Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality

Kurek, Tytus; Niemiec, Marcin; Lasoń, Artur

doi:10.1007/s10207-015-0292-y

Cited by 7 publications

(11 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This model is not complete for the SecaaS services, however. It was shown by the authors that the original structure of the security policy can be restored by the CSP by eavesdropping and performing an analysis of the traffic flowing between the public and private clouds . To preserve the privacy of the customer, it is then insufficient to maintain the confidentiality of its security policy.…”

Section: Privacy Modelmentioning

confidence: 99%

“…Liu on the example of the stateless firewall service. Further remarks on these studies following a detailed description of the architecture and operations of BF were given by the authors . None of these works, however, considered using ciphered decisions to eliminate the risk of information leakage and generalizing the framework such that it could be used for the purpose of hosting other kinds of cloud‐based security services.…”

Section: Uniprivmentioning

confidence: 99%

“…Moreover, in the case of the Transmission Control Protocol (TCP) connections, the return traffic also carries information regarding the original structure of the security policy. This problem was studied by the authors . Of the three solutions proposed, two are suitable for use in the UNIPRIV.…”

Section: Uniprivmentioning

confidence: 99%

“…It was shown by the authors that the original structure of the security policy can be restored by the CSP by eavesdropping and performing an analysis of the traffic flowing between the public and private clouds. 16 To preserve the privacy of the customer, it is then insufficient to maintain the confidentiality of its security policy. The system also has to prevent eavesdropping or ensure that the traffic flowing between the clouds carries no information regarding the security policy in use.…”

Section: Data Confidentiality In Hybrid Cloudsmentioning

confidence: 99%

See 3 more Smart Citations

Universal privacy‐preserving platform for SecaaS services

et al. 2017

Self Cite

View full text Add to dashboard Cite

Summary With the rapid growth of the Security‐as‐a‐Service market, concerns about privacy in exposing customer security policies to Cloud Service Providers have become critical. To resolve these issues, several solutions have been proposed over the past few years, each for a different kind of security service. However, as the number of security services outsourced into a cloud continues to grow, the need for a unified solution has become significant. This article introduces and presents a universal privacy‐preserving platform for SecaaS services that is based on a hybrid cloud architecture for maintaining the confidentiality of the customer's security policy. It is shown that this platform can be applied to all security services whose security policies can be represented in the form of a decision tree. This includes the vast majority of existing cloud‐based security services. With the small number of computationally‐expensive operations performed in a private cloud, the solution also does not require the implementation of a performant security engine on the customer's premises, allowing full advantage to be taken of private cloud offloading. It is also shown that the platform achieves better performance results than other existing solutions of this type. These findings were confirmed by experimental results.

show abstract

Section: Privacy Modelmentioning

confidence: 99%

Section: Uniprivmentioning

confidence: 99%

Section: Uniprivmentioning

confidence: 99%

Section: Data Confidentiality In Hybrid Cloudsmentioning

confidence: 99%

See 2 more Smart Citations

Universal privacy‐preserving platform for SecaaS services

et al. 2017

Self Cite

View full text Add to dashboard Cite

show abstract

“…We work towards implementing security mechanisms in a cloud computing infrastructure composed of public and private resources. Our research in the area of secure hybrid cloud infrastructure [28] is coordinated with the GETB-AR design, implementation and configuration. Public cloud infrastructure is composed of all DC nodes established in the GETB-AR testbed, private cloud computing resources are represented by all virtual machines attached to network nodes.…”

Section: Green Traffic Engineering Testbed -Anycast Routing (Getb-ar)mentioning

confidence: 99%

Designing and building SDN testbeds for energy-aware traffic engineering services

et al. 2017

View full text Add to dashboard Cite

As experimenting with energy-aware techniques on large-scale production infrastructure is prohibitive, a large number of proposed traffic-engineering strategies have been evaluated only using discrete-event simulations. The present work discusses (i) challenges towards building testbeds that allow researchers and practitioners to validate and evaluate the performance and quality of energy-aware traffic-engineering strategies, (ii) requirements to fulfill when porting simulations to testbeds, and (iii) two proof-of-concept testbeds. One testbed uses and provides Software-Defined Network (SDN) services created on the Open Network Operating System (ONOS) while the other is a composition of virtual Open vSwitches (OVS) controlled by the Ryu SDN framework. The aim of the testbeds is to validate previously proposed energy-aware traffic engineering strategies in different environments. We detail the platforms and illustrate how they have been used for performance evaluation. Additionally, the paper compares results obtained in the testbeds with evaluations performed using discrete-event simulations and presents challenges faced while implementing energyaware traffic engineering mechanisms as SDN services in testbed environments.

show abstract

Impact of Bloom Filters on Security and Efficiency of SecaaS Services

Mencner

Niemiec

2020

Communications in Computer and Information Science

View full text Add to dashboard Cite

Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality

Cited by 7 publications

References 11 publications

Universal privacy‐preserving platform for SecaaS services

Universal privacy‐preserving platform for SecaaS services

Designing and building SDN testbeds for energy-aware traffic engineering services

Impact of Bloom Filters on Security and Efficiency of SecaaS Services

Contact Info

Product

Resources

About