Constructing Secure MapReduce Framework in Cloud-based Environment

Wang, Yongzhi

27 March 2015

MapReduce, a parallel computing paradigm, has been gaining popularity in recent years as cloud vendors offer MapReduce computation services on their public clouds. However, companies are still reluctant to move their computations to the public cloud due to the following reason: In the current business model, the entire MapReduce cluster is deployed on the public cloud. If the public cloud is not properly protected, the integrity and the confidentiality of MapReduce applications can be compromised by attacks inside or outside of the public cloud. From the result integrity’s perspective, if any computation nodes on the public cloud are compromised,thosenodes can return incorrect task results and therefore render the final job result inaccurate. From the algorithmic confidentiality’s perspective, when more and more companies devise innovative algorithms and deploy them to the public cloud, malicious attackers can reverse engineer those programs to detect the algorithmic details and, therefore, compromise the intellectual property of those companies. In this dissertation, we propose to use the hybrid cloud architecture to defeat the above two threats. Based on the hybrid cloud architecture, we propose separate solutions to address the result integrity and the algorithmic confidentiality problems. To address the result integrity problem, we propose the Integrity Assurance MapReduce (IAMR) framework. IAMR performs the result checking technique to guarantee high result accuracy of MapReduce jobs, even if the computation is executed on an untrusted public cloud. We implemented a prototype system for a real hybrid cloud environment and performed a series of experiments. Our theoretical simulations and experimental results show that IAMR can guarantee a very low job error rate, while maintaining a moderate performance overhead. To address the algorithmic confidentiality problem, we focus on the program control flow and propose the Confidentiality Assurance MapReduce (CAMR) framework. CAMR performs the Runtime Control Flow Obfuscation (RCFO) technique to protect the predicates of MapReduce jobs. We implemented a prototype system for a real hybrid cloud environment. The security analysis and experimental results show that CAMR defeats static analysis-based reverse engineering attacks, raises the bar for the dynamic analysis-based reverse engineering attacks, and incurs a modest performance overhead.

Security

MapReduce

Cloud Computing

Integrity

Confidentiality

Information Security

Low-complexity methods for image and video watermarking

Coria Mendoza, Lino Evgueni

05 1900

For digital media, the risk of piracy is aggravated by the ease to copy and distribute the content. Watermarking has become the technology of choice for discouraging people from creating illegal copies of digital content. Watermarking is the practice of imperceptibly altering the media content by embedding a message, which can be used to identify the owner of that content. A watermark message can also be a set of instructions for the display equipment, providing information about the content’s usage restrictions. Several applications are considered and three watermarking solutions are provided. First, applications such as owner identification, proof of ownership, and digital fingerprinting are considered and a fast content-dependent image watermarking method is proposed. The scheme offers a high degree of robustness against distortions, mainly additive noise, scaling, low-pass filtering, and lossy compression. This method also requires a small amount of computations. The method generates a set of evenly distributed codewords that are constructed via an iterative algorithm. Every message bit is represented by one of these codewords and is then embedded in one of the image’s 8 × 8 pixel blocks. The information in that particular block is used in the embedding so as to ensure robustness and image fidelity. Two watermarking schemes designed to prevent theatre camcorder piracy are also presented. In these methods, the video is watermarked so that its display is not permitted if a compliant video player detects the watermark. A watermark that is robust to geometric distortions (rotation, scaling, cropping) and lossy compression is required in order to block access to media content that has been recorded with a camera inside a movie theatre. The proposed algorithms take advantage of the properties of the dual-tree complex wavelet transform (DT CWT). This transform offers the advantages of both the regular and the complex wavelets (perfect reconstruction, approximate shift invariance and good directional selectivity). Our methods use these characteristics to create watermarks that are robust to geometric distortions and lossy compression. The proposed schemes are simple to implement and outperform comparable methods when tested against geometric distortions. / Applied Science, Faculty of / Electrical and Computer Engineering, Department of / Graduate

Watermarking

Image processing

Information security

Complex wavelets

Piracy

Lossy compression

Foundations of Quantitative Information Flow: Channels, Cascades, and the Information Order

Espinoza Becerra, Barbara

25 March 2014

Secrecy is fundamental to computer security, but real systems often cannot avoid leaking some secret information. For this reason, the past decade has seen growing interest in quantitative theories of information flow that allow us to quantify the information being leaked. Within these theories, the system is modeled as an information-theoretic channel that specifies the probability of each output, given each input. Given a prior distribution on those inputs, entropy-like measures quantify the amount of information leakage caused by the channel. This thesis presents new results in the theory of min-entropy leakage. First, we study the perspective of secrecy as a resource that is gradually consumed by a system. We explore this intuition through various models of min-entropy consumption. Next, we consider several composition operators that allow smaller systems to be combined into larger systems, and explore the extent to which the leakage of a combined system is constrained by the leakage of its constituents. Most significantly, we prove upper bounds on the leakage of a cascade of two channels, where the output of the first channel is used as input to the second. In addition, we show how to decompose a channel into a cascade of channels. We also establish fundamental new results about the recently-proposed g-leakage family of measures. These results further highlight the significance of channel cascading. We prove that whenever channel A is composition refined by channel B, that is, whenever A is the cascade of B and R for some channel R, the leakage of A never exceeds that of B, regardless of the prior distribution or leakage measure (Shannon leakage, guessing entropy leakage, min-entropy leakage, or g-leakage). Moreover, we show that composition refinement is a partial order if we quotient away channel structure that is redundant with respect to leakage alone. These results are strengthened by the proof that composition refinement is the only way for one channel to never leak more than another with respect to g-leakage. Therefore, composition refinement robustly answers the question of when a channel is always at least as secure as another from a leakage point of view.

Secrecy

Quantitative Information Flow

Information Theory

Information Security

How can gamification enable behavior change related to information security : A literature review

Lindgren, Niclas

January 2020

During a period between 2011-2014, Gamification was the next big thing. Nowadays, however, Gamification has been established as a legitimate research topic with several dedicated conferences. This report aims to shed light on the existing literature within the area through a literature review and highlight existing gaps. Further, this paper strives towards showcasing some of the effects that Gamification could have on information security awareness to combat the vast amounts of security-related incidents in today's organizations. Moreover, that security incidents are frequent and often expensive, and sometimes occur due to employee negligence gives organizations incentives to educate its workforce in security training and awareness sessions. Existing empirical research within Gamification and information security delivers belief regarding its beneficial aspects to organizations and employees alike. Through training and education, the number of security-related incidents can be limited. However, research on how Gamification can help foster safe behavior in organizations is a path that remains to be explored in full.

gamification

behavior change

information security

Information Systems

Towards Practical Inner Product Functional Encryption / 実用的な内積関数型暗号に向けて

Tomida, Junichi

24 May 2021

京都大学 / 新制・論文博士 / 博士(情報学) / 乙第13425号 / 論情博第96号 / 新制||情||131(附属図書館) / (主査)教授 神田 崇行, 教授 吉川 正俊, 教授 湊 真一, 阿部 正幸 / 学位規則第4条第2項該当 / Doctor of Informatics / Kyoto University / DFAM

cryptography

information security

functional encryption

inner product

007

Generic Quality Assurance in Software Projects

Jansson, Daniel

January 2021

Keeping the code quality high and ensuring high security in a softwareproject is a common challenge. To address this challenge a system calledQuality Assurance System (QAS) has been implemented. QAS usesfour third-party testing tools to evaluate software projects in regards tocode quality and security, without adding more work for each separatesoftware project. QAS was tested on real world software projects andmultiple potential misconfigurations and errors was found. QAS can notreplace testing, but it is a starting point by adding some basic tests thatlooks for security vulnerabilities, misconfigurations, etc.

testing tool

information security

code quality

Computer Sciences

Datavetenskap (datalogi)

Zavedení ISMS pro základní školu / Implementation of ISMS at Elementary School

Hensl, Marek

January 2017

This diploma’s thesis deals with information security management system on elementary school. This work is based on long time experience with chosen school and on communication with representatives of elementary school. In this thesis are teoretical basics, specific state, shortcomings and proposed or recommended solutions.

Návrh zavedení bezpečnostních opatření na základě ISMS pro malý podnik / Design of security countermeasures implementation based on ISMS for small company

Tomko, Michal

January 2019

The master`s thesis deals with implementation of security countermeasures in accordance with information security management system for small company. Main concern of the master`s thesis will be design of security countermeasures in company. Solution of the design comes from the analysis of current state of the company including all important parts and assist evaluation which has been processed along with responsible persons.

Návrh zavedení bezpečnostních opatření pro danou společnost / Proposal for the introduction of security measures for the company

Krídla, Matúš

January 2021

This diploma thesis deals with the design and implementation of security measures within a selected company. The aim of the work is to create a proposal for measures against possible security threats. The first chapter deals with a general introduction to the issue, describes and defines the concepts from a theoretical point of view. The second part deals with the description of the current state and analysis of selected areas of the company. At the end of this work, we focus on raising awareness of security threats and proposing measures that contribute to increasing the security of information.

Towards Security and Privacy in Networked Medical Devices and Electronic Healthcare Systems

Jellen, Isabel

01 June 2020

E-health is a growing eld which utilizes wireless sensor networks to enable access to effective and efficient healthcare services and provide patient monitoring to enable early detection and treatment of health conditions. Due to the proliferation of e-health systems, security and privacy have become critical issues in preventing data falsification, unauthorized access to the system, or eavesdropping on sensitive health data. Furthermore, due to the intrinsic limitations of many wireless medical devices, including low power and limited computational resources, security and device performance can be difficult to balance. Therefore, many current networked medical devices operate without basic security services such as authentication, authorization, and encryption. In this work, we survey recent work on e-health security, including biometric approaches, proximity-based approaches, key management techniques, audit mechanisms, anomaly detection, external device methods, and lightweight encryption and key management protocols. We also survey the state-of-the art in e-health privacy, including techniques such as obfuscation, secret sharing, distributed data mining, authentication, access control, blockchain, anonymization, and cryptography. We then propose a comprehensive system model for e-health applications with consideration of battery capacity and computational ability of medical devices. A case study is presented to show that the proposed system model can support heterogeneous medical devices with varying power and resource constraints. The case study demonstrates that it is possible to signicantly reduce the overhead for security on power-constrained devices based on the proposed system model.

Security

Privacy

E-health

Medical Devices

Medical Data

Information Security