Secure Data Control: Privacy and Security based on ABE for Access Control over Cloud

In today's world, there is a strong requirement for sharing information over cloud. However, privacy and security remains a setback especially when working with bulk amounts of data in the Cloud. Data is abundantly stored outside the control of the data owner’s machine with lack of his knowledge to the data owner, how the data being used and where the data are being stored. So, there is a necessity for the data owner to have a more control over their data, similar to the level of control they possess when the data are being stored on their own machine. For example, when a data owner shares an important file with his colleague, he cannot trust what his colleague will do with his data. In this paper, we try to address this problem by monitoring and preventing unauthorized operations by the data consumer. We present a solution called Secure-Data, which bundles the data owner’s data and specified policy, based on XACML, in an object called Secure-Data object. Secure-Data enforces the policies set out by the data owner by communicating with the cloud based applications to disable certain operations and/or run a background process for monitoring the data. We define a software based protocol that will enable to secure the data in the cloud and will support the use of the android app for authentication purposes

On protection in federated social computing systems

Nowadays, a user may belong to multiple social computing systems (SCSs) in order to benefit from a variety of services that each SCS may provide. To facilitate the sharing of contents across the system boundary, some SCSs provide a mechanism by which a user may “connect ” his accounts on two SCSs. The effect is that contents from one SCS can now be shared to another SCS. Although such a connection feature delivers clear usability advantages for users, it also generates a host of privacy challenges. A notable challenge is that the access control policy of the SCS from which the content originates may not be honoured by the SCS to which the content migrates, because the latter fails to faithfully replicate the protection model of the former. In this paper we formulate a protection model for a fed-eration of SCSs that support content sharing via account connection. A core feature of the model is that sharable con-tents are protected by access control policies that transcend system boundary — they are enforced even after contents are migrated from one SCS to another. To ensure faith-ful interpretation of access control policies, their evaluation involves querying the protection states of various SCSs, us-ing Secure Multiparty Computation (SMC). An important contribution of this work is that we carefully formulate the conditions under which policy evaluation using SMC does not lead to the leakage of information about the protection states of the SCSs. We also study the computational prob-lem of statically checking if an access control policy can be evaluated without information leakage. Lastly, we identify useful policy idioms

Система безпеки розподіленого зберігання даних

У даній роботі було детально розглянуто системи зберігання даних, їх різновиди, схеми їх робіт та основні принципи роботи. Було досліджено переваги та недоліки різних видів систем зберігання даних (централізованої, децентралізованої та розподіленої). Визначено, що розподілені системи зберігання даних мають значну кількість переваг, тому саме їх обрали для дослідження у даній роботі. В результаті роботи було реалізовано систему безпеки розподіленого зберігання даних. Для реалізації системи безпеки розподіленого зберігання даних на основі аналізу було вибрано мову програмування Python, сервер MSSQL та середовище розробки PyCharm.In this project, storage systems, their varieties, schemes of their work and basic principles of work were considered in detail. The advantages and disadvantages of different types of data storage systems (centralized, decentralized and distributed) were studied. It is determined that distributed storage systems have a significant number of advantages, so they were chosen for research in this project. As a result, the security system of distributed data storage was developed. Python programming language, MSSQL server and PyCharm development environment were chosen to develop a distributed storage security system

Data Exfiltration:A Review of External Attack Vectors and Countermeasures

AbstractContext One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework

Adaptive data protection in distributed systems

Security is an important barrier to wide adoption of distributed systems for sensitive data storage and management. In particular, one unsolved problem is to ensure that customers data protection policies are honored, regardless of where the data is physically stored and how often it is accessed, modified, and duplicated. This issue calls for two requirements to be satisfied. First, data should be managed in accordance to both owners\u27 preferences and to the local regulations that may apply. Second, although multiple copies may exist, a consistent view across copies should be maintained. Toward addressing these issues, in this work we propose innovative policy enforcement techniques for adaptive sharing of users\u27 outsourced data. We introduce the notion of autonomous self-controlling objects (SCO), that by means of object-oriented programming techniques, encapsulate sensitive resources and assure their protection by means of adaptive security policies of various granularity, and synchronization protocols. Through extensive evaluation, we show that our approach is effective and efficiently manages multiple data copies