181,799 research outputs found
Programming support for an integrated multi-party computation and MapReduce infrastructure
We describe and present a prototype of a distributed computational infrastructure and associated high-level programming language that allow multiple parties to leverage their own computational resources capable of supporting MapReduce [1] operations in combination with multi-party computation (MPC). Our architecture allows a programmer to author and compile a protocol using a uniform collection of standard constructs, even when that protocol involves computations that take place locally within each participant’s MapReduce cluster as well as across all the participants using an MPC protocol. The highlevel programming language provided to the user is accompanied by static analysis algorithms that allow the programmer to reason about the efficiency of the protocol before compiling and running it. We present two example applications demonstrating how such an infrastructure can be employed.This work was supported in part
by NSF Grants: #1430145, #1414119, #1347522, and #1012798
On a Catalogue of Metrics for Evaluating Commercial Cloud Services
Given the continually increasing amount of commercial Cloud services in the
market, evaluation of different services plays a significant role in
cost-benefit analysis or decision making for choosing Cloud Computing. In
particular, employing suitable metrics is essential in evaluation
implementations. However, to the best of our knowledge, there is not any
systematic discussion about metrics for evaluating Cloud services. By using the
method of Systematic Literature Review (SLR), we have collected the de facto
metrics adopted in the existing Cloud services evaluation work. The collected
metrics were arranged following different Cloud service features to be
evaluated, which essentially constructed an evaluation metrics catalogue, as
shown in this paper. This metrics catalogue can be used to facilitate the
future practice and research in the area of Cloud services evaluation.
Moreover, considering metrics selection is a prerequisite of benchmark
selection in evaluation implementations, this work also supplements the
existing research in benchmarking the commercial Cloud services.Comment: 10 pages, Proceedings of the 13th ACM/IEEE International Conference
on Grid Computing (Grid 2012), pp. 164-173, Beijing, China, September 20-23,
201
Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial
render instructional content in a three-dimensional immersive computer
experience for training youth with learning impediments. There are limited
prior works that explored attack vulnerability in VR technology, and hence
there is a need for systematic frameworks to quantify risks corresponding to
security, privacy, and safety (SPS) threats. The SPS threats can adversely
impact the educational user experience and hinder delivery of VRLE content. In
this paper, we propose a novel risk assessment framework that utilizes attack
trees to calculate a risk score for varied VRLE threats with rate and duration
of threats as inputs. We compare the impact of a well-constructed attack tree
with an adhoc attack tree to study the trade-offs between overheads in managing
attack trees, and the cost of risk mitigation when vulnerabilities are
identified. We use a vSocial VRLE testbed in a case study to showcase the
effectiveness of our framework and demonstrate how a suitable attack tree
formalism can result in a more safer, privacy-preserving and secure VRLE
system.Comment: Tp appear in the CCNC 2019 Conferenc
On Evaluating Commercial Cloud Services: A Systematic Review
Background: Cloud Computing is increasingly booming in industry with many
competing providers and services. Accordingly, evaluation of commercial Cloud
services is necessary. However, the existing evaluation studies are relatively
chaotic. There exists tremendous confusion and gap between practices and theory
about Cloud services evaluation. Aim: To facilitate relieving the
aforementioned chaos, this work aims to synthesize the existing evaluation
implementations to outline the state-of-the-practice and also identify research
opportunities in Cloud services evaluation. Method: Based on a conceptual
evaluation model comprising six steps, the Systematic Literature Review (SLR)
method was employed to collect relevant evidence to investigate the Cloud
services evaluation step by step. Results: This SLR identified 82 relevant
evaluation studies. The overall data collected from these studies essentially
represent the current practical landscape of implementing Cloud services
evaluation, and in turn can be reused to facilitate future evaluation work.
Conclusions: Evaluation of commercial Cloud services has become a world-wide
research topic. Some of the findings of this SLR identify several research gaps
in the area of Cloud services evaluation (e.g., the Elasticity and Security
evaluation of commercial Cloud services could be a long-term challenge), while
some other findings suggest the trend of applying commercial Cloud services
(e.g., compared with PaaS, IaaS seems more suitable for customers and is
particularly important in industry). This SLR study itself also confirms some
previous experiences and reveals new Evidence-Based Software Engineering (EBSE)
lessons
Closing the loop of SIEM analysis to Secure Critical Infrastructures
Critical Infrastructure Protection is one of the main challenges of last
years. Security Information and Event Management (SIEM) systems are widely used
for coping with this challenge. However, they currently present several
limitations that have to be overcome. In this paper we propose an enhanced SIEM
system in which we have introduced novel components to i) enable multiple layer
data analysis; ii) resolve conflicts among security policies, and discover
unauthorized data paths in such a way to be able to reconfigure network
devices. Furthermore, the system is enriched by a Resilient Event Storage that
ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management,
Decision Support System, Hydroelectric Da
Ghera: A Repository of Android App Vulnerability Benchmarks
Security of mobile apps affects the security of their users. This has fueled
the development of techniques to automatically detect vulnerabilities in mobile
apps and help developers secure their apps; specifically, in the context of
Android platform due to openness and ubiquitousness of the platform. Despite a
slew of research efforts in this space, there is no comprehensive repository of
up-to-date and lean benchmarks that contain most of the known Android app
vulnerabilities and, consequently, can be used to rigorously evaluate both
existing and new vulnerability detection techniques and help developers learn
about Android app vulnerabilities. In this paper, we describe Ghera, an open
source repository of benchmarks that capture 25 known vulnerabilities in
Android apps (as pairs of exploited/benign and exploiting/malicious apps). We
also present desirable characteristics of vulnerability benchmarks and
repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1
- …