M. Azraoui, M. Önen, R. Molva, “Framework for Searchable Encryption with SQL Databases”, Conference CLOSER 2018, 19-21 March 2018, Medeira, Portugal. [Conference website http://closer.scitevents.org/]
CLARUS Proxy Architecture
The CLARUS architecture is modular with each functionality and security primitive running on a separate module for easy configuration, installation and troubleshooting.
The CLARUS Proxy solution comprises five blocks:
- CLARUS Access manages user access to CLARUS through two modules: User registration and User authentication.
- Data Operations comprises the privacy modules that implement CLARUS security services with tools enabling privacy-preserving search, privacy-preserving computation, secure storage and retrieval.
- Access Policy and Key Management defines the access policies for the data outsourced to the cloud, stores the key material communicated to the Data Operations Modules when needed, and controls the communication with other proxies.
- Monitoring and Administration is for bootstrapping the CLARUS proxy. These modules provide interfaces to security managers to configure and manage the proxy.
- Protocol modules namely the USER-CLARUS and the CSP-CLARUS Protocol modules, which serve as interfaces for the end-user (client applications) and the cloud, respectively.
This CLARUS proxy main process can also handle inter-proxy communication. In this context, we consider that communication between 2 proxies is secured by using for instance a VPN connection. Two cases are to be handled:
- The proxy is deployed between the client application and a remote proxy. In this case, this proxy will relay/forward the communication without any modification. Indeed, all the obfuscation / de-obfuscation task in delegated to the remote proxy that owns the data.
- The proxy is deployed between a first proxy and the CSP. In this case, the first proxy will be considered as the client application of the main proxy that will treat the first proxy as a technical user.
One other process must run in the same host (physical or virtual host) as the CLARUS proxy process. It is the administration process implemented as a command line utility namely clarus-adm. It allows:
- configuring the repository used by the CLARUS proxy for the access rights management
- configuring the user authentication module
- configuring the Cloud Service Providers
o to register a Cloud Service Provider (CSP)
o delete a CSP
o update a CSP configuration
o enable or disable a CSP
o configuring the failover mode
o configuring the deployment of modules o registering a new module
o deleting a module
o updating a module
Two other separate processes should be deployed in the same host as the CLARUS proxy process. But this is not mandatory to have them co-located. These modules are:
- The policy manager module (named clarus-spm) that defines the CLARUS security policies, i.e. what to protect in the outsourced datasets and how to protect it. The output of this program is a JSON file needed by the CLARUS main process to configure itself.
- The access control policy manager (named clarus-arm) that manages the access right to different authenticated proxy users. This manager defines the access rights of the users on the storage/processing services protected by CLARUS. It also defines the permissions of the users on the outsourced datasets.
Finally, the monitoring module is defined as a standalone module that can run on the same proxy host as a separate process or a virtual machine in this host or on any standalone (physical or virtual) host. The whole integration is performed in a platform provided by Thales.