A peer to peer approach to large scale information monitoring

Issued as final reportNational Science Foundation (U.S.

Pervasive Secure Content Delivery Networks Implementation

Over the years, communication networks have been shifting their focus from providing connectivity in a client/server model to providing a service or content. This shift has led to topic areas like Service-Oriented Architecture (SOA), Heterogeneous Wireless Mesh Networks, and Ubiquitous Computing. Furthermore, probably the broadest of these areas which embarks all is the Internet of Things (IoT). The IoT is defined as an Internet where all physical entities (e.g., vehicles, appliances, smart phones, smart homes, computers, etc.), which we interact daily are connected and exchanging data among themselves and users. The IoT has become a global goal for companies, researchers, and users alike due to its different implementation and functional benefits: performance efficiency, coverage, economic and health. Due to the variety of devices which connect to it, it is expected that the IoT is composed of multiple technologies interacting together, to deliver a service. This technologies interactions renders an important challenge that must be overcome: how to communicate these technologies effectively and securely? The answer to this question is vital for a successful deployment of IoT and achievement of all the potential benefits that the IoT promises. This thesis proposes a SOA approach at the Network Layer to be able to integrate all technologies involved, in a transparent manner. The proposed set of solutions is composed of primarily the secure implementation of a unifying routing algorithm and a layered messaging model to standardize communication of all devices. Security is targeted to address the three main security concerns (i.e., confidentiality, integrity, and availability), with pervasive schemes that can be employed for any kind of device on the client, backbone, and server side. The implementation of such schemes is achieved by standard current security mechanisms (e.g., encryption), in combination with novel context and intelligent checks that detect compromised devices. Moreover, a decentralized content processing design is presented. In such design, content processing is handled at the client side, allowing server machines to serve more content, while being more reliable and capable of processing complete security checks on data and client integrity

Towards ACPeer: an Access Control aware P2P System

P2P data management systems provide a scalable alternative to centralized architectures. Their adoption, however, is limited by the lack of possibility to control the access on the resources stored in the system. We address the problem of access control for structured P2P systems and introduce various techniques to realize controlled access to the resources. We focus mainly on the case of non-mutable data objects, and however, some of the techniques introduced can handle the case of mutable objects straight away. In particular, we are interested to realize access control when the P2P data management system is used in a collaborative use case scenario. We explore the solution space elaborately and present solution approaches which realize the planned systems by either constructing independent networks or enforcing the access control at querying time or at replying time

Efficient and Secure Search of Enterprise File Systems

With fast paced growth of enterprise data, quickly locating relevant content has become a critical IT capability. Research has shown that nearly 85% of enterprise data lies in flat filesystems [12] that allow multiple users and user groups with different access privileges to underlying data. Any search tool for such large scale systems needs to be efficient and yet cognizant of the access control semantics imposed by the underlying filesystem. Current multiuser enterprise search techniques use two disjoint search and access-control components by creating a single system-wide index and simply filtering search results for access control. This approach is ineffective as the index and query statistics subtly leak private information. The other available approach of using separate indices for each user is undesirable as it not only increases disk consumption due to shared files, but also increases the overheads of updating the indices whenever a file changes. We propose a distributed approach that couples search and access-control into a unified framework and provides secure multiuser search. Our scheme (logically) divides data into independent access-privileges based chunks, called access-control barrels (ACB). ACBs not only manage security but also improve overall efficiency as they can be indexed and searched in parallel by distributing them to multiple enterprise machines. We describe the architecture of ACBs based search framework and propose two optimization technique that ensure the scalability of our approach. We also discuss other useful features of our approach – seamless integration with desktop search and an extenstion to provide secure search in untrusted storage service provider environments. We validate our approach with a detailed evaluation using industry benchmarks and real datasets. Our initial experiments show secure search with 38% improved indexing efficiency and low overheads for ACB processing