • Roberto Baldoni
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7566)


In public clouds, where data are provided to an infrastructure hosted outside user’s premises, privacy issues come to the forefront. The right to act without observation becomes even more important in Desktop-as-a-Service (DaaS) environments. This paper describes the design, implementation and preliminary experimental evaluation of a progressive privacy solution for a DaaS system. Progressive privacy is a privacy preserving model which can be configurable (possibly on-demand) by a user not only quantitatively but rather qualitatively, i.e., the user is allowed to discriminate what type of information must be preserved and to what extent, according to her/his desired profiles of privacy. To this end, a lightweight client-side proxy named Hedge Proxy has been designed such that non-intelligible user contents and non-traceable user actions are guaranteed by enabling homomorphic encryption, oblivious transfer and query obfuscation schemes in the proxy. The paper also proposes an implementation and evaluation of the Hedge Proxy based on a specific DaaS environment developed at the University of Rome and called Virtual Distro Dispatcher (VDD). Preliminary results of such evaluation are presented and aim at assessing the performances experienced by users of VDD against the progressive privacy achievements that can be obtained. As expected, the perceived client performances when using VDD highly decrease when augmenting the level of privacy protection (e.g., using large key encryption size, high obfuscation density). Nevertheless, experiments show that for light encrypted data streams the system can reach fair level of privacy with small keys without significantly deteriorating user experienced performances.


Privacy Desktop-as-a-Service thin client visualization homomorphic encryption oblivious transfer query obfuscation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adida, B., Wikström, D.: How to Shuffle in Public. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 555–574. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Baldoni, R., Bonomi, S., Di Luna, G.: Oblivious Assignment with m Slots. Technical report, MIDLAB 2/12 - University of Rome La Sapienza (2012),
  3. 3.
    Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRefGoogle Scholar
  4. 4.
    Bertini, F., Lamanna, D.D., Baldoni, R.: Virtual Distro Dispatcher: A Costless Distributed Virtual Environment from Trashware. In: Stojmenovic, I., Thulasiram, R.K., Yang, L.T., Jia, W., Guo, M., de Mello, R.F. (eds.) ISPA 2007. LNCS, vol. 4742, pp. 223–234. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Bertino, E., Paci, F., Ferrini, R., Shang, N.: Privacy-preserving digital identity management for cloud computing. IEEE Data Engineering Bull. 32(1), 21–27 (2009)Google Scholar
  6. 6.
    Camp, J.L.: Designing for trust. In: Proc. of the International Conference on Trust, Reputation, and Security: Theories and Practice (AAMAS 2002), pp. 15–29. ACM Press (2003)Google Scholar
  7. 7.
    Cavoukian, A.: Privacy in the Clouds: Privacy and Digital Identity-Implications for the Internet. Information and Privacy Commissioner of Ontario (2008)Google Scholar
  8. 8.
    Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proc. of the ACM Workshop on Cloud Computing Security (CCSW 2009), pp. 85–90. ACM Press (2009)Google Scholar
  9. 9.
    Cristofaro, S., Bertini, F., Lamanna, D., Baldoni, R.: Virtual Distro Dispatcher: A Light-weight Desktop-as-a-Service Solution. In: Aversky, D.R., Diaz, M., Bode, A., Ciciani, B., Dekel, E. (eds.) Cloudcomp 2009. LNICST, vol. 34, pp. 247–260. Springer, Heidelberg (2010)Google Scholar
  10. 10.
    Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP Journal on Information Security 15(1), 1–15 (2007)CrossRefGoogle Scholar
  11. 11.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), pp. 193–206. ACM Press (2003)Google Scholar
  12. 12.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proc. of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178 (2009)Google Scholar
  13. 13.
    Huber, M.: Towards Secure Services in an Untrusted Environment. In: Proc. of the 15th International Workshop on Component-Oriented Programming, pp. 47–54 (2010)Google Scholar
  14. 14.
    Itani, W., Kayssi, A., Chehab, A.: Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures. In: Proc. of the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 711–716. IEEE Press (2009)Google Scholar
  15. 15.
    Jones, R., Kumar, R., Pang, B., Tomkins, A.: Vanity fair: privacy in querylog bundles. In: Proc. of the 17th ACM Conference on Information and Knowledge Management (CIKM 2008), pp. 853–862. ACM Press (2008)Google Scholar
  16. 16.
    Lamanna, D., Bertini, F., Cristofaro, S., Etico, B.: Vdd project (June 2007),
  17. 17.
    Lodi, G., Querzoni, L., Baldoni, R., Marchetti, M., Colajanni, M., Bortnikov, V., Chockler, G., Dekel, E., Laventman, G., Roytman, A.: Defending Financial Infrastructures Through Early Warning Systems: The Intelligence Cloud Approach. In: Proc. of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (April 2009)Google Scholar
  18. 18.
    Liu, J., Lu, Y.H., Koh, C.K.: Performance Analysis of Arithmetic Operations in Homomorphic Encryption. ECE Technical Reports, Electrical and Computer Engineering. Purdue Libraries (2010)Google Scholar
  19. 19.
    Lu, Y., Wang, W., Bhargava, B., Xu, D.: Trust-based privacy preservation for peer-to-peer data sharing. IEEE Transactions on Systems, Man and Cybernetics 36(3), 498–502 (2006)CrossRefGoogle Scholar
  20. 20.
    Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proc. of the 4th International ICST Conference on COMmunication System softWAre and middlewaRE (COMSWARE 2009), pp. 1–8. ACM Press (2009)Google Scholar
  21. 21.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proc. of the 12th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 2001), pp. 448–457. SIAM Press (2001)Google Scholar
  22. 22.
    Oliveira, S.R.M., Zaïane, O.R.: Achieving Privacy Preservation when Sharing Data for Clustering. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 67–82. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Pearson, S., Shen, Y., Mowbray, M.: A Privacy Manager for Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 90–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Sadeghi, A.-R., Schneider, T., Winandy, M.: Token-Based Cloud Computing - Secure Outsourcing of Data and Arbitrary Computations with Lower Latency. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 417–429. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Smart, N.P., Vercauteren, F.: Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully Homomorphic Encryption over the Integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
  28. 28.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 355–370. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • D. Davide Lamanna
    • 1
  • Giorgia Lodi
    • 1
  • Roberto Baldoni
    • 1
  1. 1.Dipartimento di Ingegneria Informatica, Automatica e Gestionale “Antonio Ruberti”Sapienza University of RomeRomeItaly

Personalised recommendations