Search CORE

139 research outputs found

Data security issues in cloud scenarios

Author: A Ceselli
C Ardagna
CA Ardagna
F Li
F Zhao
G Ateniese
K Yang
P Samarati
P Samarati
R Donida Labati
R Jhawar
RD Labati
S Capitani di Vimercati De
S Capitani di Vimercati De
S Capitani di Vimercati De
S Capitani di Vimercati De
S Capitani di Vimercati De
S Capitani di Vimercati De
S Capitani di Vimercati De
S Capitani di Vimercati De
S De Capitani di Vimercati
V Ciriani
V Ciriani
V Ciriani
X Ding
Publication venue: 'Springer Science and Business Media LLC'
Publication date: 01/01/2015
Field of study

The amount of data created, stored, and processed has enormously increased in the last years. Today, millions of devices are connected to the Internet and generate a huge amount of (personal) data that need to be stored and processed using scalable, efficient, and reliable computing infrastructures. Cloud computing technology can be used to respond to these needs. Although cloud computing brings many benefits to users and companies, security concerns about the cloud still represent the major impediment for its wide adoption. We briefly survey the main challenges related to the storage and processing of data in the cloud. In particular, we focus on the problem of protecting data in storage, supporting fine-grained access, selectively sharing data, protecting query privacy, and verifying the integrity of computations

Crossref

AIR Universita degli studi di Milano

About models of security protocols

Author: Comon-Lundh Hubert
Publication venue: LIPIcs - Leibniz International Proceedings in Informatics. IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science
Publication date: 01/01/2008
Field of study

In this paper, mostly consisting of definitions, we revisit the models of security protocols: we show that the symbolic and the computational models (as well as others) are instances of a same generic model. Our definitions are also parametrized by the security primitives, the notion of attacker and, to some extent, the process calculus

Dagstuhl Research Online Publication Server

Dresdner Universitätsjournal

Author
Publication venue: Technische Universität Dresden
Publication date: 01/01/2007
Field of study

"Dresdner Universitätsjournal" vom 16. Oktober 200

Technische Universität Dresden: Qucosa

SafeWeb: A Middleware for Securing Ruby-Based Web Applications

Author: A. Chaudhuri
A. Myers
A. Wun
A. Yip
C. Ye
E. Chin
J. Burket
N. Jovanovic
P.D. Ryck
P.T. Eugster
S. Nair
S. Nanda
S. Yoshihama
T. Pietraszek
W. Xu
Y.-W. Huang
Publication venue: 'Springer Science and Business Media LLC'
Publication date: 01/01/2011
Field of study

Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)

CiteSeerX

Crossref

Kent Academic Repository

UDORA - University of Derby Online Research Archive

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

Author: Cortier Véronique
Kremer Steve
Warinschi Bogdan
Publication venue: HAL CCSD
Publication date: 01/01/2009
Field of study

Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear. For more than twenty years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. {\em Computational soundness} aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The {\em direct approach} aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who want to contribute to the field, want to make use of existing results, or just want to get a better picture of what results already exist

HAL - Université de Franche-Comté

INRIA a CCSD electronic archive server