43,819 research outputs found
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Privacy Issues of the W3C Geolocation API
The W3C's Geolocation API may rapidly standardize the transmission of
location information on the Web, but, in dealing with such sensitive
information, it also raises serious privacy concerns. We analyze the manner and
extent to which the current W3C Geolocation API provides mechanisms to support
privacy. We propose a privacy framework for the consideration of location
information and use it to evaluate the W3C Geolocation API, both the
specification and its use in the wild, and recommend some modifications to the
API as a result of our analysis
Anonymous network access using the digital marketplace
With increasing usage of mobile telephony, and the trend towards additional mobile Internet usage, privacy and anonymity become more and more important. Previously-published anonymous communication schemes aim to obscure their users' network addresses, because real-world identity can be easily be derived from this information. We propose modifications to a novel call-management architecture, the digital marketplace, which will break this link, therefore enabling truly anonymous network access
Distributed Access Control with Blockchain
The specification and enforcement of network-wide policies in a single
administrative domain is common in today's networks and considered as already
resolved. However, this is not the case for multi-administrative domains, e.g.
among different enterprises. In such situation, new problems arise that
challenge classical solutions such as PKIs, which suffer from scalability and
granularity concerns. In this paper, we present an extension to Group-Based
Policy -- a widely used network policy language -- for the aforementioned
scenario. To do so, we take advantage of a permissioned blockchain
implementation (Hyperledger Fabric) to distribute access control policies in a
secure and auditable manner, preserving at the same time the independence of
each organization. Network administrators specify polices that are rendered
into blockchain transactions. A LISP control plane (RFC 6830) allows routers
performing the access control to query the blockchain for authorizations. We
have implemented an end-to-end experimental prototype and evaluated it in terms
of scalability and network latency.Comment: 7 pages, 9 figures, 2 table
- …