The Experts below are selected from a list of 8115 Experts worldwide ranked by ideXlab platform
Jesper Buus Nielsen - One of the best experts on this subject based on the ideXlab platform.
-
Simplified threshold RSA with adaptive and Proactive Security
Lecture Notes in Computer Science, 2006Co-Authors: Jesus F. Almansa, Ivan Damgård, Jesper Buus NielsenAbstract:We present the currently simplest, most efficient, optimally resilient, adaptively secure, and Proactive threshold RSA scheme. A main technical contribution is a new rewinding strategy for analysing threshold signature schemes. This new rewinding strategy allows to prove adaptive Security of a Proactive threshold signature scheme which was previously assumed to be only statically secure. As a separate contribution we prove that our protocol is secure in the UC framework.
-
EUROCRYPT - Simplified threshold RSA with adaptive and Proactive Security
Advances in Cryptology - EUROCRYPT 2006, 2006Co-Authors: Jesus F. Almansa, Ivan Damgård, Jesper Buus NielsenAbstract:We present the currently simplest, most efficient, optimally resilient, adaptively secure, and Proactive threshold RSA scheme. A main technical contribution is a new rewinding strategy for analysing threshold signature schemes. This new rewinding strategy allows to prove adaptive Security of a Proactive threshold signature scheme which was previously assumed to be only statically secure. As a separate contribution we prove that our protocol is secure in the UC framework.
Muhammad Qasim Ali - One of the best experts on this subject based on the ideXlab platform.
-
on stochastic risk ordering of network services for Proactive Security management
Network Operations and Management Symposium, 2012Co-Authors: Mohamed Amezziane, Ehab Alshaer, Muhammad Qasim AliAbstract:Contemporary network services don't have any statistical ranking mechanism for Proactive Security management. Since the emerging threats are actively exploiting the vulnerabilities in network services to compromise the system, not much attention has been paid to rank these services based on their vulnerability history. We argue in this paper that a reliable mechanism could be used to rank these services based on their vulnerability history. Such ranking will be significantly helpful for Proactive network Security management to partition services and deploy Security countermeasures. We propose a framework using stochastic order alternatives to statistically rank network services based on time intervals between exploits as reported by National Vulnerability Database (NVD). We show that Statistical techniques can be used to rank these services by modeling the related metrics. We validated our technique using products of known ranking, and presented some case studies to confirm our result on real network services.
-
NOMS - On stochastic risk ordering of network services for Proactive Security management
2012 IEEE Network Operations and Management Symposium, 2012Co-Authors: Mohamed Amezziane, Ehab Al-shaer, Muhammad Qasim AliAbstract:Contemporary network services don't have any statistical ranking mechanism for Proactive Security management. Since the emerging threats are actively exploiting the vulnerabilities in network services to compromise the system, not much attention has been paid to rank these services based on their vulnerability history. We argue in this paper that a reliable mechanism could be used to rank these services based on their vulnerability history. Such ranking will be significantly helpful for Proactive network Security management to partition services and deploy Security countermeasures. We propose a framework using stochastic order alternatives to statistically rank network services based on time intervals between exploits as reported by National Vulnerability Database (NVD). We show that Statistical techniques can be used to rank these services by modeling the related metrics. We validated our technique using products of known ranking, and presented some case studies to confirm our result on real network services.
Mourad Debbabi - One of the best experts on this subject based on the ideXlab platform.
-
multi level Proactive Security auditing for clouds
IEEE Conference Dependable and Secure Computing, 2019Co-Authors: Suryadipta Majumdar, Azadeh Tabiban, Meisam Mohammady, Alaa Oqaily, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, Mourad DebbabiAbstract:Runtime cloud Security auditing plays a vital role in mitigating Security concerns in a cloud. However, there currently does not exist a comprehensive solution that can protect a cloud tenant against the threats rendered from the multiple levels (e.g., user, virtual, and physical) of the cloud design. Furthermore, most of the existing solutions suffer from slow response time and require significant manual efforts. Therefore, a simple integration of the existing solutions for different levels is not a practical solution. In this paper, we propose a multilevel Proactive Security auditing system, which overcomes all the above-mentioned limitations. To this end, our main idea is to automatically build a predictive model based on the dependency relationships between cloud events, Proactively verify the Security policies related to different levels of a cloud by leveraging this model, and finally enforce those policies on the cloud based on the verification results. Our experiments using both synthetic and real data show the practicality and effectiveness of this solution (e.g., responding in a few milliseconds to verify each level of the cloud).
-
Proactive Security Auditing in Clouds
Cloud Security Auditing, 2019Co-Authors: Suryadipta Majumdar, Azadeh Tabiban, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, Momen Oqaily, Amir Alimohammadifar, Taous Madi, Yushun Wang, Mourad DebbabiAbstract:In this chapter, we present an automated learning-based Proactive auditing system, namely LeaPS, which automatically learns probabilistic dependencies, and hence, addresses the inefficiencies of existing solutions. To this end, we describe a log processor, which processes (as discussed later) real-world cloud logs and prepares them for different learning techniques (e.g., Bayesian network and sequence pattern mining) to allow capturing dependency relationships. Unlike most learning-based Security solutions, since we are not relying on learning techniques to detect abnormal behaviors, we avoid the well-known limitations of high false positive rates; any inaccuracy in the learning phase would only affect the efficiency, as will be demonstrated through experiments later in this chapter. We believe this idea of leveraging learning for efficiency, instead of Security, may be adapted to benefit other Security solutions. As demonstrated by our implementation and experimental results, LeaPS provides an automated, efficient, and scalable solution for different cloud platforms to increase their transparency and accountability to tenants.
-
DSC - Multi-Level Proactive Security Auditing for Clouds
2019 IEEE Conference on Dependable and Secure Computing (DSC), 2019Co-Authors: Suryadipta Majumdar, Azadeh Tabiban, Meisam Mohammady, Alaa Oqaily, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, Mourad DebbabiAbstract:Runtime cloud Security auditing plays a vital role in mitigating Security concerns in a cloud. However, there currently does not exist a comprehensive solution that can protect a cloud tenant against the threats rendered from the multiple levels (e.g., user, virtual, and physical) of the cloud design. Furthermore, most of the existing solutions suffer from slow response time and require significant manual efforts. Therefore, a simple integration of the existing solutions for different levels is not a practical solution. In this paper, we propose a multilevel Proactive Security auditing system, which overcomes all the above-mentioned limitations. To this end, our main idea is to automatically build a predictive model based on the dependency relationships between cloud events, Proactively verify the Security policies related to different levels of a cloud by leveraging this model, and finally enforce those policies on the cloud based on the verification results. Our experiments using both synthetic and real data show the practicality and effectiveness of this solution (e.g., responding in a few milliseconds to verify each level of the cloud).
-
CNS - PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds
2018 IEEE Conference on Communications and Network Security (CNS), 2018Co-Authors: Azadeh Tabiban, Suryadipta Majumdar, Lingyu Wang, Mourad DebbabiAbstract:To ensure the accountability of a cloud environment, Security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on Proactive Security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.
-
leaps learning based Proactive Security auditing for clouds
European Symposium on Research in Computer Security, 2017Co-Authors: Suryadipta Majumdar, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, Momen Oqaily, Amir Alimohammadifar, Mourad DebbabiAbstract:Cloud Security auditing assures the transparency and accountability of a cloud provider to its tenants. However, the high operational complexity implied by the multi-tenancy and self-service nature, coupled with the sheer size of a cloud, imply that Security auditing in the cloud can become quite expensive and non-scalable. Therefore, a Proactive auditing approach, which starts the auditing ahead of critical events, has recently been proposed as a promising solution for delivering practical response time. However, a key limitation of such approaches is their reliance on manual efforts to extract the dependency relationships among events, which greatly restricts their practicality and adoptability. In this paper, we propose a fully automated approach, namely LeaPS, leveraging learning-based techniques to extract dependency models from runtime events in order to facilitate the Proactive Security auditing of cloud operations. We integrate LeaPS to OpenStack, a popular cloud platform, and perform extensive experiments in both simulated and real cloud environments that show a practical response time (e.g., 6 ms to audit a cloud of 100,000 VMs) and a significant improvement (e.g., about 50% faster) over existing Proactive approaches.
Michael Huth - One of the best experts on this subject based on the ideXlab platform.
-
static analysis for Proactive Security
Computing and Software Science, 2019Co-Authors: Michael HuthAbstract:We reflect on current problems and practices in system Security, distinguishing between reactive Security – which deals with vulnerabilities as they are being exploited – and Proactive Security – which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to Proactive Security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what Security assurances it can attain. Next we argue that Security models such as those for access control can also be statically analyzed to support Proactive Security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for Proactive Security in the practice of designing, implementing, and assuring future ICT systems.
-
Computing and Software Science - Static Analysis for Proactive Security
Lecture Notes in Computer Science, 2019Co-Authors: Michael HuthAbstract:We reflect on current problems and practices in system Security, distinguishing between reactive Security – which deals with vulnerabilities as they are being exploited – and Proactive Security – which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to Proactive Security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what Security assurances it can attain. Next we argue that Security models such as those for access control can also be statically analyzed to support Proactive Security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for Proactive Security in the practice of designing, implementing, and assuring future ICT systems.
Jesus F. Almansa - One of the best experts on this subject based on the ideXlab platform.
-
Simplified threshold RSA with adaptive and Proactive Security
Lecture Notes in Computer Science, 2006Co-Authors: Jesus F. Almansa, Ivan Damgård, Jesper Buus NielsenAbstract:We present the currently simplest, most efficient, optimally resilient, adaptively secure, and Proactive threshold RSA scheme. A main technical contribution is a new rewinding strategy for analysing threshold signature schemes. This new rewinding strategy allows to prove adaptive Security of a Proactive threshold signature scheme which was previously assumed to be only statically secure. As a separate contribution we prove that our protocol is secure in the UC framework.
-
EUROCRYPT - Simplified threshold RSA with adaptive and Proactive Security
Advances in Cryptology - EUROCRYPT 2006, 2006Co-Authors: Jesus F. Almansa, Ivan Damgård, Jesper Buus NielsenAbstract:We present the currently simplest, most efficient, optimally resilient, adaptively secure, and Proactive threshold RSA scheme. A main technical contribution is a new rewinding strategy for analysing threshold signature schemes. This new rewinding strategy allows to prove adaptive Security of a Proactive threshold signature scheme which was previously assumed to be only statically secure. As a separate contribution we prove that our protocol is secure in the UC framework.