"One of our hosts in another country": Challenges of data geolocation in cloud storage

Physical location of data in cloud storage is an increasingly urgent problem. In a short time, it has evolved from the concern of a few regulated businesses to an important consideration for many cloud storage users. One of the characteristics of cloud storage is fluid transfer of data both within and among the data centres of a cloud provider. However, this has weakened the guarantees with respect to control over data replicas, protection of data in transit and physical location of data. This paper addresses the lack of reliable solutions for data placement control in cloud storage systems. We analyse the currently available solutions and identify their shortcomings. Furthermore, we describe a high-level architecture for a trusted, geolocation-based mechanism for data placement control in distributed cloud storage systems, which are the basis of an on-going work to define the detailed protocol and a prototype of such a solution. This mechanism aims to provide granular control over the capabilities of tenants to access data placed on geographically dispersed storage units comprising the cloud storage

Security aspects of e-health systems migration to the cloud

As adoption of e-health solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud

Towards Secure Cloud Orchestration for Multi-Cloud Deployments

Cloud orchestration frameworks are commonly used to deploy and operate cloud infrastructure. Their role spans both vertically (deployment on infrastructure, platform, application and microservice levels) and horizontally (deployments from many distinct cloud resource providers). However, despite the central role of orchestration, the popular orchestration frameworks lack mechanisms to provide security guarantees for cloud operators. In this work, we analyze the security landscape of cloud orchestration frameworks for multicloud infrastructure. We identify a set of attack scenarios, define security enforcement enablers and propose an architecture for a security-enabled cloud orchestration framework for multi-cloud application deployments

Providing User Security Guarantees in Public Infrastructure Clouds

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants - insulated from the minutiae of hardware maintenance - rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments

A Survey on Design and Implementation of Protected Searchable Data in the Cloud

While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users. As a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions - one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen - based on the findings of our analysis - an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption

Modern Family: A Revocable Hybrid Encryption Scheme Based on Attribute-Based Encryption, Symmetric Searchable Encryption and SGX

Secure cloud storage is considered as one of the most important issues that both businesses and end-users take into account before moving their private data to the cloud. Lately, we have seen some interesting approaches that are based either on the promising concept of Symmetric Searchable Encryption (SSE) or on the well-studied field of Attribute-Based Encryption (ABE). In the first case, researchers are trying to design protocols where users' data will be protected from both internal and external attacks without paying the necessary attention to the problem of user revocation. In the second case, existing approaches address the problem of revocation. However, the overall efficiency of these systems is compromised since the proposed protocols are solely based on ABE schemes and the size of the produced ciphertexts and the time required to decrypt grows with the complexity of the access formula. In this paper, we propose a hybrid encryption scheme that combines both SSE and ABE by utilizing the advantages of both these techniques. In contrast to many approaches, we design a revocation mechanism that is completely separated from the ABE scheme and solely based on the functionality offered by SGX

Attribute-Based Symmetric Searchable Encryption

Symmetric Searchable Encryption (SSE) is an encryption technique that allows users to search directly on their outsourced encrypted data while preserving the privacy of both the files and the queries. Unfortunately, majority of the SSE schemes allows users to either decrypt the whole ciphertext or nothing at all. In this paper, we propose a novel scheme based on traditional symmetric primitives, that allows data owners to bind parts of their ciphertexts with specific policies. Inspired by the concept of Attribute-Based Encryption (ABE) in the public setting, we design a scheme through which users can recover only certain parts of an encrypted document if and only if they retain a set of attributes that satisfy a policy. Our construction satisfies the important notion of forward privacy while at the same time supports the multi-client model by leveraging SGX functionality for the synchronization of users. To prove the correctness of our approach, we provide a detailed simulation-based security analysis coupled with an extensive experimental evaluation that shows the effectiveness of our scheme

The second data release from the European Pulsar Timing Array III. Search for gravitational wave signals

We present the results of the search for an isotropic stochastic gravitational wave background (GWB) at nanohertz frequencies using the second data release of the European Pulsar Timing Array (EPTA) for 25 millisecond pulsars and a combination with the first data release of the Indian Pulsar Timing Array (InPTA). A robust GWB detection is conditioned upon resolving the Hellings-Downs angular pattern in the pairwise cross-correlation of the pulsar timing residuals. Additionally, the GWB is expected to yield the same (common) spectrum of temporal correlations across pulsars, which is used as a null hypothesis in the GWB search. Such a common-spectrum process has already been observed in pulsar timing data. We analysed (i) the full 24.7-year EPTA data set, (ii) its 10.3-year subset based on modern observing systems, (iii) the combination of the full data set with the first data release of the InPTA for ten commonly timed millisecond pulsars, and (iv) the combination of the 10.3-year subset with the InPTA data. These combinations allowed us to probe the contributions of instrumental noise and interstellar propagation effects. With the full data set, we find marginal evidence for a GWB, with a Bayes factor of four and a false alarm probability of 4%. With the 10.3-year subset, we report evidence for a GWB, with a Bayes factor of 60 and a false alarm probability of about 0.1% (≳3σ significance). The addition of the InPTA data yields results that are broadly consistent with the EPTA-only data sets, with the benefit of better noise modelling. Analyses were performed with different data processing pipelines to test the consistency of the results from independent software packages. The latest EPTA data from new generation observing systems show non-negligible evidence for the GWB. At the same time, the inferred spectrum is rather uncertain and in mild tension with the common signal measured in the full data set. However, if the spectral index is fixed at 13/3, the two data sets give a similar amplitude of (2.5 ± 0.7) × 10−15 at a reference frequency of 1 yr−1. Further investigation of these issues is required for reliable astrophysical interpretations of this signal. By continuing our detection efforts as part of the International Pulsar Timing Array (IPTA), we expect to be able to improve the measurement of spatial correlations and better characterise this signal in the coming years

The second data release from the European Pulsar Timing Array IV. Search for continuous gravitational wave signals

We present the results of a search for continuous gravitational wave signals (CGWs) in the second data release (DR2) of the European Pulsar Timing Array (EPTA) collaboration. The most significant candidate event from this search has a gravitational wave frequency of 4-5 nHz. Such a signal could be generated by a supermassive black hole binary (SMBHB) in the local Universe. We present the results of a follow-up analysis of this candidate using both Bayesian and frequentist methods. The Bayesian analysis gives a Bayes factor of 4 in favor of the presence of the CGW over a common uncorrelated noise process, while the frequentist analysis estimates the p-value of the candidate to be 1%, also assuming the presence of common uncorrelated red noise. However, comparing a model that includes both a CGW and a gravitational wave background (GWB) to a GWB only, the Bayes factor in favour of the CGW model is only 0.7. Therefore, we cannot conclusively determine the origin of the observed feature, but we cannot rule it out as a CGW source. We present results of simulations that demonstrate that data containing a weak gravitational wave background can be misinterpreted as data including a CGW and vice versa, providing two plausible explanations of the EPTA DR2 data. Further investigations combining data from all PTA collaborations will be needed to reveal the true origin of this feature.Comment: 12 figures, 15 pages, to be submitte