Data Outsourcing Simplified: Generating Data Connectors from Confidentiality and Access Policies

Jünemann, Konrad; Kohler, Jens; Hartenstein, Hannes

doi:10.1109/ccgrid.2012.117

Cited by 7 publications

(13 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This methodology is also applied in other publications [14,19]. However, the application domains differ significantly from the problem at hand.…”

Section: Related Workmentioning

confidence: 94%

“…The choice which store to add in each step depends on the benefit for adding the store (cf. line [8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24]. The store's benefit is calculated by dividing the gain in key-availability ∆a by the gain in key-vulnerability ∆v that would result from adding the current bundle including the store to the solution.…”

Section: Maxavail Heuristicmentioning

confidence: 99%

“…Furthermore, especially when facing the cloud computing paradigm or outsourcing scenarios in general, stronger secrets like cryptographic keys for encryption [14] or authentication [17,18,29] need to be managed. From a user's perspective it is hard to keep track of those secrets because of the quantity of password credentials and due to cryptographic keys not being made for being memorable.…”

Section: Introductionmentioning

confidence: 99%

“…This process is repeated until curP rec falls below the required precision prec (line 4). Once the algorithm terminates, the last key fragments distribution that adhered to the key-availability boundary condition of the original problem is returned (lines 8,14).…”

mentioning

confidence: 99%

See 3 more Smart Citations

User-centric management of distributed credential repositories

Kohler

Mittag

Hartenstein

2013

Proceedings of the 18th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

To relieve users of the burden to memorize and manage their credentials while allowing for seamless roaming between various end devices, the idea of so-called credential repositories that store credentials for users came to attention. Both the risk of the credential repository being unavailable and the risk of the credentials becoming compromised are managed by the party that hosts the credential repository and that has to be trusted by the user. Removing the need for a trust relationship to a single party implies that users have to manage the risks themselves, for instance, by splitting the credentials across multiple systems/parties. However, if the systems differ in terms of availability and vulnerability, determining a suitable splitting strategy to manage the tradeoff between credential availability and vulnerability constitutes a complex problem. In this paper we present CREDIS, an approach that supports the user in building a credential repository based on heterogeneous systems that differ in terms of vulnerability and availability. CREDIS enables users to specify requirements on the availability and the vulnerability of the distributed credential repository and determines an optimal strategy on how to split secrets across the heterogeneous systems. We prove the NP-hardness of finding an optimal strategy, introduce an approach based on Integer Linear Programming to find optimal strategies for medium sized scenarios and propose heuristics for larger ones. We show that the CREDIS approach yields a reasonably secure and available credential repository even when the distributed repository is built based on low-grade devices or systems.

show abstract

“…This methodology is also applied in other publications [14,19]. However, the application domains differ significantly from the problem at hand.…”

Section: Related Workmentioning

confidence: 94%

Section: Maxavail Heuristicmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

User-centric management of distributed credential repositories

Kohler

Mittag

Hartenstein

2013

Proceedings of the 18th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

show abstract

“…Approaches for integrating CPIs have been proposed [7,8,45], however, further exploration of the potential of the symbiotic effects between CPIs with regard to security and performance is another interesting future research challenge.…”

Section: Key Conclusion and Future Workmentioning

confidence: 99%

Confidential database-as-a-service approaches: taxonomy and survey

2015

Self Cite

View full text Add to dashboard Cite

Outsourcing data to external providers has gained momentum with the advent of cloud computing. Encryption allows data confidentiality to be preserved when outsourcing data to untrusted external providers that may be compromised by attackers. However, encryption has to be applied in a way that still allows the external provider to evaluate queries received from the client. Even though confidential database-as-a-service (DaaS) is still an active field of research, various techniques already address this problem, which we call confidentiality preserving indexing approaches (CPIs). CPIs make individual tradeoffs between the functionality provided, i.e., the types of queries that can be evaluated, the level of protection achieved, and performance. In this paper, we present a taxonomy of requirements that CPIs have to satisfy in deployment scenarios including the required functionality and the required level of protection against various attackers. We show that the taxonomy's underlying principles serve as a methodology to assess CPIs, primarily by linking attacker models to CPI security properties. By use of this methodology, we survey and assess ten previously proposed CPIs. The resulting CPI catalog can help the reader who would like to build DaaS solutions to facilitate DaaS design decisions while the proposed taxonomy and methodology can also be applied to assess upcoming CPI approaches.

show abstract

Index Optimization for L-Diversified Database-as-a-Service

Kohler

Hartenstein

2015

Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance

View full text Add to dashboard Cite

Data Outsourcing Simplified: Generating Data Connectors from Confidentiality and Access Policies

Cited by 7 publications

References 15 publications

User-centric management of distributed credential repositories

User-centric management of distributed credential repositories

Confidential database-as-a-service approaches: taxonomy and survey

Index Optimization for L-Diversified Database-as-a-Service

Contact Info

Product

Resources

About