Secure Data Management

In this talk we explored the economics of cloud computing. We identified cost trade-offs and postulated the key principles of cloud outsourcing that define when cloud deployment is appropriate and why. The results may surprise and are especially interesting in understanding cyber- security aspects that impact the appeal of clouds.

We outlined and investigated some of the main research challenges on optimizing for these trade-offs. If you came to this talk you were also very likely to find out exactly how many US dollars you need to spend to break your favorite cipher, or send one of your bits over the network.

The proliferation of web-based applications and information systems, and recent trends such as cloud computing and outsourced data management, have increased the exposure of data and made security more difficult. In this paper we briefly discuss open issues, such as data protection from insider threat and how to reconcile security and privacy, and outline research directions.

This article puts forth a number of research challenges that need to be overcome to secure the future digital world and protect the people living in it.

The goals of this brief note are to describe some of the research progress that has been made to date and elaborate on the fundamental challenges facing the research community in security and privacy of data stored in a cloud.

This paper reflects on the state of the art in cryptology and information security. It considers the main achievements and shortcomings of research and identifies the major challenges for the future. It explores which research approaches have a high potential to evolve from academic ideas to practical solutions. The paper concludes by discussing how the deployment of more secure and reliable IT systems requires a complete re-engineering including new architectures; it also sketches the broader societal context of such a redesign.

In 2004 the series of annual Secure Data Management workshops as part of VLDB began, so SDM can now celebrate its 10^th edition. It is less clear, when research in the area of security began; even for ICT security this is unclear. One could claim, that security research started thousands of years ago, when the original Trojan Horse was designed. While one can probably find even earlier references to research on security issues, referring to the Trojan Horse can also take its justification from the fact, that the original Trojan Horse lead to a decisive end of a security issue after about 10 years. In any case it illustrates, that already several millennia of thinking (or not-thinking) were spent on the issue. Therefore this text starts with a description of relevant goals (1) as well as technical and other trends (2). Then (3) relevant instruments for ICT security are derived from the goals and trends. These instruments are not necessarily new but important for research due to their relevance in general or due to their high number of relevant open questions.

Security researchers identified 15 years ago that passwords create too much of a burden on users. But despite much research activity on alternative authentication mechanisms, there has been very little change for users in practice, and the implications for individual and organisations productivity are now severe. I argue that - rather than looking for alternative ‘front-end’ solutions, we must re-think the nature of authentication: we must drastically reduce the number of explicit authentication events users have to participate in, and use advanced technologies to implicitly authenticate users, without disrupting their productive activity.

Security research aims at reducing the risk and consequences of attacks on information technology. Based on the projection of current trends, this vision paper makes an attempt at identifying potential security research challenges for the next 10 years. Examples of identified challenges are the trend to have pervasive computing in tiny devices, to collect and analyze data from these devices and other sources, and to increase the connection between IT and physical systems.

With the advent of cloud computing, data and computation outsourcing is fast emerging as a dominant trend for both individual users for personal data management as well as for enterprises wishing to exploit the cloud to limit investment and costs in IT. A fundamental challenge that arises when entities outsource data is the “loss of control over data”. The paper focuses on the privacy and confidentiality implications of loss of control. Techniques/mechanisms to ensure data confidentiality have been studied in the literature in the context of database as a service (DAS). The paper identifies new opportunities and challenges that arise in the context of the cloud. In particular, the paper advocates a risk-based approach to data security in the context of cloud computing.

Secure and reliable Internet of Things (IoT) presents the main challenges to face for sustainable and efficient IoT ecosystems based on privacy-aware systems. In this paper we present a concise description of such challenges.

This paper reflects on security, privacy and trust from the point of you of the innovation in information and communication technologies. It also considers social, economic and legal aspects that need to be taken into account in the development cycles of new technologies. Finally, the major research challenges, which need to be overcome to ensure the future of the digital world, protect people privacy and enable even more rapid innovation, have been discussed.

Big Data technologies are changing the traditional technology domains and their successful use will require new security models and new security design approaches to address emerging security challenges. This paper intends to provide initial analysis of the security issues and challenges in Big Data and map new challenges and problems to the traditional security domains and technologies. The paper starts with the Big Data definition and discusses the features that impact the most the Big Data security, such as Veracity, Volume, Variety, and dynamicity. The paper analyses the paradigm change and new challenges to Big Data security. The paper refers to the generic Scientific Data Infrastructure (SDI) model and discusses security services related to the proposed Federated Access and Delivery Infrastructure (FADI) that serves as an integration layer for potentially multi-provider multi-domain federated project oriented services infrastructure. The paper provides suggestions for practical implementation of such important security infrastructure components as federated access control and identity management, fine-grained data-centric access control policies, and the Dynamic Infrastructure Trust Bootstrap Protocol (DITBP) that allows deploying trusted remote virtualised data processing environment. The paper refers to the past and ongoing project experience by authors and discusses how this experience can be consolidated to address new Big Data security challenges identified in this paper.

Encrypting data at rest has been one of the most common ways to protect the database data against honest but curious adversaries. In the literature there are more than a dozen mechanisms proposed on how to encrypt data to achieve different levels of confidentiality. However, a database system is more than just data. An inseparable aspect of a database system is its interaction with the users through queries. Yet, a query-enhanced adversary model that captures the security of user interactions with the encrypted database is missing. In this paper, we will first revisit a few well-known adversary models on the data encryption schemes. Also, to model the query-enhanced adversaries we additionally need new tools, which will be formally defined. Eventually, this paper introduces query-enhanced adversary models which additionally have access to the query logs or interact with the database in different ways. We will prove by reduction that breaking a cryptosystem by a query-enhanced adversary is at least as difficult as breaking the cryptosystem by a common adversary.

Privacy-preserving query processing (PPQP) techniques are increasingly important in collaborative scenarios, where users need to execute queries on large amount of data shared among different parties who do not want to disclose private data to the others. In many cases, secure multi-party computation (SMC) protocols can be applied, but the resulting solutions are known to suffer from high computation and communication costs. In this paper, we describe a scalable protocol for performing queries in distributed data while respecting the data owners’ privacy. Our solution is applicable both to equality and range queries, and relies on a bucketization technique in order to reduce time complexity. We show the effectiveness of our approach through theoretical and practical analysis.

Social networks are becoming increasingly popular nowadays. Users share personal information about themselves and other users in order to build and maintain their social network. However, the large amount of personal information available on social networks poses risks of data misuse. Although social networks offer users the possibility to specify privacy settings to regulate access to their information, these settings are often complicated and unintuitive, especially when dealing with new modalities of social communication like tagging. In this paper we investigate the privacy consequences of information sharing in social networks. In particular, we formally analyze the impact of the privacy settings and the use of tagging in Facebook on the visibility of information. To increase users’ awareness of the risks of information sharing and empower users to control their information, we present a tool for determining the visibility of users’ information based on their privacy settings and tagging.