发布求助
文献互助 智能选刊 最新文献

Cloud Computing Security Workshop最新文献

筛选
英文 中文
Benchmarking cloud security level agreements using quantitative policy trees 使用定量策略树对云安全级别协议进行基准测试
Cloud Computing Security Workshop Pub Date : 2012-10-19 DOI: 10.1145/2381913.2381932
Jesus Luna, R. Langenberg, N. Suri
{"title":"Benchmarking cloud security level agreements using quantitative policy trees","authors":"Jesus Luna, R. Langenberg, N. Suri","doi":"10.1145/2381913.2381932","DOIUrl":"https://doi.org/10.1145/2381913.2381932","url":null,"abstract":"While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider (CSP). However, the recent efforts on specification of security statements in Service Level Agreements, also known as \"Security Level Agreements\" or SecLAs is a positive development. While a consistent notion of Cloud SecLAs is still developing, already some major CSPs are creating and storing their advocated SecLAs in publicly available repositories e.g., the Cloud Security Alliance's \"Security, Trust & Assurance Registry\" (CSA STAR). While several academic and industrial efforts are developing the methods to build and specify Cloud SecLAs, very few works deal with the techniques to quantitatively reason about SecLAs in order to provide security assurance. This paper proposes a method to benchmark - both quantitatively and qualitatively -- the Cloud SecLAs of one or more CSPs with respect to a user-defined requirement, also in the form of a SecLA. The contributed security benchmark methodology rests on the notion of Quantitative Policy Trees (QPT), a data structure that we propose to represent and systematically reason about SecLAs. In this paper we perform the initial validation of the contributed methodology with respect to another state of the art proposal, which in turn was empirically validated using the SecLAs stored on the CSA STAR repository. Finally, our research also contributes with QUANTS-as-a-Service (QUANTSaaS), a system that implements the proposed Cloud SecLA benchmark methodology.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123998843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 65
Practical applications of homomorphic encryption 同态加密的实际应用
Cloud Computing Security Workshop Pub Date : 2012-10-19 DOI: 10.1145/2381913.2381924
K. Lauter
{"title":"Practical applications of homomorphic encryption","authors":"K. Lauter","doi":"10.1145/2381913.2381924","DOIUrl":"https://doi.org/10.1145/2381913.2381924","url":null,"abstract":"With the rush of advances in solutions for homomorphic encryption, the promise and hype grows. Homomorphic encryption offers the promise of allowing the user to upload encrypted data to the cloud, which the cloud can then operate on without having the secret key. The cloud can return encrypted outputs of computations to the user without ever decrypting the data, thus providing hosting of data and services without compromising privacy. The catch is the degradation of performance and issues of scalability and flexibility. This talk will survey the current state of the art and the trade-offs when using homomorphic encryption, and highlight scenarios and functionality where homomorphic encryption seems to be the most appropriate solution. In particular, homomorphic encryption can be used to enable private versions of some basic machine learning algorithms. This talk will cover several pieces of joint work with Michael Naehrig, Vinod Vaikuntanathan, and Thore Graepel.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126198231","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Efficient query integrity for outsourced dynamic databases 外包动态数据库的高效查询完整性
Cloud Computing Security Workshop Pub Date : 2012-10-19 DOI: 10.1145/2381913.2381927
Qingji Zheng, Shouhuai Xu, G. Ateniese
{"title":"Efficient query integrity for outsourced dynamic databases","authors":"Qingji Zheng, Shouhuai Xu, G. Ateniese","doi":"10.1145/2381913.2381927","DOIUrl":"https://doi.org/10.1145/2381913.2381927","url":null,"abstract":"As databases are increasingly outsourced to the cloud, data owners require various security assurances. This paper investigates one particular assurance, query integrity, by which a database querier (either the data owner or a third party) can verify that its queries were faithfully executed by the cloud server with respect to the outsourced database. Query integrity is investigated in the setting of dynamic databases, where the outsourced databases can be updated by the data owners as needed. We present a formal security definition of query integrity and a provably-secure efficient construction. Our solution improves upon the state-of-the-art solutions by additionally allowing aggregate queries and more flexible join queries. In addition, we provide better performance by eliminating a linear factor in the extra storage complexity for security purpose. Our solution also achieves a trade-off between computational and communication complexities.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129117439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
What if we got a do-over? 如果我们重新来过呢?
Cloud Computing Security Workshop Pub Date : 2012-10-19 DOI: 10.1145/2381913.2381923
H. Shrobe
{"title":"What if we got a do-over?","authors":"H. Shrobe","doi":"10.1145/2381913.2381923","DOIUrl":"https://doi.org/10.1145/2381913.2381923","url":null,"abstract":"In this keynote talk I will summarize the views that have led to the creation of two DARPA research program: CRASH (Clean-slate design of Resilient Adaptive Secure Hosts) and MRC (Mission-Oriented Resilient Clouds). Both programs start with the premise that for perfectly understandable reasons the hardware, operating systems, programming languages and application software that we currently rely on are inherently flawed and will not be able to deliver the levels of security and resilience that are needed to support mission-critical applications. But both also recognize that we could build fundamentally better systems using a clean-slate approach.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133366110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Cloud security: myth or reality? 云安全:神话还是现实?
Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI: 10.1145/2046660.2046674
T. Brown
{"title":"Cloud security: myth or reality?","authors":"T. Brown","doi":"10.1145/2046660.2046674","DOIUrl":"https://doi.org/10.1145/2046660.2046674","url":null,"abstract":"Can the cloud truly be secured? Can enterprises, universities, small businesses and governments securely utilize the cloud for their critical infrastructure? It will take rethinking our current security policies and what we consider secure. This session will cover what is necessary to utilize the cloud securely today and how the cloud should adapt for the future.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"189 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115609229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
All your clouds are belong to us: security analysis of cloud management interfaces 您所有的云都属于我们:云管理接口的安全分析
Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI: 10.1145/2046660.2046664
Juraj Somorovsky, M. Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono
{"title":"All your clouds are belong to us: security analysis of cloud management interfaces","authors":"Juraj Somorovsky, M. Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono","doi":"10.1145/2046660.2046664","DOIUrl":"https://doi.org/10.1145/2046660.2046664","url":null,"abstract":"Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included.\u0000 In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus).\u0000 Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermeasures against these attacks, as well as introduce a novel \"black box\" analysis methodology for public Cloud interfaces.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132740641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 187
Privacy-preserving outsourcing of brute-force key searches 保护隐私的外包暴力破解密钥搜索
Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI: 10.1145/2046660.2046681
Ghassan O. Karame, Srdjan Capkun, U. Maurer
{"title":"Privacy-preserving outsourcing of brute-force key searches","authors":"Ghassan O. Karame, Srdjan Capkun, U. Maurer","doi":"10.1145/2046660.2046681","DOIUrl":"https://doi.org/10.1145/2046660.2046681","url":null,"abstract":"In this work, we investigate the privacy-preserving properties of encryption algorithms in the special case where encrypted data might be brute-force decrypted in a distributed setting. For that purpose, we consider a problem where a supervisor holds a ciphertext and wants to search for the corresponding key assisted by a set of helper nodes, without the nodes learning any information about the plaintext or the decryption key. We call this a privacy-preserving cryptographic key search. We provide a model for privacy-preserving cryptographic searches and we introduce two types of privacy-preserving key search problems: plaintext-hiding and key-hiding cryptographic search. We show that a number of private-key and public-key encryption schemes enable the construction of efficient privacy-preserving solvers for plaintext hiding searches. We also discuss possible constructions of privacy-preserving solvers for key-hiding cryptographic searches.\u0000 Our results highlight the need to consider the property of enabling efficient privacy-preserving solvers as an additional criterion for choosing which cryptographic algorithm to use.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127055685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Verifiable resource accounting for cloud computing services 云计算服务的可验证资源记帐
Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI: 10.1145/2046660.2046666
V. Sekar, Petros Maniatis
{"title":"Verifiable resource accounting for cloud computing services","authors":"V. Sekar, Petros Maniatis","doi":"10.1145/2046660.2046666","DOIUrl":"https://doi.org/10.1145/2046660.2046666","url":null,"abstract":"Cloud computing offers users the potential to reduce operating and capital expenses by leveraging the amortization benefits offered by large, managed infrastructures. However, the black-box and dynamic nature of the cloud infrastructure makes it difficult for them to reason about the expenses that their applications incur. At the same time, the profitability of cloud providers depends on their ability to multiplex several customer applications to maintain high utilization levels. However, this multiplexing may cause providers to incorrectly attribute resource consumption to customers or implicitly bear additional costs thereby reducing their cost-effectiveness. Our position in this paper is that for cloud computing as a paradigm to be sustainable in the long term, we need a systematic approach for verifiable resource accounting. Verifiability here means that cloud customers can be assured that (a) their applications indeed physically consumed the resources they were charged for and (b) that this consumption was justified based on an agreed policy. As a first step toward this vision, in this paper we articulate the challenges and opportunities for realizing such a framework.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"35 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131999880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 84
Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape 管理云中的多司法管辖区要求:迈向计算法律环境
Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI: 10.1145/2046660.2046678
David G. Gordon, T. Breaux
{"title":"Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape","authors":"David G. Gordon, T. Breaux","doi":"10.1145/2046660.2046678","DOIUrl":"https://doi.org/10.1145/2046660.2046678","url":null,"abstract":"Although cloud services allow organizations to transfer the planning and setup to the service provider and thus reduce costs through reuse, these services raise new questions regarding the privacy and security of personal information stored in and transferred across systems in the cloud. Prior to cloud services, personal information was commonly stored within the owning or licensing company's locality where the company maintained its facilities. Cloud services, however, move data to remote, potentially unknown, locations maintained by third parties. The responsibility for data protection and integrity no longer remains exclusively with its owner or licensee, but with these third parties. Thus, both parties must identify and manage the many regulatory requirements that govern their services and products in this multi-jurisdictional environment. To simplify this problem, we are developing methods to extract and codify regulatory requirements from government laws. We apply previously validated metrics to measure gaps and overlaps between the codified regulations. Our findings include a semi-formalization of the legal landscape using operational constructs for high- and low-watermark practices, which correspond to high- and low standards of care, respectively. Business analysts and system developers can use these watermarks to reason about compliance trade-offs based on perceived businesses costs and risks. We discovered and validated these constructs using seven U.S. state data breach notification laws that govern transactions of financial and health information of residents of these seven states.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134276613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Detecting fraudulent use of cloud resources 检测欺诈性使用云资源
Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI: 10.1145/2046660.2046676
Joseph Idziorek, Mark Tannian, D. Jacobson
{"title":"Detecting fraudulent use of cloud resources","authors":"Joseph Idziorek, Mark Tannian, D. Jacobson","doi":"10.1145/2046660.2046676","DOIUrl":"https://doi.org/10.1145/2046660.2046676","url":null,"abstract":"Initial threat modeling and security research on the public cloud model has primarily focused on the confidentiality and integrity of data transferred, processed, and stored in the cloud. Little attention has been paid to the external threat sources that have the capability to affect the financial viability, hence the long-term availability, of services hosted in the public cloud. Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC) attack is a much more subtle attack carried out over a longer duration of time. The objective of the attacker is to exploit the utility pricing model which governs the resource usage in the cloud model by fraudulently consuming web content with the purpose of depriving the victim of their long-term economic availability of hosting publicly accessible web content in the cloud. In this paper, we thoroughly describe the FRC attack and discuss why current application-layer DDoS detection schemes are not applicable to a more subtle attack. We propose three detection metrics that together form the criteria for identifying a FRC attack from that of normal web activity. Experimental results based on three plausible attack scenarios show that an attacker without knowledge of the web log has a difficult time mimicking the self-similar and consistent request semantics of normal web activity.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115184811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信