Visible to the public Biblio

Filters: Keyword is data access  [Clear All Filters]
2021-03-30
Ashiku, L., Dagli, C..  2020.  Agent Based Cybersecurity Model for Business Entity Risk Assessment. 2020 IEEE International Symposium on Systems Engineering (ISSE). :1—6.

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

2021-03-22
Vimercati, S. de Capitani di, Foresti, S., Paraboschi, S., Samarati, P..  2020.  Enforcing Corporate Governance's Internal Controls and Audit in the Cloud. 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). :453–461.
More and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.
2020-07-24
Reshma, V., Gladwin, S. Joseph, Thiruvenkatesan, C..  2019.  Pairing-Free CP-ABE based Cryptography Combined with Steganography for Multimedia Applications. 2019 International Conference on Communication and Signal Processing (ICCSP). :0501—0505.

Technology development has led to rapid increase in demands for multimedia applications. Due to this demand, digital archives are increasingly used to store these multimedia contents. Cloud is the commonly used archive to store, transmit, receive and share multimedia contents. Cloud makes use of internet to perform these tasks due to which data becomes more prone to attacks. Data security and privacy are compromised. This can be avoided by limiting data access to authenticated users and by hiding the data from cloud services that cannot be trusted. Hiding data from the cloud services involves encrypting the data before storing it into the cloud. Data to be shared with other users can be encrypted by utilizing Cipher Text-Policy Attribute Based Encryption (CP-ABE). CP-ABE is used which is a cryptographic technique that controls access to the encrypted data. The pairing-based computation based on bilinearity is used in ABE due to which the requirements for resources like memory and power supply increases rapidly. Most of the devices that we use today have limited memory. Therefore, an efficient pairing free CP- ABE access control scheme using elliptic curve cryptography has been used. Pairing based computation is replaced with scalar product on elliptic curves that reduces the necessary memory and resource requirements for the users. Even though pairing free CP-ABE is used, it is easier to retrieve the plaintext of a secret message if cryptanalysis is used. Therefore, this paper proposes to combine cryptography with steganography in such a way by embedding crypto text into an image to provide increased level of data security and data ownership for sub-optimal multimedia applications. It makes it harder for a cryptanalyst to retrieve the plaintext of a secret message from a stego-object if steganalysis were not used. This scheme significantly improved the data security as well as data privacy.

2020-02-18
Liu, Ying, He, Qiang, Zheng, Dequan, Zhang, Mingwei, Chen, Feifei, Zhang, Bin.  2019.  Data Caching Optimization in the Edge Computing Environment. 2019 IEEE International Conference on Web Services (ICWS). :99–106.

With the rapid increase in the use of mobile devices in people's daily lives, mobile data traffic is exploding in recent years. In the edge computing environment where edge servers are deployed around mobile users, caching popular data on edge servers can ensure mobile users' fast access to those data and reduce the data traffic between mobile users and the centralized cloud. Existing studies consider the data cache problem with a focus on the reduction of network delay and the improvement of mobile devices' energy efficiency. In this paper, we attack the data caching problem in the edge computing environment from the service providers' perspective, who would like to maximize their venues of caching their data. This problem is complicated because data caching produces benefits at a cost and there usually is a trade-off in-between. In this paper, we formulate the data caching problem as an integer programming problem, and maximizes the revenue of the service provider while satisfying a constraint for data access latency. Extensive experiments are conducted on a real-world dataset that contains the locations of edge servers and mobile users, and the results reveal that our approach significantly outperform the baseline approaches.

2019-09-23
Stodden, Victoria, Krafczyk, Matthew S., Bhaskar, Adhithya.  2018.  Enabling the Verification of Computational Results: An Empirical Evaluation of Computational Reproducibility. Proceedings of the First International Workshop on Practical Reproducible Evaluation of Computer Systems. :3:1–3:5.
The ability to independently regenerate published computational claims is widely recognized as a key component of scientific reproducibility. In this article we take a narrow interpretation of this goal, and attempt to regenerate published claims from author-supplied information, including data, code, inputs, and other provided specifications, on a different computational system than that used by the original authors. We are motivated by Claerbout and Donoho's exhortation of the importance of providing complete information for reproducibility of the published claim. We chose the Elsevier journal, the Journal of Computational Physics, which has stated author guidelines that encourage the availability of computational digital artifacts that support scholarly findings. In an IRB approved study at the University of Illinois at Urbana-Champaign (IRB \#17329) we gathered artifacts from a sample of authors who published in this journal in 2016 and 2017. We then used the ICERM criteria generated at the 2012 ICERM workshop "Reproducibility in Computational and Experimental Mathematics" to evaluate the sufficiency of the information provided in the publications and the ease with which the digital artifacts afforded computational reproducibility. We find that, for the articles for which we obtained computational artifacts, we could not easily regenerate the findings for 67% of them, and we were unable to easily regenerate all the findings for any of the articles. We then evaluated the artifacts we did obtain (55 of 306 articles) and find that the main barriers to computational reproducibility are inadequate documentation of code, data, and workflow information (70.9%), missing code function and setting information, and missing licensing information (75%). We recommend improvements based on these findings, including the deposit of supporting digital artifacts for reproducibility as a condition of publication, and verification of computational findings via re-execution of the code when possible.
2019-02-13
Gunjal, Y. S., Gunjal, M. S., Tambe, A. R..  2018.  Hybrid Attribute Based Encryption and Customizable Authorization in Cloud Computing. 2018 International Conference On Advances in Communication and Computing Technology (ICACCT). :187–190.
Most centralized systems allow data access to its cloud user if a cloud user has a certain set of satisfying attributes. Presently, one method to compete such policies is to use an authorized cloud server to maintain the user data and have access control over it. At times, when one of the servers keeping data is compromised, the security of the user data is compromised. For getting access control, maintaining data security and obtaining precise computing results, the data owners have to keep attribute-based security to encrypt the stored data. During the delegation of data on cloud, the cloud servers may be tampered by the counterfeit cipher-text. Furthermore, the authorized users may be cheated by retorting them that they are unauthorized. Largely the encryption control access attribute policies are complex. In this paper, we present Cipher-text Policy Attribute-Based Encryption for maintaining complex access control over encrypted data with verifiable customizable authorization. The proposed technique provides data confidentiality to the encrypted data even if the storage server is comprised. Moreover, our method is highly secured against collusion attacks. In advance, performance evaluation of the proposed system is elaborated with implementation of the same.
2018-06-11
Kaaniche, N., Laurent, M..  2017.  A blockchain-based data usage auditing architecture with enhanced privacy and availability. 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA). :1–5.

Recent years have witnessed the trend of increasingly relying on distributed infrastructures. This increased the number of reported incidents of security breaches compromising users' privacy, where third parties massively collect, process and manage users' personal data. Towards these security and privacy challenges, we combine hierarchical identity based cryptographic mechanisms with emerging blockchain infrastructures and propose a blockchain-based data usage auditing architecture ensuring availability and accountability in a privacy-preserving fashion. Our approach relies on the use of auditable contracts deployed in blockchain infrastructures. Thus, it offers transparent and controlled data access, sharing and processing, so that unauthorized users or untrusted servers cannot process data without client's authorization. Moreover, based on cryptographic mechanisms, our solution preserves privacy of data owners and ensures secrecy for shared data with multiple service providers. It also provides auditing authorities with tamper-proof evidences for data usage compliance.

2018-01-16
Ding, Y., Li, X..  2017.  Policy Based on Homomorphic Encryption and Retrieval Scheme in Cloud Computing. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 1:568–571.

Homomorphic encryption technology can settle a dispute of data privacy security in cloud environment, but there are many problems in the process of access the data which is encrypted by a homomorphic algorithm in the cloud. In this paper, on the premise of attribute encryption, we propose a fully homomorphic encrypt scheme which based on attribute encryption with LSSS matrix. This scheme supports fine-grained cum flexible access control along with "Query-Response" mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from users without updating the key client, it reduces the pressure of the client greatly. Finally, security analysis illustrates that the scheme can resist collusion attack. A comparison of the performance from existing CP-ABE scheme, indicates that our scheme reduces the computation cost greatly for users.

Ferretti, L., Marchetti, M., Colajanni, M..  2017.  Verifiable Delegated Authorization for User-Centric Architectures and an OAuth2 Implementation. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:718–723.

Delegated authorization protocols have become wide-spread to implement Web applications and services, where some popular providers managing people identity information and personal data allow their users to delegate third party Web services to access their data. In this paper, we analyze the risks related to untrusted providers not behaving correctly, and we solve this problem by proposing the first verifiable delegated authorization protocol that allows third party services to verify the correctness of users data returned by the provider. The contribution of the paper is twofold: we show how delegated authorization can be cryptographically enforced through authenticated data structures protocols, we extend the standard OAuth2 protocol by supporting efficient and verifiable delegated authorization including database updates and privileges revocation.

2017-02-27
Na, L., Yunwei, D., Tianwei, C., Chao, W., Yang, G..  2015.  The Legitimacy Detection for Multilevel Hybrid Cloud Algorithm Based Data Access. Reliability and Security - Companion 2015 IEEE International Conference on Software Quality. :169–172.

In this paper a joint algorithm was designed to detect a variety of unauthorized access risks in multilevel hybrid cloud. First of all, the access history is recorded among different virtual machines in multilevel hybrid cloud using the global flow diagram. Then, the global flow graph is taken as auxiliary decision-making basis to design legitimacy detection algorithm based data access and is represented by formal representation, Finally the implement process was specified, and the algorithm can effectively detect operating against regulations such as simple unauthorized level across, beyond indirect unauthorized and other irregularities.

2016-05-04
Xianqing Yu, P. Ning, M. A. Vouk.  2015.  Enhancing security of Hadoop in a public cloud. Information and Communication Systems (ICICS), 2015 6th International Conference on. :38-43.

Hadoop has become increasingly popular as it rapidly processes data in parallel. Cloud computing gives reliability, flexibility, scalability, elasticity and cost saving to cloud users. Deploying Hadoop in cloud can benefit Hadoop users. Our evaluation exhibits that various internal cloud attacks can bypass current Hadoop security mechanisms, and compromised Hadoop components can be used to threaten overall Hadoop. It is urgent to improve compromise resilience, Hadoop can maintain a relative high security level when parts of Hadoop are compromised. Hadoop has two vulnerabilities that can dramatically impact its compromise resilience. The vulnerabilities are the overloaded authentication key, and the lack of fine-grained access control at the data access level. We developed a security enhancement for a public cloud-based Hadoop, named SEHadoop, to improve the compromise resilience through enhancing isolation among Hadoop components and enforcing least access privilege for Hadoop processes. We have implemented the SEHadoop model, and demonstrated that SEHadoop fixes the above vulnerabilities with minimal or no run-time overhead, and effectively resists related attacks.

2015-05-04
Lopes, H., Chatterjee, M..  2014.  Application H-Secure for mobile security. Circuits, Systems, Communication and Information Technology Applications (CSCITA), 2014 International Conference on. :370-374.

Mobile security is as critical as the PIN number on our ATM card or the lock on our front door. More than our phone itself, the information inside needs safeguarding as well. Not necessarily for scams, but just peace of mind. Android seems to have attracted the most attention from malicious code writers due to its popularity. The flexibility to freely download apps and content has fueled the explosive growth of smart phones and mobile applications but it has also introduced a new risk factor. Malware can mimic popular applications and transfer contacts, photos and documents to unknown destination servers. There is no way to disable the application stores on mobile operating systems. Fortunately for end-users, our smart phones are fundamentally open devices however they can quite easily be hacked. Enterprises now provide business applications on these devices. As a result, confidential business information resides on employee-owned device. Once an employee quits, the mobile operating system wipe-out is not an optimal solution as it will delete both business and personal data. Here we propose H-Secure application for mobile security where one can store their confidential data and files in encrypted form. The encrypted file and encryption key are stored on a web server so that unauthorized person cannot access the data. If user loses the mobile then he can login into web and can delete the file and key to stop further decryption process.