发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2021 on Cloud Computing Security Workshop最新文献

筛选
英文 中文
Proceedings of the 2021 on Cloud Computing Security Workshop 2021云计算安全研讨会论文集
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123
{"title":"Proceedings of the 2021 on Cloud Computing Security Workshop","authors":"","doi":"10.1145/3474123","DOIUrl":"https://doi.org/10.1145/3474123","url":null,"abstract":"","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121858861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Secure Featurization and Applications to Secure Phishing Detection 安全特性及其在安全网络钓鱼检测中的应用
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486759
Akash Shah, Nishanth Chandran, Mesfin Dema, Divya Gupta, A. Gururajan, Huang Yu
{"title":"Secure Featurization and Applications to Secure Phishing Detection","authors":"Akash Shah, Nishanth Chandran, Mesfin Dema, Divya Gupta, A. Gururajan, Huang Yu","doi":"10.1145/3474123.3486759","DOIUrl":"https://doi.org/10.1145/3474123.3486759","url":null,"abstract":"Secure inference allows a server holding a machine learning (ML) inference algorithm with private weights, and a client with a private input, to obtain the output of the inference algorithm, without revealing their respective private inputs to one another. While this problem has received plenty of attention, existing systems are not applicable to a large class of ML algorithms (such as in the domain of Natural Language Processing) that perform featurization as their first step. In this work, we address this gap and make the following contributions: We initiate the formal study of secure featurization and its use in conjunction with secure inference protocols. We build secure featurization protocols in the one/two/three-server settings that provide a tradeoff between security and efficiency. Finally, we apply our algorithms in the context of secure phishing detection and evaluate our end-to-end protocol on models that are commonly used for phishing detection.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133880866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Live Migration of Operating System Containers in Encrypted Virtual Machines 加密虚拟机中操作系统容器的热迁移
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486761
Joana Pecholt, Monika Huber, Sascha Wessel
{"title":"Live Migration of Operating System Containers in Encrypted Virtual Machines","authors":"Joana Pecholt, Monika Huber, Sascha Wessel","doi":"10.1145/3474123.3486761","DOIUrl":"https://doi.org/10.1145/3474123.3486761","url":null,"abstract":"With the widespread use of Docker and Kubernetes, OS-level virtualization has become a key technology to deploy and run software. At the same time, data centers and cloud providers offer shared computing resources on demand. The use of these resources usually leads to a larger trusted computing base and less control over the data. We present a confidential computing concept for the migration of operating system containers in secure encrypted virtual machines so that these are protected from the operator and administrator. In our approach, processes inside of the containers remain intact, i.e., they keep their state and do not have to be restarted. Network services inside of the containers remain unchanged and reachable. This is typically called live migration. Integrity and confidentiality of the data inside of the containers is enforced during migration as well as on the destination platform, namely in transit, in use and at rest. The authenticity and integrity of the destination platform is verified using remote attestation before any data is transferred. While our core concept is not specific to a particular hardware, we present two different approaches corresponding to the first generation of AMD SEV as well as SEV-SNP. Our proof of concept implementation is based on the first generation of SEV.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122617622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Programmable Security in the Age of Software-Defined Infrastructure 软件定义基础设施时代的可编程安全性
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486765
G. Gu
{"title":"Programmable Security in the Age of Software-Defined Infrastructure","authors":"G. Gu","doi":"10.1145/3474123.3486765","DOIUrl":"https://doi.org/10.1145/3474123.3486765","url":null,"abstract":"Today's network and computing infrastructure rests on inadequate foundations. An emerging, promising new foundation for computing is software-defined infrastructure (SDI), which offers a range of technologies including: compute, storage, and network virtualization; novel separation of concerns at the systems level; and new approaches to system and device management. As a representative example of SDI, software-defined networking (SDN) is a new networking paradigm that decouples the control logic from the closed and proprietary implementations of traditional network data plane infrastructure. SDN is now becoming the networking foundation for cloud/data-center, future Internet and 5G infrastructures. We argue that we should leverage software-defined infrastructure to design new methodologies and principles to make security programmable. In this talk, I will discuss some new opportunities as well as challenges in this new direction, and demonstrate with case studies from our recent research results. Our vision is that future security will be programmable thus more intelligent and powerful to secure a software-defined world.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122970211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Security in a Cloud Bazaar 云集市中的安全性
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486791
O. Krieger
{"title":"Security in a Cloud Bazaar","authors":"O. Krieger","doi":"10.1145/3474123.3486791","DOIUrl":"https://doi.org/10.1145/3474123.3486791","url":null,"abstract":"While cloud computing is transforming society, today's public clouds are black boxes, implemented and operated by a single provider that makes all business and technology decisions. In 2013 we launched the Mass Open Cloud (MOC) with the vision of creating a production cloud that would enable innovation by a broad industry and research community. This open cloud has become a laboratory for cloud research and innovation, resulting in hundreds of publications, contributions to open source software, and collaborations between researchers, open source developers, and production operations staff. Recently we launched the Open Research Cloud Initiative (ORCI) to provide a framework to coordinate the bazaar of interrelated projects and initiatives that have evolved since 2013, including the Red Hat Collaboratory@BU, Open Cloud Testbed (OCT), New England Research Cloud (NERC), Northeast Storage Exchange (NESE), Operate First, and OpenInfra Labs. With its launch, the MOC inspired and enabled research in cloud security. For example, the Modular Approach to Cloud Security (MACS) SaTC NSF frontier project, launched in 2014, brought together cryptographers, operating system, database and computer architecture researchers from BU, MIT, UConn and NEU. This security research resulted in new open-source software and products that are today enabling new services in the ORCI bazaar. This talk will discuss the ORCI cloud bazaar, some of the security research and projects it inspired, and some exciting new collaborations happening now to make the cloud both open and secure.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133229342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
m-Stability: Threshold Security Meets Transferable Utility m-稳定性:阈值安全性满足可转移效用
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486758
O. Biçer, B. Yildiz, Alptekin Küpçü
{"title":"m-Stability: Threshold Security Meets Transferable Utility","authors":"O. Biçer, B. Yildiz, Alptekin Küpçü","doi":"10.1145/3474123.3486758","DOIUrl":"https://doi.org/10.1145/3474123.3486758","url":null,"abstract":"Use of game theory and mechanism design in cloud security is a well-studied topic. When applicable, it has the advantages of being efficient and simple compared to cryptography alone. Most analyses consider two-party settings, or multi-party settings where coalitions are not allowed. However, many cloud security problems that we face are in the multi-party setting and the involved parties can almost freely collaborate with each other. To formalize the study of disincentivizing coalitions from deviating strategies, a well-known definition named k-resiliency has been proposed by Abraham et al. (ACM PODC '06). Since its proposal, k-resiliency and related definitions are used extensively for mechanism design. However, in this work we observe the shortcoming of k-resiliency. That is, although this definition is secure, it is too strict to use for many cases and rule out secure mechanisms as insecure. To overcome this issue, we propose a new definition named ℓ-repellence against the presence of a single coalition to replace k-resiliency. Our definition incorporates transferable utility in game theory as it is realistic in many distributed and multi-party computing settings. We also propose m-stability definition against the presence of multiple coalitions, which is inspired by threshold security in cryptography. We then show the advantages of our novel definitions on three mechanisms, none of which were previously analyzed against coalitions: incentivized cloud computation, forwarding data packages in ad hoc networks, and connectivity in ad hoc networks. Regarding the former, our concepts improve the proposal by Küpçü (IEEE TDSC '17), by ensuring a coalition-proof mechanism.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123379313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
ACCO: Algebraic Computation with Comparison ACCO:代数计算与比较
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486757
Xiaoqin Duan, Vipul Goyal, Hanjun Li, R. Ostrovsky, Antigoni Polychroniadou, Yifan Song
{"title":"ACCO: Algebraic Computation with Comparison","authors":"Xiaoqin Duan, Vipul Goyal, Hanjun Li, R. Ostrovsky, Antigoni Polychroniadou, Yifan Song","doi":"10.1145/3474123.3486757","DOIUrl":"https://doi.org/10.1145/3474123.3486757","url":null,"abstract":"We propose ACCO: the first maliciously secure multiparty computation engine in the honest majority setting, which also supports secure and efficient comparison and integer truncation. Our system is also the first to achieve information theoretic security. We use ACCO to build an information theoretic privacy preserving machine learning system where a set of parties collaboratively train regression models in the presence of a malicious adversary. We report an implementation of our system and compare the performance against Helen, the work of Zheng, Popa, Gonzalez and Stoica (SP'19) which provided multiparty regression models secure against malicious adversaries. Our system offers a significant speedup over Helen.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116798278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
ROSEN: RObust and SElective Non-repudiation (for TLS) 稳健和选择性不可抵赖性(TLS)
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486763
Srdjan Capkun, Ercan Ozturk, Gene Tsudik, Karl Wüst
{"title":"ROSEN: RObust and SElective Non-repudiation (for TLS)","authors":"Srdjan Capkun, Ercan Ozturk, Gene Tsudik, Karl Wüst","doi":"10.1145/3474123.3486763","DOIUrl":"https://doi.org/10.1145/3474123.3486763","url":null,"abstract":"A versatile non-repudiation service that can be used directly and without application-specific modifications is desirable in many realistic use-cases. Since TLS is one of the most popular current means of secure communication, several proposals have been made for augmenting it with a general, flexible and efficient non-repudiation service. However, none of them offers sufficient robustness for scenarios that require high reliability. Also, they lack flexibility by requiring the party providing non-repudiable evidence to do so for all content transmitted within a given TLS session. In this paper, we propose ROSEN, an extension for TLS that provides non-repudiation using an efficient checkpointing mechanism that minimizes loss of evidence in the presence of faults in order to increase robustness and ensure reliability. In addition, ROSEN inherits privacy-preserving properties of prior methods and introduces selective non-repudiation which allows the party providing non-repudiable evidence to selectively and efficiently redact parts of the session so as to make them repudiable.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129502161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Privacy-enhanced OptiSwap Privacy-enhanced OptiSwap
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486756
S. Avizheh, Preston Haffey, R. Safavi-Naini
{"title":"Privacy-enhanced OptiSwap","authors":"S. Avizheh, Preston Haffey, R. Safavi-Naini","doi":"10.1145/3474123.3486756","DOIUrl":"https://doi.org/10.1145/3474123.3486756","url":null,"abstract":"Fair Exchange is a fundamental problem in the exchange of digital items with direct application to electronic commerce. In a fair exchange protocol, two parties want to exchange their corresponding items such that either both receive the other's item, or neither of them receives anything. It has been shown that fair exchange without a trusted third party (TTP) is not possible. Optimistic fair exchange protocols limit the role of TTP to the case that one of the parties misbehaves. OptiSwap (Eckey et al., 2020) is a fair exchange protocol for the exchange of confidential digital items with digital coins. OptiSwap uses a smart contract as the TTP and allows the buyer to use an interactive dispute resolution protocol with the seller (mediated through smart contract) to generate a proof of misbehaviour for a misbehaving seller. We show that OptiSwap's dispute resolution protocol leaks information about the item to the smart contract (public) which can completely reveal the item to the public, and this provides an opportunity for a malicious buyer to pose a credible threat to the fairness guarantee of the system. We propose and design privacy-enhanced OptiSwap that prevents the leakage of information and guarantees security and fairness of the exchange without significantly affecting the efficiency of the protocol. We prove security of the new protocol in an extension of the universal composability for non-monolithic adversaries, and implement and evaluate its efficiency against the original OptiSwap. We discuss our results and suggest directions for future research.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"478 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133398413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Data Sovereignty in the Cloud - Wishful Thinking or Reality? 云中的数据主权——一厢情愿还是现实?
Proceedings of the 2021 on Cloud Computing Security Workshop Pub Date : 2021-11-15 DOI: 10.1145/3474123.3486792
Christian Banse
{"title":"Data Sovereignty in the Cloud - Wishful Thinking or Reality?","authors":"Christian Banse","doi":"10.1145/3474123.3486792","DOIUrl":"https://doi.org/10.1145/3474123.3486792","url":null,"abstract":"The idea of data sovereignty has been at the core of various research activities over the last years, especially in Europe. The topic gained additional traction through various regulations and initiatives such as the EU General Data Protection Regulation (GDPR), the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and lastly, Gaia-X. While asserting digital control over your data is relatively easy in a closed ecosystem, such as your own on-premises or a community data space, it is infinitely more challenging in a public open ecosystem, such as the Cloud. On one hand, recent advantages in the field of confidential computing, such as the introduction of secure enclaves and encrypted virtual machine memory are promising new ways to enforce data sovereignty even in Cloud infrastructures. On the other hand, the mere existence of these techniques does not ensure an overall secure system, demonstrated by various flaws found in confidential computing techniques themselves, such as AMD SEV. So, the question remains if data sovereignty in the cloud is already reality or still wishful thinking? Keeping the requirements from initiatives such as Gaia-X and the EUCS in mind, this talk will explore what it means to achieve data sovereignty and security in the Cloud. It is important to understand, that it is not only necessary to implement appropriate security measures, but also (continuously) demonstrate the effectiveness of them. Therefore, this talk will show an overview of different technical means to leverage confidential computing for data sovereignty in the Cloud, especially using remote attestation and integrity verification. Furthermore, it will explore techniques to demonstrate the effectiveness of these measures with regards to regulation compliance. One such example is the MEDINA framework, which aims to continuously verify the requirements of EUCS and Gaia-X, both on the infrastructure as well as the application level in cloud systems.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130440906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信