Structural cloud audits that protect private information

Xiao, Hongda; Ford, Bryan; Feigenbaum, Joan

doi:10.1145/2517488.2517493

Cited by 9 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhai et al [38] proposed a structural reliability auditor, which discovers dependencies between cloud components. This was later extended by Xiao et al [37] to achieve this privately in secure multi-party computation (SMPC). Their work argues over the dependency graph of cloud components, a data structure which can be directly implemented in the graph signature scheme presented here.…”

Section: Related Workmentioning

confidence: 99%

“…Consequently, cloud security assurance sought to establish structural properties of virtual infrastructures for isolation and deployment patterns [4,3] as well as for hidden dependency graphs [38,37]. Our own work with an infrastructure cloud and auditing system provider similarly indicates that structural security properties and a projection of trust from an auditing system to a provider are deemed important.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Groß

2014

Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security

View full text Add to dashboard Cite

Digital signature schemes are a foundational cryptographic building block in certification and the projection of trust. Based on a signature scheme on committed graphs, we propose a framework of certification and proof methods to sign topology graphs and to prove properties of their certificates in zero-knowledge. This framework allows an issuer, such as an auditing system, to sign the topology representation of an infrastructure. The prover, such as an infrastructure provider, can then convince a verifier of topology properties including connectivity and isolation without disclosing the blueprint of the topology itself. By that, we can certify the structure of critical systems while still maintaining confidentiality. We offer zero-knowledge proofs of knowledge for a general specification language of security goals for virtualized infrastructures such that high-level security goals can be proven over topology certificates. We offer an efficient and practical construction, built upon the Camenisch-Lysyanskaya signature scheme [11], honest-verifier proofs and the strong RSA assumption.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Groß

2014

Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security

View full text Add to dashboard Cite

show abstract

“…They demonstrated the practicality of their system by implementing it, which also showed the lack of privacy measures for the data that is being used. Xiao et al [19] fixed the issue by adding a privacy aspect to the SRA system. They re-engineered the 3-step process of Ref.…”

Section: Related Workmentioning

confidence: 99%

Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms

Fall

Okuda

Kadobayashi

et al. 2015

Journal of Information Processing

View full text Add to dashboard Cite

Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users' data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud computing administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously mentioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers.

show abstract

“…They demonstrated the practicality of their system by implementing it, which also showed the lack of privacy measures for the data that is being used. Xiao et al [13] fixed the issue by adding a privacy aspect to the SRA system. They re-engineered the 3-step process of [12]'work by adding privacy to each step and using Secure Multi-Party Computation (SMPC).…”

Section: Related Workmentioning

confidence: 99%

Towards a Vulnerability Tree Security Evaluation of OpenStack’s Logical Architecture

Fall

Okuda

Kadobayashi

et al. 2014

Trust and Trustworthy Computing

View full text Add to dashboard Cite

Abstract. Cloud computing's rapid development has favored the emergence of many other technologies like OpenStack, which is the most popular open-source cloud management software. OpenStack has received a lot of praise lately thanks to its ease of use and its vibrant community, but it has also started garnering attention in the national vulnerability database. Furthermore, OpenStack has a logical architecture in which, the degree of interconnectedness within and between the components is a source of many security concerns. To prevent the damages that can be caused by the combination of these security issues, we proposed a vulnerability tree security analysis of OpenStack's logical architecture that allowed us to generate ready-to-use vulnerability trees of the major services or components of the architecture. We also suggested an amendment of OpenStack's vulnerability naming, because the current naming does not cope well with our proposal.

show abstract

Structural cloud audits that protect private information

Cited by 9 publications

References 18 publications

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms

Towards a Vulnerability Tree Security Evaluation of OpenStack’s Logical Architecture

Contact Info

Product

Resources

About