Towards Tracking Data Flows in Cloud Architectures

As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Especially the demand to provide information about existing data records of an individual and the ability to delete them on demand is central in privacy regulations. Common to these requirements is that cloud providers must be able to track data as it flows across the different services to ensure that it never moves outside of the legitimate realm, and it is known at all times where a specific copy of a record that belongs to a specific individual or business process is located. However, current cloud architectures do neither provide the means to holistically track data flows across different services nor to enforce policies on data flows. In this paper, we point out the deficits in the data flow tracking functionalities of major cloud providers by means of a set of practical experiments. We then generalize from these experiments introducing a generic architecture that aims at solving the problem of cloud-wide data flow tracking and show how it can be built in a Kubernetes-based prototype implementation.Comment: 11 pages, 5 figures, 2020 IEEE 13th International Conference on Cloud Computing (CLOUD

Poster: Patient Community -- A Test Bed For Privacy Threat Analysis

Research and development of privacy analysis tools currently suffers from a lack of test beds for evaluation and comparison of such tools. In this work, we propose a benchmark application that implements an extensive list of privacy weaknesses based on the LINDDUN methodology. It represents a social network for patients whose architecture has first been described in an example analysis conducted by one of the LINDDUN authors. We have implemented this architecture and extended it with more privacy threats to build a test bed that enables comprehensive and independent testing of analysis tools.Comment: 3 pages, 1 figur

MEDINA Orchestrator - User Manual

The Orchestrator is a central component of the MEDINA framework and processes and stores all evidence and assessment results. It receives them from the evidence collection and security assessment tools, and forwards them to the appropriate components, such as the Continuous Certificated Evaluation[1] (CCE). Furthermore, it provides a database that stores evidence and assessment results, as well as metrics, and other data

Application-Oriented Selection of Privacy Enhancing Technologies

To create privacy-friendly software designs, architects need comprehensive knowledge of existing privacy-enhancing technologies (PETs) and their properties. Existing works that systemize PETs, however, are outdated or focus on comparison criteria rather than providing guidance for their practical selection. In this short paper we present an enhanced classification of PETs that is more application-oriented than previous proposals. It integrates existing criteria like the privacy protection goal, and also considers practical criteria like the functional context, a technology's maturity, and its impact on various non-functional requirements. We expect that our classification simplifies the selection of PETs for experts and non-experts

A Continuous Risk Assessment Methodology for Cloud Infrastructures

Cloud systems are dynamic environments which make it difficult to keep track of security risks that resources are exposed to. Traditionally, risk assessment is conducted for individual assets to evaluate existing threats; their results, however, are quickly outdated in such a dynamic environment. In this paper, we propose an adaptation of the traditional risk assessment methodology for cloud infrastructures which loosely couples manual, in-depth analyses with continuous, automatic application of their results. These two parts are linked by a novel threat profile definition that allows to reusably describe configuration weaknesses based on properties that are common across assets and cloud providers. This way, threats can be identified automatically for all resources that exhibit the same properties, including new and modified ones. We also present a prototype implementation which automatically evaluates an infrastructure as code template of a cloud system against a set of threat profiles, and we evaluate its performance. Our methodology not only enables organizations to reuse their threat analysis results, but also to collaborate on their development, e.g. with the public community. To that end, we propose an initial open-source repository of threat profiles

Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis

In this paper, we present the Cloud Property Graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendor- and technology-independent representation of a cloud service's security posture, the graph is based on an ontology of cloud resources, their functionalities and security features. We show, using an example, that our CloudPG framework can be used by security experts to identify weaknesses in their cloud deployments, spanning multiple vendors or technologies, such as AWS, Azure and Kubernetes. This includes misconfigurations, such as publicly accessible storages or undesired data flows within a cloud service, as restricted by regulations such as GDPR

Ion-specific thermodynamics of multicomponent electrolytes: a hybrid HNC/MD approach

Using effective infinite dilution ion-ion interaction potentials derived from explicit-water molecular dynamics (MD) computer simulations in the hypernetted-chain (HNC) integral equation theory we calculate the liquid structure and thermodynamic properties, namely, the activity and osmotic coefficients of various multicomponent aqueous electrolyte mixtures. The electrolyte structure expressed by the ion-ion radial distribution functions is for most ions in excellent agreement with MD and implicit solvent Monte Carlo (MC) simulation results. Calculated thermodynamic properties are also represented consistently among these three methods. Our versatile HNC/MD hybrid method allows for a quick prediction of the thermodynamics of multicomponent electrolyte solutions for a wide range of concentrations and an efficient assessment of the validity of the employed MD force-fields with possible implications in the development of thermodynamicall

Terroristas como pessoas no direito?

A punição de terroristas, em larga medida preliminar, ou os severos interrogatórios, não se adequam a um perfeito Estado de direito. Pertencem ao direito de exceção. Um Estado de direito que tudo abarque não poderia travar esta guerra, pois ele deveria tratar seus inimigos como pessoas e, conseqüentemente, não poderia tratá-las como fonte de perigo. Em Estados de direito que operam na prática de modo ótimo procede-se de outra maneira, e isso lhes dá a chance de não se quebrarem durante o ataque a seus inimigos.<br>The preemptive punishment of terrorists and the use of harsh interrogation techniques are not within the classical standards of the Rule of Law. They belong rather to a state of exception. A State committed to all the usually accepted requirements of the Rule of Law would not be allowed to carry such a war, because it would have the duty to treat its enemies as persons. Therefore, it would not be authorized to treat them as a source of danger. Nevertheless, these classical standards have been challenged in the last two decades by major institutional changes that are now being discussed both in theoretical as in practical levels