Monday, 15 July 2013

4 papers reviewed:
Keith Frikken, Mikhail Atallah, and Jiangtao Li. 2006. Attribute-Based Access Control with Hidden Policies and Hidden Credentials. IEEE Trans. Comput. 55, 10 (October 2006), 1259-1270. DOI=10.1109/TC.2006.158 http://dx.doi.org/10.1109/TC.2006.158

Key points:

  • PROBLEM:
    • Hiding the access policy from clients and hiding client attributes from the server.
  • CONTRIBUTION: 
    • Previous works on this topic revealed parts of the ACP to clients. The proposed solution claims to reveal nothing of the ACP.
    • A client and owner engage in a protocol. The client provides the protocol a subset of her credentials and the owner provides to client the hidden ACP and protected data. If attributes in credentials supplied to protocols satisfy the ACP, she gets the revealed data.
    • Uses techniques of homomorphic encryption, oblivious transfer, scrambled circuit evaluation and shuffling.
  • Strengths/Weakness:
    • The client learns little information as possible about the ACP and the owner learns as little information as possible about the client’s credentials.
    • The server does not learn which credentials a client has from the protocols.
    • The scheme is policy indistinguishable in that 2 policies that evaluate to the same value for the client’s credentials have indistinguishable transcripts and hence client learns nothing about the policy other than whether access is granted.
    • Scheme relies heavily on exchange of information which could leak some information potentially.
    • With growing number of attributes, communication complexity increases exponentially.
    • System works only for policies that check for the presence of certain attributes.

Deqing Zou; Zhensong Liao, "A New Approach for Hiding Policy and Checking Policy Consistency," Information Security and Assurance, 2008. ISA 2008. International Conference on , vol., no., pp.237,242, 24-26 April 2008
doi: 10.1109/ISA.2008.39

Key points:

  • PROBLEM:
    • Disclosure of sensitive policies may cause damages
    • Furthermore, some polices tend to be self-contradictory and hence a checking mechanism is required.
    • MAC and RBAC techniques could not work well in terms of resource sharing due to limitations in their design and application.
  • CONTRIBUTION: 
    • A new method to hide access control policy using ATN (Automated Trust Negotiation).
    • A new thought to handle policy consistency.
    • New approach for protecting user’s privacy.
    • Avoiding unwanted negotiation failure and improving negotiation efficiency.
  • Strengths/Weakness:
    • Previous work is shown to be effective but difficult to implement in the real world and hence claims the new solution will be efficient to implement. 
    • Paper uses matrices and is very mathematical.



Xinfeng Ye; Mingyu Gao, "Access Control with Hidden Policies and Credentials for Service Computing," Services Computing (SCC), 2012 IEEE Ninth International Conference on , vol., no., pp.242,249, 24-29 June 2012 doi: 10.1109/SCC.2012.13

Key points:

  • PROBLEM:
    • How to keep credentials and access control policies secret from the service providers.
  • CONTRIBUTION: 
    • Scheme uses cryptographic techniques to hide the policies and credentials needed to access data.
    • Cryptographic keys are used to represent the credentials and policies.
    • The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.
  • Strengths/Weakness:
    • Many previous works do not attempt to hide the policies or credentials and hence the novelty of the work is good.
    • Previous works that focus on policy hiding are computationally intensive and very inefficient.


Marian Harbach, Sascha Fahl, Michael Brenner, Thomas Muders, and Matthew Smith. 2012. Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions. In Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST) (PST '12). IEEE Computer Society, Washington, DC, USA, 17-24. DOI=10.1109/PST.2012.6297915 http://dx.doi.org/10.1109/PST.2012.6297915

Key points:

  • PROBLEM:
    • The need for hidden policies, hidden credentials, and hidden decisions.
    • The central issue with resource sharing in the Cloud is that of trust.
  • CONTRIBUTION: 
    • Argue for the need for hidden policies, credentials and decisions.
    • Present an approach using Homomorphic cryptography Supported Access Control (HSAC) as a first step to achieving the above properties.
    • The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.
  • Strengths/Weakness:
    • Many previous works do not attempt to hide the policies or credentials and hence the novelty of the work is good.
    • Previous works that focus on policy hiding are computationally intensive and very inefficient.

Sunday, 14 July 2013

5 papers reviewed:
Divyakant Agrawal, Sudipto Das, and Amr El Abbadi. 2011. Big data and cloud computing: current state and future opportunities. In Proceedings of the 14th International Conference on Extending Database Technology (EDBT/ICDT '11), Anastasia Ailamaki, Sihem Amer-Yahia, Jignesh Pate, Tore Risch, Pierre Senellart, and Julia Stoyanovich (Eds.). ACM, New York, NY, USA, 530-533. DOI=10.1145/1951365.1951432 http://doi.acm.org/10.1145/1951365.1951432

Key points:

  • Provides summary of the current state of big data
  • CONTRIBUTION: 
    • Provides study of big data and an in-depth analysis supporting update heavy applications
    • Provides study of big data supporting systems with ad-hoc analytics and decision support.
    • Key-Value stores very popular for big data and using tools such as Hadoop
  • Strengths/Weakness:
    • Provides summary of big data used in update heavy web applications and in analytics and decision support for competitive marketing.
    • Tutorial not extensive enough and not clear enough.


Christian Cachin, Kristiyan Haralambiev, Hsu-Chun Hsiao, and Alessandro Sorniotti. Policy-based secure deletion. Research Report RZ 3843, IBM Research, 2013.

Key points:

  • How to securely delete data from storage systems
  • PROBLEM:
    • Modern storage systems do not reliably destroy stored data and leave traces.
    • Users would like to control how data is deleted since storage systems usually still leave traces of data even after a deletion operation is called.
  • CONTRIBUTION: 
    • Introduces a secure deletion scheme from encryption and threshold secret sharing
    • Stored data is grouped into protection classes, and attributes control the selective erasure of data through a policy.
    • A set of attributes is given as arguments to the secure deletion scheme, the scheme then sets corresponding nodes in the graph to TRUE and at master key update, corresponding files will no longer be accessible.
    • Also presents a prototype implementation of secure deletion scheme.
  • Strengths/Weakness:
    • Useful way to delete a large number of files quickly.
    • Eventually, there will be a clutter of illegible data stored in storage systems making it slightly inefficient.
    • Also, an attacker may attempt brute force attacks to eventually decrypt the data.




Changqing Ji; Yu Li; Wenming Qiu; Awada, U.; Keqiu Li, "Big Data Processing in Cloud Computing Environments," Pervasive Systems, Algorithms and Networks (ISPAN), 2012 12th International Symposium on , vol., no., pp.17,23, 13-15 Dec. 2012
doi: 10.1109/I-SPAN.2012.9

Key points:

  • Effective management and analysis of large-scale data poses an interesting and critical challenge.
  • PROBLEM:
    • DBMS’s are not suitable for processing extremely large scale data.
    • A Big Data platform is needed.
  • CONTRIBUTION: 
    • Provides status of big data studies and related works which provides general view of big data management technologies and applications.
    • Provides overview of major approaches of big data such as MapReduce
    • Discusses open issues and challenges of processing big data in terms of three aspects, namely; big data storage, analysis and security.
  • Strengths/Weakness:
    • Provides good overview and definition of big data
    • Provides good up-to-date current research of big data
    • Slightly difficult to understand.


Zeeshan Pervez, Asad M. Khattak, Sungyoung Lee, Young-Koo Lee, Eui-Nam Huh: Oblivious access control policies for cloud based data sharing systems. Computing (2012) Journal Article: 1-24

Key points:

  • How to hide access control policies from the Cloud
  • PROBLEM:
    • Revealing ACP and access parameters to Cloud loses its efficacy
    • Important to design a system that can ensure end-to-end privacy, involving ACP, access parameters and outsourced data
  • CONTRIBUTION: 
    • A new access control mechanism called Oblivious Access Control Policy Evaluation (O-ACE) where ACP and access parameters are concealed from the cloud
    • O-ACE ensures end-to-end privacy using standard cryptographic primitives
    • O-ACE has been implemented in Google Cloud using Google App Engine.
    • Strengths/Weakness:
    • Many works do not focus on protecting ACP, and hence this is a useful and interesting paper.
    • Very easy to understand paper with good flow

Mohamed Meky, Amjad Ali: A Novel and Secure Data Sharing Model with Full Owner Control in the Cloud Environment. International Journal of Computer Science and Information Security Vol. 9 No. 6 (2011): 12 - 17

Key points:

  • How to provide data owner control over data in the Cloud in terms of confidentiality and integrity.
  • PROBLEM:
    • Security threats of unauthorised data access, compromised data integrity and confidentiality, less direct control of data by data owners over data stored in the Cloud.
  • CONTRIBUTION: 
    • A secure model that allows the data owner to have full control to grant or deny data sharing in the Cloud environment.
    • The model ensures confidentiality and integrity, and prevents Cloud providers from revealing data to unauthorised users.
    • The model can be implemented for several applications using a variety of data formats and any encryption algorithm.
  • Strengths/Weakness:
    • Data is kept secret from the Cloud provider and unauthorised users quite well.
    • Data integrity is also guaranteed quite well although other attacks such as forgery can still compromise integrity.
    • The data owner is required to store every users secrets and keys. This can become highly inefficient when data owners want to share data with millions of users.
    • Does not provide data owner the level of control of how their data is to be used and prevent copying, redistributing, etc.

ACM CCS '13 Conference Paper:
FGCS eHealth Journal paper:
  • Submitted new revision and waiting on outcome.
Book chapter:
  • Submitted camera-ready proof of paper and awaiting results.