发布求助
文献互助 智能选刊 最新文献

Cloud Computing Security Workshop最新文献

筛选
英文 中文
Cloud security is not (just) virtualization security: a short paper 云安全不仅仅是虚拟化安全:这是一篇简短的文章
Cloud Computing Security Workshop Pub Date : 2009-11-13 DOI: 10.1145/1655008.1655022
Mihai Christodorescu, R. Sailer, D. Schales, D. Sgandurra, D. Zamboni
{"title":"Cloud security is not (just) virtualization security: a short paper","authors":"Mihai Christodorescu, R. Sailer, D. Schales, D. Sgandurra, D. Zamboni","doi":"10.1145/1655008.1655022","DOIUrl":"https://doi.org/10.1145/1655008.1655022","url":null,"abstract":"Cloud infrastructure commonly relies on virtualization. Customers provide their own VMs, and the cloud provider runs them often without knowledge of the guest OSes or their configurations. However, cloud customers also want effective and efficient security for their VMs. Cloud providers offering security-as-a-service based on VM introspection promise the best of both worlds: efficient centralization and effective protection. Since customers can move images from one cloud to another, an effective solution requires learning what guest OS runs in each VM and securing the guest OS without relying on the guest OS functionality or an initially secure guest VM state.\u0000 We present a solution that is highly scalable in that it (i) centralizes guest protection into a security VM, (ii) supports Linux and Windows operating systems and can be easily extended to support new operating systems, (iii) does not assume any a-priori semantic knowledge of the guest, (iv) does not require any a-priori trust assumptions into any state of the guest VM. While other introspection monitoring solutions exist, to our knowledge none of them monitor guests on the semantic level required to effectively support both white- and black-listing of kernel functions, or allows to start monitoring VMs at any state during run-time, resumed from saved state, and cold-boot without the assumptions of a secure start state for monitoring.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133252622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 200
Patient controlled encryption: ensuring privacy of electronic medical records 患者控制的加密:确保电子病历的隐私
Cloud Computing Security Workshop Pub Date : 2009-11-13 DOI: 10.1145/1655008.1655024
Josh Benaloh, Melissa Chase, E. Horvitz, K. Lauter
{"title":"Patient controlled encryption: ensuring privacy of electronic medical records","authors":"Josh Benaloh, Melissa Chase, E. Horvitz, K. Lauter","doi":"10.1145/1655008.1655024","DOIUrl":"https://doi.org/10.1145/1655008.1655024","url":null,"abstract":"We explore the challenge of preserving patients' privacy in electronic health record systems. We argue that security in such systems should be enforced via encryption as well as access control. Furthermore, we argue for approaches that enable patients to generate and store encryption keys, so that the patients' privacy is protected should the host data center be compromised. The standard argument against such an approach is that encryption would interfere with the functionality of the system. However, we show that we can build an efficient system that allows patients both to share partial access rights with others, and to perform searches over their records. We formalize the requirements of a Patient Controlled Encryption scheme, and give several instantiations, based on existing cryptographic primitives and protocols, each achieving a different set of properties.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"256 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133742922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 527
Controlling data in the cloud: outsourcing computation without outsourcing control 控制云端数据:外包计算,不外包控制
Cloud Computing Security Workshop Pub Date : 2009-11-13 DOI: 10.1145/1655008.1655020
Richard Chow, P. Golle, M. Jakobsson, E. Shi, Jessica Staddon, R. Masuoka, J. Molina
{"title":"Controlling data in the cloud: outsourcing computation without outsourcing control","authors":"Richard Chow, P. Golle, M. Jakobsson, E. Shi, Jessica Staddon, R. Masuoka, J. Molina","doi":"10.1145/1655008.1655020","DOIUrl":"https://doi.org/10.1145/1655008.1655020","url":null,"abstract":"Cloud computing is clearly one of today's most enticing technology areas due, at least in part, to its cost-efficiency and flexibility. However, despite the surge in activity and interest, there are significant, persistent concerns about cloud computing that are impeding momentum and will eventually compromise the vision of cloud computing as a new IT procurement model. In this paper, we characterize the problems and their impact on adoption. In addition, and equally importantly, we describe how the combination of existing research thrusts has the potential to alleviate many of the concerns impeding adoption. In particular, we argue that with continued research advances in trusted computing and computation-supporting encryption, life in the cloud can be advantageous from a business intelligence standpoint over the isolated alternative that is more common today.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115801301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 981
Secure anonymous database search 安全匿名数据库搜索
Cloud Computing Security Workshop Pub Date : 2009-11-13 DOI: 10.1145/1655008.1655025
Mariana Raykova, B. Vo, S. Bellovin, T. Malkin
{"title":"Secure anonymous database search","authors":"Mariana Raykova, B. Vo, S. Bellovin, T. Malkin","doi":"10.1145/1655008.1655025","DOIUrl":"https://doi.org/10.1145/1655008.1655025","url":null,"abstract":"There exist many large collections of private data that must be protected on behalf of the entities that hold them or the clients they serve. However, there are also often many legitimate reasons for sharing that data in a controlled manner. How can two parties decide to share data without prior knowledge of what data they have? For example, two intelligence agencies might be willing to cooperate by sharing documents about a specific case, and need a way of determining which documents might be of interest to each other.\u0000 We introduce and address the problem of allowing such entities to search each other's data securely and anonymously. We aim to protect the content of the queries, as well as the content of documents unrelated to those queries, while concealing the identity of the participants. Although there exist systems for solving similar problems, to our knowledge we are the first to address this specific need and also the first to present a secure anonymous search system that is practical for real-time querying. In order to achieve this in an efficient manner, we make use of Bloom filters [5], definitions of security for deterministic encryption [22] that we adapt and instantiate in the private key setting and of a novel encryption primitive, reroutable encryption.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116555487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 90
On protecting integrity and confidentiality of cryptographic file system for outsourced storage 外包存储加密文件系统的完整性和机密性保护
Cloud Computing Security Workshop Pub Date : 2009-11-13 DOI: 10.1145/1655008.1655017
Aaram Yun, Chunhui Shi, Yongdae Kim
{"title":"On protecting integrity and confidentiality of cryptographic file system for outsourced storage","authors":"Aaram Yun, Chunhui Shi, Yongdae Kim","doi":"10.1145/1655008.1655017","DOIUrl":"https://doi.org/10.1145/1655008.1655017","url":null,"abstract":"A cryptographic network file system has to guarantee confidentiality and integrity of its files, and also it has to support random access. For this purpose, existing designs mainly rely on(often ad-hoc) combination of Merkle hash tree with a block cipher mode of encryption. In this paper, we propose a new design based on a MAC tree construction which uses a universal-hash based stateful MAC. This new design enables standard model security proof and also better performance compared with Merkle hash tree. We formally define the security notions for file encryption and prove that our scheme provides both confidentiality and integrity. We implement our scheme in coreFS, a user-level network file system, and evaluate the performance in comparison with the standard design. Experimental results confirm that our construction provides integrity protection at a smaller cost.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115487187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 73
Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier 网站指纹识别:利用多项naïve-bayes分类器攻击流行的隐私增强技术
Cloud Computing Security Workshop Pub Date : 2009-11-13 DOI: 10.1145/1655008.1655013
Dominik Herrmann, Rolf Wendolsky, H. Federrath
{"title":"Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier","authors":"Dominik Herrmann, Rolf Wendolsky, H. Federrath","doi":"10.1145/1655008.1655013","DOIUrl":"https://doi.org/10.1145/1655008.1655013","url":null,"abstract":"Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet.\u0000 We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116302241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 419
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信
小红书