SlideShare a Scribd company logo

Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds

PRISMACLOUD Project
PRISMACLOUD Project

Thomas Länger (University of Lausanne) presented "Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds" at the 4th Annual Privacy Forum organised by ENISA on 7th - 8th September in Frankfurt, Germany!

Internet
1 of 16
Download to read offline
Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds Annual Privacy Forum 2016, Frankfurt/Main, 7. September 2016 Thomas L¨anger (A) thomas.laenger@unil.ch Henrich C. P¨ohls (B) hp@sec.uni-passau.de Solange Ghernaouti (A) sgh@unil.ch (A) Universit´e de Lausanne; (B) Universit¨at Passau Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 1 / 16
Overview of the Talk Horizon 2020 Project PRISMACLOUD: Relation to current topical “cloud landscape” Project goals and Plans and strategies to reach them Design Patterns and Cloud Security Patterns: What they are How and for what we use patterns in the project Specific patterns corresponding to PRISMACLOUD functionalities Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 2 / 16
Project PRISMACLOUD is part of HORIZON 2020 WORK PROGRAMME 2014–2015: Information and Communication Technologies Calls ICT 32 – 2014: Cybersecurity, Trustworthy ICT; Program Scope: Security-by-design for end-to-end security Cryptography Expected impact new design and implementation paradigms at marginal additional cost provide built-in privacy and security increase user trust and privacy protection; empower user control (and detection) provide more resilience for critical infrastructures Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 3 / 16
Motivation / Intention Cryptography is not widely used in current cloud offerings Use cryptography to address and mitigate several of the most common security threats and privacy threats in current cloud offerings Use a security by design/privacy by design approach and build the cryptography into the heart of the services from the start Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 4 / 16
Methodology Survey existing cryptographic primitives and protocols that can be applied in a cloud context—according to their Technology Readiness Level (TRL) Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 5 / 16
Methodology Select primitives which can probably be advanced to TRL7 (i.e. “system prototype demo in operational environment”) during timeframe of the project; Provide an implementation, as a “kit of configurable tools”, completely encapsulating the cryptographic functions; Provide a reference implementations for sample cloud services using the tools; Validate (services and tools) in three real-world applications in the fields of Smart Cities, e-Health, and e-Government. Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 6 / 16
PRISMACLOUD Architecture Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 7 / 16
Zoom Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 8 / 16
PRISMACLOUD Architecture structures and categorises technical outcomes, improves service development process, provides project context for r&d activities Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 9 / 16
The Project also has a Development Methodology. . . “secure software development lifecycle” “derive requirements, translate requirements, and map to model” from top to bottom “proof security, deploy tool, and extract capabilities” from bottom to top Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 10 / 16
Cloud Security Patterns Cloud security patterns are used for describing typical situations where information security and privacy problems occur—and which cryptographic functionalities can be applied to mitigate these problems. Cloud security patterns are an application of design patterns, which again describe re-usable, proven solutions (with the help of proposed “building blocks”) for recurring problems A design pattern is characterised according to categories, like, name of pattern, context, intention, problem, solution, consequences of their application. Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 11 / 16
Cloud Security Patterns... ...are descriptive rather than normative communicate often conflicting security requirements of different involved parties make people aware of contradictory aspects support a discussion process describe generative solutions to common design contentions support a security by design approach Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 12 / 16
“Re-using” Patterns in PRISMACLOUD 1. In the requirements work package (first project year) we established the first version of generic cloud security patterns: to describe situations where security and privacy problems generally occur we (approximately) intended to cover these situation with particular cryptographic technology 2. Later on, these patterns were used in support of the development of the PRISMACLOUD architecture (beginning project year 2). Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 13 / 16
Use of Patterns in PRISMACLOUD II 3. Currently, we are modifying the design pattern technique itself—we want to abandon the commonly used generic nature of design patterns—and use them for explicitly specifying the capabilities of the proposed services and tools for end users. 4. We also intend to use the “new patterns” for specifying the setting of configuration parameters of the sample services for specific end user requirements (service level agreement–SLA). Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 14 / 16
PRISMACLOUD Patterns - Synopsis Field 1: Data Storage in the Cloud P1: Secure cloud storage by default P2: Moving a legacy application’s database to the cloud Field 2: User Privacy Protection and Data Minimisation P3: Non-identifiable and untrackable use of a cloud service P4: Minimise exposure of private data during authenticat. in the cloud P5: Big data anonymisation Field 3: Authentication of Stored and Processed Data P6: Protect the authenticity of a data set and possible subsets P7: Authorise controlled subsequent modifications of signed data P8: Controlling the correctness of delegated computations P9: Controlling your virtual infrastructures Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 15 / 16
For details on the patterns/secure cloud services/tools refer to: Publication (T. L¨anger et al.) in the APF2016 Proceedings “PRISMACLOUD Tools: A Cryptographic Toolbox for Increasing Security in Cloud Services” (Publication by Lor¨unser, Slamanig, L¨anger, P¨ohls; in: Proceedings of the ARES 2016 conf; to be published on IEEEXPLORE Sept. 2016 please email me – I’ll send you a preprint copy! Project deliverables and pubs on https://prismacloud.eu Thanks for your Attention! thomas.laenger@unil.ch Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 16 / 16

Recommended

7
77
7
IMPULSE_TECHNOLOGY
 
Thesis Topics in Communication Engineering
Thesis Topics in Communication EngineeringThesis Topics in Communication Engineering
Thesis Topics in Communication Engineering
PhD Direction
 
Access Control & Encryption In Cloud Environments
Access Control & Encryption In Cloud EnvironmentsAccess Control & Encryption In Cloud Environments
Access Control & Encryption In Cloud Environments
James Wernicke
 
Session 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion session
Session 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion sessionSession 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion session
Session 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion session
EUBrasilCloudFORUM .
 
Cloudsim Projects With Source Code
Cloudsim Projects With Source CodeCloudsim Projects With Source Code
Cloudsim Projects With Source Code
PhD Direction
 
Proximity aware local-recoding anonymization with map reduce for scalable big...
Proximity aware local-recoding anonymization with map reduce for scalable big...Proximity aware local-recoding anonymization with map reduce for scalable big...
Proximity aware local-recoding anonymization with map reduce for scalable big...
Nexgen Technology
 
PhD Projects in Cybersecurity Research Ideas
PhD Projects in Cybersecurity Research IdeasPhD Projects in Cybersecurity Research Ideas
PhD Projects in Cybersecurity Research Ideas
PhD Services
 
PhD Projects in Dependable Secure Computing Research Topics
PhD Projects in Dependable Secure Computing Research TopicsPhD Projects in Dependable Secure Computing Research Topics
PhD Projects in Dependable Secure Computing Research Topics
PhD Services
 

Recommended

7
77
7
IMPULSE_TECHNOLOGY
 
Thesis Topics in Communication Engineering
Thesis Topics in Communication EngineeringThesis Topics in Communication Engineering
Thesis Topics in Communication Engineering
PhD Direction
 
Access Control & Encryption In Cloud Environments
Access Control & Encryption In Cloud EnvironmentsAccess Control & Encryption In Cloud Environments
Access Control & Encryption In Cloud Environments
James Wernicke
 
Session 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion session
Session 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion sessionSession 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion session
Session 2: Cloudscape Brazil 2017 & WCN Position Papers: Discussion session
EUBrasilCloudFORUM .
 
Cloudsim Projects With Source Code
Cloudsim Projects With Source CodeCloudsim Projects With Source Code
Cloudsim Projects With Source Code
PhD Direction
 
Proximity aware local-recoding anonymization with map reduce for scalable big...
Proximity aware local-recoding anonymization with map reduce for scalable big...Proximity aware local-recoding anonymization with map reduce for scalable big...
Proximity aware local-recoding anonymization with map reduce for scalable big...
Nexgen Technology
 
PhD Projects in Cybersecurity Research Ideas
PhD Projects in Cybersecurity Research IdeasPhD Projects in Cybersecurity Research Ideas
PhD Projects in Cybersecurity Research Ideas
PhD Services
 
PhD Projects in Dependable Secure Computing Research Topics
PhD Projects in Dependable Secure Computing Research TopicsPhD Projects in Dependable Secure Computing Research Topics
PhD Projects in Dependable Secure Computing Research Topics
PhD Services
 
How the Open Source model adapts to the cloud computing environment
How the Open Source model adapts to the cloud computing environmentHow the Open Source model adapts to the cloud computing environment
How the Open Source model adapts to the cloud computing environment
Lorenzo Benussi
 
PhD Projects in DSP Research Guidance
PhD Projects in DSP Research GuidancePhD Projects in DSP Research Guidance
PhD Projects in DSP Research Guidance
PhD Services
 
23
2323
23
Technology_solution
 
Optimum Resource Allocation using Specification Matching and Priority Based M...
Optimum Resource Allocation using Specification Matching and Priority Based M...Optimum Resource Allocation using Specification Matching and Priority Based M...
Optimum Resource Allocation using Specification Matching and Priority Based M...
rahulmonikasharma
 
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
Nexgen Technology
 
Collaborative Maintenance of Semantic Networks - Present or Future?
Collaborative Maintenance of Semantic Networks - Present or Future?Collaborative Maintenance of Semantic Networks - Present or Future?
Collaborative Maintenance of Semantic Networks - Present or Future?
Alexander Haffner
 
PRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETS
PRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETSPRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETS
PRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETS
Nexgen Technology
 
K nearest neighbor classification over semantically secure encrypted relation...
K nearest neighbor classification over semantically secure encrypted relation...K nearest neighbor classification over semantically secure encrypted relation...
K nearest neighbor classification over semantically secure encrypted relation...
ieeepondy
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2
sandeep1721
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
sandeep1721
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
PhD Assistance
 
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
IJERA Editor
 
WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...
WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...
WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...
Nobukazu Yoshioka
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONSECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
acijjournal
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONSECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
acijjournal
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
Yiannis Verginadis
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword EU Project
 
Andrei Patrascu support letter
Andrei Patrascu support letterAndrei Patrascu support letter
Andrei Patrascu support letter
Andrei Patrascu
 
Making secret sharing based cloud storage usable
Making secret sharing based cloud storage usableMaking secret sharing based cloud storage usable
Making secret sharing based cloud storage usable
Ying wei (Joe) Chou
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 

More Related Content

What's hot

Optimum Resource Allocation using Specification Matching and Priority Based M...
Optimum Resource Allocation using Specification Matching and Priority Based M...Optimum Resource Allocation using Specification Matching and Priority Based M...
Optimum Resource Allocation using Specification Matching and Priority Based M...
rahulmonikasharma
 
Collaborative Maintenance of Semantic Networks - Present or Future?
Collaborative Maintenance of Semantic Networks - Present or Future?Collaborative Maintenance of Semantic Networks - Present or Future?
Collaborative Maintenance of Semantic Networks - Present or Future?
Alexander Haffner
 

What's hot (8)

How the Open Source model adapts to the cloud computing environment
How the Open Source model adapts to the cloud computing environmentHow the Open Source model adapts to the cloud computing environment
How the Open Source model adapts to the cloud computing environment
 
PhD Projects in DSP Research Guidance
PhD Projects in DSP Research GuidancePhD Projects in DSP Research Guidance
PhD Projects in DSP Research Guidance
 
23
2323
23
 
Optimum Resource Allocation using Specification Matching and Priority Based M...
Optimum Resource Allocation using Specification Matching and Priority Based M...Optimum Resource Allocation using Specification Matching and Priority Based M...
Optimum Resource Allocation using Specification Matching and Priority Based M...
 
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
 
Collaborative Maintenance of Semantic Networks - Present or Future?
Collaborative Maintenance of Semantic Networks - Present or Future?Collaborative Maintenance of Semantic Networks - Present or Future?
Collaborative Maintenance of Semantic Networks - Present or Future?
 
PRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETS
PRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETSPRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETS
PRIVATE OVER-THRESHOLD AGGREGATION PROTOCOLS OVER DISTRIBUTED DATASETS
 
K nearest neighbor classification over semantically secure encrypted relation...
K nearest neighbor classification over semantically secure encrypted relation...K nearest neighbor classification over semantically secure encrypted relation...
K nearest neighbor classification over semantically secure encrypted relation...
 

Similar to Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds

Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2
sandeep1721
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
sandeep1721
 
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
IJERA Editor
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONSECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
acijjournal
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONSECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
acijjournal
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
ijcisjournal
 
Andrei Patrascu support letter
Andrei Patrascu support letterAndrei Patrascu support letter
Andrei Patrascu support letter
Andrei Patrascu
 
Making secret sharing based cloud storage usable
Making secret sharing based cloud storage usableMaking secret sharing based cloud storage usable
Making secret sharing based cloud storage usable
Ying wei (Joe) Chou
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
Multi- Level Data Security Model for Big Data on Public Cloud: A New Model
Multi- Level Data Security Model for Big Data on Public Cloud: A New ModelMulti- Level Data Security Model for Big Data on Public Cloud: A New Model
Multi- Level Data Security Model for Big Data on Public Cloud: A New Model
Eswar Publications
 
kuijper 201012 - iippsw-sra-xmas2010
kuijper 201012 - iippsw-sra-xmas2010kuijper 201012 - iippsw-sra-xmas2010
kuijper 201012 - iippsw-sra-xmas2010
Michiel Kuijper
 
A Framework for Secure Computations with Two Non-Colluding Servers and Multip...
A Framework for Secure Computations with Two Non-Colluding Servers and Multip...A Framework for Secure Computations with Two Non-Colluding Servers and Multip...
A Framework for Secure Computations with Two Non-Colluding Servers and Multip...
1crore projects
 

Similar to Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds (20)

PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
 
Research proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.comResearch proposal on Computing Security and Reliability - Phdassistance.com
Research proposal on Computing Security and Reliability - Phdassistance.com
 
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
Analysis of Homomorphic Technique and Secure Hash Technique for Multimedia Co...
 
WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...
WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...
WM2SP16 Keynote: Current and Future challenge of Model and Modelling on Secur...
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONSECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONSECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 
Andrei Patrascu support letter
Andrei Patrascu support letterAndrei Patrascu support letter
Andrei Patrascu support letter
 
Making secret sharing based cloud storage usable
Making secret sharing based cloud storage usableMaking secret sharing based cloud storage usable
Making secret sharing based cloud storage usable
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
State of the Art in Cloud Security
State of the Art in Cloud SecurityState of the Art in Cloud Security
State of the Art in Cloud Security
 
Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...
 
Multi- Level Data Security Model for Big Data on Public Cloud: A New Model
Multi- Level Data Security Model for Big Data on Public Cloud: A New ModelMulti- Level Data Security Model for Big Data on Public Cloud: A New Model
Multi- Level Data Security Model for Big Data on Public Cloud: A New Model
 
kuijper 201012 - iippsw-sra-xmas2010
kuijper 201012 - iippsw-sra-xmas2010kuijper 201012 - iippsw-sra-xmas2010
kuijper 201012 - iippsw-sra-xmas2010
 
A Framework for Secure Computations with Two Non-Colluding Servers and Multip...
A Framework for Secure Computations with Two Non-Colluding Servers and Multip...A Framework for Secure Computations with Two Non-Colluding Servers and Multip...
A Framework for Secure Computations with Two Non-Colluding Servers and Multip...
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
 

Recently uploaded

在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 

Recently uploaded (20)

在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 

Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds

  • 1. Selected Cloud Security Patterns For Improving End User Security and Privacy in Public Clouds Annual Privacy Forum 2016, Frankfurt/Main, 7. September 2016 Thomas L¨anger (A) thomas.laenger@unil.ch Henrich C. P¨ohls (B) hp@sec.uni-passau.de Solange Ghernaouti (A) sgh@unil.ch (A) Universit´e de Lausanne; (B) Universit¨at Passau Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 1 / 16
  • 2. Overview of the Talk Horizon 2020 Project PRISMACLOUD: Relation to current topical “cloud landscape” Project goals and Plans and strategies to reach them Design Patterns and Cloud Security Patterns: What they are How and for what we use patterns in the project Specific patterns corresponding to PRISMACLOUD functionalities Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 2 / 16
  • 3. Project PRISMACLOUD is part of HORIZON 2020 WORK PROGRAMME 2014–2015: Information and Communication Technologies Calls ICT 32 – 2014: Cybersecurity, Trustworthy ICT; Program Scope: Security-by-design for end-to-end security Cryptography Expected impact new design and implementation paradigms at marginal additional cost provide built-in privacy and security increase user trust and privacy protection; empower user control (and detection) provide more resilience for critical infrastructures Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 3 / 16
  • 4. Motivation / Intention Cryptography is not widely used in current cloud offerings Use cryptography to address and mitigate several of the most common security threats and privacy threats in current cloud offerings Use a security by design/privacy by design approach and build the cryptography into the heart of the services from the start Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 4 / 16
  • 5. Methodology Survey existing cryptographic primitives and protocols that can be applied in a cloud context—according to their Technology Readiness Level (TRL) Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 5 / 16
  • 6. Methodology Select primitives which can probably be advanced to TRL7 (i.e. “system prototype demo in operational environment”) during timeframe of the project; Provide an implementation, as a “kit of configurable tools”, completely encapsulating the cryptographic functions; Provide a reference implementations for sample cloud services using the tools; Validate (services and tools) in three real-world applications in the fields of Smart Cities, e-Health, and e-Government. Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 6 / 16
  • 7. PRISMACLOUD Architecture Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 7 / 16
  • 8. Zoom Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 8 / 16
  • 9. PRISMACLOUD Architecture structures and categorises technical outcomes, improves service development process, provides project context for r&d activities Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 9 / 16
  • 10. The Project also has a Development Methodology. . . “secure software development lifecycle” “derive requirements, translate requirements, and map to model” from top to bottom “proof security, deploy tool, and extract capabilities” from bottom to top Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 10 / 16
  • 11. Cloud Security Patterns Cloud security patterns are used for describing typical situations where information security and privacy problems occur—and which cryptographic functionalities can be applied to mitigate these problems. Cloud security patterns are an application of design patterns, which again describe re-usable, proven solutions (with the help of proposed “building blocks”) for recurring problems A design pattern is characterised according to categories, like, name of pattern, context, intention, problem, solution, consequences of their application. Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 11 / 16
  • 12. Cloud Security Patterns... ...are descriptive rather than normative communicate often conflicting security requirements of different involved parties make people aware of contradictory aspects support a discussion process describe generative solutions to common design contentions support a security by design approach Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 12 / 16
  • 13. “Re-using” Patterns in PRISMACLOUD 1. In the requirements work package (first project year) we established the first version of generic cloud security patterns: to describe situations where security and privacy problems generally occur we (approximately) intended to cover these situation with particular cryptographic technology 2. Later on, these patterns were used in support of the development of the PRISMACLOUD architecture (beginning project year 2). Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 13 / 16
  • 14. Use of Patterns in PRISMACLOUD II 3. Currently, we are modifying the design pattern technique itself—we want to abandon the commonly used generic nature of design patterns—and use them for explicitly specifying the capabilities of the proposed services and tools for end users. 4. We also intend to use the “new patterns” for specifying the setting of configuration parameters of the sample services for specific end user requirements (service level agreement–SLA). Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 14 / 16
  • 15. PRISMACLOUD Patterns - Synopsis Field 1: Data Storage in the Cloud P1: Secure cloud storage by default P2: Moving a legacy application’s database to the cloud Field 2: User Privacy Protection and Data Minimisation P3: Non-identifiable and untrackable use of a cloud service P4: Minimise exposure of private data during authenticat. in the cloud P5: Big data anonymisation Field 3: Authentication of Stored and Processed Data P6: Protect the authenticity of a data set and possible subsets P7: Authorise controlled subsequent modifications of signed data P8: Controlling the correctness of delegated computations P9: Controlling your virtual infrastructures Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 15 / 16
  • 16. For details on the patterns/secure cloud services/tools refer to: Publication (T. L¨anger et al.) in the APF2016 Proceedings “PRISMACLOUD Tools: A Cryptographic Toolbox for Increasing Security in Cloud Services” (Publication by Lor¨unser, Slamanig, L¨anger, P¨ohls; in: Proceedings of the ARES 2016 conf; to be published on IEEEXPLORE Sept. 2016 please email me – I’ll send you a preprint copy! Project deliverables and pubs on https://prismacloud.eu Thanks for your Attention! thomas.laenger@unil.ch Th. L¨anger, H.C. P¨ohls, S. Ghernaouti Annual Privacy Forum 2016 16 / 16