The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in th...
详细信息
The exponential growth of data produced, the ever faster and ubiquitous connectivity, and the collaborative processing tools lead to a clear shift of data stores from local servers to the cloud. This migration occurri...
详细信息
ISBN:
(纸本)9781450350358
The exponential growth of data produced, the ever faster and ubiquitous connectivity, and the collaborative processing tools lead to a clear shift of data stores from local servers to the cloud. This migration occurring across different application domains and types of users-individual or corporate-raises two immediate challenges. First, out-sourcing data introduces security risks, hence protection mechanisms must be put in place to provide guarantees such as privacy, confidentiality and integrity. Second, there is no "one-size-fits-all" solution that would provide the right level of safety or performance for all applications and users, and it is therefore necessary to provide mechanisms that can be tailored to the various deployment scenarios. In this paper, we address both challenges by introducing SafeFS, a modular architecture based on software-defined storage principles featuring stackable building blocks that can be combined to construct a secure distributed file system. SafeFS allows users to specialize their data store to their specific needs by choosing the combination of blocks that provide the best safety and performance tradeoffs. The file system is implemented in user space using FUSE and can access remote data stores. The provided building blocks notably include mechanisms based on encryption, replication, and coding. We implemented SafeFS and performed in-depth evaluation across a range of workloads. Results reveal that while each layer has a cost, one can build safe yet efficient storage architectures. Furthermore, the different combinations of blocks sometimes yield surprising tradeoffs.
In international military coalitions, situation awareness is achieved by gathering critical intel from different authorities. Authorities want to retain control over their data, as they are sensitive by nature, and, t...
详细信息
ISBN:
(纸本)9781450339353
In international military coalitions, situation awareness is achieved by gathering critical intel from different authorities. Authorities want to retain control over their data, as they are sensitive by nature, and, thus, usually employ their own authorization solutions to regulate access to them. In this paper, we highlight that harmonizing authorization solutions at the coalition level raises many challenges. We demonstrate how we address authorization challenges in the context of a scenario defined by military experts using a prototype implementation of SAFAX, an XacmL-based architectural framework tailored to the development of authorization services for distributed systems.
System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, six core primitives belonging to most distributed systems are presente...
详细信息
ISBN:
(纸本)9781450339353
System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, six core primitives belonging to most distributed systems are presented. These primitives apply well to systems with large amounts of data, scalability concerns, heterogeneity concerns, temporal concerns, and elements of unknown pedigree with possible nefarious intent. These primitives form the basic building blocks for a Network of 'Things' (NoT), including the Internet of Things (IoT). This keynote offers an underlying and foundational science to IoT. To my knowledge, the ideas and the manner in which the science underlying IoT is presented here is unique. Further, this talk reflects my personal viewpoints and not those of NIST.
Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have...
详细信息
ISBN:
(纸本)9781450339353
Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have control over the transmission of its query through the network. Although algorithms have been proposed for policy-compliant query or data routing in a network, these algorithms mainly deal with authentic route computation and do not provide mechanisms to actually verify the network paths taken by the query. In this work, we propose an approach to deal with the problem of verifying network paths taken by a search query during resource discovery, and detection of malicious forwarding of search query. Our approach aims at being secure and yet very scalable, even in the presence of huge number of nodes in the network.
Using data about individuals without revealing sensitive information about them is important. In recently years, a new privacy protection concept is called k-anonymity has been introduced. On the other hand, applicati...
详细信息
ISBN:
(纸本)9781450350846
Using data about individuals without revealing sensitive information about them is important. In recently years, a new privacy protection concept is called k-anonymity has been introduced. On the other hand, application of person trip data analysis is demanded for public policy making such as tourism and *** this research, TTPP and Kn-Query method is introduced to solved a conflict between privacy protection and utilization of person trip data. TTPP method is proposed as a data structure which describes person trip using the paired entries of fixed point observed personal location with track ID, time window and place. Kn-Query is a query summarizing the number of samples under given conditions satisfying *** an ordinal method, validation of k-anonymity and person trip analysis have been considered separately. The proposed method solved a conflict between privacy and utilization of personal data.
暂无评论