Trusted Block as a Service: Towards Sensitive Applications on the Cloud

Hao, Jianan; Cai, Wentong

doi:10.1109/trustcom.2011.13

Cited by 7 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, the loss function of Adaboost will be modified to consider the classification costs. Moreover, we will also investigate the application of the proposed algorithm to information security [41,43,53,42,41,52,18], bioinformatics [40,24,57], medial imaging [56,55,54], computer vision [38,23,22,36,37,19,17,46,44,45,15], reinforcement learning [27,28], cloud computing [50,51] and microprocessor reliability modeling [8,6,7,5,59,61,60].…”

Section: Discussionmentioning

confidence: 99%

Online classifier adaptation for cost-sensitive learning

Zhang

García

2015

Neural Comput & Applic

View full text Add to dashboard Cite

In this paper, we propose the problem of online cost-sensitive classifier adaptation and the first algorithm to solve it. We assume we have a base classifier for a cost-sensitive classification problem, but it is trained with respect to a cost setting different to the desired one. Moreover, we also have some training data samples streaming to the algorithm one by one. The problem is to adapt the given base classifier to the desired cost setting using the steaming training samples online. To solve this problem, we propose to learn a new classifier by adding an adaptation function to the base classifier, and update the adaptation function parameter according to the streaming data samples. Given a input data sample and the cost of misclassifying it, we update the adaptation function parameter by minimizing cost weighted hinge loss and respecting previous learned parameter simultaneously. The proposed algorithm is compared to both online and off-line cost-sensitive algorithms on two cost-sensitive classification problems, and the experiments show that it not only outperforms them one classification performances, but also requires significantly less running time.

show abstract

Section: Discussionmentioning

confidence: 99%

Online classifier adaptation for cost-sensitive learning

Zhang

García

2015

Neural Comput & Applic

View full text Add to dashboard Cite

show abstract

“…These include cryptography solutions and secure multi-party computation, which has the aim to create methods for parties to ensure a secure collaboration and process information while keeping identities private (Prabhakaran and Sahai, 2013). Hao and Cai (2011) proposed a cloud model to provide “a confidential and verifiable environment for each sensitive application”. Generic technical solutions also exist, such as access controls solutions (Chen et al , 2007; Santos-Pereira et al , 2013) and virus propagation models (Yuan et al , 2009).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Colicchia

Creazza

Menachof

2019

SCM

View full text Add to dashboard Cite

The increasing level of connectivity is transforming supply chains, and it creates new opportunities but also new risks in the cyber space. Hence, cyber supply chain risk management (CSCRM) is emerging as a new management construct. The purpose of this paper is to explore how companies approach the management of cyber and information risks in their supply chain, what initiatives they adopt to this aim, and to what extent along the supply chain. The ultimate aim is to help organizations in understanding and improving the CSCRM process and cyber resilience in their supply chains. Design/methodology/approach: This research relied on a qualitative approach based on a comparative case study analysis involving five large multinational companies with headquarters, or branches, in the UK. Findings: Results highlight the importance for CSCRM to shift the viewpoint from the traditional focus on companies' internal information technology infrastructure, able to "firewall themselves" only, to the whole supply chain with a cross-functional approach; initiatives for CSCRM are mainly adopted to "respond" and "recover" without a well-rounded approach to supply chain resilience for a long-term capacity to adapt to changes according to an evolutionary approach. Initiatives are adopted at a firm/dyadic level, and a network perspective is missing. Research limitations/implications: This paper extends the current theory on cyber and information risks in supply chains, as a combination of supply chain risk management and resilience, and information risk management. It provides an analysis and classification of cyber and information risks, sources of risks and initiatives to managing them according to a supply chain perspective, along with an investigation of their adoption across the supply chain. It also studies how the concept of resilience has been deployed in the CSCRM process by companies. By laying the empirical foundations of the subject, our study stimulates further research on the challenges and drivers of initiatives and coordination mechanisms for CSCRM at a supply chain network level. Practical implications: Results invite companies to break the "silos" of their activities in CSCRM, embracing the whole supply chain network for better resilience. The adoption of information technology security initiatives should be combined with organizational ones and extended beyond the dyad. Where applicable, initiatives should be bi-directional to involve supply chain partners, remove the typical isolation in the CSCRM process, and leverage the value of information. Decisions on investments in CSCRM should involve also supply chain managers according to a holistic approach. Originality/value: A supply chain perspective in the existing scientific contributions is missing in the management of cyber and information risk. This is one of the first empirical studies dealing with this interdisciplinary subject, focusing on risks that are now very high in the companies' agenda, but still overlooked. It contributes to theory on information risk ...

show abstract

“…For example, in (Correia, 2012), a Trusted Virtualization Environment (TVE) has been proposed, leveraging TPM technologies to allow remote users check the software stack of a remote physical machine before deploying their VMs. However, TPMs provide no guarantees when bugs that can cause leakage of confidential information are present in the TCB (Hao and Cai, 2011). In (Keller et al, 2010), NoHype was presented, an architecture where the hypervisor is removed and the VMs have direct control on system resources that are automatically reserved to each of them.…”

Section: Related Workmentioning

confidence: 99%

Confidential Execution of Cloud Services

Cucinotta

Cherubini²,

Jul

2014

Proceedings of the 4th International Conference on Cloud Computing and Services Science

View full text Add to dashboard Cite

In this paper, we present Confidential Domain of Execution (CDE), a mechanism for achieving confidential execution of software in an otherwise untrusted environment, e.g., at a Cloud Service Provider. This is achieved by using an isolated execution environment in which any communication with the outside untrusted world is forcibly encrypted by trusted hardware. The mechanism can be useful to overcome the challenging issues in guaranteeing confidential execution in virtualized infrastructures, including cloud computing and virtualized network functions, among other scenarios. Moreover, the proposed mechanism does not suffer from the performance drawbacks typical of other solutions proposed for secure computing, as highlighted by the presented novel validation results.

show abstract

Trusted Block as a Service: Towards Sensitive Applications on the Cloud

Cited by 7 publications

References 10 publications

Online classifier adaptation for cost-sensitive learning

Online classifier adaptation for cost-sensitive learning

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Confidential Execution of Cloud Services

Contact Info

Product

Resources

About