Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Information Security (40)
- Databases and Information Systems (15)
- Business (8)
- Management Information Systems (6)
- Medicine and Health Sciences (5)
-
- Health Information Technology (4)
- OS and Networks (4)
- Software Engineering (4)
- E-Commerce (3)
- Computer Engineering (2)
- Data Storage Systems (2)
- Engineering (2)
- Numerical Analysis and Scientific Computing (2)
- Categorical Data Analysis (1)
- Programming Languages and Compilers (1)
- Public Affairs, Public Policy and Public Administration (1)
- Social and Behavioral Sciences (1)
- Statistics and Probability (1)
- Strategic Management Policy (1)
- Transportation (1)
Articles 1 - 30 of 55
Full-Text Articles in Physical Sciences and Mathematics
Privacy-Preserving Arbitrary Geometric Range Query In Mobile Internet Of Vehicles, Yinbin Miao, Lin Song, Xinghua Li, Hongwei Li, Kim-Kwang Raymond Choo, Robert H. Deng
Privacy-Preserving Arbitrary Geometric Range Query In Mobile Internet Of Vehicles, Yinbin Miao, Lin Song, Xinghua Li, Hongwei Li, Kim-Kwang Raymond Choo, Robert H. Deng
Research Collection School Of Computing and Information Systems
The mobile Internet of Vehicles (IoVs) has great potential for intelligent transportation, and creates spatial data query demands to realize the value of data. Outsourcing spatial data to a cloud server eliminates the need for local computation and storage, but it leads to data security and privacy threats caused by untrusted third-parties. Existing privacy-preserving spatial range query solutions based on Homomorphic Encryption (HE) have been developed to increase security. However, in the single server model, the private key is held by the query user, which incurs high computation and communication burdens on query users due to multiple rounds of interactions. …
How To Resuscitate A Sick Vm In The Cloud, Xuhua Ding
How To Resuscitate A Sick Vm In The Cloud, Xuhua Ding
Research Collection School Of Computing and Information Systems
A guest virtual machine in a cloud platform may fall “sick” when its kernel encounters a fatal low-level bug or is subverted by an adversary. The VM owner is hence likely to lose her control over it due to a kernel hang or being denied of remote accesses. While the VM can be rebooted with the assistance from the cloud server, the owner not only faces service disruption but also is left with no opportunity to make an in-depth diagnosis and forensics on the spot, not to mention a live rectification. Currently, the cloud service provider has neither incentive nor …
Are You Cloud-Certified? Preparing Computing Undergraduates For Cloud Certification With Experiential Learning, Eng Lieh Ouh, Benjamin Gan
Are You Cloud-Certified? Preparing Computing Undergraduates For Cloud Certification With Experiential Learning, Eng Lieh Ouh, Benjamin Gan
Research Collection School Of Computing and Information Systems
Cloud Computing skills have been increasing in demand. Many software engineers are learning these skills and taking cloud certification examinations to be job competitive. Preparing undergraduates to be cloud-certified remains challenging as cloud computing is a relatively new topic in the computing curriculum, and many of these certifications require working experience. In this paper, we report our experiences designing a course with experiential learning to prepare our computing undergraduates to take the cloud certification. We adopt a university project-based experiential learning framework to engage industry partners who provide project requirements for students to develop cloud solutions and an experiential risk …
Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Research Collection School Of Computing and Information Systems
Keyword-based search over encrypted data is an important technique to achieve both data confidentiality and utilization in cloud outsourcing services. While commonly used access control mechanisms, such as identity-based encryption and attribute-based encryption, do not generally scale well for hierarchical access permissions. To solve this problem, we propose a Role-based Encrypted Keyword Search (REKS) scheme by using the role-based access control and broadcast encryption. Specifically, REKS allows owners to deploy hierarchical access control by allowing users with parent roles to have access permissions from child roles. Using REKS, we further facilitate token generation preprocessing and efficient user management, thereby significantly …
Vpsl: Verifiable Privacy-Preserving Data Search For Cloud-Assisted Internet Of Things, Qiuyun Tong, Yinbin Miao, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Vpsl: Verifiable Privacy-Preserving Data Search For Cloud-Assisted Internet Of Things, Qiuyun Tong, Yinbin Miao, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud-assisted Internet of Things (IoT) is increasingly prevalent used in various fields, such as the healthcare system. While in such a scenario, sensitive data (e.g., personal electronic medical records) can be easily revealed, which incurs potential security challenges. Thus, Symmetric Searchable Encryption (SSE) has been extensively studied due to its capability of supporting efficient search on encrypted data. However, most SSE schemes require the data owner to share the complete key with query users and take malicious cloud servers out of consideration. Seeking to address these limitations, in this paper we propose a Verifiable Privacy-preserving data Search scheme with Limited …
Soci: A Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Jiaming Yuan, Ximeng Liu, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng
Soci: A Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Jiaming Yuan, Ximeng Liu, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Secure outsourced computation is a key technique for protecting data security and privacy in the cloud. Although fully homomorphic encryption (FHE) enables computations over encrypted data, it suffers from high computation costs in order to support an unlimited number of arithmetic operations. Recently, secure computations based on interactions of multiple computation servers and partially homomorphic encryption (PHE) were proposed in the literature, which enable an unbound number of addition and multiplication operations on encrypted data more efficiently than FHE and do not add any noise to encrypted data; however, these existing solutions are either limited in functionalities (e.g., computation on …
Match In My Way: Fine-Grained Bilateral Access Control For Secure Cloud-Fog Computing, Shengmin Xu, Jianting Ning, Yingjiu Li, Yinghui Zhang, Guowen Xu, Xinyi Huang, Robert H. Deng
Match In My Way: Fine-Grained Bilateral Access Control For Secure Cloud-Fog Computing, Shengmin Xu, Jianting Ning, Yingjiu Li, Yinghui Zhang, Guowen Xu, Xinyi Huang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud-fog computing is a novel paradigm to extend the functionality of cloud computing to provide a variety of on demand data services via the edge network. Many cryptographic tools have been introduced to preserve data confidentiality against the untrustworthy network and cloud servers. However, how to efficiently identify and retrieve useful data from a large number of ciphertexts without a costly decryption mechanism remains a challenging problem. In this paper, we introduce a cloud fog-device data sharing system (CFDS) with data confidentiality and data source identification simultaneously based on a new cryptographic primitive named matchmaking attribute-based encryption (MABE) by extending …
Partnering For Value Perfection And Business Sustainability In The Cloud Services Brokerage Market, Richard Shang, Robert John Kauffman
Partnering For Value Perfection And Business Sustainability In The Cloud Services Brokerage Market, Richard Shang, Robert John Kauffman
Research Collection School Of Computing and Information Systems
The cloud computing and services market has advanced in the past ten years. They now include most IT services from fundamental computing to cutting-edge AI capabilities. With the widespread adoption of cloud services, clients are facing the fact that they are utilizing cloud resources at a sub-optimal level. Cloud services brokers (CSBs) grew from the market to fill the needs for cloud resource management and risk mitigation. Based on analysis of the cloud market and the case of cloud services brokerage and related activities in North America, we offer theoretical analysis for how value creation works, its impacts on the …
Lightweight And Expressive Fine-Grained Access Control For Healthcare Internet-Of-Things, Shengmin Xu, Yingjiu Li, Robert H. Deng, Yinghui Zhang, Xiangyang Luo, Ximeng Liu
Lightweight And Expressive Fine-Grained Access Control For Healthcare Internet-Of-Things, Shengmin Xu, Yingjiu Li, Robert H. Deng, Yinghui Zhang, Xiangyang Luo, Ximeng Liu
Research Collection School Of Computing and Information Systems
Healthcare Internet-of-Things (IoT) is an emerging paradigm that enables embedded devices to monitor patients vital signals and allows these data to be aggregated and outsourced to the cloud. The cloud enables authorized users to store and share data to enjoy on-demand services. Nevertheless, it also causes many security concerns because of the untrusted network environment, dishonest cloud service providers and resource-limited devices. To preserve patients' privacy, existing solutions usually apply cryptographic tools to offer access controls. However, fine-grained access control among authorized users is still a challenge, especially for lightweight and resource-limited end-devices. In this paper, we propose a novel …
Outsourcing Service Fair Payment Based On Blockchain And Its Applications In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Outsourcing Service Fair Payment Based On Blockchain And Its Applications In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Research Collection School Of Computing and Information Systems
As a milestone in the development of outsourcing services, cloud computing enables an increasing number of individuals and enterprises to enjoy the most advanced services from outsourcing service providers. Because online payment and data security issues are involved in outsourcing services, the mutual distrust between users and service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing solutions only consider a specific type of services and rely on a trusted third-party to realize fair payment. In this paper, to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or …
Efficient Attribute-Based Encryption With Repeated Attributes Optimization, Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Efficient Attribute-Based Encryption With Repeated Attributes Optimization, Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Research Collection School Of Computing and Information Systems
Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power operated battery constrained devices is a challenging issue in IoT scenarios. Attribute-based encryption (ABE) has emerged as an access control mechanism to allow users to encrypt and decrypt data based on an attributes policy. However, to accommodate the expressiveness of policy for practical application scenarios, attributes may be repeated in a policy. For certain policies, the attributes repetition cannot be avoided even after applying the boolean optimization techniques to attain an equivalent smaller length boolean formula. For such policies, …
Investigating The Adoption Of Hybrid Encrypted Cloud Data Deduplication With Game Theory, Xueqin Liang, Zheng Yan, Robert H. Deng, Qinghu Zheng
Investigating The Adoption Of Hybrid Encrypted Cloud Data Deduplication With Game Theory, Xueqin Liang, Zheng Yan, Robert H. Deng, Qinghu Zheng
Research Collection School Of Computing and Information Systems
Encrypted data deduplication, along with different preferences in data access control, brings the birth of hybrid encrypted cloud data deduplication (H-DEDU for short). However, whether H-DEDU can be successfully deployed in practice has not been seriously investigated. Obviously, the adoption of H-DEDU depends on whether it can bring economic benefits to all stakeholders. But existing economic models of cloud storage fail to support H-DEDU due to complicated interactions among stakeholders. In this article, we establish a formal economic model of H-DEDU by formulating the utilities of all involved stakeholders, i.e., data holders, data owners, and Cloud Storage Providers (CSPs). Then, …
Attribute-Based Fine-Grained Access Control For Outscored Private Set Intersection Computation, Mohammad Ali, Mohajeri Javad, Mohammad-Reza Sadeghi, Ximeng Liu
Attribute-Based Fine-Grained Access Control For Outscored Private Set Intersection Computation, Mohammad Ali, Mohajeri Javad, Mohammad-Reza Sadeghi, Ximeng Liu
Research Collection School Of Computing and Information Systems
Private set intersection (PSI) is a fundamental cryptographic protocol which has a wide range of applications. It enables two clients to compute the intersection of their private datasets without revealing non-matching elements. The advent of cloud computing drives the ambition to reduce computation and data management overhead by outsourcing such computations. However, since the cloud is not trustworthy, some cryptographic methods should be applied to maintain the confidentiality of datasets. But, in doing so, data owners may be excluded from access control on their outsourced datasets. Therefore, to control access rights and to interact with authorized users, they have to …
Efficient Fine-Grained Data Sharing Mechanism For Electronic Medical Record Systems With Mobile Devices, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Zong, Kai He, Yuting Xiao
Efficient Fine-Grained Data Sharing Mechanism For Electronic Medical Record Systems With Mobile Devices, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Zong, Kai He, Yuting Xiao
Research Collection School Of Computing and Information Systems
Sharing digital medical records on public cloud storage via mobile devices facilitates patients (doctors) to get (offer) medical treatment of high quality and efficiency. However, challenges such as data privacy protection, flexible data sharing, efficient authority delegation, computation efficiency optimization, are remaining toward achieving practical fine-grained access control in the Electronic Medical Record (EMR) system. In this work, we propose an innovative access control model and a fine-grained data sharing mechanism for EMR, which simultaneously achieves the above-mentioned features and is suitable for resource-constrained mobile devices. In the model, complex computation is outsourced to public cloud servers, leaving almost no …
Attribute-Based Encryption For Cloud Computing Access Control: A Survey, Yinghui Zhang, Robert H. Deng, Shengmin Xu, Jianfei Sun, Qi Li, Dong Zheng
Attribute-Based Encryption For Cloud Computing Access Control: A Survey, Yinghui Zhang, Robert H. Deng, Shengmin Xu, Jianfei Sun, Qi Li, Dong Zheng
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding …
An Extended Framework Of Privacy-Preserving Computation With Flexible Access Control, Wenxiu Ding, Rui Hu, Zheng Yan, Xinren Qian, Robert H. Deng, Laurence T. Yang, Mianxiong Dong
An Extended Framework Of Privacy-Preserving Computation With Flexible Access Control, Wenxiu Ding, Rui Hu, Zheng Yan, Xinren Qian, Robert H. Deng, Laurence T. Yang, Mianxiong Dong
Research Collection School Of Computing and Information Systems
Cloud computing offers various services based on outsourced data by utilizing its huge volume of resources and great computation capability. However, it also makes users lose full control over their data. To avoid the leakage of user data privacy, encrypted data are preferred to be uploaded and stored in the cloud, which unfortunately complicates data analysis and access control. In particular, few existing works consider the fine-grained access control over the computational results from ciphertexts. Though our previous work proposed a framework to support several basic computations (such as addition, multiplication and comparison) with flexible access control, privacy-preserving division calculations …
Editing-Enabled Signatures: A New Tool For Editing Authenticated Data, Binanda Sengupta, Yingjiu Li, Yangguang Tian, Robert H. Deng
Editing-Enabled Signatures: A New Tool For Editing Authenticated Data, Binanda Sengupta, Yingjiu Li, Yangguang Tian, Robert H. Deng
Research Collection School Of Computing and Information Systems
Data authentication primarily serves as a tool to achieve data integrity and source authentication. However, traditional data authentication does not fit well where an intermediate entity (editor) is required to modify the authenticated data provided by the source/data owner before sending the data to other recipients. To ask the data owner for authenticating each modified data can lead to higher communication overhead. In this article, we introduce the notion of editing-enabled signatures where the data owner can choose any set of modification operations applicable on the data and still can restrict any possibly untrusted editor to authenticate the data modified …
A 2020 Perspective On "Client Risk Informedness In Brokered Cloud Services: An Experimental Pricing Study", Di Shang, Robert J. Kauffman
A 2020 Perspective On "Client Risk Informedness In Brokered Cloud Services: An Experimental Pricing Study", Di Shang, Robert J. Kauffman
Research Collection School Of Computing and Information Systems
Cloud computing and the cloud services market have advanced in the past ten years. Cloud services now include most information technology (IT) services from fundamental computing services to more cutting- edge artificial intelligence (AI) services. Accordingly, opportunities have emerged for research on the design of new market features to improve the cloud services market to benefit providers and users. Based on our observation of the recent development of cloud services, in this short research commentary, we share our agenda for future studies of this important sector of IT services.
A Fully Distributed Hierarchical Attribute-Based Encryption Scheme, Ali Mohammad, Javad Mohajeri, Ximeng Liu, Ximeng Liu
A Fully Distributed Hierarchical Attribute-Based Encryption Scheme, Ali Mohammad, Javad Mohajeri, Ximeng Liu, Ximeng Liu
Research Collection School Of Computing and Information Systems
With the development of cloud computing, many enterprises have been interested in outsourcing their data to cloud servers to decrease IT costs and rise capabilities of provided services. To afford confidentiality and fine-grained data access control, attribute-based encryption (ABE) was proposed and used in several cloud storage systems. However, scalability and flexibility in key delegation and user revocation mechanisms are primary issues in ABE systems. In this paper, we introduce the concept of a fully distributed revocable ciphertext-policy hierarchical ABE (FDR-CP-HABE) and design the first FDR-CP-HABE scheme. Our scheme offers a high level of flexibility and scalability in the key …
Identity-Based Encryption Transformation For Flexible Sharing Of Encrypted Data In Public Cloud, Robert H. Deng, Zheng Qin, Qianhong Wu, Zhenyu Guan, Robert H. Deng, Yujue Wang, Yunya Zhou
Identity-Based Encryption Transformation For Flexible Sharing Of Encrypted Data In Public Cloud, Robert H. Deng, Zheng Qin, Qianhong Wu, Zhenyu Guan, Robert H. Deng, Yujue Wang, Yunya Zhou
Research Collection School Of Computing and Information Systems
With the rapid development of cloud computing, an increasing number of individuals and organizations are sharing data in the public cloud. To protect the privacy of data stored in the cloud, a data owner usually encrypts his data in such a way that certain designated data users can decrypt the data. This raises a serious problem when the encrypted data needs to be shared to more people beyond those initially designated by the data owner. To address this problem, we introduce and formalize an identity-based encryption transformation (IBET) model by seamlessly integrating two well-established encryption mechanisms, namely identity-basedencryption (IBE) and …
Privacy-Preserving Data Processing With Flexible Access Control, Wenxiu Ding, Zheng Yan, Robert H. Deng
Privacy-Preserving Data Processing With Flexible Access Control, Wenxiu Ding, Zheng Yan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud computing provides an efficient and convenient platform for cloud users to store, process and control their data. Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in …
Pgas: Privacy-Preserving Graph Encryption For Accurate Constrained Shortest Distance Queries, Can Zhang, Liehuang Zhu, Kashif Sharif, Chuan Zhang, Ximeng Liu
Pgas: Privacy-Preserving Graph Encryption For Accurate Constrained Shortest Distance Queries, Can Zhang, Liehuang Zhu, Kashif Sharif, Chuan Zhang, Ximeng Liu
Research Collection School Of Computing and Information Systems
The constrained shortest distance (CSD) query is used to determine the shortest distance between two vertices of a graph while ensuring that the total cost remains lower than a given threshold. The virtually unlimited storage and processing capabilities of cloud computing have enabled the graph owners to outsource their graph data to cloud servers. However, it may introduce privacy challenges that are difficult to address. In recent years, some relevant schemes that support the shortest distance query on the encrypted graph have been proposed. Unfortunately, some of them have unacceptable query accuracy, and some of them leak sensitive information that …
Scalable, Adaptable And Fast Estimation Of Transient Downtime In Virtual Infrastructures Using Convex Decomposition And Sample Path Randomization, Zhiling Guo, Jin Li, Ram Ramesh
Scalable, Adaptable And Fast Estimation Of Transient Downtime In Virtual Infrastructures Using Convex Decomposition And Sample Path Randomization, Zhiling Guo, Jin Li, Ram Ramesh
Research Collection School Of Computing and Information Systems
Network function virtualization enables efficient cloud-resource planning by virtualizing network services and applications into software running on commodity servers. A cloud-service provider needs to manage and ensure service availability of a network of concurrent virtualized network functions (VNFs). The downtime distribution of a network of VNFs can be estimated using sample-path randomization on the underlying birth–death process. An integrated modeling approach for this purpose is limited by its scalability and computational load because of the high dimensionality of the integrated birth–death process. We propose a generalized convex decomposition of the integrated birth-death process, which transforms the high-dimensional multi-VNF process into …
Server-Aided Revocable Attribute-Based Encryption For Cloud Computing Services, Hui Cui, Tsz Hon Yuen, Robert H. Deng, Guilin Wang
Server-Aided Revocable Attribute-Based Encryption For Cloud Computing Services, Hui Cui, Tsz Hon Yuen, Robert H. Deng, Guilin Wang
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) has been regarded as a promising solution in cloud computing services to enable scalable access control without compromising the security. Despite of the advantages, efficient user revocation has been a challenge in ABE. One suggestion for user revocation is using the binary tree in the key generation phase of an ABE scheme, which enables a trusted key generation center to periodically distribute the key update information to all nonrevoked users over a public channel. This revocation approach reduces the size of key updates from linear to logarithmic in the number of users. But it requires each user …
Optimal Management Of Virtual Infrastructures Under Flexible Cloud Service Agreements, Zhiling Guo, Jin Li, Ram Ramesh
Optimal Management Of Virtual Infrastructures Under Flexible Cloud Service Agreements, Zhiling Guo, Jin Li, Ram Ramesh
Research Collection School Of Computing and Information Systems
A cloud service agreement entails the provisioning of a required set of virtual infrastructure resources at a specified level of availability to a client. The agreement also lays out the price charged to the client and a penalty to the provider when the assured availability is not met. The availability assurance involves backup resource provisioning, and the provider needs to allocate backups cost-effectively by balancing the resource-provisioning costs with the potential penalty costs. We develop stochastic dynamic optimization models of the backup resource-provisioning problem, leading to cost-effective resource-management policies in different practical settings. We present two sets of dynamic provisioning …
Lightweight Fine-Grained Search Over Encrypted Data In Fog Computing, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Jian Weng, Hongwei Li, Hui Li
Lightweight Fine-Grained Search Over Encrypted Data In Fog Computing, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Jian Weng, Hongwei Li, Hui Li
Research Collection School Of Computing and Information Systems
Fog computing, as an extension of cloud computing, outsources the encrypted sensitive data to multiple fog nodes on the edge of Internet of Things (IoT) to decrease latency and network congestion. However, the existing ciphertext retrieval schemes rarely focus on the fog computing environment and most of them still impose high computational and storage overhead on resource-limited end users. In this paper, we first present a Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing by extending Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Searchable Encryption (SE) technologies, which can achieve fine-grained access control and keyword search simultaneously. The LFGS can shift …
Practical And Effective Sandboxing For Linux Containers, Zhiyuan Wan, David Lo, Xin Xia, Liang Cai
Practical And Effective Sandboxing For Linux Containers, Zhiyuan Wan, David Lo, Xin Xia, Liang Cai
Research Collection School Of Computing and Information Systems
A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through the system call interface. In this paper, we present an approach that mines sandboxes and enables fine-grained sandbox enforcement for containers. We first explore the behavior of a container by running test cases and monitor the accessed system calls including types and arguments during testing. We then characterize the types and arguments of system call invocations and translate them into sandbox rules for the container. The mined sandbox restricts the container’s access to …
A Scalable Approach To Joint Cyber Insurance And Security-As-A-Service Provisioning In Cloud Computing, Jonathan David Chase, Dusit Niyato, Ping Wang, Sivadon Chaisiri, Ryan K. L. Ko
A Scalable Approach To Joint Cyber Insurance And Security-As-A-Service Provisioning In Cloud Computing, Jonathan David Chase, Dusit Niyato, Ping Wang, Sivadon Chaisiri, Ryan K. L. Ko
Research Collection School Of Computing and Information Systems
As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, …
Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang
Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang
Research Collection School Of Computing and Information Systems
Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data (m) over right arrow and accordingly gain a signature sigma(h) for the computation result f ((m) over right arrow) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive …
Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng
Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Although cloud computing offers elastic computation and storage resources, it poses challenges on verifiability of computations and data privacy. In this work we investigate verifiability for privacy-preserving multi-keyword search over outsourced documents. As the cloud server may return incorrect results due to system faults or incentive to reduce computation cost, it is critical to offer verifiability of search results and privacy protection for outsourced data at the same time. To fulfill these requirements, we design aVerifiablePrivacy-preserving keywordSearch scheme, called VPSearch, by integrating an adapted homomorphic MAC technique with a privacy-preserving multi-keyword search scheme. The proposed scheme enables the client to …