Skip to main content

Trust-aware, REliable and Distributed Information SEcurity in the Cloud.

Deliverables

Innovation management report

This document reviews the initial ISP and incorporates modifications if needed. The document reports on the alignment of the project architecture designs and developments to the current technological and market trends.

Final Evaluation report

This report summarizes the evaluation sessions and the results obtained with regards to the evaluation criteria defined in deliverable D6.3. The conclusions should indicate the TREDISEC framework maturity level (e.g. using NASA TRL levels).

Evaluation criteria

A report defining the evaluation criteria to be used in the evaluation sessions for measuring the results of the TREDISEC framework in the context of the use cases deployments.

A Proposal on Secure Enforcement of Policies in the Cloud

This deliverable will present a framework for secure enforcement of policies in the cloud. Our solutions encompass existing state of the art technique and include novel primitives, such as collusion resistant sharing of information and novel All or Nothing Transforms (AONTs) and ABAC-based policies with distributed attributes. The deliverable will also report on the design of secure deletion function in cloud storage nodes for emerging storage systems (e.g., Flash).

Dissemination plan

This deliverable describes the plan for the dissemination activities to be carried out during the entire project lifetime

A Proposal for Data Confidentiality and Deduplication

This deliverable will present, analyse, and implement a set of solutions for data confidentiality given a powerful adversary that can compromise the encryption keys. We will also devise solutions that ensure data confidentiality while enabling the cloud to perform data deduplication.

A Proposal for Access Control Models for Multi-tenancy

This deliverable will assess current approaches for access control and propose novel models, based on current progress in ABAC models, to cope with multi-tenancy requirements and in particular with distributed attributes. A mapping between these ABAC-based models to enforceable policy languages (e.g. XACML) will be proposed, including the design of an enforcement component to parse, interpret and execute access control policies.

Specification and Preliminary Design of Verifiability mechanisms

This report will introduce initial design of different verifiability primitives.

Project Quality Assurance Plan

This deliverable will provide guidance to the project partners for common terminology, structure and processes and will help establishing and maintaining an efficient project management.

Requirements and trade-off between verifiability and data reduction

This deliverable will identify the specific requirements of TREDISEC use cases and analyze the compatibility of existing verifiability solutions with data reduction techniques.

Exploitation report and long term sustainability strategy

This deliverable explains in detail the TREDISEC exploitation strategy, the individual partners exploitation plans for the results of the project and defines a sustainability path for the continuity of the TREDISEC achievements after the project ends.

Innovation Strategy and Plan

This document establishes the strategy, processes, milestones and role assignments to ensure an innovation-driven research and that development work is performed during the entire project duration. The ISP includes an early market and technologies assessment to serve as input to the work packages action plan.

Requirements analysis and consolidation

A list of consolidated and traceable functional and non-functional requirements.

Optimization of outsourcing activities and initial design of privacy preserving data processing primitives

This deliverable will provide a tool set to optimize the actual outsourcing process, by for example, parallelizing encryption before outsourcing data to the cloud. In this context, we introduce an initial design of privacy preserving primitives for data processing. This deliverable will also comprise the complete design and evaluation of privacy preserving data processing primitives.

Final Innovation management report

This document reports on the alignment of the project achievements to the current technological and market trends. The document includes an assessment of the maturity of the project results after the deployment and evaluation in the use case scenarios.

Complete Design and Evaluation of Verifiability mechanisms

This deliverable will provide a complete description of different verifiability solutions which integrate data reduction schemes. Such techniques will also be evaluated in terms of security and performance.

Communication strategy and plan

The project communication activities, actions, channels, procedures and supporting marketing and promotional material will be defined in this deliverable.

Design of Provisioning Framework

This deliverable will provide the design of the provisioning framework. It will comprise support for evaluating historical queries as well as automated analysis of database metadata such as table structures and data types. There will be support for labelling columns with respect to security, privacy, functionality and cloud processing requirements as well as support for automated optimization.

A Proposal for Resource Isolation in Multi-Tenant Storage Systems

This deliverable consists of the design and implementation of multi-tenant isolation techniques for cloud systems that can be used in combination with existing application-level methods and leverage (i) OS-and system-based isolation primitives, to enable a second set of security controls, and/or (ii) existing dedicated security hardware (e.g., Trusted Platform Modules, Hardware Security Modules) and existing or new Trusted Execution Environments (TEEs) that are built upon the latter

Implementation of Provisioning, Outsourcing and Processing Frameworks

This deliverable will provide the implementation of the provisioning framework, as well as a complete description and implementation of privacy preserving data processing primitives. We will show how earlier observations made when outsourcing data into the cloud will influence the privacy-aware processing.

TREDISEC architecture and initial framework design

This deliverable evaluates the architectural models and selects the appropriate one for the project. This deliverable also provides a first design of the TREDISEC framework.

Final architecture and design of the TREDISEC framework

This deliverable describes the final design of the TREDISEC framework.

TREDISEC framework implementation

This deliverable is a set of software elements packaged, implementing the TREDISEC framework, and the supporting generic test cloud environment.

TREDISEC public website

This deliverable consists of the TREDISEC website.

Publications

On Information Leakage in Deduplicated Storage Systems

Author(s): Hubert Ritzdorf, Ghassan Karame, Claudio Soriente, Srdjan Čapkun
Published in: Proceedings of the 2016 ACM on Cloud Computing Security Workshop - CCSW '16, 2016, Page(s) 61-72
DOI: 10.1145/2996429.2996432

Message-Locked Proofs of Retrievability with Secure Deduplication

Author(s): Dimitrios Vasilopoulos, Melek Önen, Kaoutar Elkhiyaoui, Refik Molva
Published in: Proceedings of the 2016 ACM on Cloud Computing Security Workshop - CCSW '16, 2016, Page(s) 73-83
DOI: 10.1145/2996429.2996433

Authenticated Encryption with Variable Stretch

Author(s): Reza Reyhanitabar, Serge Vaudenay, Damian Vizár
Published in: SIACRYPT 2016: Advances in Cryptology – ASIACRYPT 2016, 2016, Page(s) 396-425
DOI: 10.1007/978-3-662-53887-6_15

Encrypting Analytical Web Applications

Author(s): Benny Fuhry, Walter Tighzert, Florian Kerschbaum
Published in: Proceedings of the 2016 ACM on Cloud Computing Security Workshop - CCSW '16, 2016, Page(s) 35-46
DOI: 10.1145/2996429.2996438

Poly-Logarithmic Range Queries on Encrypted Data with Small Leakage

Author(s): Florian Hahn, Florian Kerschbaum
Published in: Proceedings of the 2016 ACM on Cloud Computing Security Workshop - CCSW '16, 2016, Page(s) 23-34
DOI: 10.1145/2996429.2996437

HardIDX: Practical and Secure Index with SGX

Author(s): Benny Fuhry, Raad Bahmani, Ferdinand Brasser, Florian Hahn, Florian Kerschbaum, Ahmad-Reza Sadeghi
Published in: DBSec 2017: Data and Applications Security and Privacy XXXI, 2017, Page(s) 386-408
DOI: 10.1007/978-3-319-61176-1_22

Sharing Proofs of Retrievability across Tenants

Author(s): Frederik Armknecht, Jens-Matthias Bohli, David Froelicher, Ghassan Karame
Published in: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17, 2017, Page(s) 275-287
DOI: 10.1145/3052973.3052997

Reconciling Security and Functional Requirements in Multi-tenant Clouds

Author(s): Ghassan Karame, Matthias Neugschwandtner, Melek Önen, Hubert Ritzdorf
Published in: Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing - SCC '17, 2017, Page(s) 11-18
DOI: 10.1145/3055259.3055265

AURA: Recovering from Transient Failures in Cloud Deployments

Author(s): Ioannis Giannakopoulos, Ioannis Konstantinou, Dimitrios Tsoumakos, Nectarios Koziris
Published in: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017, Page(s) 762-765
DOI: 10.1109/CCGRID.2017.133

Verifiable Document Redacting

Author(s): Hervé Chabanne, Rodolphe Hugel, Julien Keuffer
Published in: 2017, Page(s) 334-351
DOI: 10.1007/978-3-319-66402-6_20

Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy

Author(s): Clémentine Gritti, Rongmao Chen, Willy Susilo, Thomas Plantard
Published in: 2017, Page(s) 485-505
DOI: 10.1007/978-3-319-72359-4_29

ROTE: Rollback Protection for Trusted Execution

Author(s): Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun
Published in: USENIX Security Symposium 2017 proceedings, 2017

Practical and Secure Substring Search

Author(s): F. hahn, N. Loza, F. Kerschbaum
Published in: SIGMOD/PODS ’18: 2018 International Conference on Management of Data, 2018
DOI: 10.1145/3183713.3183754

Secure and Scalable Multi-User Searchable Encryption

Author(s): C. Van Rompay, R. Molva, M. Önen
Published in: International Workshop on Security in Cloud Computing, 2018
DOI: 10.1145/3201595.3201597

POROS: Proof of Data Reliability for Outsourced Storage

Author(s): D. Vasilopoulos, K. Elkhiyaoui, R. Molva, M. Önen
Published in: International Workshop on Security in Cloud Computing, 2018
DOI: 10.1145/3201595.3201600

Study of a Verifiable Biometric Matching



DOI: 10.1145/2909827.2931097

Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud

Author(s): Frederik Armknecht, Ludovic Barman, Jens-Matthias Bohli, Ghassan Karame
Published in: 2016

Efficient Techniques for Publicly Verifiable Delegation of Computation

Author(s): Kaoutar Elkhiyaoui, Melek Önen, Monir Azraoui, Refik Molva
Published in: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16, 2016, Page(s) 119-128
DOI: 10.1145/2897845.2897910

A transparent defense against USB eavesdropping attacks

Author(s): Matthias Neugschwandtner, Anton Beitler, Anil Kurmus
Published in: Proceedings of the 9th European Workshop on System Security - EuroSec '16, 2016, Page(s) 1-6
DOI: 10.1145/2905760.2905765

Logical Partitions on Many-Core Platforms

Author(s): Ramya Jayaram Masti, Claudio Marforio, Kari Kostiainen, Claudio Soriente, Srdjan Capkun
Published in: Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015, 2015, Page(s) 451-460
DOI: 10.1145/2818000.2818026

Transparent Data Deduplication in the Cloud

Author(s): Frederik Armknecht, Jens-Matthias Bohli, Ghassan O. Karame, Franck Youssef
Published in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015, Page(s) 886-900
DOI: 10.1145/2810103.2813630

Initial Encryption of large Searchable Data Sets using Hadoop

Author(s): Feng Wang, Mathias Kohler, Andreas Schaad
Published in: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies - SACMAT '15, 2015, Page(s) 165-168
DOI: 10.1145/2752952.2752960

A verifiable system for automated face identification

Author(s): Hervé Chabanne, Julien Keuffer, Roch Lescuyer
Published in: 2016

Some applications of verifiable computation to biometric verification

Author(s): Julien Bringer, Herve Chabanne, Firas Kraiem, Roch Lescuyer, Eduardo Soria-Vazquez
Published in: 2015 IEEE International Workshop on Information Forensics and Security (WIFS), 2015, Page(s) 1-6
DOI: 10.1109/WIFS.2015.7368568

Securing Cloud Data under Key Exposure

Author(s): Ghassan O. Karame, Claudio Soriente, Krzysztof Lichota, Srdjan Capkun
Published in: IEEE Transactions on Cloud Computing, 2017, Page(s) 1-1, ISSN 2168-7161
DOI: 10.1109/TCC.2017.2670559

A Leakage-Abuse Attack Against Multi-User Searchable Encryption

Author(s): Cédric Van Rompay, Refik Molva, Melek Önen
Published in: Proceedings on Privacy Enhancing Technologies, Issue 2017/3, 2017, ISSN 2299-0984
DOI: 10.1515/popets-2017-0034

Towards Shared Ownership in the Cloud

Author(s): Hubert Ritzdorf, Claudio Soriente, Ghassan O. Karame, Srdjan Marinovic, Damian Gruber, Srdjan Capkun
Published in: IEEE Transactions on Information Forensics and Security, 2018, Page(s) 1-1, ISSN 1556-6013
DOI: 10.1109/TIFS.2018.2837648

Towards Realizing a Truly Secure and Trustworthy Cloud

Author(s): Beatriz Gallego-Nicasio Crespo, Melek Önen, Ghassan Karame
Published in: ERCIM News, 2016, ISSN 0926-4981

Deniable Functional Encryption

Author(s): Angelo De Caro, Vincenzo Iovino, Adam O’Neill
Published in: Public-Key Cryptography – PKC 2016, 2016, Page(s) 196-222
DOI: 10.1007/978-3-662-49384-7_8

AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves

Author(s): Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, Rüdiger Kapitza
Published in: Computer Security – ESORICS 2016, 2016, Page(s) 440-457
DOI: 10.1007/978-3-319-45744-4_22

Searchable Encryption for Biometric Identification Revisited

Author(s): Ghassane Amchyaa, Julien Bringer, Roch Lescuyer
Published in: Data Privacy Management and Security Assurance, 2016, Page(s) 113-129
DOI: 10.1007/978-3-319-47072-6_8

PerfectDedup: Secure Data Deduplication

Author(s): Pasquale Puzio, Refik Molva, Melek Önen, Sergio Loureiro
Published in: Data Privacy Management, and Security Assurance, 2016, Page(s) 150-166
DOI: 10.1007/978-3-319-29883-2_10

Delegating Biometric Authentication with the Sumcheck Protocol

Author(s): Hervé Chabanne, Julien Keuffer, Roch Lescuyer
Published in: Information Security Theory and Practice, 2016, Page(s) 236-244
DOI: 10.1007/978-3-319-45931-8_15

TREDISEC: Trust-Aware REliable and Distributed Information SEcurity in the Cloud

Author(s): Julien Bringer, Beatriz Gallego, Ghassan Karame, Mathias Kohler, Panos Louridas, Melek Önen, Hubert Ritzdorf, Alessandro Sorniotti, David Vallejo
Published in: E-Democracy – Citizen Rights in the World of the New Computing Paradigms, 2015, Page(s) 193-197
DOI: 10.1007/978-3-319-27164-4_14