Visible to the public Biblio

Filters: Keyword is Deterence  [Clear All Filters]
2018-05-24
Veloudis, Simeon, Paraskakis, Iraklis, Petsos, Christos.  2017.  Ontological Definition of Governance Framework for Security Policies in Cloud Environments. Proceedings of the 21st Pan-Hellenic Conference on Informatics. :12:1–12:6.

The cloud computing paradigm enables enterprises to realise significant cost savings whilst boosting their agility and productivity. However, security and privacy concerns generally deter enterprises from migrating their critical data to the cloud. One way to alleviate these concerns, hence bolster the adoption of cloud computing, is to devise adequate security policies that control the manner in which these data are stored and accessed in the cloud. Nevertheless, for enterprises to entrust these policies, a framework capable of providing assurances about their correctness is required. This work proposes such a framework. In particular, it proposes an approach that enables enterprises to define their own view of what constitutes a correct policy through the formulation of an appropriate set of well-formedness constraints. These constraints are expressed ontologically thus enabling–-by virtue of semantic inferencing–- automated reasoning about their satisfaction by the policies.

2018-03-19
Chiesa, Marco, Demmler, Daniel, Canini, Marco, Schapira, Michael, Schneider, Thomas.  2017.  SIXPACK: Securing Internet eXchange Points Against Curious onlooKers. Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies. :120–133.

Internet eXchange Points (IXPs) play an ever-growing role in Internet inter-connection. To facilitate the exchange of routes amongst their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced by interaction with IXP administrators and a survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design Sixpack1, an RS service that leverages Secure Multi-Party Computation (SMPC) to keep peering policies confidential, while extending, the functionalities of today's RSes. As SMPC is notoriously heavy in terms of communication and computation, our design and implementation of Sixpack aims at moving computation outside of the SMPC without compromising the privacy guarantees. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that Sixpack can scale to support privacy-preserving route-computation, even at IXPs with many hundreds of member networks.