Publications

Refine Results

(Filters Applied) Clear All

Bootstrapping and Maintaining Trust in the Cloud(469.63 KB)

Date:
December 5, 2016
Published in:
Proceedings of the 32nd Annual Computer Security Applications Conference, ACSAC 2016
Type:
Conference Paper

Summary

Today's infrastructure as a service (IaaS) cloud environments rely upon full trust in the provider to secure applications and data. In this paper we introduce keylime, a scalable trusted cloud key management system. Keylime provides an end-to-end solution for both bootstrapping hardware rooted cryptographic identities for IaaS nodes and for system integrity monitoring of those nodes via periodic attestation.

Leveraging Data Provenance to Enhance Cyber Resilience(273.48 KB)

Date:
November 3, 2016
Published in:
Proceedings of 1st IEEE Cybersecurity Development Conference (SecDev'16), Boston, Mass.
Type:
Conference Paper

Summary

Creating bigger and better walls to keep adversaries out of our systems has been a failing strategy. The recent attacks against Target and Sony Pictures, to name a few, further emphasize this. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the “hard-shell” defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges.

Cryptography for Big Data Security(538.97 KB)

Date:
May 3, 2016
Published in:
Chapter in Big Data: Storage, Sharing, and Security, Fei Hu (editor), Auerbach Publications
Type:
Book Chapter
Topic:

Summary

New and improved security tools are needed to protect systems collecting and handling big data to allow applications to reap the benefits of big data analysis without the risk of such catastrophic attacks. Modern cryptography offers many powerful technologies that can help protect big data applications throughout the data lifecycle, as it is being collected, stored in repositories, and processed by analysts. In this chapter, we give a brief survey of several of these technologies and explain how they can help big data security.

Spyglass: Demand-Provisioned Linux Containers for Private Network Access(1.26 MB)

Author:
Date:
November 8, 2015
Published in:
Proceedings of the 29th Large Installation System Administration conference (LISA15), Washington D.C.
Type:
Conference Paper

Summary

System administrators have super-user access to the low level infrastructure of the systems and networks they maintain. Given the typical administrator’s breadth of access to this infrastructure, administrators or the client devices they use are a prime target for compromise by a motivated adversary. In this paper, we describe Spyglass, a tool for managing, securing, and auditing administrator access to private or sensitive infrastructure networks by creating on-demand bastion hosts inside of Linux containers.

Runtime Integrity Measurement and Enforcement with Automated Whitelist Generation(554.15 KB)

Date:
December 7, 2014
Published in:
Proceedings of the 2014 Computer Security Applications Conference (ACSAC)
Type:
Abstract

Summary

This poster discusses a strategy for automatic whitelist generation and enforcement using techniques from information flow control and trusted computing. Our prototype system, built on top of Intel's PIN emulation environment and the libdft taint tracking system, demonstrates high accuracy in tracking the sources of instructions.

Poster URL: https://homes.cs.washington.edu/~aksimpso/publications/ACSAC2014Poster.pdf

A Survey of Cryptographic Approaches to Securing Big-Data Analytics in the Cloud(527.97 KB)

Date:
September 9, 2014
Published in:
Proceedings of the IEEE High Performance Extreme Computing Conference (HPEC)
Type:
Conference Paper

Summary

The growing demand for cloud computing motivates the need to study the security of data received, stored, processed, and transmitted by a cloud. In this paper, we present a framework for such a study. We introduce a cloud computing model that captures a rich class of big-data use-cases and allows reasoning about relevant threats and security goals.

Computing on Masked Data: a High Performance Method for Improving Big Data Veracity(666.71 KB)

Date:
June 22, 2014
Published in:
Proceedings of the High Performance Extreme Computing Conference (HPEC)
Type:
Conference Paper
Topic:

Summary

The growing gap between data and users calls for innovative tools that address the challenges faced by big data volume, velocity and variety. Along with these standard three V’s of big data, an emerging fourth “V” is veracity, which addresses the confidentiality, integrity, and availability of the data. Traditional cryptographic techniques that ensure the veracity of data can have overheads that are too large to apply to big data. This work introduces a new technique called Computing on Masked Data (CMD), which improves data veracity by allowing computations to be performed directly on masked data and ensuring that only authorized recipients can unmask the data.

Showing Results

1-7 of 7