From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions

Business intelligence meets big data : an overview on security and privacy

Today big data are the target of many research activities focusing on big data management and analysis, definition of zero latency approaches to data analytics, and protection of big data security and privacy. In particular, security and privacy are two important, while contrasting, requirements. Big data security usually refers to the use of big data to implement solutions increasing security, reliability, and safety of a distributed system. Big data privacy, instead, focuses on the protection of big data from unauthorized use and unwanted inference. In this paper, we start from the manifesto on Business Intelligence Meets Big Data [8] and the notions of full data and zero-latency analysis to discuss new challenges in the context of big data security and privacy

Defining and matching test-based certificates in Open SOA

Following the Service-Oriented Architecture (SOA) and the Cloud paradigms, an increasing number of organizations implement their business processes and applications via runtime composition of services made available on the cloud by single suppliers. This scenario however introduces new security risks and threats, as the service providers may not provide the level of assurance required by their customers. There is therefore the need of a new certification scheme for services that provides trusted evidence that a service has some security properties, and a matching infrastructure to compare service certificates with users' certification preferences. In this paper, we propose a first solution to the definition of a test-based certification process for SOA

Big data analytics as-a-service: Issues and challenges

Big Data domain is one of the most promising ICT sectors with substantial expectations both on the side of market growing and design shift in the area of data storage managment and analytics. However, today, the level of complexity achieved and the lack of standardisation of Big Data management architectures represent a huge barrier towards the adoption and execution of analytics especially for those organizations and SMEs not including a sufficient amount of competences and knowledge. The full potential of Big Data Analytics (BDA) can be unleashed only through the definition of approaches that accomplish Big Data users' expectations and requirements, also when the latter are fuzzy and ambiguous. Under these premises, we propose Big Data Analytics-as-a-Service (BDAaaS) as the next-generation Big Data Analytics paradigm and we discuss issues and challenges from the BDAaaS design and development perspective

Trustworthy IoT: An evidence collection approach based on smart contracts

Today, Internet of Things (IoT) implements an ecosystem where a panoply of interconnected devices collect data from physical environments and supply them to processing services, on top of which cloud-based applications are built and provided to mobile end users. The undebatable advantages of smart IoT systems clash with the need of a secure and trustworthy environment. In this paper, we propose a service-based methodology based on blockchain and smart contracts for trustworthy evidence collection at the basis of a trustworthy IoT assurance evaluation. The methodology balances the provided level of trustworthiness and its performance, and is experimentally evaluated using Hyperledger fabric blockchain

Broadening the scope of Differential Privacy Using Metrics ⋆

Abstract. Differential Privacy is one of the most prominent frameworks used to deal with disclosure prevention in statistical databases. It provides a formal privacy guarantee, ensuring that sensitive information relative to individuals cannot be easily inferred by disclosing answers to aggregate queries. If two databases are adjacent, i.e. differ only for an individual, then the query should not allow to tell them apart by more than a certain factor. This induces a bound also on the distinguishability of two generic databases, which is determined by their distance on the Hamming graph of the adjacency relation. In this paper we explore the implications of differential privacy when the indistinguishability requirement depends on an arbitrary notion of distance. We show that we can naturally express, in this way, (protection against) privacy threats that cannot be represented with the standard notion, leading to new applications of the differential privacy framework. We give intuitive characterizations of these threats in terms of Bayesian adversaries, which generalize two interpretations of (standard) differential privacy from the literature. We revisit the well-known results stating that universally optimal mechanisms exist only for counting queries: We show that, in our extended setting, universally optimal mechanisms exist for other queries too, notably sum, average, and percentile queries. We explore various applications of the generalized definition, for statistical databases as well as for other areas, such that geolocation and smart metering.

Using open source middleware for securing E-Gov applications

Nowadays, a global information infrastructure connects remote parties through the use of large scale networks, and many companies focus on developing e-services based on remote resources and on interaction between remote parties. In such a context, e-Government (e-Gov) systems became of paramount importance for the Public Administration, and many ongoing development projects are targeted on their implementation and release. For open source software to play an important role in this scenario, two main technological requirements must be fulfilled: (i) the identification and optimization of de facto standards for building e-Gov open source software components and (ii) a standard integration strategy of these components into an open source middleware layer, capable of conveying a completely open-source e-Gov solution. In this paper, we argue that e-Gov systems should be constructed on a open source middleware layer, providing full public responsibility in its development

Minimizing disclosure of private information in credential-based interactions : a graph-based approach

We address the problem of enabling clients to regulate disclosure of their credentials and properties when interacting with servers in open scenarios. We provide a means for clients to specify the sensitivity of information in their portfolio at a fine-grain level and to determine the credentials and properties to disclose to satisfy a server request while minimizing the sensitivity of the information disclosed. Exploiting a graph modeling of the problem, we develop a heuristic approach for determining a disclosure minimizing released information, that offers execution times compatible with the requirements of interactive access to Web resources

Towards pattern-based reliability certification of services

On Service-Oriented Architectures (SOAs), the mechanism for run-time discovery and selection of services may conflict with the need to make sure that business process instances satisfy their reliability requirements. In this paper we describe a certification scheme based on machine-readable reliability certificates that will enable run-time negotiation. Service reliability is afforded by means of reliability patterns. Our certificates describe the reliability mechanism implemented by a service and the reliability pattern used to implement such a mechanism. Digital signature is used to associate the reliability claim contained in each certificate with the party (service supplier or accredited third-party) taking responsibility for it

Supporting user privacy preferences on information release in open scenarios

Access control solutions for open systems are typically based on the assumption that a client may adopt approached speci\ufb01cally designed for the server to protect the disclosure of her sensitive information. These solutions however do not consider the speci\ufb01c privacy requirements characterizing the client. In this paper, we put forward the idea of adopting a di\ufb00erent model at the client-side, aimed at minimizing the amount of sensitive information released to a server. The model should be based on a formal modeling of the client portfolio and should easily support the de\ufb01nition of privacy preferences and disclosure limitations for empowering the user in the release of her personal information