Commercial OSNs have started to provide users withthe ability to set their privacy settings for a more controlled information sharing. However, these settings do not prevent the social network manager to perform mark...
详细信息
ISBN:
(纸本)9781450322782
Commercial OSNs have started to provide users withthe ability to set their privacy settings for a more controlled information sharing. However, these settings do not prevent the social network manager to perform marketing research on user personal data, aiming, as example, at offering a personalized advertising to users. To cope withthese requirements Decentralized Social Networks (DSNs) are emerged as a possible solution for moving users' personal data out from OSN realms. Unfortunately, it has been shown that DSNs have some limitations, in terms of usability and social features they offer. To overcome this problem, in this paper we extend the DSN framework so that users' data (e.g., resources and relationships) are securely stored in a public cloud data storage and shared according to relationship based rules defined by owners, by at the same time supporting a privacy-preserving path finding. To this end, we make use of encryption techniques and we devise a new collaborative anonymization process. In the paper, besides presenting all the components of our framework, we analyze its security and present experiments showing the feasibility of the developed techniques. Copyright 2014 acm.
DNS is an important data source for security for many reasons. If the DNS infrastructure can be brought down, many networking tasks would be impossible to complete. If the integrity of the mapping between domain names...
详细信息
ISBN:
(纸本)9781450331913
DNS is an important data source for security for many reasons. If the DNS infrastructure can be brought down, many networking tasks would be impossible to complete. If the integrity of the mapping between domain names and IP addresses is compromised, attackers can redirect users undetectably to IP addresses of their choosing. And malware of many types must in one way or another use the DNS infrastructure as part of their operations. For example, botnets often use fast flux techniques and domain name generation algorithms to rendezvous with command and control *** DNS is a significant challenge. In HP, our core internal DNS clusters process approximately 16 billion DNS packets every day. Ideally, we would like to turn each and every one of those packets into an event for our security information and event management (SIEM) system. However, we would have to grow our SIEM, which is one of the largest deployments in the world, by a factor of six to collect this data. Moreover, traditional logging has a substantial performance impact on the DNS infrastructure, and therefore from an operational perspective enabling logging is also impractical. Finally, DNS servers generally do not log the information necessary to detect many security *** deal withthese problems we collect and filter this traffic using hardware network packet sniffers, which have no impact on the performance of the DNS servers and allows us to collect all of the information we need for security purposes. We model known good traffic, and discard it, keeping only anomalous *** developed a custom analytics engine, which analyzes this data looking for evidence of botnet infections, blacklist hits, cloud platform abuse, beaconing, data exfiltration, and cache poisoning attempts. the results of these analyses is turned into a set of alerts which are sent to our security Operations Center (SOC). We've also developed a user interface including various visualizations to help analysts exp
Enterprises are increasingly subject to compliance rules that originate from corporate guidelines, industry sector standards, and laws. the goal of access control is to protect against unauthorized users. However, thr...
详细信息
ISBN:
(纸本)9781450331913
Enterprises are increasingly subject to compliance rules that originate from corporate guidelines, industry sector standards, and laws. the goal of access control is to protect against unauthorized users. However, threats also often reside within organizations where authorized users may misuse system resources. Although access control is fundamental in protecting information systems, it can pose an obstacle to achieving business objectives. Today, security policies have to be aligned withthe business goals and are not anymore a purely technical issue. Business processes are therefore of special interest. When described by workflows, they define the causal dependencies between a set of tasks, whose execution constitutes a business objective. Already in 1999, Bertino, Ferrari and Atluri showed how to specify and enforce authorization constraints in workflow management systems [1]. But only in recent years, triggered by the raise of high-level modeling languages such as the Business Process Model and Notation (BPMN), business processes were enhanced with compliance requirements in terms of process annotations, tying the control objectives into the execution *** talk will look at recent research results in this area, including approaches to scope authorization constraints within workflows with loops and conditional execution [2], to capture the effects of enforcement on business objectives [3], and to select the optimal between multiple authorization policies satisfying the given constraints [4].this work was mainly done in collaboration with Samuel Burri, when we both were at IBM Research -- Zurich, and David Basin from Eth Zurich.
暂无评论