This work characterizes an interference-based covert timing channel in a highly virtualized, active data center. The adversary leaks sensitive data from a compromised machine without any direct TCP/IP communication pathway between it and the channel's external sink. The attack exploits a publicly facing innocuous and uncompromised commercial server in a shared resources attack. This victimized server unwittingly partakes in a stealthy operation by providing the exfiltration medium. The channel exhibits a one bit per second data rate that can increase proportionally with the decrease in the victim's content transmission time. The channel operates 24x7 in a major university's Computer Science department's data center that experiences highly dynamic loads. Bit Error Rate and capacity are evaluated with the application of spreading gain, a technique used in wireless spread spectrum designs. Additionally, time synchronization drift characterization and channel tolerance to clock skew are demonstrated. A technique for identifying symbol discrimination thresholds requiring no a priori knowledge of truth is demonstrated.
{"title":"Return of the Covert Channel, Data Center Style","authors":"Kenneth Block, G. Noubir","doi":"10.1145/2808425.2808433","DOIUrl":"https://doi.org/10.1145/2808425.2808433","url":null,"abstract":"This work characterizes an interference-based covert timing channel in a highly virtualized, active data center. The adversary leaks sensitive data from a compromised machine without any direct TCP/IP communication pathway between it and the channel's external sink. The attack exploits a publicly facing innocuous and uncompromised commercial server in a shared resources attack. This victimized server unwittingly partakes in a stealthy operation by providing the exfiltration medium. The channel exhibits a one bit per second data rate that can increase proportionally with the decrease in the victim's content transmission time. The channel operates 24x7 in a major university's Computer Science department's data center that experiences highly dynamic loads. Bit Error Rate and capacity are evaluated with the application of spreading gain, a technique used in wireless spread spectrum designs. Additionally, time synchronization drift characterization and channel tolerance to clock skew are demonstrated. A technique for identifying symbol discrimination thresholds requiring no a priori knowledge of truth is demonstrated.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122583341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Order-preserving encryption (OPE) is a symmetric encryption that ciphertexts preserve numerical ordering of the corresponding plaintexts. It allows various applications to search or sort the order of encrypted data (e.g., range queries in database) efficiently. In this paper, we study OPE for more practical use. We first discuss the elements of previous schemes considered as obstacles in practical applications and propose a new construction by eliminating them (especially probabilistic random variate generation functions such as hypergeometric and binomial distributions). We propose a new OPE whose encryption and decryption are much faster than those of the previous schemes by employing uniform distribution sampling. Furthermore, we provide a batch decryption algorithm to support concurrent decryption of numerical values within the specific range, which is firstly observed in the OPE research literature. It can be very efficiently applied for the encrypted range query processing of database systems. The security of our scheme is proven under the weak variants of notions proposed by Teranishi et al. in Asiacrypt 2014, which yield partial indistinguishability and one-wayness.
保序加密(OPE)是一种对称加密,它使密文保持相应明文的数字顺序。它允许各种应用程序有效地搜索或排序加密数据的顺序(例如,数据库中的范围查询)。在本文中,我们对OPE进行了更实际的研究。我们首先讨论了在实际应用中被认为是障碍的先前方案的元素,并提出了一种新的结构,通过消除它们(特别是概率随机变量生成函数,如超几何分布和二项分布)。我们采用均匀分布抽样的方法,提出了一种新的OPE,它的加解密速度比以前的方案快得多。此外,我们还提供了一种批量解密算法,支持对特定范围内的数值进行并发解密,这在OPE研究文献中首次观察到。它可以非常有效地应用于数据库系统的加密范围查询处理。在Teranishi et al.在Asiacrypt 2014中提出的概念的弱变体下证明了我们方案的安全性,这些概念产生部分不可区分性和单一性。
{"title":"Fast Order-Preserving Encryption from Uniform Distribution Sampling","authors":"Yong Ho Hwang, Sungwook Kim, J. Seo","doi":"10.1145/2808425.2808431","DOIUrl":"https://doi.org/10.1145/2808425.2808431","url":null,"abstract":"Order-preserving encryption (OPE) is a symmetric encryption that ciphertexts preserve numerical ordering of the corresponding plaintexts. It allows various applications to search or sort the order of encrypted data (e.g., range queries in database) efficiently. In this paper, we study OPE for more practical use. We first discuss the elements of previous schemes considered as obstacles in practical applications and propose a new construction by eliminating them (especially probabilistic random variate generation functions such as hypergeometric and binomial distributions). We propose a new OPE whose encryption and decryption are much faster than those of the previous schemes by employing uniform distribution sampling. Furthermore, we provide a batch decryption algorithm to support concurrent decryption of numerical values within the specific range, which is firstly observed in the OPE research literature. It can be very efficiently applied for the encrypted range query processing of database systems. The security of our scheme is proven under the weak variants of notions proposed by Teranishi et al. in Asiacrypt 2014, which yield partial indistinguishability and one-wayness.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124467372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cloud computing is a change agent to how information technologies are consumed by businesses and consumers. The agility, scale, and resiliency brought by the cloud fundamentally changed the IT economy for many organizations. However, security assurance for cloud continues to be a barrier for adoption. This talk surveys the current cloud security technology landscape and more specifically the subject of "zero-knowledge protection" (ZKP). Borrowed from zero-knowledge proof, ZKP is a concept that allows cloud users to leverage cloud application functions without revealing critical data to the cloud infrastructure. ZKP has far-reaching impact on privacy, government surveillance, and data residency. There is also much misconception on what ZKP is and is not capable of doing. This talk looks at the specifics of ZKP technologies, the use cases for which ZKP provides the most value, and the ensuing societal impact. We will examine how ZKP can work across various layers of the cloud, from IaaS to SaaS, and briefly touch on how ZKP can function with some of the newer cloud technologies like Linux Containers and Docker.
{"title":"Cloud Security: The Industry Landscape and the Lure of Zero-Knowledge Protection","authors":"Chenxi Wang","doi":"10.1145/2808425.2808427","DOIUrl":"https://doi.org/10.1145/2808425.2808427","url":null,"abstract":"Cloud computing is a change agent to how information technologies are consumed by businesses and consumers. The agility, scale, and resiliency brought by the cloud fundamentally changed the IT economy for many organizations. However, security assurance for cloud continues to be a barrier for adoption. This talk surveys the current cloud security technology landscape and more specifically the subject of \"zero-knowledge protection\" (ZKP). Borrowed from zero-knowledge proof, ZKP is a concept that allows cloud users to leverage cloud application functions without revealing critical data to the cloud infrastructure. ZKP has far-reaching impact on privacy, government surveillance, and data residency. There is also much misconception on what ZKP is and is not capable of doing. This talk looks at the specifics of ZKP technologies, the use cases for which ZKP provides the most value, and the ensuing societal impact. We will examine how ZKP can work across various layers of the cloud, from IaaS to SaaS, and briefly touch on how ZKP can function with some of the newer cloud technologies like Linux Containers and Docker.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"328 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124631712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware---both large (public clouds) and small (smartphones)---the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely side-channel attacks. In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.
{"title":"Side Channels in Multi-Tenant Environments","authors":"M. Reiter","doi":"10.1145/2808425.2808426","DOIUrl":"https://doi.org/10.1145/2808425.2808426","url":null,"abstract":"Due to the massive adoption of computing platforms that consolidate potentially distrustful tenants' applications on common hardware---both large (public clouds) and small (smartphones)---the security provided by these platforms to their tenants is increasingly being scrutinized. In this talk we review highlights from the last several years of research on a long-suspected but, until recently, largely hypothetical attack vector on such platforms, namely side-channel attacks. In these attacks, one tenant learns sensitive information about another tenant simply by running on the same hardware with it, but without violating the logical access control enforced by the platform's isolation software (virtual machine monitor or operating system). We will then summarize various strategies we have explored to defend against side-channel attacks in their various forms, both inexpensive defenses against specific attacks and more holistic but expensive protections.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115030706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the cloud era, as more and more businesses and individuals have their data hosted by an untrusted storage service provider, data privacy has become an important concern. In this context, searchable symmetric encryption (SSE) has gained a lot of attention. An SSE scheme aims to protect the privacy of the outsourced data by supporting, at the same time, outsourced search computation. However, the design of an efficient dynamic SSE (DSSE) has been shown to be a challenging task. In this paper, we present two efficient DSSEs that leak a limited amount of information. Both our schemes make a limited use of ORAM algorithms to achieve forward privacy and to minimize the overhead that ORAMs introduce, at the same time. To the best of our knowledge, there is only one other DSSE scheme that offers efficiently forward privacy. Our schemes are parallizable and significantly improve the search and update complexity, as well as the memory access locality.
{"title":"ORAM Based Forward Privacy Preserving Dynamic Searchable Symmetric Encryption Schemes","authors":"P. Rizomiliotis, S. Gritzalis","doi":"10.1145/2808425.2808429","DOIUrl":"https://doi.org/10.1145/2808425.2808429","url":null,"abstract":"In the cloud era, as more and more businesses and individuals have their data hosted by an untrusted storage service provider, data privacy has become an important concern. In this context, searchable symmetric encryption (SSE) has gained a lot of attention. An SSE scheme aims to protect the privacy of the outsourced data by supporting, at the same time, outsourced search computation. However, the design of an efficient dynamic SSE (DSSE) has been shown to be a challenging task. In this paper, we present two efficient DSSEs that leak a limited amount of information. Both our schemes make a limited use of ORAM algorithms to achieve forward privacy and to minimize the overhead that ORAMs introduce, at the same time. To the best of our knowledge, there is only one other DSSE scheme that offers efficiently forward privacy. Our schemes are parallizable and significantly improve the search and update complexity, as well as the memory access locality.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"187 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132431157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider performance of Linux Random Number Generator(RNG) in virtualized environments and ask, (i) if the emulated hardware can provide sufficient entropy sources for the RNG and, (ii) if the RNG output of the host and the guest are isolated. These are important questions because insufficient entropy results in {em entropy starvation}, and the lack of isolation results in the host and the guest RNG output to be correlated. We give detailed comparison of the Linux RNGs that run on a host and a guest in different settings. Our results show that, as expected, hosts have higher entropy sources available and generate entropy at a higher rate (entropy bit per second). We also show that generating disk activity at high rate on the guest results in a significant flow of events from the guest to the host that could possibly be exploited by an adversary to find the output of the host RNG by controlling the guest.
{"title":"Performance Analysis of Linux RNG in Virtualized Environments","authors":"R. Kumari, Mohsen Alimomeni, R. Safavi-Naini","doi":"10.1145/2808425.2808434","DOIUrl":"https://doi.org/10.1145/2808425.2808434","url":null,"abstract":"We consider performance of Linux Random Number Generator(RNG) in virtualized environments and ask, (i) if the emulated hardware can provide sufficient entropy sources for the RNG and, (ii) if the RNG output of the host and the guest are isolated. These are important questions because insufficient entropy results in {em entropy starvation}, and the lack of isolation results in the host and the guest RNG output to be correlated. We give detailed comparison of the Linux RNGs that run on a host and a guest in different settings. Our results show that, as expected, hosts have higher entropy sources available and generate entropy at a higher rate (entropy bit per second). We also show that generating disk activity at high rate on the guest results in a significant flow of events from the guest to the host that could possibly be exploited by an adversary to find the output of the host RNG by controlling the guest.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126607953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dennis Felsch, M. Heiderich, Frederic Schulz, Jorg Schwenk
The security gateway between an attacker and a user's private data is the Cloud Control Interface (CCI): If an attacker manages to get access to this interface, he controls the data. Several high-level data breaches originate here, the latest being the business failure of the British company Code Spaces. In such situations, using a private cloud is often claimed to be more secure than using a public cloud. In this paper, we show that this security assumption may not be justified: We attack private clouds through their rich, HTML5-based control interfaces, using well-known attacks on web interfaces (XSS, CSRF, and Clickjacking) combined with novel exploitation techniques for Infrastructure as a Service clouds.� We analyzed four open-source projects for private IaaS cloud deployment (Eucalyptus, OpenNebula, OpenStack, and openQRM) in default configuration. We were able to compromise the security of three cloud installations (Eucalyptus, OpenNebula, and openQRM) One of our attacks (OpenNebula) allowed us to gain root access to VMs even if full perimeter security is enabled, i.e. if the cloud control interface is only reachable from a certain segment of the company's network, and if all network traffic is filtered through a firewall.� We informed all projects about the attack vectors and proposed mitigations. As a general recommendation, we propose to make web management interfaces for private clouds inaccessible from the Internet, and to include this technical requirement in the definition of a private cloud.
{"title":"How Private is Your Private Cloud?: Security Analysis of Cloud Control Interfaces","authors":"Dennis Felsch, M. Heiderich, Frederic Schulz, Jorg Schwenk","doi":"10.1145/2808425.2808432","DOIUrl":"https://doi.org/10.1145/2808425.2808432","url":null,"abstract":"The security gateway between an attacker and a user's private data is the Cloud Control Interface (CCI): If an attacker manages to get access to this interface, he controls the data. Several high-level data breaches originate here, the latest being the business failure of the British company Code Spaces. In such situations, using a private cloud is often claimed to be more secure than using a public cloud. In this paper, we show that this security assumption may not be justified: We attack private clouds through their rich, HTML5-based control interfaces, using well-known attacks on web interfaces (XSS, CSRF, and Clickjacking) combined with novel exploitation techniques for Infrastructure as a Service clouds.\u0000 We analyzed four open-source projects for private IaaS cloud deployment (Eucalyptus, OpenNebula, OpenStack, and openQRM) in default configuration. We were able to compromise the security of three cloud installations (Eucalyptus, OpenNebula, and openQRM) One of our attacks (OpenNebula) allowed us to gain root access to VMs even if full perimeter security is enabled, i.e. if the cloud control interface is only reachable from a certain segment of the company's network, and if all network traffic is filtered through a firewall.\u0000 We informed all projects about the attack vectors and proposed mitigations. As a general recommendation, we propose to make web management interfaces for private clouds inaccessible from the Internet, and to include this technical requirement in the definition of a private cloud.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"110 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117212107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The k-nearest neighbors (k-NN) algorithm is a popular and effective classification algorithm. Due to its large storage and computational requirements, it is suitable for cloud outsourcing. However, k-NN is often run on sensitive data such as medical records, user images, or personal information. It is important to protect the privacy of data in an outsourced k-NN system. Prior works have all assumed the data owners (who submit data to the outsourced k-NN system) are a single trusted party. However, we observe that in many practical scenarios, there may be multiple mutually distrusting data owners. In this work, we present the first framing and exploration of privacy preservation in an outsourced k-NN system with multiple data owners. We consider the various threat models introduced by this modification. We discover that under a particularly practical threat model that covers numerous scenarios, there exists a set of adaptive attacks that breach the data privacy of any exact k-NN system. The vulnerability is a result of the mathematical properties of k-NN and its output. Thus, we propose a privacy-preserving alternative system supporting kernel density estimation using a Gaussian kernel, a classification algorithm from the same family as k-NN. In many applications, this similar algorithm serves as a good substitute for k-NN. We additionally investigate solutions for other threat models, often through extensions on prior single data owner systems.
{"title":"Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners","authors":"Frank H. Li, Richard Shin, V. Paxson","doi":"10.1145/2808425.2808430","DOIUrl":"https://doi.org/10.1145/2808425.2808430","url":null,"abstract":"The k-nearest neighbors (k-NN) algorithm is a popular and effective classification algorithm. Due to its large storage and computational requirements, it is suitable for cloud outsourcing. However, k-NN is often run on sensitive data such as medical records, user images, or personal information. It is important to protect the privacy of data in an outsourced k-NN system. Prior works have all assumed the data owners (who submit data to the outsourced k-NN system) are a single trusted party. However, we observe that in many practical scenarios, there may be multiple mutually distrusting data owners. In this work, we present the first framing and exploration of privacy preservation in an outsourced k-NN system with multiple data owners. We consider the various threat models introduced by this modification. We discover that under a particularly practical threat model that covers numerous scenarios, there exists a set of adaptive attacks that breach the data privacy of any exact k-NN system. The vulnerability is a result of the mathematical properties of k-NN and its output. Thus, we propose a privacy-preserving alternative system supporting kernel density estimation using a Gaussian kernel, a classification algorithm from the same family as k-NN. In many applications, this similar algorithm serves as a good substitute for k-NN. We additionally investigate solutions for other threat models, often through extensions on prior single data owner systems.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133916799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we describe the design, the implementation and the evaluation of a dynamic honeypot architecture which can be offered as an additional security service for cloud users in a cloud that offers Infrastructure-as-a-Service (IaaS). Honeypots can protect original systems while revealing new and unknown attacks at the same time. The proposed dynamic honeypot architecture detects potential attacks in the initial phases and delays these attacks until a new honeypot virtual machine (VM) is extracted from the original VM which is under attack. The extraction process is a modifying VM live cloning process which leaves sensible data behind and prevents internal data loss. This way, the newly created honeypot VM runs the same software in exactly the same up-to-date configuration. The honeypot controller redirects the delayed attack to the extracted honeypot VM and analyses its impact without risking the integrity of the original target VM. The proposed architecture benefits from the flexibility and adaptability of the cloud. It efficiently protects VMs of cloud users from contemporary network attacks while only few additional cloud resources are temporarily needed. The architecture deceives and misleads an attacker or an attacking source but does not influence the normal work-flow of the original VMs in the cloud. Based on a defined reporting format, cloud users can learn from attacks which have targeted their VMs and discover current misconfigurations and unknown vulnerabilities.
{"title":"Fast dynamic extracted honeypots in cloud computing","authors":"Sebastian Biedermann, M. Mink, S. Katzenbeisser","doi":"10.1145/2381913.2381916","DOIUrl":"https://doi.org/10.1145/2381913.2381916","url":null,"abstract":"In this paper, we describe the design, the implementation and the evaluation of a dynamic honeypot architecture which can be offered as an additional security service for cloud users in a cloud that offers Infrastructure-as-a-Service (IaaS). Honeypots can protect original systems while revealing new and unknown attacks at the same time. The proposed dynamic honeypot architecture detects potential attacks in the initial phases and delays these attacks until a new honeypot virtual machine (VM) is extracted from the original VM which is under attack. The extraction process is a modifying VM live cloning process which leaves sensible data behind and prevents internal data loss. This way, the newly created honeypot VM runs the same software in exactly the same up-to-date configuration. The honeypot controller redirects the delayed attack to the extracted honeypot VM and analyses its impact without risking the integrity of the original target VM. The proposed architecture benefits from the flexibility and adaptability of the cloud. It efficiently protects VMs of cloud users from contemporary network attacks while only few additional cloud resources are temporarily needed. The architecture deceives and misleads an attacker or an attacking source but does not influence the normal work-flow of the original VMs in the cloud. Based on a defined reporting format, cloud users can learn from attacks which have targeted their VMs and discover current misconfigurations and unknown vulnerabilities.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127352016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
User management services were one of the first to be offloaded to third party cloud vendors. Today, a large number of service providers rely on trusted identity providers for managing users and their resources. At the core of these interactions involving multiple providers are a set of web-based workflows that have emerged as de-facto standards. In this paper, we propose a framework especially addressing needs of analyzing security in such web protocols. To analyze trust between collaborating service providers on the web, we extend the well-known BAN logic. We study secrecy properties to examine security of user identity management across multiple domains, using a SAT based model-checking approach. The result is a hybrid approach that inherits simplicity and intuitive appeal of belief logics without being affected by soundness problems associated with these logics. We illustrate the method through analysis of a premier web identity management protocol where we use our method to automatically discover a new attack trace.
{"title":"Managing trust and secrecy in identity management clouds","authors":"Apurva Kumar","doi":"10.1145/2381913.2381933","DOIUrl":"https://doi.org/10.1145/2381913.2381933","url":null,"abstract":"User management services were one of the first to be offloaded to third party cloud vendors. Today, a large number of service providers rely on trusted identity providers for managing users and their resources. At the core of these interactions involving multiple providers are a set of web-based workflows that have emerged as de-facto standards. In this paper, we propose a framework especially addressing needs of analyzing security in such web protocols. To analyze trust between collaborating service providers on the web, we extend the well-known BAN logic. We study secrecy properties to examine security of user identity management across multiple domains, using a SAT based model-checking approach. The result is a hybrid approach that inherits simplicity and intuitive appeal of belief logics without being affected by soundness problems associated with these logics. We illustrate the method through analysis of a premier web identity management protocol where we use our method to automatically discover a new attack trace.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133783550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: