| 1. |
- Arts, Thomas, 1969, et al.
(författare)
-
Model based testing of data constraints: testing the business logic of a Mnesia application with Quviq QuickCheck
- 2009
-
Ingår i: 8th ACM SIGPLAN Erlang Workshop, Erlang'09, Co-located with the Annual International Conference on Functional Programming, ICFP'09; Edinburgh; United Kingdom; 5 September 2009 through 5 September 2009. - New York, NY, USA : ACM. - 9781605585079 ; , s. 71-82
-
Konferensbidrag (refereegranskat)abstract
- Correct implementation of data constraints, such as referential integrity constraints and business rules is an essential precondition for data consistency. Though most modern commercial DBMSs support data constraints, the latter are often implemented in the business logic of the applications. This is especially true for non relational DBMS like Mnesia, which do not provide constraints enforcement mechanisms. This case study examines a database application which uses Mnesia as data storage in order to determine, express and test data constraints with Quviq QuickCheck, adopting a model-based testing approach. Some of the important stages of the study described in the article are: reverse engineering of the database, analysis of the obtained database structure diagrams and extraction of data constraint, validation of constraints, formulating the test specifications and finally running the generated test suits. As a result of running the test suits randomly generated by QuickCheck, we have detected several violations of the identified and validated business rules. We have found that the applied methodology is suitable for applications using non relational, unnormalized databases. It is important to note the methodology applied within the case study is not bound to a specific application or DBMS, and can be applied to other database applications.
|
|
| 2. |
- Castro, Laura M., et al.
(författare)
-
Validation of SDN policies: a property-based testing perspective
- 2019
-
Ingår i: Procedia Computer Science. - : Elsevier BV. - 1877-0509. ; 160, s. 23-29
-
Tidskriftsartikel (refereegranskat)abstract
- Software-defined networks are being widely adopted and used in large and complex networks supporting critical operations. Their increasing importance highlights the need for effective validation of SDN topologies and routing policies both prior and during operation. The policies that configure an SDN deployment come from several, possibly conflicting sources. This may lead to undesired effects such as node isolation, network partitions, performance drops and routing loops. Such effects can be formulated as automatically testable reusable conditions using property-based testing (PBT). This approach allows to automatically determine and formulate as a counterexample the minimum set of conflicting rules. The approach is especially useful when policies are configured in an incremental manner. PBT techniques are particularly good at automatic counterexample shrinking and have the potential of being extremely effective in this area.
|
|
| 3. |
- Dowsley, Rafael, et al.
(författare)
-
A survey on design and implementation of protected searchable data in the cloud
- 2017
-
Ingår i: Computer Science Review. - : Elsevier BV. - 1574-0137 .- 1876-7745. ; 26, s. 17-30
-
Tidskriftsartikel (refereegranskat)abstract
- While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users. As a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions—one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen – based on the findings of our analysis – an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption.
|
|
| 4. |
- Girtler, Daniel, et al.
(författare)
-
Component integrity guarantees in software-defined networking infrastructure
- 2017
-
Ingår i: 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2017. - : Institute of Electrical and Electronics Engineers Inc.. - 9781538632857 ; , s. 292-296
-
Konferensbidrag (refereegranskat)abstract
- Operating system level virtualization containers are commonly used to deploy virtual network functions (VNFs) which access the centralized network controller in software-defined networking (SDN) infrastructure. While this allows flexible network configuration, it also increases the attack surface, as sensitive information is transmitted between the controller and the virtual network functions. In this work we propose a mechanism for bootstrapping secure communication between the SDN controller and deployed network applications. The proposed mechanism relies on platform integrity evaluation and execution isolation mechanisms, such as Linux Integrity Measurement Architecture and Intel Software Guard Extensions. To validate the feasibility of the proposed approach, we have implemented a proof of concept which was further tested and evaluated to assess its performance. The prototype can be seen as the first step into providing users with security guarantees regarding the integrity of components in the SDN infrastructure.
|
|
| 5. |
- Guanciale, Roberto, et al.
(författare)
-
SoK : Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing
- 2022
-
Ingår i: Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022. - : Institute of Electrical and Electronics Engineers Inc.. - 9781665485265 - 9781665485272 ; , s. 109-120
-
Konferensbidrag (refereegranskat)abstract
- Confidential computing allows processing sensitive workloads in securely isolated spaces. Following earlier adoption of process-based approaches to isolation, vendors are now enabling hardware and firmware support for virtualization-based confidential computing on several server platforms. Due to variations in the technology stack, threat model, implementation and functionality, the available solutions offer somewhat different capabilities, trade-offs and security guarantees. In this paper we review, compare and contextualize four virtualization-based confidential computing technologies for enterprise server platforms - AMD SEV, ARM CCA, IBM PEF and Intel TDX.
|
|
| 6. |
- Karlsson, Linus, et al.
(författare)
-
Privacy-enabled Recommendations for Software Vulnerabilities
- 2019
-
Ingår i: The 17th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2019). - 9781728130248
-
Konferensbidrag (refereegranskat)abstract
- New software vulnerabilities are published daily.Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process.While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data.As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations. To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity.To validate an implementation of the proposed solution we integrated it with an existing recommender system for software vulnerabilities.The evaluation of our implementation shows that the proposed solution can effectively complement existing recommender systems for software vulnerabilities.
|
|
| 7. |
- Marsh, Ian, et al.
(författare)
-
Evolving 5G : ANIARA, an edge-cloud perspective
- 2021
-
Ingår i: Proceedings of the 18th ACM International Conference on Computing Frontiers 2021, CF 2021. - New York, NY, USA : Association for Computing Machinery, Inc. - 9781450384049 ; , s. 206-207
-
Konferensbidrag (refereegranskat)abstract
- ANIARA (https://www.celticnext.eu/project-ai-net) attempts to enhance edge architectures for smart manufacturing and cities. AI automation, orchestrated lightweight containers, and efficient power usage are key components of this three-year project. Edge infrastructure, virtualization, and containerization in future telecom systems enable new and more demanding use cases for telecom operators and industrial verticals. Increased service flexibility adds complexity that must be addressed with novel management and orchestration systems. To address this, ANIARA will provide en-ablers and solutions for services in the domains of smart cities and manufacturing deployed and operated at the network edge(s). © 2021 Owner/Author.
|
|
| 8. |
- Medina, Jorge, et al.
(författare)
-
Protecting OpenFlow using Intel SGX
- 2019
-
Ingår i: IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2019 - Proceedings. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728145457 - 9781728145464
-
Konferensbidrag (refereegranskat)abstract
- OpenFlow flow tables in Open vSwitch contain valuable information about installed flows, priorities, packet actions and routing policies. Their importance is emphasized when collocated tenants compete for the limited entries available to install flow rules. OpenFlow flow tables are a security asset that requires confidentiality and integrity guarantees. However, commodity software switch implementations - such as Open vSwitch - do not implement protection mechanisms capable to prevent attackers from obtaining information about the installed flows or modifying flow tables. We adopt a novel approach to enabling OpenFlow flow table protection through decomposition. We identify core assets requiring security guarantees, isolate OpenFlow flow tables through decomposition and implement a prototype using Open vSwitch and Software Guard Extensions enclaves. An evaluation of the prototype on a distributed testbed both demonstrates that the approach is practical and indicates directions for further improvements. © 2019 IEEE.
|
|
| 9. |
- Michalas, Antonis, et al.
(författare)
-
Security Aspects of e-Health Systems Migration to the Cloud
- 2014. - 7
-
Konferensbidrag (refereegranskat)abstract
- As adoption of e-health solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud.
|
|
| 10. |
- Nikbakht Bideh, Pegah, et al.
(författare)
-
Chuchotage: In-line Software Network Protocol Translation for (D)TLS
- 2022
-
Ingår i: Proceedings of the 24th International Conference on Information and Communications Security (ICICS'22). - Cham : Springer International Publishing. ; , s. 589-607
-
Konferensbidrag (refereegranskat)abstract
- The growing diversity of connected devices leads to complex network deployments, often made up of endpoints that implement in- compatible network application protocols. Communication between heterogeneous network protocols was traditionally enabled by hardware translators or gateways. However, such solutions are increasingly unfit to address the security, scalability, and latency requirements of modern software-driven deployments. To address these shortcomings we propose Chuchotage, a protocol translation architecture for secure and scalable machine-to-machine communication. Chuchotage enables in-line TLS interception and confidential protocol translation for software-defined networks. Translation is done in ephemeral, flow-specific Trusted Execution Environments and scales with the number of network flows. Our evaluation of Chuchotage implementing an HTTP to CoAP translation indicates a minimal transmission and translation overhead, allowing its integration with legacy or outdated deployments.
|
|
