Administrator Access

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 90 Experts worldwide ranked by ideXlab platform

Robert K Cunningham - One of the best experts on this subject based on the ideXlab platform.

  • SoK: Cryptographically Protected Database Search
    Proceedings - IEEE Symposium on Security and Privacy, 2017
    Co-Authors: Benjamin Fuller, Arkady Yerukhimovich, Ariel Hamlin, John Darby Mitchell, Mayank Varia, Richard Shay, Emily Shen, Vijay Gadepally, Robert K Cunningham
    Abstract:

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary Administrator Access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions: 1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms. 2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality. 3) An analysis of attacks against protected search for different base queries. 4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.

  • IEEE Symposium on Security and Privacy - SoK: Cryptographically Protected Database Search
    2017 IEEE Symposium on Security and Privacy (SP), 2017
    Co-Authors: Benjamin Fuller, Arkady Yerukhimovich, Ariel Hamlin, John Darby Mitchell, Mayank Varia, Richard Shay, Emily Shen, Vijay Gadepally, Robert K Cunningham
    Abstract:

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary Administrator Access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.3) An analysis of attacks against protected search for different base queries.4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.

Benjamin Fuller - One of the best experts on this subject based on the ideXlab platform.

  • SoK: Cryptographically Protected Database Search
    Proceedings - IEEE Symposium on Security and Privacy, 2017
    Co-Authors: Benjamin Fuller, Arkady Yerukhimovich, Ariel Hamlin, John Darby Mitchell, Mayank Varia, Richard Shay, Emily Shen, Vijay Gadepally, Robert K Cunningham
    Abstract:

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary Administrator Access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions: 1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms. 2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality. 3) An analysis of attacks against protected search for different base queries. 4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.

  • IEEE Symposium on Security and Privacy - SoK: Cryptographically Protected Database Search
    2017 IEEE Symposium on Security and Privacy (SP), 2017
    Co-Authors: Benjamin Fuller, Arkady Yerukhimovich, Ariel Hamlin, John Darby Mitchell, Mayank Varia, Richard Shay, Emily Shen, Vijay Gadepally, Robert K Cunningham
    Abstract:

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary Administrator Access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.3) An analysis of attacks against protected search for different base queries.4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.

Steven D. Smart - One of the best experts on this subject based on the ideXlab platform.

  • 4273π: bioinformatics education on low cost ARM hardware.
    BMC bioinformatics, 2013
    Co-Authors: Daniel Barker, David E. K. Ferrier, Peter W. H. Holland, John B. O. Mitchell, Heleen Plaisier, Michael G. Ritchie, Steven D. Smart
    Abstract:

    Teaching bioinformatics at universities is complicated by typical computer classroom settings. As well as running software locally and online, students should gain experience of systems administration. For a future career in biology or bioinformatics, the installation of software is a useful skill. We propose that this may be taught by running the course on GNU/Linux running on inexpensive Raspberry Pi computer hardware, for which students may be granted full Administrator Access. We release 4273π, an operating system image for Raspberry Pi based on Raspbian Linux. This includes minor customisations for classroom use and includes our Open Access bioinformatics course, 4273π Bioinformatics for Biologists. This is based on the final-year undergraduate module BL4273, run on Raspberry Pi computers at the University of St Andrews, Semester 1, academic year 2012-2013. 4273π is a means to teach bioinformatics, including systems administration tasks, to undergraduates at low cost.

  • 4273π: Bioinformatics education on low cost ARM hardware
    BMC Bioinformatics, 2013
    Co-Authors: Daniel Barker, David E. K. Ferrier, Peter W. H. Holland, John B. O. Mitchell, Heleen Plaisier, Michael G. Ritchie, Steven D. Smart
    Abstract:

    Background Teaching bioinformatics at universities is complicated by typical computer classroom settings. As well as running software locally and online, students should gain experience of systems administration. For a future career in biology or bioinformatics, the installation of software is a useful skill. We propose that this may be taught by running the course on GNU/Linux running on inexpensive Raspberry Pi computer hardware, for which students may be granted full Administrator Access. Results We release 4273 π , an operating system image for Raspberry Pi based on Raspbian Linux. This includes minor customisations for classroom use and includes our Open Access bioinformatics course, 4273π Bioinformatics for Biologists . This is based on the final-year undergraduate module BL4273, run on Raspberry Pi computers at the University of St Andrews, Semester 1, academic year 2012-2013. Conclusions 4273 π is a means to teach bioinformatics, including systems administration tasks, to undergraduates at low cost.

Dulani Woods - One of the best experts on this subject based on the ideXlab platform.

  • cloud trust a security assessment model for infrastructure as a service iaas clouds
    IEEE International Conference on Cloud Computing Technology and Science, 2017
    Co-Authors: Daniel Gonzales, Jeremy M Kaplan, Evan Saltzman, Zev Winkelman, Dulani Woods
    Abstract:

    The vulnerability of cloud computing systems (CCSs) to advanced persistent threats (APTs) is a significant concern to government and industry. We present a cloud architecture reference model that incorporates a wide range of security controls and best practices, and a cloud security assessment model—Cloud-Trust—that estimates high level security metrics to quantify the degree of confidentiality and integrity offered by a CCS or cloud service provider (CSP). Cloud-Trust is used to assess the security level of four multi-tenant IaaS cloud architectures equipped with alternative cloud security controls. Results show the probability of CCS penetration (high value data compromise) is high if a minimal set of security controls are implemented. CCS penetration probability drops substantially if a cloud defense in depth security architecture is adopted that protects virtual machine (VM) images at rest, strengthens CSP and cloud tenant system Administrator Access controls, and which employs other network security controls to minimize cloud network surveillance and discovery of live VMs.

  • Cloud-Trust—a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds
    IEEE Transactions on Cloud Computing, 2017
    Co-Authors: Daniel Gonzales, Jeremy M Kaplan, Evan Saltzman, Zev Winkelman, Dulani Woods
    Abstract:

    The vulnerability of cloud computing systems (CCSs) to advanced persistent threats (APTs) is a significant concern to government and industry. We present a cloud architecture reference model that incorporates a wide range of security controls and best practices, and a cloud security assessment model—Cloud-Trust—that estimates high level security metrics to quantify the degree of confidentiality and integrity offered by a CCS or cloud service provider (CSP). Cloud-Trust is used to assess the security level of four multi-tenant IaaS cloud architectures equipped with alternative cloud security controls. Results show the probability of CCS penetration (high value data compromise) is high if a minimal set of security controls are implemented. CCS penetration probability drops substantially if a cloud defense in depth security architecture is adopted that protects virtual machine (VM) images at rest, strengthens CSP and cloud tenant system Administrator Access controls, and which employs other network security controls to minimize cloud network surveillance and discovery of live VMs.

Arkady Yerukhimovich - One of the best experts on this subject based on the ideXlab platform.

  • SoK: Cryptographically Protected Database Search
    Proceedings - IEEE Symposium on Security and Privacy, 2017
    Co-Authors: Benjamin Fuller, Arkady Yerukhimovich, Ariel Hamlin, John Darby Mitchell, Mayank Varia, Richard Shay, Emily Shen, Vijay Gadepally, Robert K Cunningham
    Abstract:

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary Administrator Access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions: 1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms. 2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality. 3) An analysis of attacks against protected search for different base queries. 4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.

  • IEEE Symposium on Security and Privacy - SoK: Cryptographically Protected Database Search
    2017 IEEE Symposium on Security and Privacy (SP), 2017
    Co-Authors: Benjamin Fuller, Arkady Yerukhimovich, Ariel Hamlin, John Darby Mitchell, Mayank Varia, Richard Shay, Emily Shen, Vijay Gadepally, Robert K Cunningham
    Abstract:

    Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary Administrator Access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.3) An analysis of attacks against protected search for different base queries.4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.