Concordia University Systems Engineering Awarded $900K Grant

Cloud computing. If you only occasionally glance at a tech blog, you probably already know that it is “the next big thing.” If you don’t, there is still a good chance you are cloud computing daily.

The term describes a way of storing data and applications on a network, or “cloud,” rather than on a personal computer. Think of it as an online hard drive, accessible from anywhere. Services like Google Docs, social networking and photo storage sites are common examples of cloud computing. As the practice expands, more advanced applications and more data will be available from cloud networks.

The ability to access your information from any Internet connection offers a lot to users, but a shift towards this technology comes with dangers.

“Users have no control over the data they submit to cloud computing networks,” said Professor Mourad Debbabi, the director of the Concordia Institute for Information Systems Engineering.

The CIISE recently received a grant from the National Sciences and Engineering Research Council of close to $900,000 to be spent over the next three years for three separate projects. Over half of that money will be dedicated to the CIISE’s project of researching privacy and security in cloud computing networks.

“We would like to give users some control over privacy and security,” said Debbabi. “A lot of things are happening behind the scenes.”

Currently, if you upload something to a site like Facebook and want to know what happens to that information, you have to read through pages of an arcane privacy policy and then trust the site to honour that agreement, which may change in a few weeks regardless.

In January, Facebook announced that applications would be able to share phone numbers and addresses with external websites, but then delayed the policy change because of complaints.

The CIISE say they will develop methods to let users manage their own security and privacy.

One idea is to create a “digital fingerprint,” only known to the users, for everything that is uploaded to a network. When the data is accessed, the fingerprint changes. If users see a change they did not make, they immediately know that someone has tampered with their data. This will give users more control and also take some responsibility to monitor privacy violations out of the provider’s hands, according to Debbabi.

“Like most university research, these guys are doing nothing new at all,” said Nadim Kobeissi, a network security analyst and self-described Internet freedom advocate.

According to Kobeissi, the techniques that the CIISE are researching are already available to users and “good architecture” for networks is one thing that could be focused on for providing security.

While Kobeissi pointed to examples of similar security protection developed independently, the buzz around cloud computing is making grants like the CIISE’s more available. The money
the department received came through the Strategic Project Grants, a government program
that is funding research in, among other things, telecommunications, natural resources and environmental sciences.

This article originally appeared in Volume 31, Issue 22, published February 8, 2011.