Gail-Joon Ahn scite author profile

Abstract-Provable data possession (PDP) is a technique for ensuring the integrity of data in storage outsourcing. In this paper, we address the construction of an efficient PDP scheme for distributed cloud storage to support the scalability of service and data migration, in which we consider the existence of multiple cloud service providers to cooperatively store and maintain the clients' data. We present a cooperative PDP (CPDP) scheme based on homomorphic verifiable response and hash index hierarchy. We prove the security of our scheme based on multiprover zero-knowledge proof system, which can satisfy completeness, knowledge soundness, and zero-knowledge properties. In addition, we articulate performance optimization mechanisms for our scheme, and in particular present an efficient method for selecting optimal parameter values to minimize the computation costs of clients and storage service providers. Our experiments show that our solution introduces lower computation and communication overheads in comparison with noncooperative approaches.

show abstract

Role-based authorization constraints specification

Ahn

Sandhu

2000

ACM Trans. Inf. Syst. Secur.

348

219

View full text Add to dashboard Cite

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principal motivations behind RBAC. Although the importance of constraints in RBAC has been recognized for a long time, they have not received much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL 2000 including its basic elements, syntax, and semantics. We give soundness and completeness proofs for RCL 2000 relative to a restricted form of first-order predicate logic. Also, we show how previously identified role-based authorization constraints such as separation of duty (SOD) can be expressed in our language. Moreover, we show there are other significant SOD properties that have not been previously identified in the literature. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of role-based authorization constraints.

show abstract

Deep Android Malware Detection

et al. 2017

View full text Add to dashboard Cite

In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly. CCS Concepts •Security and privacy → Malware and its mitigation; Software and application security; •Computing methodologies → Neural networks;

show abstract

Multiparty Access Control for Online Social Networks: Model and Mechanisms

Ahn

Jorgensen

2013

IEEE Trans. Knowl. Data Eng.

184

181

View full text Add to dashboard Cite

Abstract-Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide any mechanism to enforce privacy concerns over data associated with multiple users. To this end, we propose an approach to enable the protection of shared data associated with multiple users in OSNs. We formulate an access control model to capture the essence of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism. Besides, we present a logical representation of our access control model that allows us to leverage the features of existing logic solvers to perform various analysis tasks on our model. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide usability study and system evaluation of our method.

show abstract

Dynamic audit services for integrity verification of outsourced storages in clouds

et al. 2011

View full text Add to dashboard Cite

In this paper, we propose a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. Our audit service is constructed based on the techniques, fragment structure, random sampling and index-hash table, supporting provable updates to outsourced data, and timely abnormal detection. In addition, we propose a probabilistic query and periodic verification for improving the performance of audit services. Our experimental results not only validate the effectiveness of our approaches, but also show our audit system verifies the integrity with lower computation overhead, requiring less extra storage for audit metadata.

show abstract

A rule-based framework for role-based delegation and revocation

Zhang

Ahn

Chu

2003

ACM Trans. Inf. Syst. Secur.

163

132

View full text Add to dashboard Cite

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most systems have attempted to resolve such delegation requirements with ad-hoc mechanisms by compromising existing disorganized policies or simply attaching additional components to their applications. Still, there is a strong need in the large, distributed systems for a mechanism that provides effective privilege delegation and revocation management. This paper describes a rule-based framework for role-based delegation and revocation. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to others to carry out some functions authorized to the former. We present a role-based delegation model called RDM2000 (role-based delegation model 2000) supporting hierarchical roles and multistep delegation. Different approaches for delegation and revocation are explored. A rulebased language for specifying and enforcing policies on RDM2000 is proposed. We describe a proofof-concept prototype implementation of RDM2000 to demonstrate the feasibility of the proposed framework and provide secure protocols for managing delegations. The prototype is a web-based application for law enforcement agencies allowing reliable delegation and revocation. The future directions are also discussed.

show abstract

Access control in collaborative systems

et al. 2005

View full text Add to dashboard Cite

Balancing the competing goals of collaboration and security is a difficult, multidimensional problem. Collaborative systems often focus on building useful connections among people, tools, and information while security seeks to ensure the availability, confidentiality, and integrity of these same elements. In this article, we focus on one important dimension of this problem---access control. The article examines existing access control models as applied to collaboration, highlighting not only the benefits, but also the weaknesses of these models.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Gail-Joon Ahn

Security and Privacy Challenges in Cloud Computing Environments

Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage

Role-based authorization constraints specification

Deep Android Malware Detection

Multiparty Access Control for Online Social Networks: Model and Mechanisms

Dynamic audit services for integrity verification of outsourced storages in clouds

A rule-based framework for role-based delegation and revocation

Access control in collaborative systems

Contact Info

Product

Resources

About