ENABLING SECURE BIG DATA ANALYTICS IN THE CLOUD
First Claim
1. A method, comprising:
- reading a secure file, by a Secure Distributed File System in a public cloud service provider having a processor and a memory device, the reading comprising;
computing a hash of a name of the secure file to obtain a hashed file name;
finding metadata for the secure file using the hashed file name, the metadata including a sharing policy identifier configured for obtaining a security key;
retrieving the sharing policy identifier from the metadata, and extracting the security key and encrypted data file names from the metadata using the sharing policy identifier;
at least one of decrypting and reconstructing plaintext data for the secure file from one or more requested encrypted data files.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods are provided for enabling secure big data analytics in the cloud. A method includes reading a secure file, by a Secure Distributed File System in a public cloud service provider. The reading step includes computing a hash of a name of the secure file to obtain a hashed file name, finding metadata for the secure file using the hashed file name, retrieving a sharing policy identifier from the metadata, and obtaining authorization from an external entity to decrypt the secure file. The reading step further includes extracting a security key and encrypted data file names from the metadata using the sharing policy identifier, requesting one or more encrypted data files that form the secure file from a node of the public cloud service provider, and at least one of decrypting and reconstructing plaintext data for the secure file from the one or more encrypted data files.
-
Citations
20 Claims
-
1. A method, comprising:
reading a secure file, by a Secure Distributed File System in a public cloud service provider having a processor and a memory device, the reading comprising; computing a hash of a name of the secure file to obtain a hashed file name; finding metadata for the secure file using the hashed file name, the metadata including a sharing policy identifier configured for obtaining a security key; retrieving the sharing policy identifier from the metadata, and extracting the security key and encrypted data file names from the metadata using the sharing policy identifier; at least one of decrypting and reconstructing plaintext data for the secure file from one or more requested encrypted data files. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method, comprising:
creating, by a MapReduce application, a secure file configured for storage in a Secure Distributed File System (SDFS) in a public cloud service provider having a processor and a memory device, the creating further comprising; determining a sharing policy identifier for the secure file, the sharing policy identifier being configured for obtaining a security key; obtaining a security key and security parameters for the secure file from an external entity; writing one or more encrypted data files for the secure file, and computing a hash of a name of the secure file; storing the encrypted data files and metadata for the secure file, the encrypted data being configured for decryption by the SDFS. - View Dependent Claims (11, 12, 13, 14, 15)
-
16. A method, comprising:
determining, by a Secure Distributed File System in a public cloud service provider having a processor and a memory device, a security key for a file with an obfuscated file name, the determining further comprising; determining a storage method used to storing metadata for the file with the obfuscated file name; obtaining the metadata responsive to the storage method, and extracting a sharing policy identifier from the metadata; forwarding the sharing policy identifier to an external entity to request a security key for the file with the obfuscated file name; and receiving the security key from the external entity. - View Dependent Claims (17, 18, 19, 20)
Specification