Combining Partitions in SecSpaces

n/

Encrypted Shared Data Spaces

The deployment of Share Data Spaces in open, possibly hostile, environments arises the need of protecting the confidentiality of the data space content. Existing approaches focus on access control mechanisms that protect the data space from untrusted agents. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. Encryption schemes can be used to protect the data space content from malicious hosts. However, these schemes do not allow searching on encrypted data. In this paper we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised agents to share keys for inserting and retrieving tuples. Each authorised agent can encrypt, decrypt, and search encrypted tuples without having to know other agents’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given

SecSpaces: a Data-driven Coordination Model for Environments Open to Untrusted Agent∗

n/

Novel Opportunities for Tuple-based Coordination: XPath, the Blockchain, and Stream Processing

The increasing maturity of some well-established technologies \u2013 such as XPath \u2013 along with the sharp rise of brand-new ones \u2013 i.e. the blockchain \u2013 presents new opportunities to researchers in the field of multi-agent coordination. In this position paper we briefly discuss a few technologies which, once suitably interpreted and integrated, have the potential to impact the very roots of tuple-based coordination as it stems from the archetypal LINDA model

Semantic hierarchies for extracting, modeling, and connecting compliance requirements in information security control standards

Companies and government organizations are increasingly compelled, if not required by law, to ensure that their information systems will comply with various federal and industry regulatory standards, such as the NIST Special Publication on Security Controls for Federal Information Systems (NIST SP-800-53), or the Common Criteria (ISO 15408-2). Such organizations operate business or mission critical systems where a lack of or lapse in security protections translates to serious confidentiality, integrity, and availability risks that, if exploited, could result in information disclosure, loss of money, or, at worst, loss of life. To mitigate these risks and ensure that their information systems meet regulatory standards, organizations must be able to (a) contextualize regulatory documents in a way that extracts the relevant technical implications for their systems, (b) formally represent their systems and demonstrate that they meet the extracted requirements following an accreditation process, and (c) ensure that all third-party systems, which may exist outside of the information system enclave as web or cloud services also implement appropriate security measures consistent with organizational expectations. This paper introduces a step-wise process, based on semantic hierarchies, that systematically extracts relevant security requirements from control standards to build a certification baseline for organizations to use in conjunction with formal methods and service agreements for accreditation. The approach is demonstrated following a case study of all audit-related controls in the SP-800-53, ISO 15408-2, and related documents. Accuracy, applicability, consistency, and efficacy of the approach were evaluated using controlled qualitative and quantitative methods in two separate studies

Provendo privacidade no modelo de coordenação por Espaço de Tuplas

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2018.A coordenação entre processos se configura como um grande desafio no desenvolvimento de sistemas distribuídos. Um dos modelos utilizados para realização de coordenação entre processos temporal e espacialmente desacoplados é por Espaços de Tuplas, que consiste em uma implementação de memória compartilhada que provê armazenamento e recuperação de objetos de dados chamados tuplas. Buscas de tuplas são realizadas de modo associativo, através do conteúdo de seus campos. Este tipo de acesso pode impedir que haja privacidade dos dados armazenados, tornando-as vulneráveis a uma série de ataques, já que os servidores precisam acessar dados em claro para realizar buscas. Com o objetivo de sanar este problema, este trabalho apresenta propostas visando prover privacidade no sistema DepSpace, um sistema de coordenação que implementa mecanismos de tolerância a falhas e confiabilidade combinadas com aspectos de segurança. A ideia principal é utilizar esquemas criptográficos de computação privativa, que possibilitam a busca e computação sobre dados cifrados. Assim, os servidores podem operar sobre dados sem tomarem conhecimento dos mesmos. O sistema resultante além de prover privacidade, aumenta suas funcionalidades, tornando-se mais flexível. Apresentamos ainda uma análise de segurança do sistema com as melhorias propostas, juntamente com sua análise de desempenho, explicitando o impacto causado pelos algoritmos criptográficos. Experimentos foram realizados aplicando as propostas à coordenação distribuída extensível, um modelo que utiliza computação dos dados nos servidores para tornar a coordenação mais ágil. Os resultados mostram uma redução de até 90% na latência do sistema e um aumento de até quase 9x na vazão (throughput) no processamento de mecanismos de coordenação em comparação à abordagem tradicional não extensível.The coordination of distributed processes is a big challenge in the development of dis- tributed applications. Tuple spaces provide a model for processes coordination that is decoupled in space and time. Conceptually, tuple spaces are shared memory objects that provide operations to store and retrieve ordered sets of data, called tuples. Tuples stored in a tuple space are accessed by the contents of their fields, working as an associative memory. This kind of access could impair user and data privacy, making these Systems susceptible to several types of attacks since servers need to access plaintext data to search for tuples. In order to deal with this problem, this work proposes mechanisms to provide privacy on DepSpace, a fault-tolerant coordination system that combines dependability and security properties. The main idea is to use privacy-preserving cryptography schemes, that allow search and computation over encrypted data. Consequently, servers could operate over data without knowing them. Beyond to provide privacy, the resulting system increases its functionalities, being more flexible. This work also presents a security analysis of the system with the proposed improvements, together with its performance analysis that shows the impact caused by the cryptographic algorithms. A set of experiments was implemented applying this proposals for extensible distributed coordination, a model that uses data computing on the servers side to make the coordination faster. The results show that it could bring a reduction of up to 90% on the system latency and increase almost 9x its throughput on processing coordination mechanisms, comparing to the non-extensible traditional approach

Engineering Complex Computational Ecosystems

Self-organising pervasive ecosystems of devices are set to become a major vehicle for delivering infrastructure and end-user services. The inherent complexity of such systems poses new challenges to those who want to dominate it by applying the principles of engineering. The recent growth in number and distribution of devices with decent computational and communicational abilities, that suddenly accelerated with the massive diffusion of smartphones and tablets, is delivering a world with a much higher density of devices in space. Also, communication technologies seem to be focussing on short-range device-to-device (P2P) interactions, with technologies such as Bluetooth and Near-Field Communication gaining greater adoption. Locality and situatedness become key to providing the best possible experience to users, and the classic model of a centralised, enormously powerful server gathering and processing data becomes less and less efficient with device density. Accomplishing complex global tasks without a centralised controller responsible of aggregating data, however, is a challenging task. In particular, there is a local-to-global issue that makes the application of engineering principles challenging at least: designing device-local programs that, through interaction, guarantee a certain global service level. In this thesis, we first analyse the state of the art in coordination systems, then motivate the work by describing the main issues of pre-existing tools and practices and identifying the improvements that would benefit the design of such complex software ecosystems. The contribution can be divided in three main branches. First, we introduce a novel simulation toolchain for pervasive ecosystems, designed for allowing good expressiveness still retaining high performance. Second, we leverage existing coordination models and patterns in order to create new spatial structures. Third, we introduce a novel language, based on the existing ``Field Calculus'' and integrated with the aforementioned toolchain, designed to be usable for practical aggregate programming