Secure proof of storage with deduplication for cloud storage systems

Explosion of multimedia content brings forth the needs of efficient resource utilization using the state of the arts cloud computing technologies such as data deduplication. In the cloud computing environments, achieving both data privacy and integrity is the challenging issue for data outsourcing service. Proof of Storage with Deduplication (POSD) is a promising solution that addresses the issue for the cloud storage systems with deduplication enabled. However, the validity of the current POSD scheme stands on the strong assumption that all clients are honest in terms of generating their keys. We present insecurity of this approach under new attack model that malicious clients exploit dishonestly manipulated keys. We also propose an improved POSD scheme to mitigate our attack.     

面向隐私保护的数据挖掘技术研究

隐私与安全是数据挖掘中一个越来越重要的问题。隐私与安全问题的解决能破坏图谋不轨的挖掘工程。文中研究了数据挖掘中隐私保护技术的发展现状,总结出了隐私保护技术的分类,详细讨论了隐私保护技术中最重要的隐私保持技术,最后得出了隐私保护技术算法的评估指标。     

The disclosure of private data: measuring the privacy paradox in digital services

Privacy is a current topic in the context of digital services because such services demand mass volumes of consumer data. Although most consumers are aware of their personal privacy, they frequently do not behave rationally in terms of the risk-benefit trade-off. This phenomenon is known as the privacy paradox. It is a common limitation in research papers examining consumers’ privacy intentions. Using a design science approach, we develop a metric that determines the extent of consumers’ privacy paradox in digital services based on the theoretical construct of the privacy calculus. We demonstrate a practical application of the metric for mobile apps. With that, we contribute to validating respective research findings. Moreover, among others, consumers and companies can be prevented from unwanted consequences regarding data privacy issues and service market places can provide privacy-customized suggestions.     

A general framework for managing and processing live video data with privacy protection

Though a large body of existing work on video surveillance focuses on image and video processing techniques, few address the usability of such systems, and in particular privacy issues. This study fuses concepts from stream processing and content-based image retrieval to construct a privacy-preserving framework for rapid development and deployment of video surveillance applications. Privacy policies, instantiated to as privacy filters, may be applied both granularly and hierarchically. Privacy filters are granular as they are applicable to specific objects appearing in the video streams. They are hierarchal because they can be specified at specific objects in the framework (e.g., users, cameras) and are combined such that the disseminated video stream adheres to the most stringent aspect specified in the cascade of all privacy filters relevant to a video stream or query. To support this privacy framework, we extend our Live Video Database Model with an informatics-based approach to object recognition and tracking and add an intrinsic privacy model that provides a level of privacy protection not previously available for real-time streaming video data. The proposed framework also provides a formal approach to implement and enforce privacy policies that are verifiable, an important step towards privacy certification of video surveillance systems through a standardized privacy specification language.     

Case study: an incremental approach to re-engineering a legacy FORTRAN Computational Fluid Dynamics code in C++

This article describes a practical approach to the manual re-engineering of numerical software systems. The strategy has been applied to re-develop a medium sized FORTRAN-77 Computational Fluid Dynamics (CFD) code into C++. The motivation for software reverse-engineering is described, as are the special problems which influence the re-use of a legacy numerical code. The aim of this case study was to extract the implicit logical structure from the legacy code to form the basis of a C++ version using an imposed object-oriented design. An important secondary consideration was for the preservation of tried and tested numerical algorithms without excessive degradation of run-time performance. To this end an incremental re-engineering strategy was adopted that consisted of nine main stages, with extensive regression testing between each stage. The stages used in this development are described in this paper, with examples to illustrate the techniques employed and the problems encountered. This paper concludes with an appraisal of the development strategy used and a discussion of the central problems that have been addressed in this case study.     

Managing one’s identities in organisational and social settings

Interacting in the Internet, users should be empowered to use only those subsets of their personal attributes, called partial identities, which are appropriate for the actual situation and context. Refraining from acting under few and easily linkable partial identities is a prerequisite for trustworthy privacy. Traditionally user-controlled identity management systems primarily support individuals interacting with organisations, but mainly ignore special needs which arise if individuals interact with each other. To support online communities those systems have to change. From TU Dresden: Prof. Dr. Andreas Pfitzmann, head of the privacy and security group, and the research assistants Dipl.-Inform. Katrin Borcea-Pfitzmann, Dipl. Medien-inf. Katja Liesebach and Dipl.-Inform. Sandra Steinbrecher. From ULD, Kiel: Dipl.-Inform. Marit Hansen, head of PET division. Research Focus: Privacy in Identity Management and Application Design This work was funded in part by the PRIME project which receives research funding from the European Union’s Sixth Framework Programme and the Swiss Federal Office for Education and Science.     

一种基于标识的隐私资源保护方案

隐私资源的保护是多域间互操作以及P2P等技术实施的关键性安全问题。已有的解决方案虽然解决部分问题,但仍然存在着隐私信息泄露的可能,并没有很好地保证隐私资源的机密性,或者会泄露其他的隐私信息。分析了隐私资源保护的安全目标,提出了一种基于标识的保护方案。该方案不仅满足了安全目标,而且一次通信就能完成隐私资源的交换。最后,该方案被证明具有IND-CCA2语义安全性。     

基于Skyline计算的社交网络关系数据隐私保护

随着社交软件的流行，越来越多的人加入社交网络产生了大量有价值的信息，其中也包含了许多敏感隐私信息。不同的用户有不同的隐私需求，因此需要不同级别的隐私保护。社交网络中用户隐私泄露等级受社交网络图结构和用户自身威胁等级等诸多因素的影响。针对社交网络数据的个性化隐私保护问题及用户隐私泄露等级评价问题，提出基于Skyline计算的个性化差分隐私保护策略（PDPS）用以发布社交网络关系数据。首先构建用户的属性向量；接着采用基于Skyline计算的方法评定用户的隐私泄露等级，并根据该等级对用户数据集进行分割；然后应用采样机制来实现个性化差分隐私，并对整合后的数据添加噪声；最后对处理后数据进行安全性和实用性的分析并发布数据。在真实数据集上与传统的个性化差分隐私方法（PDP）对比，验证了PDPS算法的隐私保护质量和数据的可用性都优于PDP算法。     

A comprehensive pattern-oriented approach to engineering security methodologies

ContextDeveloping secure software systems is an issue of ever-growing importance. Researchers have generally come to acknowledge that to develop such systems successfully, their security features must be incorporated in the context of a systematic approach: a security methodology. There are a number of such methodologies in the literature, but no single security methodology is adequate for every situation, requiring the construction of “fit-to-purpose” methodologies or the tailoring of existing methodologies to the project specifics at hand. While a large body of research exists addressing the same requirement for development methodologies – constituting the field of Method Engineering – there is nothing comparable for security methodologies as such; in fact, the topic has never been studied before in such a context.ObjectiveIn this paper we draw inspiration from a number of Method Engineering ideas and fill the latter gap by proposing a comprehensive approach to engineering security methodologies.MethodOur approach is embodied in three interconnected parts: a framework of interrelated security process patterns; a security-specific meta-model; and a meta-methodology to guide engineers in using the latter artefacts in a step-wise fashion. A UML-inspired notation is used for representing all pattern-based methodology models during design and construction. The approach is illustrated and evaluated by tailoring an existing, real-life security methodology to a distributed-system-specific project situation.ResultsThe paper proposes a novel pattern-oriented approach to modeling, constructing, tailoring and combining security methodologies, which is the very first and currently sole such approach in the literature. We illustrate and evaluate our approach in an academic setting, and perform a feature analysis to highlight benefits and deficiencies.ConclusionUsing our proposal, developers, architects and researchers can analyze and engineer security methodologies in a structured, systematic fashion, taking into account all security methodology aspects.     

Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts

One of the major research challenges for the successful deployment of cloud services is a clear understanding of security and privacy issues on a cloud environment, since cloud architecture has dissimilarities compared to traditional distributed systems. Such differences might introduce new threats and require a different treatment of security and privacy issues. It is therefore important to understand security and privacy within the context of cloud computing and identify relevant security and privacy properties and threats that will support techniques and methodologies aimed to analyze and design secure cloud based systems.     

Identification of design motifs with pattern matching algorithms

Design patterns are important in software maintenance because they help in understanding and re-engineering systems. They propose design motifs, solutions to recurring design problems. The identification of occurrences of design motifs in large systems consists of identifying classes whose structure and organization match exactly or approximately the structure and organization of classes as suggested by the motif. We adapt two classical approximate string matching algorithms based on automata simulation and bit-vector processing to efficiently identify exact and approximate occurrences of motifs. We then carry out two case studies to show the performance, precision, and recall of our algorithms. In the first case study, we assess the performance of our algorithms on seven medium-to-large systems. In the second case study, we compare our approach with three existing approaches (an explanation-based constraint approach, a metric-enhanced explanation-based constraint approach, and a similarity scoring approach) by applying the algorithms on three small-to-medium size systems, JHotDraw, Juzzle, and QuickUML. Our studies show that approximate string matching based on bit-vector processing provides efficient algorithms to identify design motifs.     

Secure software's impact on reliability

Reliability of software is directly impacted by additional code, complex design, and other measures to inhibit unauthorized use of software systems. This paper examines the problem of maintaining software reliability in computer security systems and suggests an approach to design in the reliability by making objective measures over the life cycle. The author presents some new concepts which will enable the software developers to measure not only the degree of security being built into the software, but also its direct impact on reliability.     

Systematic review on privacy categorisation

In the modern digital world users need to make privacy and security choices that have far-reaching consequences. Researchers are increasingly studying people’s decisions when facing with privacy and security trade-offs, the pressing and time consuming disincentives that influence those decisions, and methods to mitigate them. This work aims to present a systematic review of the literature on privacy categorisation, which has been defined in terms of profile, profiling, segmentation, clustering and personae. Privacy categorisation involves the possibility to classify users according to specific prerequisites, such as their ability to manage privacy issues, or in terms of which type of and how many personal information they decide or do not decide to disclose. Privacy categorisation has been defined and used for different purposes. The systematic review focuses on three main research questions that investigate the study contexts, i.e. the motivations and research questions, that propose privacy categorisations; the methodologies and results of privacy categorisations; the evolution of privacy categorisations over time. Ultimately it tries to provide an answer whether privacy categorisation as a research attempt is still meaningful and may have a future.     

Privacy and security constraints for code contributions

In collaborative software development, developers submit their contributions to repositories that are used to integrate code from various collaborators. To avoid privacy and security issues, code contributions are often reviewed before integration. Although careful manual code review can detect such issues, it might be time-consuming, expensive, and error-prone. Automatic analysis tools can also detect privacy and security issues, but they often demand significant developer effort, or are domain specific, considering fixed framework specific vulnerability sources and sinks. To reduce these problems, in this paper we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. We implement a tool that automatically checks Salvum policies for systems of different technical domains. We also investigate whether Salvum can find policy violations for a number of open-source projects. We find evidence that Salvum helps to detect violations even for well-supported and highly active projects. Moreover, our tool helps to find 80 violations in benchmark projects.     

Empirical evaluation of a privacy-focused threat modeling methodology

Privacy is a key issue in today's society. Software systems handle more and more sensitive information concerning citizens. It is important that such systems are privacy-friendly by design. In previous work, we proposed a privacy threat analysis methodology, named LINDDUN. The methodology supports requirements engineers and software architects in identifying privacy weaknesses in the system they contribute to developing. As this is a fairly new technique, its results when applied in realistic scenarios are yet unknown. This paper presents a series of three empirical studies that thoroughly evaluate LINDDUN from a multi-faceted perspective. Our assessment characterizes the correctness and completeness of the analysis results produced by LINDDUN, as well as the productivity associated with executing the methodology. We also look into aspects such as the ease of use and reliability of LINDDUN. The results are encouraging, overall. However, some areas for further improvement have been identified as a result of this empirical inquiry.     

Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures

Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks are well established within the cybersecurity domain, and thus their cyber-physical systems are actively defended with countermeasures. Non-cyber systems are equally as vulnerable to side-channel attacks; however, this is largely unrecognised and therefore countermeasures to defend them are limited. This paper surveys side-channel attacks against non-cyber systems and investigates the consequent security and privacy ramifications. Side-channel attack techniques rely on respective side-channel properties in order to succeed; therefore, countermeasures that disrupt each side-channel property are identified, effectively thwarting the side-channel attack. This principle is captured within a countermeasure algorithm: a systematic and extensible approach to identifying candidate countermeasures for non-cyber systems. We validate the output of this process by showing how the candidate countermeasures could be applied in the context of each non-cyber system and in the real world. This work provides an extensible platform for translating cybersecurity-derived side-channel attack research into defending systems from non-cyber domains.

     

Advanced steps with standardized languages in the re-engineering process

Formal methods can be used at all stages of a software development project. In this paper we reflect on the roles of ITU-T standardized System Design Languages and their interplay in design processes of cooperative systems, highlighting the usability of User Requirements Notation (URN) standard to capture requirements with workflow-based re-engineering process of complex systems. In this paper we give our re-engineering experiences with the URN-part Use Case Maps (UCM) language capabilities and also the transformation processes of the UCM model elements to UML diagrams are presented. The new components can be very well documented and integrated into the existing system in a manner that even the stakeholders get involved in it.     

A Pattern-Based Framework for Software Anomaly Detection

This paper presents a pattern-based framework for developing tool support to detect software anomalies. The use of a pattern-based approach is important because it provides the flexibility needed to address domain-specific needs, with respect to the types of problems the tools detect and the strategies used to inspect and adapt the code. Patterns can be used to detect a variety of problems, ranging from simple syntactic issues to difficult semantic problems requiring global analysis. Patterns can also be used to describe transformations of the software, used to rectify problems detected through software inspection, and to support interactive inspection and adaptation when full automation is impractical. This paper describes a part of the Knowledge Centric Software (KCS) framework that embodies the pattern-based approach and provides capabilities for addressing different languages and different application domains. While only the part of the framework relevant to code inspections is addressed in this paper, in future, we also expect to address UML analysis and design models. As an application of the research, we present an overview of an inspection tool being developed for high assurance software for avionics systems.     

Integrating domain and constraint privacy reasoning in the distributed stochastic algorithm with breakouts

Privacy has traditionally been a major motivation of distributed problem solving. One popular approach to enable privacy in distributed environments is to implement complex cryptographic protocols. In this paper, we propose a different, orthogonal approach, which is to control the quality and the quantity of publicized data. We consider the Open Constraint Programming model and focus on algorithms that solve Distributed Constraint Optimization Problems (DCOPs) using a local search approach. Two such popular algorithms exist to find good solutions to DCOP: DSA and GDBA. In this paper, we propose DSAB, a new algorithm that merges ideas from both algorithms to allow extensive handling of constraint privacy. We also study how algorithms behave when solving Utilitarian DCOPs, where utilitarian agents want to reach an agreement while reducing the privacy loss. We experimentally study how the utilitarian approach impacts the quality of the solution and of publicized data.