1,326 research outputs found
CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions
By regularly querying Web search engines, users (unconsciously) disclose
large amounts of their personal data as part of their search queries, among
which some might reveal sensitive information (e.g. health issues, sexual,
political or religious preferences). Several solutions exist to allow users
querying search engines while improving privacy protection. However, these
solutions suffer from a number of limitations: some are subject to user
re-identification attacks, while others lack scalability or are unable to
provide accurate results. This paper presents CYCLOSA, a secure, scalable and
accurate private Web search solution. CYCLOSA improves security by relying on
trusted execution environments (TEEs) as provided by Intel SGX. Further,
CYCLOSA proposes a novel adaptive privacy protection solution that reduces the
risk of user re- identification. CYCLOSA sends fake queries to the search
engine and dynamically adapts their count according to the sensitivity of the
user query. In addition, CYCLOSA meets scalability as it is fully
decentralized, spreading the load for distributing fake queries among other
nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real
query and the fake queries separately, in contrast to other existing solutions
that mix fake and real query results
Towards Secure and Leak-Free Workflows Using Microservice Isolation
Data leaks and breaches are on the rise. They result in huge losses of money
for businesses like the movie industry, as well as a loss of user privacy for
businesses dealing with user data like the pharmaceutical industry. Preventing
data exposures is challenging, because the causes for such events are various,
ranging from hacking to misconfigured databases. Alongside the surge in data
exposures, the recent rise of microservices as a paradigm brings the need to
not only secure traffic at the border of the network, but also internally,
pressing the adoption of new security models such as zero-trust to secure
business processes.
Business processes can be modeled as workflows, where the owner of the data
at risk interacts with contractors to realize a sequence of tasks on this data.
In this paper, we show how those workflows can be enforced while preventing
data exposure. Following the principles of zero-trust, we develop an
infrastructure using the isolation provided by a microservice architecture, to
enforce owner policy. We show that our infrastructure is resilient to the set
of attacks considered in our security model. We implement a simple, yet
realistic, workflow with our infrastructure in a publicly available proof of
concept. We then verify that the specified policy is correctly enforced by
testing the deployment for policy violations, and estimate the overhead cost of
authorization
Global Grids and Software Toolkits: A Study of Four Grid Middleware Technologies
Grid is an infrastructure that involves the integrated and collaborative use
of computers, networks, databases and scientific instruments owned and managed
by multiple organizations. Grid applications often involve large amounts of
data and/or computing resources that require secure resource sharing across
organizational boundaries. This makes Grid application management and
deployment a complex undertaking. Grid middlewares provide users with seamless
computing ability and uniform access to resources in the heterogeneous Grid
environment. Several software toolkits and systems have been developed, most of
which are results of academic research projects, all over the world. This
chapter will focus on four of these middlewares--UNICORE, Globus, Legion and
Gridbus. It also presents our implementation of a resource broker for UNICORE
as this functionality was not supported in it. A comparison of these systems on
the basis of the architecture, implementation model and several other features
is included.Comment: 19 pages, 10 figure
- …