发布求助
文献互助 智能选刊 最新文献

Cloud Computing Security Workshop最新文献

筛选
英文 中文
Return of the Covert Channel, Data Center Style 秘密通道的回归,数据中心风格
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808433
Kenneth Block, G. Noubir
{"title":"Return of the Covert Channel, Data Center Style","authors":"Kenneth Block, G. Noubir","doi":"10.1145/2808425.2808433","DOIUrl":"https://doi.org/10.1145/2808425.2808433","url":null,"abstract":"This work characterizes an interference-based covert timing channel in a highly virtualized, active data center. The adversary leaks sensitive data from a compromised machine without any direct TCP/IP communication pathway between it and the channel's external sink. The attack exploits a publicly facing innocuous and uncompromised commercial server in a shared resources attack. This victimized server unwittingly partakes in a stealthy operation by providing the exfiltration medium. The channel exhibits a one bit per second data rate that can increase proportionally with the decrease in the victim's content transmission time. The channel operates 24x7 in a major university's Computer Science department's data center that experiences highly dynamic loads. Bit Error Rate and capacity are evaluated with the application of spreading gain, a technique used in wireless spread spectrum designs. Additionally, time synchronization drift characterization and channel tolerance to clock skew are demonstrated. A technique for identifying symbol discrimination thresholds requiring no a priori knowledge of truth is demonstrated.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122583341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Fast Order-Preserving Encryption from Uniform Distribution Sampling 基于均匀分布采样的快速保序加密
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808431
Yong Ho Hwang, Sungwook Kim, J. Seo
{"title":"Fast Order-Preserving Encryption from Uniform Distribution Sampling","authors":"Yong Ho Hwang, Sungwook Kim, J. Seo","doi":"10.1145/2808425.2808431","DOIUrl":"https://doi.org/10.1145/2808425.2808431","url":null,"abstract":"Order-preserving encryption (OPE) is a symmetric encryption that ciphertexts preserve numerical ordering of the corresponding plaintexts. It allows various applications to search or sort the order of encrypted data (e.g., range queries in database) efficiently. In this paper, we study OPE for more practical use. We first discuss the elements of previous schemes considered as obstacles in practical applications and propose a new construction by eliminating them (especially probabilistic random variate generation functions such as hypergeometric and binomial distributions). We propose a new OPE whose encryption and decryption are much faster than those of the previous schemes by employing uniform distribution sampling. Furthermore, we provide a batch decryption algorithm to support concurrent decryption of numerical values within the specific range, which is firstly observed in the OPE research literature. It can be very efficiently applied for the encrypted range query processing of database systems. The security of our scheme is proven under the weak variants of notions proposed by Teranishi et al. in Asiacrypt 2014, which yield partial indistinguishability and one-wayness.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124467372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Cloud Security: The Industry Landscape and the Lure of Zero-Knowledge Protection 云安全:行业格局和零知识保护的诱惑
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808427
Chenxi Wang
{"title":"Cloud Security: The Industry Landscape and the Lure of Zero-Knowledge Protection","authors":"Chenxi Wang","doi":"10.1145/2808425.2808427","DOIUrl":"https://doi.org/10.1145/2808425.2808427","url":null,"abstract":"Cloud computing is a change agent to how information technologies are consumed by businesses and consumers. The agility, scale, and resiliency brought by the cloud fundamentally changed the IT economy for many organizations. However, security assurance for cloud continues to be a barrier for adoption. This talk surveys the current cloud security technology landscape and more specifically the subject of \"zero-knowledge protection\" (ZKP). Borrowed from zero-knowledge proof, ZKP is a concept that allows cloud users to leverage cloud application functions without revealing critical data to the cloud infrastructure. ZKP has far-reaching impact on privacy, government surveillance, and data residency. There is also much misconception on what ZKP is and is not capable of doing. This talk looks at the specifics of ZKP technologies, the use cases for which ZKP provides the most value, and the ensuing societal impact. We will examine how ZKP can work across various layers of the cloud, from IaaS to SaaS, and briefly touch on how ZKP can function with some of the newer cloud technologies like Linux Containers and Docker.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"328 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124631712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Side Channels in Multi-Tenant Environments 多租户环境中的侧通道
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808426
M. Reiter
{"title":"Side Channels in Multi-Tenant Environments","authors":"M. Reiter","doi":"10.1145/2808425.2808426","DOIUrl":"https://doi.org/10.1145/2808425.2808426","url":null,"abstract":"Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware---both large (public clouds) and small (smartphones)---the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely side-channel attacks. In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115030706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
ORAM Based Forward Privacy Preserving Dynamic Searchable Symmetric Encryption Schemes 基于ORAM的前向隐私保护动态可搜索对称加密方案
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808429
P. Rizomiliotis, S. Gritzalis
{"title":"ORAM Based Forward Privacy Preserving Dynamic Searchable Symmetric Encryption Schemes","authors":"P. Rizomiliotis, S. Gritzalis","doi":"10.1145/2808425.2808429","DOIUrl":"https://doi.org/10.1145/2808425.2808429","url":null,"abstract":"In the cloud era, as more and more businesses and individuals have their data hosted by an untrusted storage service provider, data privacy has become an important concern. In this context, searchable symmetric encryption (SSE) has gained a lot of attention. An SSE scheme aims to protect the privacy of the outsourced data by supporting, at the same time, outsourced search computation. However, the design of an efficient dynamic SSE (DSSE) has been shown to be a challenging task. In this paper, we present two efficient DSSEs that leak a limited amount of information. Both our schemes make a limited use of ORAM algorithms to achieve forward privacy and to minimize the overhead that ORAMs introduce, at the same time. To the best of our knowledge, there is only one other DSSE scheme that offers efficiently forward privacy. Our schemes are parallizable and significantly improve the search and update complexity, as well as the memory access locality.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"187 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132431157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Performance Analysis of Linux RNG in Virtualized Environments 虚拟化环境下Linux RNG性能分析
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808434
R. Kumari, Mohsen Alimomeni, R. Safavi-Naini
{"title":"Performance Analysis of Linux RNG in Virtualized Environments","authors":"R. Kumari, Mohsen Alimomeni, R. Safavi-Naini","doi":"10.1145/2808425.2808434","DOIUrl":"https://doi.org/10.1145/2808425.2808434","url":null,"abstract":"We consider performance of Linux Random Number Generator(RNG) in virtualized environments and ask, (i) if the emulated hardware can provide sufficient entropy sources for the RNG and, (ii) if the RNG output of the host and the guest are isolated. These are important questions because insufficient entropy results in {em entropy starvation}, and the lack of isolation results in the host and the guest RNG output to be correlated. We give detailed comparison of the Linux RNGs that run on a host and a guest in different settings. Our results show that, as expected, hosts have higher entropy sources available and generate entropy at a higher rate (entropy bit per second). We also show that generating disk activity at high rate on the guest results in a significant flow of events from the guest to the host that could possibly be exploited by an adversary to find the output of the host RNG by controlling the guest.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126607953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
How Private is Your Private Cloud?: Security Analysis of Cloud Control Interfaces 你的私有云有多私有?:云控制接口安全分析
Cloud Computing Security Workshop Pub Date : 2015-10-16 DOI: 10.1145/2808425.2808432
Dennis Felsch, M. Heiderich, Frederic Schulz, Jorg Schwenk
{"title":"How Private is Your Private Cloud?: Security Analysis of Cloud Control Interfaces","authors":"Dennis Felsch, M. Heiderich, Frederic Schulz, Jorg Schwenk","doi":"10.1145/2808425.2808432","DOIUrl":"https://doi.org/10.1145/2808425.2808432","url":null,"abstract":"The security gateway between an attacker and a user's private data is the Cloud Control Interface (CCI): If an attacker manages to get access to this interface, he controls the data. Several high-level data breaches originate here, the latest being the business failure of the British company Code Spaces. In such situations, using a private cloud is often claimed to be more secure than using a public cloud. In this paper, we show that this security assumption may not be justified: We attack private clouds through their rich, HTML5-based control interfaces, using well-known attacks on web interfaces (XSS, CSRF, and Clickjacking) combined with novel exploitation techniques for Infrastructure as a Service clouds.\u0000 We analyzed four open-source projects for private IaaS cloud deployment (Eucalyptus, OpenNebula, OpenStack, and openQRM) in default configuration. We were able to compromise the security of three cloud installations (Eucalyptus, OpenNebula, and openQRM) One of our attacks (OpenNebula) allowed us to gain root access to VMs even if full perimeter security is enabled, i.e. if the cloud control interface is only reachable from a certain segment of the company's network, and if all network traffic is filtered through a firewall.\u0000 We informed all projects about the attack vectors and proposed mitigations. As a general recommendation, we propose to make web management interfaces for private clouds inaccessible from the Internet, and to include this technical requirement in the definition of a private cloud.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"110 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117212107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners 探索具有多个数据所有者的外包k近邻的隐私保护
Cloud Computing Security Workshop Pub Date : 2015-07-29 DOI: 10.1145/2808425.2808430
Frank H. Li, Richard Shin, V. Paxson
{"title":"Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners","authors":"Frank H. Li, Richard Shin, V. Paxson","doi":"10.1145/2808425.2808430","DOIUrl":"https://doi.org/10.1145/2808425.2808430","url":null,"abstract":"The k-nearest neighbors (k-NN) algorithm is a popular and effective classification algorithm. Due to its large storage and computational requirements, it is suitable for cloud outsourcing. However, k-NN is often run on sensitive data such as medical records, user images, or personal information. It is important to protect the privacy of data in an outsourced k-NN system. Prior works have all assumed the data owners (who submit data to the outsourced k-NN system) are a single trusted party. However, we observe that in many practical scenarios, there may be multiple mutually distrusting data owners. In this work, we present the first framing and exploration of privacy preservation in an outsourced k-NN system with multiple data owners. We consider the various threat models introduced by this modification. We discover that under a particularly practical threat model that covers numerous scenarios, there exists a set of adaptive attacks that breach the data privacy of any exact k-NN system. The vulnerability is a result of the mathematical properties of k-NN and its output. Thus, we propose a privacy-preserving alternative system supporting kernel density estimation using a Gaussian kernel, a classification algorithm from the same family as k-NN. In many applications, this similar algorithm serves as a good substitute for k-NN. We additionally investigate solutions for other threat models, often through extensions on prior single data owner systems.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133916799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Fast dynamic extracted honeypots in cloud computing 云计算中的快速动态蜜罐提取
Cloud Computing Security Workshop Pub Date : 2012-10-19 DOI: 10.1145/2381913.2381916
Sebastian Biedermann, M. Mink, S. Katzenbeisser
{"title":"Fast dynamic extracted honeypots in cloud computing","authors":"Sebastian Biedermann, M. Mink, S. Katzenbeisser","doi":"10.1145/2381913.2381916","DOIUrl":"https://doi.org/10.1145/2381913.2381916","url":null,"abstract":"In this paper, we describe the design, the implementation and the evaluation of a dynamic honeypot architecture which can be offered as an additional security service for cloud users in a cloud that offers Infrastructure-as-a-Service (IaaS). Honeypots can protect original systems while revealing new and unknown attacks at the same time. The proposed dynamic honeypot architecture detects potential attacks in the initial phases and delays these attacks until a new honeypot virtual machine (VM) is extracted from the original VM which is under attack. The extraction process is a modifying VM live cloning process which leaves sensible data behind and prevents internal data loss. This way, the newly created honeypot VM runs the same software in exactly the same up-to-date configuration. The honeypot controller redirects the delayed attack to the extracted honeypot VM and analyses its impact without risking the integrity of the original target VM. The proposed architecture benefits from the flexibility and adaptability of the cloud. It efficiently protects VMs of cloud users from contemporary network attacks while only few additional cloud resources are temporarily needed. The architecture deceives and misleads an attacker or an attacking source but does not influence the normal work-flow of the original VMs in the cloud. Based on a defined reporting format, cloud users can learn from attacks which have targeted their VMs and discover current misconfigurations and unknown vulnerabilities.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127352016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Managing trust and secrecy in identity management clouds 在身份管理云中管理信任和保密
Cloud Computing Security Workshop Pub Date : 2012-10-19 DOI: 10.1145/2381913.2381933
Apurva Kumar
{"title":"Managing trust and secrecy in identity management clouds","authors":"Apurva Kumar","doi":"10.1145/2381913.2381933","DOIUrl":"https://doi.org/10.1145/2381913.2381933","url":null,"abstract":"User management services were one of the first to be offloaded to third party cloud vendors. Today, a large number of service providers rely on trusted identity providers for managing users and their resources. At the core of these interactions involving multiple providers are a set of web-based workflows that have emerged as de-facto standards. In this paper, we propose a framework especially addressing needs of analyzing security in such web protocols. To analyze trust between collaborating service providers on the web, we extend the well-known BAN logic. We study secrecy properties to examine security of user identity management across multiple domains, using a SAT based model-checking approach. The result is a hybrid approach that inherits simplicity and intuitive appeal of belief logics without being affected by soundness problems associated with these logics. We illustrate the method through analysis of a premier web identity management protocol where we use our method to automatically discover a new attack trace.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133783550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信