D1.3 - SUPERCLOUD Architecture Implementation

In this document we describe the implementation of the SUPERCLOUD architecture. The architecture provides an abstraction layer on top of which SUPERCLOUD users can realize SUPERCLOUD services encompassing secure computation workloads, secure and privacy-preserving resilient data storage and secure networking resources spanning across different cloud service providers' computation, data storage and network resources. The components of the SUPERCLOUD architecture implementation are described. Integration between the different layers of the architecture (computing security, data protection, network security) and with the facilities for security self-management is also highlighted. Finally, we provide download and installation instructions for the released software components that can be downloaded from our common SUPERCLOUD code repository

Security and emotion : sentiment analysis of security discussions on GitHub

Application security is becoming increasingly prevalent during software and especially web application development. Consequently, countermeasures are continuously being discussed and built into applications, with the goal of reducing the risk that unauthorized code will be able to access, steal, modify, or delete sensitive data. In this paper we gauged the presence and atmosphere surrounding security-related discussions on GitHub, as mined from discussions around commits and pull requests. First, we found that security related discussions account for approximately 10% of all discussions on GitHub. Second, we found that more negative emotions are expressed in security-related discussions than in other discussions. These findings confirm the importance of properly training developers to address security concerns in their applications as well as the need to test applications thoroughly for security vulnerabilities in order to reduce frustration and improve overall project atmosphere

Secure distributed key generation in attribute based encryption systems

\u3cp\u3eNowadays usage of cloud computing is increasing in popularity and this raises new data protection challenges. In such distributed systems it is unrealistic to assume that the servers are fully trusted in enforcing the access policies. Attribute Based Encryption (ABE) is one of the solutions proposed to tackle these trust problems. In ABE the data is encrypted using the access policy and authorized users can decrypt the data only using a secret key that is associated with their attributes. The secret key is generated by a Key Generation Authority (KGA), which in small systems can be constantly audited, therefore fully trusted. In contrast, in large and distrusted systems, trusting the KGAs is questionable. This paper presents a solution which increases the trust in ABE KGAs. The solution uses several KGAs which issue secret keys only for a limited number of users. One KGA issues a secret key associated with user's attributes and the other authorities issue independently secret keys associated with generalized values of user's attributes. Decryption is possible only if the secret keys associated with the non-generalized and generalized attributes are consistent. This mitigates the risk of unauthorized data disclosure when a couple of authorities are compromised.\u3c/p\u3

A data utility-driven benchmark for de-identification methods

De-identification is the process of removing the associations between data and identifying elements of individual data subjects. Its main purpose is to allow use of data while preserving the privacy of in- dividual data subjects. It is thus an enabler for compliance with legal regulations such as the EU’s General Data Protection Regulation. While many de-identification methods exist, the required knowledge regarding technical implications of different de-identification methods is largely missing. In this paper, we present a data utility-driven benchmark for different de-identification methods. The proposed solution systematically compares de-identification methods while considering their nature, con- text and de-identified data set goal in order to provide a combination of methods that satisfies privacy requirements while minimizing losses of data utility. The benchmark is validated in a prototype implementation which is applied to a real life data set.status: publishe

Liraglutide and Renal Outcomes in Type 2 Diabetes.

BACKGROUND: In a randomized, controlled trial that compared liraglutide, a glucagon-like peptide 1 analogue, with placebo in patients with type 2 diabetes and high cardiovascular risk who were receiving usual care, we found that liraglutide resulted in lower risks of the primary end point (nonfatal myocardial infarction, nonfatal stroke, or death from cardiovascular causes) and death. However, the long-term effects of liraglutide on renal outcomes in patients with type 2 diabetes are unknown. METHODS: We report the prespecified secondary renal outcomes of that randomized, controlled trial in which patients were assigned to receive liraglutide or placebo. The secondary renal outcome was a composite of new-onset persistent macroalbuminuria, persistent doubling of the serum creatinine level, end-stage renal disease, or death due to renal disease. The risk of renal outcomes was determined with the use of time-to-event analyses with an intention-to-treat approach. Changes in the estimated glomerular filtration rate and albuminuria were also analyzed. RESULTS: A total of 9340 patients underwent randomization, and the median follow-up of the patients was 3.84 years. The renal outcome occurred in fewer participants in the liraglutide group than in the placebo group (268 of 4668 patients vs. 337 of 4672; hazard ratio, 0.78; 95% confidence interval [CI], 0.67 to 0.92; P=0.003). This result was driven primarily by the new onset of persistent macroalbuminuria, which occurred in fewer participants in the liraglutide group than in the placebo group (161 vs. 215 patients; hazard ratio, 0.74; 95% CI, 0.60 to 0.91; P=0.004). The rates of renal adverse events were similar in the liraglutide group and the placebo group (15.1 events and 16.5 events per 1000 patient-years), including the rate of acute kidney injury (7.1 and 6.2 events per 1000 patient-years, respectively). CONCLUSIONS: This prespecified secondary analysis shows that, when added to usual care, liraglutide resulted in lower rates of the development and progression of diabetic kidney disease than placebo. (Funded by Novo Nordisk and the National Institutes of Health; LEADER ClinicalTrials.gov number, NCT01179048 .)