Technologies for data protection

The last decade has seen a significant increase in usage of cloud services. Albeit the advantages, there are also several security and privacy challenges. The experience gained by the community attests that it is not enough to just change data visibility to ensure an adequate level of protection; it is rather necessary to pay attention to the whole data lifecycle: collection, sanitization, storage, processing and release. This thesis analyzes each stage, proposing Open Source solutions that push forward the state of the art. The first part of the thesis focuses on data collection in the mobile scenario. This environment is relevant as smartphones are devices connected to the network, and with the ability to log confidential data. The goal is to modify the Operating System (Android) to enable internal application compartmentalization and protect sensitive data. After the data are collected, a user may apply to it sanitization before uploading to the cloud. Sanitization irreversibly alteres data so that a subject (referenced within it) can not be identified, given a certain security parameter, while the data remain practically useful. The second part of the thesis presents an approach to sanitize large collections of data. The third part of the thesis investigates the storage and processing stages. Typically, the cloud provider is considered honest-but-curious, which assumes that it complies with the requests issued by the user, but may abuse the access to the information provided. The goal is to support the execution of queries over outsourced data with a guarantee that the cloud provider does not have access to the data content. The last part of the thesis addresses the data release stage. As we move to a decentralized environment in which the parties are mutually distrusting, the honesty assumption is refuted. The parties are instead modeled as rational. We propose a solution to schedule the release of data without the need for a Trusted Party.