State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

Learning-Based Constraint Satisfaction With Sensing Restrictions

In this paper we consider graph-coloring problems, an important subset of general constraint satisfaction problems that arise in wireless resource allocation. We constructively establish the existence of fully decentralized learning-based algorithms that are able to find a proper coloring even in the presence of strong sensing restrictions, in particular sensing asymmetry of the type encountered when hidden terminals are present. Our main analytic contribution is to establish sufficient conditions on the sensing behaviour to ensure that the solvers find satisfying assignments with probability one. These conditions take the form of connectivity requirements on the induced sensing graph. These requirements are mild, and we demonstrate that they are commonly satisfied in wireless allocation tasks. We argue that our results are of considerable practical importance in view of the prevalence of both communication and sensing restrictions in wireless resource allocation problems. The class of algorithms analysed here requires no message-passing whatsoever between wireless devices, and we show that they continue to perform well even when devices are only able to carry out constrained sensing of the surrounding radio environment

EFFECTS OF AGRI-ENVIRONMENTAL PAYMENT POLICIES ON AGRICULTURAL TRADE

In many OECD countries, including the U.S., interest in developing agri-environmental payment programs is currently strong. In the future, the inclusion of an agri-environmental payment program into the WTO's "green box" could be more easily challenged by WTO member countries on the basis that it has more than "minimal" trade-distorting impacts on production. The goal of this paper is to conduct an ex ante analysis of the trade impacts of stylized examples of agri-environmental payment programs that have been proposed for implementation in the near future. To simulate the production and trade impacts of these programs, we use a partial equilibrium model of the U.S. agricultural sector in a sensitivity analysis across a range of design options for agri-environmental payments. For the three agri-environmental payment scenarios evaluated, the maximum change in exports ranges from a 7 percent decrease (wheat) to a 1 percent increase (soybeans). We do not expect the programs that decrease U.S. production, which would tend to have an upward pressure on world commodity prices, to be challenged before the WTO.Agricultural and Food Policy,

INSTRUMENT CHOICE AND BUDGET-CONSTRAINED TARGETING

We analyze how choosing to use a particular type of instrument for agri-environmental payments, when these payments are constrained by the regulatory authority's budget, implies an underlying targeting criterion with respect to costs, benefits, participation, and income, and the tradeoffs among these targeting criteria. The results provide insight into current policy debates.Research Methods/ Statistical Methods,

Process Chain-Oriented Design Evaluation of Multi-Material Components by Knowledge-Based Engineering

The design of components suitable for manufacturing requires the application of knowledge about the manufacturing process chain with which the component is to be manufactured. This article presents an assistance system for decision support in the context of design for manufacturing. The assistance system includes explicit manufacturing process chain knowledge and has an inference engine that can automatically evaluate the manufacturability of a component design based on a given manufacturing process chain and resolve emerging manufacturing conflicts by making adjustments on the component or resource side. A link with a CAD system additionally enables the three-dimensional representation of derived manufacturing stages and manufacturing resources. Within the assistance system, a manufacturing process chain is understood as a configurable design object and is implemented via a constraint satisfaction problem. Furthermore, the required abstraction of manufacturing processes within finite domains can be reduced to the extent that necessary modeling resolution is achieved by incorporating empirical or simulative surrogate models into the CSP. The assistance system was conceptually validated on a tailored forming process chain for the production of a multimaterial shaft and provides added value, as valuable manufacturing information for component designs is automatically derived and made available in explicit form during the component development

Coordinated constraint relaxation using a distributed agent protocol

The interactions among agents in a multi-agent system for coordinating a distributed, problem solving task can be complex, as the distinct sub-problems of the individual agents are interdependent. A distributed protocol provides the necessary framework for specifying these interactions. In a model of interactions where the agents' social norms are expressed as the message passing behaviours associated with roles, the dependencies among agents can be specified as constraints. The constraints are associated with roles to be adopted by agents as dictated by the protocol. These constraints are commonly handled using a conventional constraint solving system that only allows two satisfactory states to be achieved - completely satisfied or failed. Agent interactions then become brittle as the occurrence of an over-constrained state can cause the interaction between agents to break prematurely, even though the interacting agents could, in principle, reach an agreement. Assuming that the agents are capable of relaxing their individual constraints to reach a common goal, the main issue addressed by this thesis is how the agents could communicate and coordinate the constraint relaxation process. The interaction mechanism for this is obtained by reinterpreting a technique borrowed from the constraint satisfaction field, deployed and computed at the protocol level.The foundations of this work are the Lightweight Coordination Calculus (LCC) and the distributed partial Constraint Satisfaction Problem (CSP). LCC is a distributed interaction protocol language, based on process calculus, for specifying and executing agents' social norms in a multi-agent system. Distributed partial CSP is an extension of partial CSP, a means for managing the relaxation of distributed, over-constrained, CSPs. The research presented in this thesis concerns how distributed partial CSP technique, used to address over-constrained problems in the constraint satisfaction field, could be adopted and integrated within the LCC to obtain a more flexible means for constraint handling during agent interactions. The approach is evaluated against a set of overconstrained Multi-agent Agreement Problems (MAPs) with different levels of hardness. Not only does this thesis explore a flexible and novel approach for handling constraints during the interactions of heterogeneous and autonomous agents participating in a problem solving task, but it is also grounded in a practical implementation

Network protection with multiple availability guarantees

We develop a novel network protection scheme that provides guarantees on both the fraction of time a flow has full connectivity, as well as a quantifiable minimum grade of service during downtimes. In particular, a flow can be below the full demand for at most a maximum fraction of time; then, it must still support at least a fraction q of the full demand. This is in contrast to current protection schemes that offer either availability-guarantees with no bandwidth guarantees during the downtime, or full protection schemes that offer 100% availability after a single link failure. We develop algorithms that provide multiple availability guarantees and show that significant capacity savings can be achieved as compared to full protection. If a connection is allowed to drop to 50% of its bandwidth for 1 out of every 20 failures, then a 24% reduction in spare capacity can be achieved over traditional full protection schemes. In addition, for the case of q = 0, corresponding to the standard availability constraint, an optimal pseudo-polynomial time algorithm is presented.National Science Foundation (U.S.) (NSF grants CNS-1116209)National Science Foundation (U.S.) (NSF grants CNS-0830961)United States. Defense Threat Reduction Agency (grant HDTRA-09-1-005)United States. Defense Threat Reduction Agency (grant HDTRA1-07-1-0004)United States. Air Force (Air Force contract # FA8721-05-C-0002

Can i take your subdomain? Exploring same-site attacks in the modern web

Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention from the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including cookies, CSP, CORS, postMessage, and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications