19,285 research outputs found
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Reconfigurable Security: Edge Computing-based Framework for IoT
In various scenarios, achieving security between IoT devices is challenging
since the devices may have different dedicated communication standards,
resource constraints as well as various applications. In this article, we first
provide requirements and existing solutions for IoT security. We then introduce
a new reconfigurable security framework based on edge computing, which utilizes
a near-user edge device, i.e., security agent, to simplify key management and
offload the computational costs of security algorithms at IoT devices. This
framework is designed to overcome the challenges including high computation
costs, low flexibility in key management, and low compatibility in deploying
new security algorithms in IoT, especially when adopting advanced cryptographic
primitives. We also provide the design principles of the reconfigurable
security framework, the exemplary security protocols for anonymous
authentication and secure data access control, and the performance analysis in
terms of feasibility and usability. The reconfigurable security framework paves
a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication
- …