Results 1 -
5 of
5
Security against the business partner
- in SWS ’08: Proceedings of the 2008 ACM workshop on Secure web services
"... Security research has long focused on protecting against out-side attackers. This was augmented with protection against insider threats, but recently networked business is emerg-ing. With it a new threat is emerging: security against the business partner. A possible solution is secure multi-party co ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Security research has long focused on protecting against out-side attackers. This was augmented with protection against insider threats, but recently networked business is emerg-ing. With it a new threat is emerging: security against the business partner. A possible solution is secure multi-party computation (SMC) and we give examples of its usefulness. We show with the ex-ample of supply chain optimization that only SMC provides the necessary security guarantees. A major challenge of SMC is its practical realization. We give a detailed study and analysis of multi-party permuta-tion and show the relations of the different theoretical com-plexities in this case. The paper concludes with a comparison of service-oriented architectures and SMC. We show several architectural dif-ferences that need to be overcome.
Trustworthy Data from Untrusted Databases
"... Abstract — Ensuring the trustworthiness of data retrieved from a database is of utmost importance to users. The correctness of data stored in a database is defined by the faithful execution of only valid (authorized) transactions. In this paper we address the question of whether it is necessary to t ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract — Ensuring the trustworthiness of data retrieved from a database is of utmost importance to users. The correctness of data stored in a database is defined by the faithful execution of only valid (authorized) transactions. In this paper we address the question of whether it is necessary to trust a database server in order to trust the data retrieved from it. The lack of trust arises naturally if the database server is owned by a third party, as in the case of cloud computing. It also arises if the server may have been compromised, or there is a malicious insider. In particular, we reduce the level of trust necessary in order to establish the authenticity and integrity of data at an untrusted server. Earlier work on this problem is limited to situations where there are no updates to the database, or all updates are authorized and vetted by a central trusted entity. This is an unreasonable assumption for a truly dynamic database, as would be expected in many business applications, where multiple clients can update data without having to check with a central server that approves of their changes. We identify the problem of ensuring trustworthiness of data on an untrusted server in the presence of transactional updates that run directly on the database, and develop the first solutions to this problem. Our solutions also provide indemnity for an honest server and assured provenance for all updates to the data. We implement our solution in a prototype system built on top of Oracle with no modifications to the database internals. We also provide an empirical evaluation of the proposed solutions and establish their feasibility. I.
Searchable Encryption for Outsourced Data
"... Abstract. Two sets of privacy requirements need to be fulfilled when a company’s accounting data is audited by an external party: the company needs to safeguard its data, while the auditors do not want to reveal their investigation methods. This problem is usually addressed by physically isolating d ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Two sets of privacy requirements need to be fulfilled when a company’s accounting data is audited by an external party: the company needs to safeguard its data, while the auditors do not want to reveal their investigation methods. This problem is usually addressed by physically isolating data and auditors during the course of an audit. This approach however no longer works when auditing is performed remotely. In this paper we present an efficient construction for a searchable encryption scheme for outsourcing data analytics. In this scheme the data owner needs to encrypt his data only once and ship it in encrypted form to the data analyst. The data analyst can then perform a series of queries for which he must ask the data owner for help in translating the constants in the queries. Our searchable encryption scheme extends previous work by the ability to re-use query results as search tokens (query-result reusability) and the ability to perform range queries. It is efficient with O(log 2 n) work for a range query and is semantically secure relying only on Diffie-Hellman assumptions (in the random oracle model). 1
A MORPHOLOGY OF THE ORGANISATION OF DATA GOVERNANCE
"... Both information systems (IS) researchers and practitioners consider data governance as a promising approach for companies to improve and maintain the quality of corporate data, which is seen as critical for being able to meet strategic business requirements, such as compliance or integrated custome ..."
Abstract
- Add to MetaCart
(Show Context)
Both information systems (IS) researchers and practitioners consider data governance as a promising approach for companies to improve and maintain the quality of corporate data, which is seen as critical for being able to meet strategic business requirements, such as compliance or integrated customer management. Both sides agree that data governance primarily is a matter of organisation. However, hardly any scientific results have been produced so far indicating what actually has to be organised by data governance, and what data governance may look like. The paper aims at closing this gap by developing a morphology of data governance organisation on the basis of a comprehensive analysis of the state of the art both in science and in practice. Epistemologically, the morphology represents an analytic theory, as it serves for structuring the research topic of data governance, which is still quite unexplored. Six mini case studies are used to evaluate the morphology by means of empirical data. Providing a foundation for further research, the morphology contributes to the advancement of the scientific body of knowledge. At the same time, it is beneficial to practitioners, as companies may use it as a guideline when organising data governance.
Protecting Frequent Patterns using Distributed Security on M-Clouds
"... Abstract — As the age of big data evolves, outsourcing of data mining tasks to multi-cloud environments has become a popular trend. To ensure the data privacy in outsourcing of mining tasks, the concept of support anonymity was proposed to hide sensitive information about patterns. Existing methods ..."
Abstract
- Add to MetaCart
Abstract — As the age of big data evolves, outsourcing of data mining tasks to multi-cloud environments has become a popular trend. To ensure the data privacy in outsourcing of mining tasks, the concept of support anonymity was proposed to hide sensitive information about patterns. Existing methods that tackle the privacy issues, however, do not address the related parallel mining techniques. To fill this gap, we refer to a pseudo-taxonomy based technique, called as k-support anonymity, and improve it into multi-cloud environments with secrete sharing scheme. This has several advantages. First, outsourcing to multi-cloud environments can meet the requirement of great computational resources in big data mining, and also parallelize the mining tasks for better efficiency. Second, the data that we send out to a cloud can be partial. An assaulter who gets the data in one cloud can never re-construct the original data. That means it is more difficult for an assailant to violate the privacy in outsourced data. Experimental results also demonstrated that our approaches can achieve good protection and better computation efficiency. I.
