Tunable Security for Deployable Data Outsourcing

Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management

Dynamic Privacy Management In Services Based Interactions

Technology advancements have enabled the distribution and sharing of users personal data over several data sources. Each data source is potentially managed by a different organization, which may expose its data as a Web service. Using such Web services, dynamic composition of atomic data items coupled with the context in which the data is accessed may breach sensitive data that may not comply with the users preference at the time of data collection. Thus, providing uniform access policies to such data can lead to privacy problems. Some fairly recent research has focused on providing solutions for dynamic privacy management. This thesis advances these techniques, and fills some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement

Anonymization of Event Logs for Network Security Monitoring

A managed security service provider (MSSP) must collect security event logs from their customers’ network for monitoring and cybersecurity protection. These logs need to be processed by the MSSP before displaying it to the security operation center (SOC) analysts. The employees generate event logs during their working hours at the customers’ site. One challenge is that collected event logs consist of personally identifiable information (PII) data; visible in clear text to the SOC analysts or any user with access to the SIEM platform. We explore how pseudonymization can be applied to security event logs to help protect individuals’ identities from the SOC analysts while preserving data utility when possible. We compare the impact of using different pseudonymization functions on sensitive information or PII. Non-deterministic methods provide higher level of privacy but reduced utility of the data. Our contribution in this thesis is threefold. First, we study available architectures with different threat models, including their strengths and weaknesses. Second, we study pseudonymization functions and their application to PII fields; we benchmark them individually, as well as in our experimental platform. Last, we obtain valuable feedbacks and lessons from SOC analysts based on their experience. Existing works[43, 44, 48, 39] are generally restricting to the anonymization of the IP traces, which is only one part of the SOC analysts’ investigation of PCAP files inspection. In one of the closest work[47], the authors provide useful, practical anonymization methods for the IP addresses, ports, and raw logs

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

CloudMed: plataforma de comunicações para medicina

Mestrado em Engenharia de Computadores e TelemáticaOs recentes avanços das tecnologias de informação e comunicação têm criado novos cenários aplicacionais na área da telemedicina, nomeadamente na forma como integramos diferentes fontes de dados, como acedemos e partilhamos estes recursos em ambientes moveis e como integramos ferramentas cooperativas inspiradas no paradigma das redes sociais. Temos verificado nos últimos anos a terciarização de recursos computacionais, processo conhecido como Cloud Computing. Esta realidade cria novas oportunidades de exploração destes recursos para facilitar o acesso, partilha e integração de informação médica, em qualquer local e a qualquer hora. Mais ainda, a escalabilidade e fiabilidade oferecida por estas plataformas satisfazem os requisitos de serviço impostos a soluções telemáticas na área da saúde. Esta dissertação teve como objetivo estudar o paradigma de software como serviço, suportado por uma estrutura em Cloud, tendo em mente a sua utilização em cenários de telemedicina e tele-trabalho. Muito concretamente, desenvolveu-se uma plataforma Web de serviços orientada ás redes de imagem médica. Esta solução disponibiliza um ambiente cooperativo inovador onde os clínicos podem recolher dados, partilhar informação e aceder remotamente a recursos imagiológicos. Aspetos de segurança e interoperabilidade com os atuais sistemas e normas foram alvo de particular atenção.The recent technological developments in information and communications technologies are promoting new studies and research in telemedicine area, revolutionizing the access, integration and sharing of medical information. For instance, many systems have been focusing on ubiquity through the use of mobile computing and on enhance users cooperation through usage of social networking paradigms. In this regard, the rise of new model of outsourcing computing resources, which is known as Cloud computing, creates new possibilities to explore their bene_ts to facilitate the sharing and remote access to medical information, anywhere and anytime. Moreover, the scalability and reliability o_ered by Cloud platforms _t well to the medical area requirements. This dissertation aimed to analyze the current state of the art of Cloud Computing, namely studying their viability to support telemedicine and teleworking scenarios. The proposal was focused in the medical imaging _eld. The work resulted in a Cloud computing solution, following the software as a service model, to support cooperative tele-imagiology networks. It is a solution that allows users to setup collaborative environments in the _eld of imagiology, targeting the acceleration and improvement of decision-making processes. The proposal contemplates also other important issues like, for instance, security and interoperability with actual medical imaging systems

Private search over big data leveraging distributed file system and parallel processing

In this work, we identify the security and privacy problems associated with a certain Big Data application, namely secure keyword-based search over encrypted cloud data and emphasize the actual challenges and technical difficulties in the Big Data setting. More specifically, we provide definitions from which privacy requirements can be derived. In addition, we adapt an existing work on privacy-preserving keyword-based search method to the Big Data setting, in which, not only data is huge but also changing and accumulating very fast. Our proposal is scalable in the sense that it can leverage distributed file systems and parallel programming techniques such as the Hadoop Distributed File System (HDFS) and the MapReduce programming model, to work with very large data sets. We also propose a lazy idf-updating method that can efficiently handle the relevancy scores of the documents in a dynamically changing, large data set. We empirically show the efficiency and accuracy of the method through extensive set of experiments on real data