Maciej Mencner, Marcin Niemiec

Published in

Multimedia Communications, Services and Security. MCSS 2020. Communications in Computer and Information Science, vol 1284, pp 154-167. Springer


security, privacy, bloom filters, SecaaS services, cloud

Open Access



With a rapid growth of cybercrime, security services play a crucial role in protecting modern networks. In order to minimize the costs of deployment and management of the infrastructure, businesses have started outsourcing those services to cloud service providers. A privacy preserving solution becomes necessary to protect confidentiality of a security policy. Therefore, a certain level of false positive packets is introduced using a tree-based structure of security policy and Bloom Filters in a public cloud. This approach results in shading the decision made for each of packets. A conventional firewall placed in a private cloud is responsible for performing the ultimate filtering and dropping all unwanted traffic. Usage of this hybrid cloud model allows to anonymize the security policy itself and reduce the possibility of information gaining after traffic eavesdropping. However, the appropriate choice of Bloom Filters’ parameters is crucial to distribute the load between potentially unlimited public cloud resources and finite private cloud resources. The results of research reveals that lowering the number of false positive packets that have to be filtered within the private cloud has an effect only to some point. Thus, a trade-off between a level of privacy of the security policy and utilization of private cloud can be found. It allows to meet security and performance requirements of the customers of SecaaS services.