Skip to main content

Enforceable Security in the Cloud to Uphold Data Ownership

Deliverables

Requirements from the use cases

It provides the final version of the security requirements coming from the use cases. (T1.1)

Report on multi cloud and federated cloud

It provides a final version of the techniques designed and implemented in this WP. (T4.*)

Report on secure information sharing in the cloud

It provides the techniques for supporting secure and selective information sharing. (T3.*)

Report on techniques for security testing

It provides the techniques for security testing. (T3.4)

Report on techniques for selective access

It provides a first version of the techniques for enforcing selective access on outsourced data. (T3.1)

Final evaluation report from use cases

It reports on the assessment and evaluation of the techniques and tools available in WPs2–4 with respect to the satisfaction of the security requirements of the use cases. (T1.4)

Report on research alignment and deployment status

It reports on the status about the alignment between the research and technological development in WPs2–4 and the requirements of the use cases. (T1.2)

First report on multi cloud and federated cloud

It provides a first version of the protection techniques that leverage multiple providers. (T4.*)

First report on security metrics and assessment

It provides a formal definition of the security metrics that can be used to characterise the guarantees offered by different providers. (T4.1)

Report on data protection techniques

It provides a first version of the data protection techniques designed in the WP. (T2.*)

Report on requirement-based threat analysis

It provides techniques for estimating risks, based on requirement-based threat analysis. (T2.4)

Report on data and access protection

It provides an extension of the protection techniques presented in D2.1. (T2.*)

Final report on data protection and key management solutions

It illustrates the complete techniques for protecting data and accesses and for key management. (T2.*)

Final version of data management plan

It provides the final detailed description of the data management plan. (T6.1)

Report on techniques for selective and secure data sharing

It provides techniques for ensuring collaborative access to data while ensuring the confidentiality and integrity of data and processes. (T3.*)

First version of requirements from the use cases

It provides a first version of the security requirements coming from the use cases. (T1.1)

Data management plan

It provides a detailed description of the data management plan. (T6.1)

Use case prototypes

It provides the prototype applications for the use cases leveraging the tools in W1.3–W1.6. (T1.3)

Tools for selective and private multi-user queries and interactions

It provides tools for supporting the private collaborative execution of queries. (T3.3)

Final versions of tools for security with multiple providers

It provides the tools implementing the protection techniques developed in this WP. (T4.*)

Tools for protecting confidentiality and integrity of data and access

It provides a first version of the tools developed for protecting the confidentiality and integrity of outsourced data and their accesses. (T2.1, T2.3)

Final tools for the protection of integrity and confidentiality of data and access

It provides the final version of the tools developed for protecting the confidentiality and integrity of outsourced data and their accesses according to the findings in D2.3. (T2.1, T2.3)

Searching for OpenAIRE data...

Publications

Novel efficient techniques for real-time cloud security assessment


Published in: ISSN 0167-4048
DOI: 10.1016/j.cose.2016.06.003

Don’t Trust the Cloud, Verify

Author(s): Marcus Brandenburger, Christian Cachin, Nikola Knežević
Published in: ACM Transactions on Privacy and Security, Issue 20/3, 2017, Page(s) 1-30, ISSN 2471-2566
DOI: 10.1145/3079762

Enforcing authorizations while protecting access confidentiality1

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Gerardo Pelosi, Pierangela Samarati
Published in: Journal of Computer Security, Issue 26/2, 2018, Page(s) 143-175, ISSN 0926-227X
DOI: 10.3233/JCS-171004

An authorization model for multi provider queries

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Giovanni Livraga, Stefano Paraboschi, Pierangela Samarati
Published in: Proceedings of the VLDB Endowment, Issue 11/3, 2017, Page(s) 256-268, ISSN 2150-8097
DOI: 10.14778/3157794.3157796

Supporting User Requirements and Preferences in Cloud Plan Selection

Author(s): SABRINA DE CAPITANI DI VIMERCATI, Sara Foresti, Giovanni Livraga, Vincenzo Piuri, Pierangela Samarati
Published in: IEEE Transactions on Services Computing, 2017, Page(s) 1-1, ISSN 1939-1374
DOI: 10.1109/TSC.2017.2777977

Efficient integrity checks for join queries in the cloud1

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati
Published in: Journal of Computer Security, Issue 24/3, 2016, Page(s) 347-378, ISSN 0926-227X
DOI: 10.3233/JCS-160545

Three-server swapping for access confidentiality

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Gerardo Pelosi, Pierangela Samarati
Published in: IEEE Transactions on Cloud Computing, 2015, Page(s) 1-1, ISSN 2168-7161
DOI: 10.1109/TCC.2015.2449993

Loose associations to increase utility in data publishing1

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Giovanni Livraga, Stefano Paraboschi, Pierangela Samarati
Published in: Journal of Computer Security, Issue 23/1, 2015, Page(s) 59-88, ISSN 0926-227X
DOI: 10.3233/JCS-140513

Shuffle Index

Author(s): Sabrina De Capitani Di Vimercati, Sara Foresti, Stefano Paraboschi, Gerardo Pelosi, Pierangela Samarati
Published in: ACM Transactions on Storage, Issue 11/4, 2015, Page(s) 1-55, ISSN 1553-3077
DOI: 10.1145/2747878

A novel approach to manage cloud security SLA incidents

Author(s): Ruben Trapero, Jolanda Modic, Miha Stopar, Ahmed Taha, Neeraj Suri
Published in: Future Generation Computer Systems, Issue 72, 2017, Page(s) 193-205, ISSN 0167-739X
DOI: 10.1016/j.future.2016.06.004

Leveraging the Potential of Cloud Security Service-Level Agreements through Standards

Author(s): Jesus Luna, Neeraj Suri, Michaela Iorga, Anil Karmel
Published in: IEEE Cloud Computing, Issue 2/3, 2015, Page(s) 32-40, ISSN 2325-6095
DOI: 10.1109/MCC.2015.52

Quantitative Reasoning About Cloud Security Using Service Level Agreements

Author(s): Jesus Luna, Ahmed Taha, Ruben Trapero, Neeraj Suri
Published in: IEEE Transactions on Cloud Computing, 2015, Page(s) 1-1, ISSN 2168-7161
DOI: 10.1109/TCC.2015.2469659

Stateful Multi-Client Verifiable Computation

Author(s): Christian Cachin, Esha Ghosh, Dimitrios Papadopoulos, Björn Tackmann
Published in: IACR ePrint Archive, 2017

Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory

Author(s): Marcus Brandenburger, Christian Cachin, Matthias Lorenz, Rudiger Kapitza
Published in: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017, Page(s) 157-168
DOI: 10.1109/DSN.2017.45

Blockchains and Consensus Protocols: Snake Oil Warning

Author(s): Christian Cachin
Published in: 2017 13th European Dependable Computing Conference (EDCC), 2017, Page(s) 1-2
DOI: 10.1109/EDCC.2017.36

Blockchain Consensus Protocols in the Wild

Author(s): Christian Cachin, Marko Vukolić
Published in: 31st International Symposium on Distributed Computing (DISC 2017), 2017
DOI: 10.4230/LIPIcs.DISC.2017.1

Scalable Key Management for Distributed Cloud Storage

Author(s): Mathias Björkqvist, Christian Cachin, Felix Engelmann, Alessandro Sorniotti
Published in: IEEE International Conference in Cloud Engineering, 2018

Selective Access for Supply Chain Management in the Cloud

Author(s): Anselme Kemgne Tueno, Florian Kerschbaum, Daniel Bernau, Sara Foresti
Published in: Workshop on Security and Privacy in the Cloud, 2017

Don't trust the cloud, verify - integrity and consistency for cloud object stores

Author(s): Marcus Brandenburger, Christian Cachin, Nikola Knežević
Published in: Proceedings of the 8th ACM International Systems and Storage Conference on - SYSTOR '15, 2015, Page(s) 1-11
DOI: 10.1145/2757667.2757681

Selective access for supply chain management in the cloud

Author(s): Anselme Tueno, Florian Kerschbaum, Daniel Bernau, Sara Foresti
Published in: 2017 IEEE Conference on Communications and Network Security (CNS), 2017, Page(s) 476-482
DOI: 10.1109/CNS.2017.8228710

Distributed shuffle index: Analysis and implementation in an industrial testbed

Author(s): Enrico Bacis, Alan Barnett, Andrew Byrne, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, Pierangela Samarati
Published in: 2017 IEEE Conference on Communications and Network Security (CNS), 2017, Page(s) 396-397
DOI: 10.1109/CNS.2017.8228695

A Dynamic Tree-Based Data Structure for Access Privacy in the Cloud

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Riccardo Moretti, Stefano Paraboschi, Gerardo Pelosi, Pierangela Samarati
Published in: 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016, Page(s) 391-398
DOI: 10.1109/CloudCom.2016.0068

Distributed Shuffle Index in the Cloud: Implementation and Evaluation

Author(s): Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, Pierangela Samarati
Published in: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), 2017, Page(s) 139-144
DOI: 10.1109/CSCloud.2017.25

A consensus-based approach for selecting cloud plans

Author(s): Ala Arman, Sara Foresti, Giovanni Livraga, Pierangela Samarati
Published in: 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI), 2016, Page(s) 1-6
DOI: 10.1109/RTSI.2016.7740642

Application requirements with preferences in cloud-based information processing

Author(s): Sabrina De Capitani di Vimercati, Giovanni Livraga, Vincenzo Piuri
Published in: 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI), 2016, Page(s) 1-4
DOI: 10.1109/RTSI.2016.7740622

Mix&Slice - Efficient Access Revocation in the Cloud

Author(s): Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, Pierangela Samarati
Published in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16, 2016, Page(s) 217-228
DOI: 10.1145/2976749.2978377

Access Control Management for Secure Cloud Storage

Author(s): Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, Pierangela Samarati
Published in: 2016, Page(s) 353-372
DOI: 10.1007/978-3-319-59608-2_21

Managing Data Sharing in OpenStack Swift with Over-Encryption

Author(s): Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Daniele Guttadoro, Stefano Paraboschi, Marco Rosa, Pierangela Samarati, Alessandro Saullo
Published in: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security - WISCS'16, 2016, Page(s) 39-48
DOI: 10.1145/2994539.2994549

Access Control for the Shuffle Index

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Gerardo Pelosi, Pierangela Samarati
Published in: 2016, Page(s) 130-147
DOI: 10.1007/978-3-319-41483-6_10

Identity as a service: A cloud based common capability

Author(s): Gery Ducatel
Published in: 2015 IEEE Conference on Communications and Network Security (CNS), 2015, Page(s) 675-679
DOI: 10.1109/CNS.2015.7346886

EncSwift and key management: An integrated approach in an industrial setting

Author(s): Enrico Bacis, Marco Rosa, Ali Sajjad
Published in: 2017 IEEE Conference on Communications and Network Security (CNS), 2017, Page(s) 483-486
DOI: 10.1109/CNS.2017.8228711

DockerPolicyModules: Mandatory Access Control for Docker containers

Author(s): Enrico Bacis, Simone Mutti, Steven Capelli, Stefano Paraboschi
Published in: 2015 IEEE Conference on Communications and Network Security (CNS), 2015, Page(s) 749-750
DOI: 10.1109/CNS.2015.7346917

An SELinux-based intent manager for Android

Author(s): Simone Mutti, Enrico Bacis, Stefano Paraboschi
Published in: 2015 IEEE Conference on Communications and Network Security (CNS), 2015, Page(s) 747-748
DOI: 10.1109/CNS.2015.7346916

Policy Specialization to Support Domain Isolation

Author(s): Simone Mutti, Enrico Bacis, Stefano Paraboschi
Published in: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense - SafeConfig '15, 2015, Page(s) 33-38
DOI: 10.1145/2809826.2809832

AppPolicyModules - Mandatory Access Control for Third-Party Apps

Author(s): Enrico Bacis, Simone Mutti, Stefano Paraboschi
Published in: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15, 2015, Page(s) 309-320
DOI: 10.1145/2714576.2714626

SeSQLite: Security Enhanced SQLite - Mandatory Access Control for Android databases

Author(s): Simone Mutti, Enrico Bacis, Stefano Paraboschi
Published in: Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015, 2015, Page(s) 411-420
DOI: 10.1145/2818000.2818041

Supporting Application Requirements in Cloud-based IoT Information Processing

Author(s): Sabrina De Capitani di Vimercati, Giovanni Livraga, Vincenzo Piuri, Pierangela Samarati, Gerson A. Soares
Published in: Proceedings of the International Conference on Internet of Things and Big Data, 2016, Page(s) 65-72
DOI: 10.5220/0005877000650072

Secure Cloud Storage: A framework for Data Protection as a Service in the multi-cloud environment

Author(s): Quang Hieu Vu, Maurizio Colombo, Rasool Asal, Ali Sajjad, Fadi Ali El-Moussa, Theo Dimitrakos
Published in: 2015 IEEE Conference on Communications and Network Security (CNS), 2015, Page(s) 638-642
DOI: 10.1109/CNS.2015.7346879

IPA: Error Propagation Analysis of Multi-Threaded Programs Using Likely Invariants

Author(s): Abraham Chan, Stefan Winter, Habib Saissi, Karthik Pattabiraman, Neeraj Suri
Published in: 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST), Issue Annual, 2017, Page(s) 184-195
DOI: 10.1109/ICST.2017.24

Encrypting Analytical Web Applications

Author(s): Benny Fuhry, Walter Tighzert, Florian Kerschbaum
Published in: Proceedings of the 2016 ACM on Cloud Computing Security Workshop - CCSW '16, 2016, Page(s) 35-46
DOI: 10.1145/2996429.2996438

Poly-Logarithmic Range Queries on Encrypted Data with Small Leakage

Author(s): Florian Hahn, Florian Kerschbaum
Published in: Proceedings of the 2016 ACM on Cloud Computing Security Workshop - CCSW '16, 2016, Page(s) 23-34
DOI: 10.1145/2996429.2996437

C'MON: Monitoring the Compliance of Cloud Services to Contracted Properties

Author(s): Soha Albaghdady, Stefan Winter, Ahmed Taha, Heng Zhang, Neeraj Suri
Published in: Proc. of ARES (Availability, Reliability and Security) 2017, 2017
DOI: 10.1145/3098954.3098967

A Framework for Ranking Cloud Security Services

Author(s): Ahmed Taha, Ruben Trapero, Jesus Luna, Neeraj Suri
Published in: Proc. of Service Computing (SCC), 2017, Issue Yearly, 2017, Page(s) 322-329
DOI: 10.1109/SCC.2017.48

AttackDive: Diving Deep into the Cloud Ecosystem to Explore Attack Surfaces

Author(s): Salman Manzoor, Jesus Luna and Neeraj Suri
Published in: Proc of Service Computing (SCC), 2017, Issue Yearly, 2017, Page(s) 499-502
DOI: 10.1109/SCC.2017.74

deQAM: A Dependency Based Indirect Monitoring Approach for Cloud Services

Author(s): Heng Zhang, Jesus Luna, Ruben Trapero and Neeraj Suri
Published in: Proc of Service Computing (SCC) 2017, Issue Yearly, 2017, Page(s) 27-34
DOI: 10.1109/SCC.2017.13

SLA-based Service Selection for Multi-Cloud Environments

Author(s): Ahmed Taha, Salman Manzoor and Neeraj Suri
Published in: Proc of EDGE 2017, Issue Yearly, 2017, Page(s) 65-72
DOI: 10.1109/IEEE.EDGE.2017.17

On the use of fuzzy logic in dependable cloud management

Author(s): Sara Foresti, Vincenzo Piuri, Gerson A. Soares
Published in: 2015 IEEE Conference on Communications and Network Security (CNS), 2015, Page(s) 767-768
DOI: 10.1109/CNS.2015.7346926

Quick verification of concurrent programs by iteratively relaxed scheduling

Author(s): Patrick Metzler, Habib Saissi, Peter Bokor, Neeraj Suri
Published in: 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), 2017, Page(s) 776-781
DOI: 10.1109/ASE.2017.8115688

In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services

Author(s): Giancarlo Pellegrino, Davide Balzarotti, Stefan Winter, Neeraj Suri
Published in: Proc. of USENIX Security Symposium, 2015, Page(s) 801-816

Trust Validation of Cloud IaaS: A Customer-centric Approach

Author(s): Salman Manzoor, Ahmed Taha, Neeraj Suri
Published in: 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, Page(s) 97-104
DOI: 10.1109/TrustCom.2016.0051

GRINDER: On Reusability of Fault Injection Tools

Author(s): Stefan Winter, Thorsten Piper, Oliver Schwahn, Roberto Natella, Neeraj Suri, Domenico Cotroneo
Published in: 2015 IEEE/ACM 10th International Workshop on Automation of Software Test, 2015, Page(s) 75-79
DOI: 10.1109/AST.2015.22

Identifying and Utilizing Dependencies Across Cloud Security Services

Author(s): Ahmed Taha, Patrick Metzler, Ruben Trapero, Jesus Luna, Neeraj Suri
Published in: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16, 2016, Page(s) 329-340
DOI: 10.1145/2897845.2897911

No PAIN, No Gain? The Utility of PArallel Fault INjections

Author(s): Stefan Winter, Oliver Schwahn, Roberto Natella, Neeraj Suri, Domenico Cotroneo
Published in: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, 2015, Page(s) 494-505
DOI: 10.1109/ICSE.2015.67

Frequency-Hiding Order-Preserving Encryption

Author(s): Florian Kerschbaum
Published in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015, Page(s) 656-667
DOI: 10.1145/2810103.2813629

ENKI - Access Control for Encrypted Query Processing

Author(s): Isabelle Hang, Florian Kerschbaum, Ernesto Damiani
Published in: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data - SIGMOD '15, 2015, Page(s) 183-196
DOI: 10.1145/2723372.2749439

Supporting Users in Data Outsourcing and Protection in the Cloud

Author(s): S. De Capitani di Vimercati, S. Foresti, G. Livraga, P. Samarati
Published in: nternational Conference on Cloud Computing and Services, 2017, Page(s) 3-15
DOI: 10.1007/978-3-319-62594-2_1

Confidentiality Protection in Large Databases

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga, Stefano Paraboschi, Pierangela Samarati
Published in: A Comprehensive Guide Through the Italian Database Research Over the Last 25 Years, 2017, Page(s) 457-472
DOI: 10.1007/978-3-319-61893-7_27

Data Protection in Cloud Scenarios

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati
Published in: 2015, Page(s) 3-10
DOI: 10.1007/978-3-319-29883-2_1

Practical Techniques Building on Encryption for Protecting and Managing Data in the Cloud

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga, Pierangela Samarati
Published in: The New Codebreakers, 2016, Page(s) 205-239
DOI: 10.1007/978-3-662-49301-4_15

Data Security Issues in Cloud Scenarios

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati
Published in: Information Systems Security, 2015, Page(s) 3-10
DOI: 10.1007/978-3-319-26961-0_1

Selective and Private Access to Outsourced Data Centers

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga, Pierangela Samarati
Published in: Handbook on Data Centers, 2015, Page(s) 997-1027
DOI: 10.1007/978-1-4939-2092-1_33

Privacy in Pervasive Systems: Social and Legal Aspects and Technical Solutions

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga, Stefano Paraboschi, Pierangela Samarati
Published in: Data Management in Pervasive Systems, 2015, Page(s) 43-65
DOI: 10.1007/978-3-319-20062-0_3

Integrity for Approximate Joins on Untrusted Computational Servers

Author(s): Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati
Published in: ICT Systems Security and Privacy Protection, 2015, Page(s) 446-459
DOI: 10.1007/978-3-319-18467-8_30

Extending Mandatory Access Control Policies in Android

Author(s): Stefano Paraboschi, Enrico Bacis, Simone Mutti
Published in: Information Systems Security, 2015, Page(s) 21-35
DOI: 10.1007/978-3-319-26961-0_3

Cloud Security - Issues and Concerns



DOI: 10.1002/9781118821930.ch17

Security-as-a-Service in Multi-cloud and Federated Cloud Environments

Author(s): Pramod S. Pawar, Ali Sajjad, Theo Dimitrakos, David W. Chadwick
Published in: Trust Management IX, 2015, Page(s) 251-261
DOI: 10.1007/978-3-319-18491-3_21

Integrating Security Services in Cloud Service Stores

Author(s): Joshua Daniel, Fadi El-Moussa, Géry Ducatel, Pramod Pawar, Ali Sajjad, Robert Rowlingson, Theo Dimitrakos
Published in: Trust Management IX, 2015, Page(s) 226-239
DOI: 10.1007/978-3-319-18491-3_19

Privacy-Preserving Observation in Public Spaces

Author(s): Florian Kerschbaum, Hoon Wei Lim
Published in: Computer Security -- ESORICS 2015, 2015, Page(s) 81-100
DOI: 10.1007/978-3-319-24177-7_5

Symmetric-Key Based Proofs of Retrievability Supporting Public Verification

Author(s): Chaowen Guan, Kui Ren, Fangguo Zhang, Florian Kerschbaum, Jia Yu
Published in: Computer Security -- ESORICS 2015, 2015, Page(s) 203-223
DOI: 10.1007/978-3-319-24174-6_11