tag:blogger.com,1999:blog-51509960659031154092024-02-20T10:15:09.078-08:00Danan's Project BlogThis is a joint project between <a href="http://sydney.edu.au/engineering/latte/">Latte</a> - The University of Sydney and the CSIRO.Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-5150996065903115409.post-89420148594872058402013-09-11T17:52:00.002-07:002013-09-11T17:52:53.052-07:00e-Health Journal paper:<br />
<br />
<ul>
<li>Accepted to be published by Future Generation Computer Systems, a Springer Journal.</li>
</ul>
<div>
<br /></div>
<div>
Secure Controlled Data Sharing Paper:</div>
<div>
<ul>
<li>Implemented and optimised a first draft application and awaiting to be ported to the TED device.</li>
<li>A first draft of the paper has also been completed with missing Implementation and Evaluation sections.</li>
</ul>
<div>
Collaboration with LaTTe:</div>
</div>
<div>
<ul>
<li>Retrieved Tracer code and brainstorming ideas on how to secure a relational database.</li>
<li>Will soon present my work to the LaTTe group as part of my hackday.</li>
</ul>
</div>
<br />
<br />
<br />
2 papers reviewed:<br />
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Guojun Wang, Fengshun Yue, and Qin Liu, "A Secure Self-Destructing Scheme for Electronic Data," Journal of Computer and System Sciences (Elsevier), 79(2): 279-290, March 2013.</span></div>
<b id="docs-internal-guid--8355acb-0f9f-82db-eff9-70b381859b12" style="font-weight: normal;"><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></b>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Key points:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">PROBLEM:</span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Exposing sensitive electronic data in the internet has become easier.</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Service providers leak messages for gaining profits and supporting investigation.</span></div>
</li>
</ul>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Previous work’s limitations include decryption key being accidentally disclosed to unauthorised users, untrustworthy third parties for profit or investigation, and in Geambasu’s scheme in which this work is referred, the entire ciphertext can still be obtained and is susceptible to brute-force attack.</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Main idea is to encapsulate data and key in objects and destroying the data and key after a period of time as specified by the owner. Data and key should be destroyed automatically without any user intervention.</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Data is encapsulated in Vanishing Data Objects (VDOs) and is only decapsulated by trusted authorised users.</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Data is stored in a Distributed Hash Table (DHT) as it makes room for newer data by discarding older data after a set time (decryption key and part of ciphertext are destroyed after a certain period of time). DHT allows huge size, geographic distribution and decentralisation making attacks in the DHT network difficult.</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: circle; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br />
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The system is flexible in allowing any type of encryption scheme for the data without any alterations.</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Paper assumes trusted authorised users since it is impossible for the system to protect sensitive user data is authorised users leak plaintext data recovered from the VDO.</span></li>
</ul>
<div>
<span style="font-size: 15px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-size: 15px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-size: 15px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-size: 15px; white-space: pre-wrap;"><br /></span></div>
<div>
<span id="docs-internal-guid--8355acb-0fa0-3126-3541-c3d5f5600578"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Guojun Wang, Qin Liu, and Jie Wu, "Achieving Fine-Grained Access Control for Secure Data Sharing on Cloud Servers," Wiley's Concurrency and Computation: Practice and Experience, 23(12): 1443–1464, August 2011.</span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key points:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM:</span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Data sharing has attracted a lot of attention in both the industry and academic communities.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A CSP may sell confidential information about an enterprise to the enterprise’s closest business competitors for profit and hence raises privacy and security issues which will result in a huge loss for enterprises.</span></div>
</li>
</ul>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Introduces the conjunctive precise and fuzzy identity-based encryption (PFIBE) scheme for secure data sharing on cloud servers.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Encrypts data based on user id or access control policy over attributes such that the corresponding user with the user id or satisfying the access control policy can decrypt the data.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Combines Hierarchical Identity-Based Encryption (HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Provides fine-grained access control to data.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">High performance and flexibility.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">System assumes trusted authorised users.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper has complex mathematics.</span></div>
</li>
</ul>
</span></div>
Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-77811850042471825332013-07-15T19:33:00.001-07:002013-07-15T19:33:12.550-07:004 papers reviewed:<br />
Keith Frikken, Mikhail Atallah, and Jiangtao Li. 2006. Attribute-Based Access Control with Hidden Policies and Hidden Credentials. IEEE Trans. Comput. 55, 10 (October 2006), 1259-1270. DOI=10.1109/TC.2006.158 http://dx.doi.org/10.1109/TC.2006.158<br />
<br />
Key points:<br />
<br />
<ul>
<li>PROBLEM:</li>
<ul>
<li>Hiding the access policy from clients and hiding client attributes from the server.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>Previous works on this topic revealed parts of the ACP to clients. The proposed solution claims to reveal nothing of the ACP.</li>
<li>A client and owner engage in a protocol. The client provides the protocol a subset of her credentials and the owner provides to client the hidden ACP and protected data. If attributes in credentials supplied to protocols satisfy the ACP, she gets the revealed data.</li>
<li>Uses techniques of homomorphic encryption, oblivious transfer, scrambled circuit evaluation and shuffling.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>The client learns little information as possible about the ACP and the owner learns as little information as possible about the client’s credentials.</li>
<li>The server does not learn which credentials a client has from the protocols.</li>
<li>The scheme is policy indistinguishable in that 2 policies that evaluate to the same value for the client’s credentials have indistinguishable transcripts and hence client learns nothing about the policy other than whether access is granted.</li>
<li>Scheme relies heavily on exchange of information which could leak some information potentially.</li>
<li>With growing number of attributes, communication complexity increases exponentially.</li>
<li>System works only for policies that check for the presence of certain attributes.</li>
</ul>
</ul>
<br />
Deqing Zou; Zhensong Liao, "A New Approach for Hiding Policy and Checking Policy Consistency," Information Security and Assurance, 2008. ISA 2008. International Conference on , vol., no., pp.237,242, 24-26 April 2008<br />
doi: 10.1109/ISA.2008.39<br />
<br />
Key points:<br />
<br />
<ul>
<li>PROBLEM:</li>
<ul>
<li>Disclosure of sensitive policies may cause damages</li>
<li>Furthermore, some polices tend to be self-contradictory and hence a checking mechanism is required.</li>
<li>MAC and RBAC techniques could not work well in terms of resource sharing due to limitations in their design and application.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>A new method to hide access control policy using ATN (Automated Trust Negotiation).</li>
<li>A new thought to handle policy consistency.</li>
<li>New approach for protecting user’s privacy.</li>
<li>Avoiding unwanted negotiation failure and improving negotiation efficiency.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Previous work is shown to be effective but difficult to implement in the real world and hence claims the new solution will be efficient to implement. </li>
<li>Paper uses matrices and is very mathematical.</li>
</ul>
</ul>
<br />
<br />
<br />
Xinfeng Ye; Mingyu Gao, "Access Control with Hidden Policies and Credentials for Service Computing," Services Computing (SCC), 2012 IEEE Ninth International Conference on , vol., no., pp.242,249, 24-29 June 2012 doi: 10.1109/SCC.2012.13<br />
<br />
Key points:<br />
<br />
<ul>
<li>PROBLEM:</li>
<ul>
<li>How to keep credentials and access control policies secret from the service providers.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>Scheme uses cryptographic techniques to hide the policies and credentials needed to access data.</li>
<li>Cryptographic keys are used to represent the credentials and policies.</li>
<li>The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Many previous works do not attempt to hide the policies or credentials and hence the novelty of the work is good.</li>
<li>Previous works that focus on policy hiding are computationally intensive and very inefficient.</li>
</ul>
</ul>
<br />
<br />
Marian Harbach, Sascha Fahl, Michael Brenner, Thomas Muders, and Matthew Smith. 2012. Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions. In Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST) (PST '12). IEEE Computer Society, Washington, DC, USA, 17-24. DOI=10.1109/PST.2012.6297915 http://dx.doi.org/10.1109/PST.2012.6297915<br />
<br />
Key points:<br />
<br />
<ul>
<li>PROBLEM:</li>
<ul>
<li>The need for hidden policies, hidden credentials, and hidden decisions.</li>
<li>The central issue with resource sharing in the Cloud is that of trust.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>Argue for the need for hidden policies, credentials and decisions.</li>
<li>Present an approach using Homomorphic cryptography Supported Access Control (HSAC) as a first step to achieving the above properties.</li>
<li>The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Many previous works do not attempt to hide the policies or credentials and hence the novelty of the work is good.</li>
<li>Previous works that focus on policy hiding are computationally intensive and very inefficient.</li>
</ul>
</ul>
Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-46117108525287800942013-07-14T17:58:00.002-07:002013-07-14T17:58:23.496-07:005 papers reviewed:<br />
Divyakant Agrawal, Sudipto Das, and Amr El Abbadi. 2011. Big data and cloud computing: current state and future opportunities. In Proceedings of the 14th International Conference on Extending Database Technology (EDBT/ICDT '11), Anastasia Ailamaki, Sihem Amer-Yahia, Jignesh Pate, Tore Risch, Pierre Senellart, and Julia Stoyanovich (Eds.). ACM, New York, NY, USA, 530-533. DOI=10.1145/1951365.1951432 http://doi.acm.org/10.1145/1951365.1951432<br />
<br />
Key points:<br />
<br />
<ul>
<li>Provides summary of the current state of big data</li>
<li>CONTRIBUTION: </li>
<ul>
<li>Provides study of big data and an in-depth analysis supporting update heavy applications</li>
<li>Provides study of big data supporting systems with ad-hoc analytics and decision support.</li>
<li>Key-Value stores very popular for big data and using tools such as Hadoop</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Provides summary of big data used in update heavy web applications and in analytics and decision support for competitive marketing.</li>
<li>Tutorial not extensive enough and not clear enough.</li>
</ul>
</ul>
<br />
<br />
Christian Cachin, Kristiyan Haralambiev, Hsu-Chun Hsiao, and Alessandro Sorniotti. Policy-based secure deletion. Research Report RZ 3843, IBM Research, 2013.<br />
<br />
Key points:<br />
<br />
<ul>
<li>How to securely delete data from storage systems</li>
<li>PROBLEM:</li>
<ul>
<li>Modern storage systems do not reliably destroy stored data and leave traces.</li>
<li>Users would like to control how data is deleted since storage systems usually still leave traces of data even after a deletion operation is called.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>Introduces a secure deletion scheme from encryption and threshold secret sharing</li>
<li>Stored data is grouped into protection classes, and attributes control the selective erasure of data through a policy.</li>
<li>A set of attributes is given as arguments to the secure deletion scheme, the scheme then sets corresponding nodes in the graph to TRUE and at master key update, corresponding files will no longer be accessible.</li>
<li>Also presents a prototype implementation of secure deletion scheme.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Useful way to delete a large number of files quickly.</li>
<li>Eventually, there will be a clutter of illegible data stored in storage systems making it slightly inefficient.</li>
<li>Also, an attacker may attempt brute force attacks to eventually decrypt the data.</li>
</ul>
</ul>
<br />
<br />
<br />
<br />
Changqing Ji; Yu Li; Wenming Qiu; Awada, U.; Keqiu Li, "Big Data Processing in Cloud Computing Environments," Pervasive Systems, Algorithms and Networks (ISPAN), 2012 12th International Symposium on , vol., no., pp.17,23, 13-15 Dec. 2012<br />
doi: 10.1109/I-SPAN.2012.9<br />
<br />
Key points:<br />
<br />
<ul>
<li>Effective management and analysis of large-scale data poses an interesting and critical challenge.</li>
<li>PROBLEM:</li>
<ul>
<li>DBMS’s are not suitable for processing extremely large scale data.</li>
<li>A Big Data platform is needed.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>Provides status of big data studies and related works which provides general view of big data management technologies and applications.</li>
<li>Provides overview of major approaches of big data such as MapReduce</li>
<li>Discusses open issues and challenges of processing big data in terms of three aspects, namely; big data storage, analysis and security.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Provides good overview and definition of big data</li>
<li>Provides good up-to-date current research of big data</li>
<li>Slightly difficult to understand.</li>
</ul>
</ul>
<br />
<br />
Zeeshan Pervez, Asad M. Khattak, Sungyoung Lee, Young-Koo Lee, Eui-Nam Huh: Oblivious access control policies for cloud based data sharing systems. Computing (2012) Journal Article: 1-24<br />
<br />
Key points:<br />
<br />
<ul>
<li>How to hide access control policies from the Cloud</li>
<li>PROBLEM:</li>
<ul>
<li>Revealing ACP and access parameters to Cloud loses its efficacy</li>
<li>Important to design a system that can ensure end-to-end privacy, involving ACP, access parameters and outsourced data</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>A new access control mechanism called Oblivious Access Control Policy Evaluation (O-ACE) where ACP and access parameters are concealed from the cloud</li>
<li>O-ACE ensures end-to-end privacy using standard cryptographic primitives</li>
<li>O-ACE has been implemented in Google Cloud using Google App Engine.</li>
<li>Strengths/Weakness:</li>
<li>Many works do not focus on protecting ACP, and hence this is a useful and interesting paper.</li>
<li>Very easy to understand paper with good flow</li>
</ul>
</ul>
<br />
Mohamed Meky, Amjad Ali: A Novel and Secure Data Sharing Model with Full Owner Control in the Cloud Environment. International Journal of Computer Science and Information Security Vol. 9 No. 6 (2011): 12 - 17<br />
<br />
Key points:<br />
<br />
<ul>
<li>How to provide data owner control over data in the Cloud in terms of confidentiality and integrity.</li>
<li>PROBLEM:</li>
<ul>
<li>Security threats of unauthorised data access, compromised data integrity and confidentiality, less direct control of data by data owners over data stored in the Cloud.</li>
</ul>
<li>CONTRIBUTION: </li>
<ul>
<li>A secure model that allows the data owner to have full control to grant or deny data sharing in the Cloud environment.</li>
<li>The model ensures confidentiality and integrity, and prevents Cloud providers from revealing data to unauthorised users.</li>
<li>The model can be implemented for several applications using a variety of data formats and any encryption algorithm.</li>
</ul>
<li>Strengths/Weakness:</li>
<ul>
<li>Data is kept secret from the Cloud provider and unauthorised users quite well.</li>
<li>Data integrity is also guaranteed quite well although other attacks such as forgery can still compromise integrity.</li>
<li>The data owner is required to store every users secrets and keys. This can become highly inefficient when data owners want to share data with millions of users.</li>
<li>Does not provide data owner the level of control of how their data is to be used and prevent copying, redistributing, etc.</li>
</ul>
</ul>
<div>
<br /></div>
<div>
ACM CCS '13 Conference Paper:</div>
<div>
<ul>
<li>Paper rejected due to low novelty. </li>
<li>Paper updated thanks to useful feedback from reviewers.</li>
<li>New paper now submitted to IEEE Big Data Conference (<a href="http://www.swinflow.org/confs/bdds2013/">http://www.swinflow.org/confs/bdds2013/</a>)</li>
</ul>
<div>
FGCS eHealth Journal paper:</div>
</div>
<div>
<ul>
<li>Submitted new revision and waiting on outcome.</li>
</ul>
<div>
Book chapter:</div>
</div>
<div>
<ul>
<li>Submitted camera-ready proof of paper and awaiting results.</li>
</ul>
</div>
<br />
<div>
<br /></div>
Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-23493868604493841492013-04-23T17:14:00.000-07:002013-04-23T17:21:41.150-07:004 Papers reviewed:<br />
<b id="docs-internal-guid-1eda9aff-3962-4364-5a88-b4378a827d09" style="font-weight: normal;"></b><br />
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1eda9aff-3962-4364-5a88-b4378a827d09" style="font-weight: normal;"><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Jin Li; Gansen Zhao; Xiaofeng Chen; Dongqing Xie; Chunming Rong; Wenjun Li; Lianzhang Tang; Yong Tang, "Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing," </span><span style="font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">, vol., no., pp.89,96, Nov. 30 2010-Dec. 3 2010</span></b></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1eda9aff-3962-4364-5a88-b4378a827d09" style="font-weight: normal;"><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">doi: 10.1109/CloudCom.2010.44</span></b></div>
<b id="docs-internal-guid-1eda9aff-3962-4364-5a88-b4378a827d09" style="font-weight: normal;"><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></b>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-1eda9aff-3962-4364-5a88-b4378a827d09" style="font-weight: normal;"><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></b></div>
<b id="docs-internal-guid-1eda9aff-3962-4364-5a88-b4378a827d09" style="font-weight: normal;">
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: How to provide data security and access control for outsourced sensitive data sharing via Cloud. Also how to prevent illegal key sharing among dishonest authorised users. </span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">For each file, achieves to define and enforce access policies based on attributes in the system. Can only access file is user attributes satisfy the file access structure. A file is encrypted with a symmetric key. This key is then encapsulated using the CP-ABE scheme. Users can decrypt the key if they possess attributes according to the CP-ABE scheme and consequently decrypt the data itself.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Achieve user accountability in fine-grained data access control systems. Implemented by traitor tracing technique.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Deploy Cloud servers to carry out revocation operations</span></div>
</li>
</ul>
</i></ul>
</i><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Complexity of file encryption only related to number of access policies associated with file and not number of users</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Creation and deletion of files and users only affect the file/user in question and doesn’t involve system wide updates or rekeying.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The heavy operations of user revocation is delegated to Cloud. Even though burden is off user, it still not a clean solution as the Cloud may have to deal with millions of heavy revocation operations.</span></div>
</li>
</ul>
</i><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Gerome Miklau and Dan Suciu. 2003. Controlling access to published data using cryptography. In</span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 29th international conference on Very large data bases - Volume 29</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (VLDB '03), Johann Christoph Freytag, Peter C. Lockemann, Serge Abiteboul, Michael J. Carey, Patricia G. Selinger, and Andreas Heuer (Eds.), Vol. 29. VLDB Endowment 898-909.</span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: Trust, privacy and security issues involved when sharing data are immense, however imperative when users are encouraged or forced.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Provides protection of XML files</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Data owner defines a high-level access policies which converts to queries and later provides a single “protection” for XML data.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A logical data model for these protections is introduced.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Shows how to perform encryptions using W3C Recommendation “XML Encryption Syntax”</span></div>
</li>
</ul>
</i></ul>
</i><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Not really relevant to allowing data owner access control over his data in distributed systems.</span></div>
</li>
</ul>
</i><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati. 2007. A data outsourcing architecture combining cryptography and access control. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 2007 ACM workshop on Computer security architecture</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CSAW '07). ACM, New York, NY, USA, 63-69. DOI=10.1145/1314466.1314477 </span><a href="http://doi.acm.org/10.1145/1314466.1314477" style="text-decoration: none;"><span style="background-color: white; color: #1155cc; font-size: 15px; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">http://doi.acm.org/10.1145/1314466.1314477</span></a><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: Enforcement of authorisation policies and the support of policy updates when outsourcing data on untrusted external servers.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Data encrypted as the data owner stores data on an external server.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Authorisations and encryption are merged thus allowing access control enforcement to be outsourced together with the data.</span></div>
</li>
</ul>
</i></ul>
</i><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Relies solely on cryptography for the protection and confidentiality of data.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Data owner does not need to be involved in the enforcement, only to specify the policy.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The paper does not handle the illegal key sharing problem.</span></div>
</li>
</ul>
</i><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Michael S. Kirkpatrick and Sam Kerr. 2011. Enforcing physically restricted access control for remote data. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the first ACM conference on Data and application security and privacy</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CODASPY '11). ACM, New York, NY, USA, 203-212. DOI=10.1145/1943513.1943540 http://doi.acm.org/10.1145/1943513.1943540</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: Restricting access only to known, trusted devices.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Proposes the idea of physically restricted access control where a data access can only be accessed on unique devices characterised by physically unclonable functions (PUF).</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Defines protocols for registering a device and making an access request.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Presents a prototype implementation of a client-server architecture which includes the creation of a PUF.</span></div>
</li>
</ul>
</i></ul>
</i><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<i style="font-style: normal;"><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Provides best level of security when data sharing as data owner can nearly guarantee that his data is being viewed by the right data consumer.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Lower chance of data leakage.</span></div>
</li>
</ul>
</i><br />eHealth Journal Paper: </b><br />
<b style="font-weight: normal;">- Notified by publisher that minor revision required.</b><br />
<b style="font-weight: normal;">- Currently working on the revision</b><br />
<b style="font-weight: normal;"><br /></b>
<b style="font-weight: normal;">eHealth Demo:</b><br />
<b style="font-weight: normal;">- Successfully coded initial phase of protocol.</b><br />
<b style="font-weight: normal;">- Database and web services set up with minimal functionality</b><br />
<b style="font-weight: normal;"><br /></b>
<b style="font-weight: normal;">ACM CCS Conference Paper:</b><br />
<b style="font-weight: normal;">- Started writing Abstract of paper</b><br />
<b style="font-weight: normal;">- Currently working on Introduction</b>Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-8269555965480263402013-04-09T19:12:00.003-07:002013-04-09T19:12:37.192-07:007 papers reviewed:<br />
<u><a href="http://asquicciarini.ist.psu.edu/pdf/codaspy.pdf"> Adaptive Data Protection in Distributed Systems </a></u>A. Squicciarini, G. Petracca, E. Bertino. Third ACM Conference on Data and Application Security and Privacy (CODASPY), February 2013.<br />
<br />
Key Points:<br />
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"></b><br />
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: Ensure customer's data protection policies are honored regardless of where the data is physically stored and how often it is accessed, modified and duplicated.</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: Ensuring policies associated with data distributed across domain (regardless of where the data is physically stored and how often it is accessed, modified, and duplicated) are honored is an important challenge. Data in the Cloud is stored and replicated in multiple locations around the world and it is important that jurisdiction laws are obeyed but also privacy of data owner is maintained</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: The paper uses self-controlling objects to protect data and enforce policies set out by the data owner to be maintained.</span></b></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">Innovative policy-enforcement techniques for adaptive sharing of user's outsourced data.</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">Uses the idea of self-controlling objects (SCOs), that encapsulate sensitive resources such as images, video, text, etc and assure their protection through the provision of adaptive security policies. SCOs use Java JAR technology.</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">The security of objects stored in JARs is managed by CP-ABE schemes</span></b></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></b></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">The data is encapsulated in JAR files which makes it portable and usable in any hardware, operating system, etc that has installed the popular Java Runtime Environment.</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="white-space: pre-wrap;">When modifications take place on one computer, the SCO automatically updates other identical SCO's to contain modified data which makes for a very neat collaboration without trusting Cloud.</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;">The trust level of outsiders is reduced further and combined with the simple idea, makes the solution attractive for future needs.</span></b></div>
</li>
</ul>
<br />
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"></b><br />
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="white-space: pre-wrap;">Issue: Once the data is decrypted, the user can still find where the decrypted file is contained and save a copy to be redistributed to other users. The decrypted data is not monitored for illegal operations, only the SCO.</span></b></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="white-space: pre-wrap;">The ACP needs to be better hidden.</span></b></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;"><br /></span></b></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="vertical-align: baseline; white-space: pre-wrap;"><br /></span></b></div>
</li>
</ul>
<br />
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"></b><br />
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. 2005. Secure collaboration in mediator-free environments. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 12th ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CCS '05). ACM, New York, NY, USA, 58-67. DOI=10.1145/1102120.1102130 http://doi.acm.org/10.1145/1102120.1102130</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></b></div>
<b id="internal-source-marker_0.8203765994403511" style="font-weight: normal;"><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Contributions:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: Collaboration and Interoperability in multi-domain environments provides benefits but suffers security issues</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: The paper is attempting to solve the problem of secure interoperability in a multi-domain environment without a mediator having a global view</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: Decentralises access control with the removal of a mediator to control collaboration. Access control is based on user’s access history, aka user access path. Paper uses idea of paths for secure interoperation.</span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Presents a mediator-free collaboration environment and discuss security challenges in such environment. Access path security requirements are presented for secure collaboration.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A framework for secure collaboration in a mediator-free environment, based on access control decisions based on user’s access history.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A discussion of several security attacks that can occur in a mediator-free environments and ways to mitigate such attacks. </span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper has good introduction. It explains the benefits of interoperability in 2 paragraphs and then discusses the problems in 2 paragraphs. The contribution and the paper organisation then follow.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The mathematics of the paper is a little difficult and a bit too much. However, parts of the mathematics was understandable.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The problem in relation to my research is that it doesn’t handle the scenario of dishonest users who may share data with unauthorised users (e.g via email attachments).</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 13th ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CCS '06). ACM, New York, NY, USA, 89-98. DOI=10.1145/1180405.1180418 </span><a href="http://doi.acm.org/10.1145/1180405.1180418" style="text-decoration: none;"><span style="background-color: white; color: #1155cc; font-size: 15px; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">http://doi.acm.org/10.1145/1180405.1180418</span></a><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Contributions:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: With the growing amount of sensitive data stored on the internet, there is concern where personal data will be compromised</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: The paper is trying to solve the problem of users sharing encrypted data with other users or third parties by either decrypting data and sending to them or by sending them the private key.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: A Key-Policy ABE scheme</span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A scheme where each private key is associated with an access structure that specifies which types of ciphertexts that can be decrypted according to the attributes of the ciphertexts.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">User’s key’s access structure uses tree structure where leaves are attributes. Can only decrypt if attributes satisfy the access structure.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Prevent collusion of users with similar access structures</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Provide a delegation mechanism that allows any user that has a key for an access structure to derive the key for another access structure only if the latter is more restrictive than the former.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper’s introduction discussed briefly the motivation and problem and discussed in detail the contribution.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper is relevant and relatively easy to read but at times confusing.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The mathematics of the paper is not understandable and very heavy. May need to do a number of follow-up readings to understand concepts.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Still assumes the authorised users are trustworthy and will not accidentally leak the whole data to third parties.</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Philippe Golle, Frank McSherry, and Ilya Mironov. 2006. Data collection with self-enforcing privacy. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 13th ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">(CCS '06). ACM, New York, NY, USA, 69-78. DOI=10.1145/1180405.1180416 </span><a href="http://doi.acm.org/10.1145/1180405.1180416" style="text-decoration: none;"><span style="background-color: white; color: #1155cc; font-size: 15px; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">http://doi.acm.org/10.1145/1180405.1180416</span></a><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: How to protect individuals from distrustful pollster and how to protect pollsters from fraudulent accusations.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: A pollster who wishes to collect private information from individuals of a population may not be able to do so us individuals, understandably, are unwilling to send sensitive information to untrustworthy pollsters.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: Bounty hunters</span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A bounty hunter service listens for leaks of private information and assembles a case against the pollster.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The bounty hunter participates in data collection, pretending to be respondents and submit “baits”, whose decrypted contents cannot be obtained without access to a secret held by the pollster</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Any report of actual data in the message must have come from the pollster and hence incriminates pollster of leakage of information.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper is a good first step to controlling whether the data owner’s data is leaked from the consumer and if it is, it does not go unnoticed.</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Alexandra Boldyreva, Vipul Goyal, and Virendra Kumar. 2008. Identity-based encryption with efficient revocation. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 15th ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CCS '08). ACM, New York, NY, USA, 417-426. DOI=10.1145/1455770.1455823 http://doi.acm.org/10.1145/1455770.1455823</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: In the setting of IBE, there has been little work on studying revocation mechanisms.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: In an ID-based/PKI-based system, users have to regularly keep in contact with PKG, prove their identity and get new keys whether their keys have been exposed or not. The PKG has to be online at all times for this.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper discusses a new way to mitigate the limitations of IBE with regard to revocation and improves efficiency of previous solutions.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Revocable IBE and its security models are defined and discussed.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">May provide a good revocation scheme, however, is very limited in providing good access control and monitoring.</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Amit Sahai and Hakan Seyalioglu. 2010. Worry-free encryption: functional encryption with public keys. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 17th ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">(CCS '10). ACM, New York, NY, USA, 463-472. DOI=10.1145/1866307.1866359 http://doi.acm.org/10.1145/1866307.1866359</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: The ability to send files to other users without worrying about whether they have the right to access the data.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: When a co-worker requests access to data, it is unclear whether the co-worker has the rights to access data. Although, these kinds of unauthorised accesses still occurs.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Discusses the need for a scheme to be secure against eavesdroppers, the need for the policy of a ciphertext to remain hidden, the user’s public key should reveal no information about his credentials, and even if the certification authority is corrupted, it should not be able to compromise the security of any honest user.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Suggests the notion of Worry-Free Encryption, since a sender does not need to worry about whether a recipient is authorised to obtain a message before sending it.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">A public/private keypair is generated for each bit of the user’s credentials. The public keys will then be sent to the Certificate Authority to mask user credentials in public key.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The encrypter then generates a function to be sent and encrypt each part of the function under each of the user’s public keys. The user can retrieve each function piece corresponding to his credentials to reveal the function and hence reveal data.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Could be useful to protect data from being viewed by unauthorised users.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Storing a number of public/private key pairs could introduce key management complexity and is costly on user machines.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Once the data is decrypted, an authorised user Alice, may still send the data to an unauthorised user, Bob. Paper assumes Alice is trusted but is curious whether Bob is allowed to view data.</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><b style="font-weight: normal;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Mohamed Nabeel and Elisa Bertino. 2011. Poster: towards attribute based group key management. In </span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 18th ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CCS '11). ACM, New York, NY, USA, 821-824. DOI=10.1145/2093476.2093502 http://doi.acm.org/10.1145/2093476.2093502</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Points:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">MOTIVATION: Current group key management schemes are not well designed to manage group keys based on the attributes of group members</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">PROBLEM: How to efficiently handle group dynamics (e.g, joining and leaving of members) and also how to defend against collusion attacks</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">CONTRIBUTION: </span></div>
</li>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">An expressive Attribute-Based Group Key Management Scheme (AB-GKM) which allows one to express any threshold or monotonic conditions over a set of identity attributes.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: circle; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Improve the performance of broadcast GKM schemes corresponding to his credentials to reveal the function and hence reveal data.</span></div>
</li>
</ul>
</ul>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weakness:</span></div>
<br /><ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Although the data owner has fine-grained access control over who can view his data and is effective, the data owner does not know how his data is being used by his members (e.g, illegal transfers, etc)</span></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
</li>
</ul>
</b>Development of e-health demo:</b><div>
<b style="font-weight: normal;">- Finished stage 1 of coding: Initialisation</b></div>
<div>
<b style="font-weight: normal;">- Working on stage 2 of coding: Consumer Authorisation</b></div>
<div>
<b style="font-weight: normal;">- Still need to test stage 1 coding to see if it is working<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="line-height: 1.15; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
</b></div>
Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-69638504395122949542013-04-03T17:52:00.003-07:002013-04-03T17:52:48.700-07:00<b id="internal-source-marker_0.9911467325873673" style="font-weight: normal;"></b><br />
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<b id="internal-source-marker_0.9911467325873673" style="font-weight: normal;"><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Osama Khan, Lea Kissner, Zachary Peterson, and Dawn Song. 2011. Remote data checking using provable data possession.</span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">ACM Trans. Inf. Syst. Secur.</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> 14, 1, Article 12 (June 2011), 34 pages. DOI=10.1145/1952982.1952994 http://doi.acm.org/10.1145/1952982.1952994</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></b></div>
<b id="internal-source-marker_0.9911467325873673" style="font-weight: normal;"><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key contributions:<span class="Apple-tab-span" style="white-space: pre;"> </span></span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Using Provable Data Possession (PDP) protocol, it challenges the storage server (SSP) to check <span class="Apple-tab-span" style="white-space: pre;"> </span>whether the data still exists.<span class="Apple-tab-span" style="white-space: pre;"> </span></span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Allows an auditor to check for <span class="Apple-tab-span" style="white-space: pre;"> </span>proof of data possession in order to validate whether the server <span class="Apple-tab-span" style="white-space: pre;"> </span>possesses the data that was originally stored by the client using Remote Data Checking (RDC)</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Tags are generated by the DO for each block of the file and stored along with the file in the SSP</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">DO issues a challenge to SSP for random data blocks and verifies the proof to validate whether data exists in server</span></div>
</li>
</ul>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strength:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Lightweight and Robust. Lightweight since spot checking is used to check whether a random <span class="Apple-tab-span" style="white-space: pre;"> </span>portion of the data still exists and robust since it protects <span class="Apple-tab-span" style="white-space: pre;"> </span>against arbitrary data corruptions</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Fixes small data corruptions</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Like the use of providing a high-level overview of the protocol just before explaining the <span class="Apple-tab-span" style="white-space: pre;"> </span>technical details.</span></div>
</li>
</ul>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Weakness:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Doesn't protect against data stealing</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Doesn't handle dynamic operations</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Doesn't handle the case of illegal transfer of files. It just checks for data existence</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Bo Chen and Reza Curtmola. 2012. Robust dynamic remote data checking for public clouds. In</span><span style="background-color: white; font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 2012 ACM conference on Computer and communications security</span><span style="background-color: white; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> (CCS '12). ACM, New York, NY, USA, 1043-1045. DOI=10.1145/2382196.2382319 http://doi.acm.org/10.1145/2382196.2382319</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key contributions:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Continues on the work of RDC but instead handles dynamic operations (insertions, updates, deletes) on data.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Uses Reed Solomon codes based on Cauchy matrices which provide communication-efficient code updates</span></div>
</li>
</ul>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Strength:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Handles robustness for dynamic operations</span></div>
</li>
</ul>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Weaknesses:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Paper too technical</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Lingfang Zeng; Zhan Shi; Shengjie Xu; Dan Feng, "SafeVanish: An Improved Data Self-Destruction for Protecting Data Privacy," </span><span style="font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> , vol., no., pp.521,528, Nov. 30 2010-Dec. 3 2010</span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">doi: 10.1109/CloudCom.2010.21</span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key Contributions:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Data self-destroys after a period of time by destroying the encryption key rendering the data useless</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Handles sniffing and hopping attacks which may read and store decryption keys before it is <span class="Apple-tab-span" style="white-space: pre;"> </span>destroyed.</span></div>
</li>
</ul>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Weakness:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">The ciphertext still remains even if decryption key destroyed making it vulnerable to traditional <span class="Apple-tab-span" style="white-space: pre;"> </span>attacks (cryptanalysis/brute force) to reveal plaintext</span></div>
</li>
</ul>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Fengshun Yue; Guojun Wang; Qin Liu, "A Secure Self-Destructing Scheme for Electronic Data," </span><span style="font-size: 15px; font-style: italic; vertical-align: baseline; white-space: pre-wrap;">Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on</span><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"> , vol., no., pp.651,658, 11-13 Dec. 2010</span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">doi: 10.1109/EUC.2010.104</span></div>
<br /><span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"></span><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Key contributions:</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Electronic data automatically destroyed after a certain period of time without any user <span class="Apple-tab-span" style="white-space: pre;"> </span>intervention</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Does not rely on third parties</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="vertical-align: baseline; white-space: pre-wrap;">Resists against traditional attacks (cryptanalysis/brute force) and also attacks to the <span class="Apple-tab-span" style="white-space: pre;"> </span>Distributed Hash Table (DHT) network which destroys the decryption key and a part of the ciphertext.</span></div>
</li>
<li dir="ltr" style="font-size: 15px; list-style-type: disc; vertical-align: baseline;"><span style="vertical-align: baseline; white-space: pre-wrap;">Encapsulates data into Vanishing Data Objects (VDOs) and later Decapsulates VDOs into data providing they are withing time constraints.</span></li>
</ul>
</b>Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-28655056573899659782013-03-12T18:10:00.001-07:002013-03-12T18:48:59.143-07:00Paper reviewsReviewed 4 papers.<br />
<br />
<br />
<div style="background-color: transparent;">
<b id="internal-source-marker_0.21557594556361437"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A paper reviewed: </span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Kayem, A.V.D.M., "On monitoring information flow of outsourced data," </span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: italic; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Information Security for South Africa (ISSA), 2010</span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> , vol., no., pp.1,8, 2-4 Aug. 2010</span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">doi: 10.1109/ISSA.2010.5588602</span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Key Ideas/Contributions:</span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">- Prevents authorised users from illegal data exchange</span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">- Uses an invisible digital watermark which is a hash of the encrypted data and key.</span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">- Hash of the user’s role key and the data hash are compared before enabling data access.</span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">- Keeps data secure from unauthorised users and the service provider</span></b><br />
<span class="Apple-style-span" style="font-family: 'Times New Roman';"><span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;">- Neat paper structure, especially the first two sections</span></span><br />
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Strength/Weakness/Limitations:</span><br />
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">- Prevents authorised users from transferring data to unauthorised users even when fully decrypted.</span><br />
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">- Doesn’t provide data owner full control such as how data is to be viewed, how many copies can be made, etc.</span><br />
<span class="Apple-style-span" style="background-color: transparent;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></span><br />
<span class="Apple-style-span" style="background-color: transparent;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></span><br />
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Paper reviewed:</span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> Qihua Wang and Hongxia Jin. 2011. Data leakage mitigation for discretionary access control in collaboration clouds. In </span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: italic; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 16th ACM symposium on Access control models and technologies </span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">(SACMAT '11). ACM, New York, NY, USA, 103-112. DOI=10.1145/1998441.1998457 http://doi.acm.org/10.1145/1998441.1998457</span><br />
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Key Ideas/Contributions</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span><br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;"><b id="internal-source-marker_0.21557594556361437">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Provides a controlled SaaS collaboration environment for collaboration and information sharing between different organisations</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Uses the idea of mandatory access control policies (MAC Policy) to control data sharing among different organisations based on the organisation's code-of-conduct and non-disclosure agreements (NDA)</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Users also have a list of contacts of which they can select users to share <span class="Apple-tab-span" style="white-space: pre;"> </span>information with. Provided the contact satisfies the MAC Policy conditions, users can share information with other organisations without fear of accidentally leaking information to an unauthorised organisation.</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Users may also accidentally make typos when sharing data and hence accidentally leak information to unauthorised users which may cost organisations. The solution contains a recommender algorithm which checks whether the selected user is relevant to the data based on <span class="Apple-tab-span" style="white-space: pre;"> </span>keyword strength and if not warns the user and suggests a better candidate from the user's contacts.</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span class="Apple-style-span" style="font-family: 'Times New Roman';"><span class="Apple-style-span" style="white-space: pre-wrap;">Neat paper structure</span></span></li>
</b></ul>
<b id="internal-source-marker_0.21557594556361437">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Strengths/Weaknesses/Limitations</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></b><br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;"><b id="internal-source-marker_0.21557594556361437">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Data access control mainly from business perspective</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Business users can share data without worrying about breaking code-of-conduct and MAC Policies.</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">MAC Policies also prevent users sharing data outside the perimeter of the authorised <span class="Apple-tab-span" style="white-space: pre;"> </span>organisation(s).</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Solution helps prevent users from making typos when entering users names for sharing. It issues <span class="Apple-tab-span" style="white-space: pre;"> </span>warnings and suggests the likely user based on the likelihood of data interest of that user.</span></li>
</b></ul>
<b id="internal-source-marker_0.21557594556361437">
</b>
<br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;"><b id="internal-source-marker_0.21557594556361437">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Polices are not fine-grained enough. Does not control access based on roles, only on <span class="Apple-tab-span" style="white-space: pre;"> </span>organisations.</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Only protects honest users from leaking information by mistake. A malicious user may create fake keywords and share data maliciously with whoever.</span></li>
</b></ul>
<b id="internal-source-marker_0.21557594556361437">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A Paper reviewed:</span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="background-color: white; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Maritza L. Johnson, Steven M. Bellovin, Robert W. Reeder, and Stuart E. Schechter. 2009. Laissez-faire file sharing: access control designed for individuals at the endpoints. In</span><span style="background-color: white; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: italic; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Proceedings of the 2009 workshop on New security paradigms workshop</span><span style="background-color: white; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> (NSPW '09). ACM, New York, NY, USA, 1-10. DOI=10.1145/1719030.1719032 http://doi.acm.org/10.1145/1719030.1719032</span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span><br /><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Key Ideas/Contributions</span></b><br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;"><b id="internal-source-marker_0.21557594556361437">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Laissez-Faire file sharing is defined by 5 properties - ownership, freedom of delegation, transparency, dependability and minimisation of friction.</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Most users in an enterprise who have to abide by policies and strict rules on file sharing almost <span class="Apple-tab-span" style="white-space: pre;"> </span>always subvert to sharing files through email attachments, USB, etc without the organisations file sharing system as it was too limiting and not as convenient.</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Email attachments prevent data owner the ability to permanently delete files, prevent readers from forwarding data to others and preventing others from working on and modifying the data.</span></li>
</b></ul>
<b id="internal-source-marker_0.21557594556361437">
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Strengths</span><br /><ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Highlights the need for a controlled data sharing environment</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Highlights the reality that many people find other ways to share data (e.g email attachments, USB) when data sharing laws are too restrictive</span></li>
</ul>
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Weaknesses/Limitations</span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span><br /><ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Laissez Faire sharing does not prevent re-sharing of data</span></li>
</ul>
<div style="font-weight: normal;">
<span class="Apple-style-span" style="font-family: 'Times New Roman';"><span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;"><br /></span></span></div>
<div style="font-weight: normal;">
<span class="Apple-style-span" style="font-family: 'Times New Roman';"><span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;"><br /></span></span></div>
<div style="font-weight: normal;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A Paper rev</span><span class="Apple-style-span" style="font-family: inherit;"><span style="background-color: transparent; color: black; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">iewed:</span><span style="background-color: transparent; color: black; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></b><br />
<div style="display: inline !important;">
<div style="background-color: transparent; display: inline !important;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span class="Apple-style-span" style="font-family: inherit;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Burnap, P.; Hilton, J.; , "Self Protecting Data for De-perimeterised Information Sharing," </span><span style="background-color: transparent; color: black; font-size: 15px; font-style: italic; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Digital Society, 2009. ICDS '09. Third International Conference on</span><span style="background-color: transparent; color: black; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> , vol., no., pp.65-70, 1-7 Feb. 2009 </span></b></b></b></span></b><b id="internal-source-marker_0.21557594556361437"></b><br />
<div style="display: inline !important; font-weight: normal;">
<div style="display: inline !important;">
<div style="background-color: transparent; display: inline !important;">
<div style="display: inline !important;">
<b id="internal-source-marker_0.21557594556361437"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-style-span" style="font-family: inherit;">doi: 10.1109/ICDS.2009.41</span></span></b></b></b></b></b></div>
</div>
</div>
</div>
</div>
</div>
<div style="display: inline !important;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;">
</b></b></b></div>
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;">
</b></b></div>
<div>
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Key Ideas/Contributions</span></b><br />
<ul style="margin-bottom: 0pt; margin-top: 0pt;"><b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Provides access control on machines outside the perimeter of the organisation or enterprise</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Data remains encrypted throughout its lifetime and can only be decrypted if user has access rights.</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Parts of the document are provided access control such that certain users can only have access rights. Parts of the document are classified into categories.</span></li>
</b></ul>
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;">
</b><b><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Strengths</span></b><br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;"><b>
<li dir="ltr" style="background-color: transparent; color: black; font-size: 15px; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span class="Apple-style-span" style="white-space: pre-wrap;"><div style="background-color: transparent; font-size: medium; white-space: normal;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-size: 15px; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-style-span" style="font-family: inherit;">In a document, a subsection of a document may be highly confidential whereas other sections may be publicly available. Traditionally, the whole document would be restricted to those with access rights and hence limiting effectiveness, dynamism of collaborative working. The solution allows parts of document to be protected while others are publicly available and hence effective.</span></span></b></div>
</span></li>
<li dir="ltr" style="background-color: transparent; color: black; font-size: 15px; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><span class="Apple-style-span" style="white-space: pre-wrap;"><div style="background-color: transparent; font-size: medium; white-space: normal;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-size: 15px; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-style-span" style="font-family: inherit;">Access control still stays in place when shared, copied, transferred, and stored on other organisation’s systems.</span></span></b></div>
</span></li>
</b></ul>
<b>
<span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Weaknesses/Limitations</span><span style="background-color: transparent; color: black; font-family: 'Times New Roman'; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span></b><br />
<ul style="font-weight: normal; margin-bottom: 0pt; margin-top: 0pt;"><b>
<li dir="ltr" style="background-color: transparent; color: black; font-variant: normal; font-weight: normal; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div style="background-color: transparent; font-size: medium; white-space: normal;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-size: 15px; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-style-span" style="font-family: inherit;">Doesn’t provide data owner control over his data. The data only controls who views the data but doesn’t let the data owner know if any other operations occur with the data that the data owner doesn’t know about, such as tampering or distributing illegal copies of the data. Hence, not enough data control.</span></span></b></div>
<div style="background-color: transparent; font-size: medium; white-space: normal;">
<b id="internal-source-marker_0.21557594556361437" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-size: 15px; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span class="Apple-style-span" style="font-family: inherit;"><br /></span></span></b></div>
<div style="background-color: transparent;">
<br /></div>
</li>
</b></ul>
<b>
</b></div>
<div style="font-weight: normal;">
<span class="Apple-style-span" style="font-family: 'Times New Roman';"><span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;"><br /></span></span></div>
</b></div>
Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-58880428912447768292013-02-20T16:23:00.002-08:002013-02-20T16:23:36.399-08:00<span class="Apple-style-span" style="font-family: inherit;">Over the last week, I read a paper "<span id="internal-source-marker_0.3381852051243186"><span style="background-color: transparent; font-size: 15px; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Ensuring Distributed Accountability for Data Sharing in the Cloud" and spent time analysing it. I also researched and read another paper on De-Perimeterised Sharing of Data which also focuses on Self-Protecting Data.</span></span></span><br />
<span class="Apple-style-span" style="font-family: inherit;"><span id="internal-source-marker_0.3381852051243186"><span style="background-color: transparent; font-size: 15px; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></span></span>
<span class="Apple-style-span" style="font-family: inherit;"><span id="internal-source-marker_0.3381852051243186"><span style="background-color: transparent; font-size: 15px; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Also, I have been busy working throughout the week on contributing a small part to another publication. I had to write a paragraph on my HeartBeat project and take a snapshot of my developed system so far. This is still a work in progress.</span></span></span><br />
<span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;"><br /></span>
<span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;">Also, I received an email this week from the book chapter reviewers regarding that my submitted book chapter had been accepted to be included in the book. I now have to make changes as per the reviewers comments and submit the final version by 15th March. So far, I have addressed most of the trivial comments such as removing a section, or renaming etc. I need time to work on the more non-trivial ones.</span><br />
<span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;"><br /></span>
<span class="Apple-style-span" style="font-size: 15px; white-space: pre-wrap;">Regarding the HeartBeat system, I am now doing some light programming tasks to get ready for the programming of the security layer. I will start coding the security layer maybe next week. There is a lot of work to do here. </span>Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-45610913824406237522013-02-13T16:35:00.001-08:002013-02-13T16:35:17.265-08:00Last week, I spent time reading papers on ways a data owner can share his data in the Cloud while maintaining control over how his data is being used. Since data consumers may be untrusted and can send the data owner's data to friends via email or make illegal copies of the data which may not respect the privacy of the data owner, I am trying to incorporate ways a data owner can track how his data is being used. I read a paper entitled "A Software-Hardware Architecture for Self-Protecting Data" which combines an access control policy with the data which controls how the data is to be used. I will continue to read more papers along this path.<br />
<br />
Regarding the app, I have successfully updated the Client application which reads the latest ECG and stores the ECG reading into a JPEG file for offline monitoring by a doctor or nurse. I have shown this to my supervisor and am now ready to implement the security layer for the app. I will spend 2-3 weeks on this. I will continue to post updates on this as they occur.Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-19503196263073396052013-02-05T16:28:00.002-08:002013-02-05T16:37:26.700-08:00Yesterday, I just completed my probation and managed to pass. I was confused at some of the questions, but with the help of my supervisor, I was able to pass and continue my candidature. I need to keep reading and get a better understanding of my topic. I am now looking to provide better access control for the data owner in a distributed computing environment where the data owner may share data with other users in his group but control how his data is being used. I will be spending the next couple of weeks reading literature on this.<br />
<br />
Meanwhile, regarding the ECG application, I have now managed to successfully get a clean ECG curve. The app now displays in real-time, an ECG waveform and also the heart rate of the person using the sensors. This was mainly a result of incorporating code from AliveTec. I spent the last week trying to understand their sample code and managed to successfully incorporate it into the app. I still need to incorporate this code into the client side application as well. I am also looking for ways to provide automated ECG analysis to automatically determine cardiac arrhythmias.Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-82267127240078393402013-01-23T16:58:00.003-08:002013-01-23T16:58:47.205-08:00Over the last week, I researched ways to get a nice looking ECG curve into my app as well as the client application. I've struggled a bit to get electrocardiogram but I have been supplied with Java code from AliveTec to study how to get the curve. I will be spending time trying to read and deeply understand this code, so that I can incorporate it into the app. The current app shows a poor ECG signal and is illegible. I think I'm getting close to solving the problem. Will post updates as they occur..Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-22976820380443633782013-01-15T17:54:00.003-08:002013-01-15T17:54:26.740-08:00Over the Christmas and New Year Holidays I have worked on fixing the journal and book chapter. I've worked with my supervisors to get better feedback after each revision. I have managed to submit the two papers to the publishers just in time yesterday. Feel relieved to finally finish all the writing.<br />
<br />
This week, I am going to go back and focus on the project. I will need to find ways to get a clear ECG waveform from the Bluetooth device as well as try to classify the ECG waveform and determine irregular patterns and so on. Also, I will have to implement the secure data sharing algorithm from the journal paper into the prototype health application. I also plan on integrating more than one type of health device to make our application more generic. I also plan on incorporating the project into Springroo. Looking forward to the work to do this year!Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-77922814225734591602012-12-12T18:58:00.001-08:002012-12-12T18:58:56.760-08:00Last week, I spent most of my time working on the journal. I made changes based on the feedback suggested by Rafa, Shiping and Surya to the best of my ability and have submitted a second version for review. The deadline is only 2.5 weeks away so I'm working really hard on this as well as the book chapter.<br />
In regards to the book chapter, I have nearly completed the write-up. I need to fill in about 3 more pages which may take about a week or so. After this I will need to quickly finalise and send to my supervisors for feedback. This will be due a week after the journal so there is plenty of writing to do.<br />
Also, I will submit the 3rd milestone "Extended Literature Review" by the end of this week as I believe I may have done enough. I will continue to post updates as they occur...Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-34693915410584556262012-12-04T18:03:00.000-08:002012-12-04T18:03:00.806-08:00<u>Journal publication</u><br />
I have managed to successfully finish a first draft of the journal publication. I have received comments and feedback as well as corrections from Rafael and Shiping. Overall, I have made a good start but still need to make a number of improvements to the journal. I will be working on the journal through this week and next week to get a second draft out.<br />
<br />
<u>Book Chapter</u><br />
The book chapter is progressing along well. I have nearly completed a first draft of the book chapter. So far, it's touching on 14 pages without diagrams with 83 references. I've spent this week writing the key management and data sharing sections. I still have a lot of reading to do as I don't believe I have enough literature reading. My goal is to reach near 20 pages with ~100 references. The remainder of this week will be spent adding diagrams, tidying up, adding a conclusion and catching up on reading. The next week I will spend reading more literature and adding them into the book chapter before I send the final draft to my supervisors.<br />
<br />
<u>HeartBeat ECG System </u><br />
Although I haven't been spending too long on this, I am still looking into developing an automated analysis of ECG data for the HeartBeat system. I have read the thesis although I am struggling a bit to get my head around it. I am still yet to understand the MIT-BIH ECG data. I need to put a bit more time and effort into this and will work on it during next week.<br />
<br />
<u>Probation Milestones</u><br />
I am currently working on writing an extended and modified literature review as per the requirements of the PhD probation. At the moment, it is not too dissimilar to the book chapter and is still a work-in-progress.<br />
<br />
<br />Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-50144287838025414022012-11-28T19:11:00.002-08:002012-11-28T19:11:28.439-08:00<u>Journal publication</u><br />
I have manage to finish a first draft of the journal publication so far. I spent yesterday running tests and grabbing screenshots as well as generating graphs to add in to the publication. This morning I managed to finish up the writing of the journal. I've sent the draft to my supervisors for early feedback and awaiting a response.<br />
<br />
<u>Book Chapter</u><br />
I'm still continuing to write the book chapter. I have finished writing half of the chapter and there is still plenty more work to go. I still need to finish off the key management and the data sharing sections of the chapter. Although moving slowly, progress is being made on it every day.<br />
<br />
<u>Developed HeartBeat System</u><br />
I've managed to get a clearer ECG waveform on the app now. It's still not perfect but still there is work to be done. I've also implemented visualisation of the ECG in the Java Client application. The client can now view, copy, and even save the ECG visualisation to a PNG image file. Also, the client can print the ECG visualisation for offline viewing and analysis.<br />
Also, I'm still working on implementing automated ECG waveform analysis. I'm currently reading a past student's thesis to get idea and have looked at MIT-BIH website. I can try to implement something once I get a clear ECG waveform from the app. I will be looking at my code again to see where I can improve and try to get a smoother curve.<br />
<br />Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-78354061595700711892012-11-21T18:05:00.002-08:002012-11-21T18:05:15.933-08:00Regarding my progress so far, I am currently doing plenty of writing. I have nearly finished writing the journal and still making progress writing the book chapter. The last few weeks were mostly spent reading literature and writing in parallel.<br />
<br />
I also presented a demo of the heart beat system to the Chief Scientist at CSIRO where my supervisor and a number of other CSIRO members were present. It was recommended that I try to produce a clearer ECG waveform and learn to classify the ECG waveform to detect any arrhythmias. I was given a past student's thesis to read and get a better understanding of ECG waveforms. It was also recommended that I look at 'MIT-BIH' as a reference for classifying ECG waveforms. Currently I am reading through the papers and will later change my application to incorporate these ideas.<br />
<br />
Also, this week I attended the CSIRO ICT conference for a short while and met a few other PhD students working on different projects. Also, this week I submitted the first milestone deliverable to Rafael.Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-76684295449594521532012-11-04T22:34:00.000-08:002012-11-04T22:40:37.099-08:00Reading Literature and Writing PapersAfter developing the app, I have started writing a journal paper on it. I'm targeting the Future Generation Computer Systems (IF=1.978) Special Issue on Integration of Cloud Computing and Body Sensor Networks. So far I have written a full draft of the paper with some testing still left to complete. At the moment I have about 9 pages and trying to push for another 3 or 4 pages.<br />
<br />
Also, I have been invited by my supervisor to contribute a book chapter for "Security, Privacy and Trust in Cloud Systems". I have submitted a proposal and now working on the writing of the book chapter. I realise I have a long way to go to finish the chapter. Working at fast pace..<br />
<br />
Regarding the health-monitoring system, it is now a functional prototype and I will be giving a demo this Friday. The Android app now successfully connects the sensor via Bluetooth and reads the live streaming data. The app also has a user interface and buttons that will allow periodic uploads of the latest streamed data to the Cloud. The web service has been updated to allow user authentication. I've also created a Java application which runs on the Client's computer that will enable either a doctor or a patient to log-in and view ECG data through calls to the web service. At the moment, the security layer hasn't been implemented, and it is sending credentials and data through plain XML. Later on, I will implement a security layer that will incorporate secure data sharing aspects. I have come up with a draft idea of a data sharing protocol which will later be further refined. The protocol will be discussed in detail in the journal.<br />
<br />
Much more work ahead...Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-62727253598266070702012-08-05T18:14:00.000-07:002012-08-05T18:14:08.623-07:00Developing an App for Health ApplicationI have spent the last few weeks working on developing an app for ECG monitoring. I haven't posted progress on it for a while as I have been busy but I will hopefully cover much of what I have done so far. <div>
<br /></div>
<div>
I have narrowed down my topic to secure data sharing in cloud computing. I will be targeting to publish a paper in the 'Health Information Science and Systems' journal. Currently there is a growing need for patients to monitor their health wherever they are. In particular, a lot of people need to monitor their heart regularly to prevent problems such as cardiac arrhythmias. There are many heart activity monitors that are currently available today. For this project, I was given the 'Alive Heart Rate and Activity Monitor' which streams live electrocardiogram(ECG) data via bluetooth. The patient has to connect sensors to their body and start the monitor and then they can continue to carry on with their daily lives while the device monitors ECG of the patient. </div>
<div>
<br /></div>
<div>
My goal was to develop an iPad app that receives this data via bluetooth and allows the patient to store this data to the cloud at regular intervals. First the patient connects the sensors and starts the monitor. The iPad app then must receive this data via bluetooth by the tap of a button. The patient can then customise information in the app such as length of periodic interval, etc and then tap the 'Upload data' button which will then send this data to the cloud via web services. The doctor, patient, nurse and/or other parties who have permission to access patient data and determine whether there are problems with the patient. This allows the doctor to be in a remote location and monitor the patient and doesn't require the patient to come to a hospital unless urgently required.</div>
<div>
<br /></div>
<div>
The past few weeks I have been working on implementing a simple working version of this. However, I stumbled upon an issue where iOS devices do not support the type of bluetooth connection that was supported in the heart monitor. The heart monitor only supported the Bluetooth SPP (see <a href="http://en.wikipedia.org/wiki/Bluetooth_profile#Serial_Port_Profile_.28SPP.29">http://en.wikipedia.org/wiki/Bluetooth_profile#Serial_Port_Profile_.28SPP.29</a>). The iOS devices does not include support for this (cf. <a href="http://support.apple.com/kb/HT3647">http://support.apple.com/kb/HT3647</a>). After further research, there was another way, and this involved registering for the 'Made for iPod' program (<a href="https://developer.apple.com/programs/mfi/">https://developer.apple.com/programs/mfi/</a>), gaining approval and then adding an additional Mac chip into the monitor. This was unfeasible since this is additional overhead on the patient side. After consulting with peers, another method was to jailbreak the iPad and installing a BTStackGPS program which allows streaming of bluetooth data via SPP. Currently, I have still yet to try this method. </div>
<div>
<br /></div>
<div>
After consulting with my supervisor, another workaround was to use another tablet. I was provided an Eee Pad which provides an Android based platform. After looking through the API's, Android provided a comprehensive API for bluetooth and had good support for Bluetooth SPP. I have successfully implemented a simple working app that reads live streams from the Heart Monitor.</div>
<div>
<br /></div>
<div>
This week I will attempt to decipher the meaning of the streamed bytes and extract useful information from the stream. I will then provide a button that will send this information to the cloud via web services. For testing purposes, I will use a local database and use Apache Tomcat to host the web services and run the web services and the Eee Pad app will call the web services to the localhost server. I will also attempt to come up with a data model to enable secure data sharing.</div>
<div>
<br /></div>
<div>
I will continue to post regular updates as they occur.</div>Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-32750492108248492602012-06-13T20:15:00.001-07:002012-06-13T20:15:19.989-07:00Over the last week, I spent time on trying to understand Objective-C needed for iPad programming. It's still a little confusing but I'm starting to get the hang of it slowly. I managed to create simple apps for the iPad. I will continue working on this and hopefully by next week, I will be able to start consuming some simple web services on the iPad. <div>
<br /></div>
<div>
In terms of web services, I have a more thorough understanding about it now. The tutorials seemed to have helped.<br /><div>
<br /></div>
<div>
I've also spent some time learning about Google App Engine and web services. I've managed to create a web service that will allow a user to store a file onto Google's datastore. The client (a Java application) was created that calls the web service to check if a user is logged in. If the user is logged in, the client application will allow the user to choose a file on their system to upload onto Google datastore. The chosen file will then be encrypted and the encrypted file and its corresponding key are sent via SOAP to the web service, which will then store the data onto datastore. I have managed to complete all this. However, I have come across some problems: file bytes can't exceed 500 characters and hence this only works for very small files. I will look into this problem and see if there is a workaround. Will update once this issue is resolved. Once this is done, the file retrieval process will then take place and later on I can look at the concept of file sharing and collaboration amongst friends, etc.</div>
<div>
<br /></div>
<div>
Also this week, I prepared and attended the Research Methods Workshop, which is compulsory for my degree. I managed to write a draft literature review and draft proposal. On the day of the workshop, I learnt many useful things about writing literature reviews and proposals. Dr George Ridgway, facilitator of the workshop, shared some very interesting tips and kept us engaged with the activities and tasks and overall I found the workshop extremely useful. </div>
<div>
<br /></div>
</div>Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-604421210607859342012-06-03T05:17:00.000-07:002012-06-03T05:23:30.512-07:00I've spent the last week carrying out tutorials on programming with the iPad/iPhone. I've managed to successfully create a simple 'Hello World' app but have not yet configured it to run on the iPad. As suggested by Suraj, I will speak to Kelvin to grant me access rights and to obtain the developer certificate that will allow me to test apps on the iPad. I'm still trying to get my head around the code.<br />
<br />
I've also continued to learn about web services and SOAP. I've spent a lot of time creating a simple web application and web service using Java and Google App Engine. I am attempting to create an application that encrypts the users file and store the file and encryption key in Google's Blogstore Service. So far, I have created a web service that checks if a user is registered, and have yet to write methods for storing the file, and downloading the file. I have also managed to successfully call the web service using SOAP. I've learnt so much about web services already!<br />
<br />
I've also started the writing of the draft literature review and thinking about how I'm going to structure the literature review. <br />
<br />
I will continue to spend this week learning the Objective-C programming language on Xcode. I will also continue to spend more time writing the draft literature review and maybe get started on the draft proposal.Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-26869776714971060942012-05-22T21:14:00.002-07:002012-05-22T22:12:43.421-07:00Understanding codeI've spent the last week trying out different tutorials related to Web Services. I felt confident enough to try and run the HeartBeatWS application. However, after many attempts I still could not configure it to run successfully. I was still confused with how to run the application.<br />
<br />
Finally, I've managed to pinpoint the issue with the project. I found that the project was initially built using Axis 1.4. I was using Axis2 and from online research, I found that Axis2 was a <b>significant </b>rewrite of the original Axis1 framework. I then created the HeartBeat web service using Axis1 and have managed to successfully run and invoke the web services. I also had to make some minor adjustments to the code such as changing the endpoint on the HeartBeatWS client to reflect the correct web service location.<br />
<br />
I've spent most of this week and last week reading and understanding the HeartBeatWS code. I am beginning to get familiar with the running of the code. Suraj Pandey also sent me a publication paper related to the application and that helped me further understand the code.<br />
<br />
I will now spend the rest of the week researching and understanding iPad app development and play around with Xcode on an Apple PC at CSIRO and then look at the Visual Studio solution. There's still a lot of work to be done yet!Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-7463428219220384702012-05-18T20:34:00.001-07:002012-05-18T20:34:48.200-07:00I spent the last week trying to understand the HeartBeatWS code. It's still very confusing to get my head around. <div>
I've spent some time looking at other code and tutorials related to web services and wsdl. It's all coming back now since I worked on web services previously for the TrustStore application but the HeartBeat application seems a lot more complex!</div>
<div>
I'll continue to spend more time trying to figure out the code and doing more tutorials!</div>Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0tag:blogger.com,1999:blog-5150996065903115409.post-4367325024424810442012-05-04T23:37:00.002-07:002012-05-04T23:37:17.113-07:00My first blogThis is my first published blog test.Dananhttp://www.blogger.com/profile/14248271531692010134noreply@blogger.com0