The Experts below are selected from a list of 895293 Experts worldwide ranked by ideXlab platform
Nickolai Zeldovich - One of the best experts on this subject based on the ideXlab platform.
-
sieve cryptographically enforced access control for User Data in untrusted clouds
Networked Systems Design and Implementation, 2016Co-Authors: Frank Wang, Nickolai Zeldovich, James Mickens, Vinod VaikuntanathaAbstract:Modern web services rob Users of low-level control over cloud storage--a User's single logical Data set is scattered across multiple storage silos whose access controls are set by web services, not Users. The consequence is that Users lack the ultimate authority to determine how their Data is shared with other web services. In this paper, we introduce Sieve, a new platform which selectively (and securely) exposes User Data to web services. Sieve has a User-centric storage model: each User uploads encrypted Data to a single cloud store, and by default, only the User knows the decryption keys. Given this storage model, Sieve defines an infrastructure to support rich, legacy web applications. Using attribute-based encryption, Sieve allows Users to define intuitively understandable access policies that are cryptographically enforceable. Using key homomorphism, Sieve can reencrypt User Data on storage providers in situ, revoking decryption keys from web services without revealing new keys to the storage provider. Using secret sharing and two-factor authentication, Sieve protects cryptographic secrets against the loss of User devices like smartphones and laptops. The result is that Users can enjoy rich, legacy web applications, while benefiting from cryptographically strong controls over which Data a web service can access.
-
NSDI - Sieve: cryptographically enforced access control for User Data in untrusted clouds
2016Co-Authors: Frank Wang, Nickolai Zeldovich, James Mickens, Vinod VaikuntanathanAbstract:Modern web services rob Users of low-level control over cloud storage--a User's single logical Data set is scattered across multiple storage silos whose access controls are set by web services, not Users. The consequence is that Users lack the ultimate authority to determine how their Data is shared with other web services. In this paper, we introduce Sieve, a new platform which selectively (and securely) exposes User Data to web services. Sieve has a User-centric storage model: each User uploads encrypted Data to a single cloud store, and by default, only the User knows the decryption keys. Given this storage model, Sieve defines an infrastructure to support rich, legacy web applications. Using attribute-based encryption, Sieve allows Users to define intuitively understandable access policies that are cryptographically enforceable. Using key homomorphism, Sieve can reencrypt User Data on storage providers in situ, revoking decryption keys from web services without revealing new keys to the storage provider. Using secret sharing and two-factor authentication, Sieve protects cryptographic secrets against the loss of User devices like smartphones and laptops. The result is that Users can enjoy rich, legacy web applications, while benefiting from cryptographically strong controls over which Data a web service can access.
-
HotOS - Amber: decoupling User Data from web applications
2015Co-Authors: Tej Chajed, Jon Gjengset, Jelle Van Den Hooff, M. Frans Kaashoek, James Mickens, Robert Morris, Nickolai ZeldovichAbstract:User-generated content is becoming increasingly common on the Web, but current web applications isolate their Users' Data, enabling only restricted sharing and cross-service integration. We believe Users should be able to share their Data seamlessly between their applications and with other Users. To that end, we propose Amber, an architecture that decouples Users' Data from applications, while providing applications with powerful global queries to find User Data. We demonstrate how multi-User applications, such as e-mail, can use these global queries to efficiently collect and monitor relevant Data created by other Users. Amber puts Users in control of which applications they use with their Data and with whom it is shared, and enables a new class of applications by removing the artificial partitioning of Users' Data by application.
-
WebApps - Separating web applications from User Data storage with BSTORE
2010Co-Authors: Ramesh Chandra, Priya Gupta, Nickolai ZeldovichAbstract:This paper presents BSTORE, a framework that allows developers to separate their web application code from User Data storage. With BSTORE, storage providers implement a standard file system API, and applications access User Data through that same API without having to worry about where the Data might be stored. A file system manager allows the User and applications to combine multiple file systems into a single namespace, and to control what Data each application can access. One key idea in BSTORE's design is the use of tags on files, which allows applications both to organize Data in different ways, and to delegate fine-grained access to other applications. We have implemented a prototype of BSTORE in Javascript that runs in unmodified Firefox and Chrome browsers. We also implemented three file systems and ported three different applications to BSTORE. Our prototype incurs an acceptable performance overhead of less than 5% on a 10Mbps network connection, and porting existing client-side applications to BSTORE required small amounts of source code changes.
Bingjie Gao - One of the best experts on this subject based on the ideXlab platform.
-
ICDCS - Truthful Auctions for User Data Allowance Trading in Mobile Networks
2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017Co-Authors: Zhongxing Ming, Ning Wang, Bingjie GaoAbstract:User Data allowance trading emerges as a promising practice in mobile Data networks since it can help mobile networks to attract more Users. However, to date, there is no study on User Data allowance trading in mobile networks. In this paper, we develop a truthful framework that allows Users to bid for Data allowance. We focus on preventing price cheating, guaranteeing fairness, and minimizing trading maintenance cost in trading. We formulate the Data trading process as a double auction problem and develop algorithms to solve the problem. In particular, we use a uniform price auction based on a competitive equilibrium to defend against price cheating and provide fair-ness. Meanwhile, we leverage linear programming to minimize trading maintenance cost. We conduct extensive simulations to demonstrate the performance of the proposed mechanism. The simulation results show that our trading mechanism is truthful and fair, while incurring a minimized maintenance cost.
-
ICDCS - TAFTA: A Truthful Auction Framework for User Data Allowance Trading in Mobile Networks
2015 IEEE 35th International Conference on Distributed Computing Systems, 2015Co-Authors: Zhongxing Ming, Ning Wang, Bingjie GaoAbstract:User Data allowance trading is emerging as a promising field in mobile Data networks. Mobile operators are establishing Data trading platforms to attract more Users. To date, there has been no coherent study on User Data allowance trading. In this paper, we develop a truthful framework that allows Users to bid for Data allowance. We focus on preventing price cheating, guaranteeing fairness and minimizing trading maintenance cost. We model the Data trading process as a double auction problem. We develop algorithms to solve the problem. The algorithms use a uniform price based on a competitive equilibrium to defend against price cheating and provide fairness, and use linear programming to minimize trading maintenance cost. We conduct extensive simulations to testify the proposed mechanism. Results show that our mechanism is truthful, fair and can minimize the cost of trading.
Vinod Vaikuntanatha - One of the best experts on this subject based on the ideXlab platform.
-
sieve cryptographically enforced access control for User Data in untrusted clouds
Networked Systems Design and Implementation, 2016Co-Authors: Frank Wang, Nickolai Zeldovich, James Mickens, Vinod VaikuntanathaAbstract:Modern web services rob Users of low-level control over cloud storage--a User's single logical Data set is scattered across multiple storage silos whose access controls are set by web services, not Users. The consequence is that Users lack the ultimate authority to determine how their Data is shared with other web services. In this paper, we introduce Sieve, a new platform which selectively (and securely) exposes User Data to web services. Sieve has a User-centric storage model: each User uploads encrypted Data to a single cloud store, and by default, only the User knows the decryption keys. Given this storage model, Sieve defines an infrastructure to support rich, legacy web applications. Using attribute-based encryption, Sieve allows Users to define intuitively understandable access policies that are cryptographically enforceable. Using key homomorphism, Sieve can reencrypt User Data on storage providers in situ, revoking decryption keys from web services without revealing new keys to the storage provider. Using secret sharing and two-factor authentication, Sieve protects cryptographic secrets against the loss of User devices like smartphones and laptops. The result is that Users can enjoy rich, legacy web applications, while benefiting from cryptographically strong controls over which Data a web service can access.
Zhongxing Ming - One of the best experts on this subject based on the ideXlab platform.
-
ICDCS - Truthful Auctions for User Data Allowance Trading in Mobile Networks
2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017Co-Authors: Zhongxing Ming, Ning Wang, Bingjie GaoAbstract:User Data allowance trading emerges as a promising practice in mobile Data networks since it can help mobile networks to attract more Users. However, to date, there is no study on User Data allowance trading in mobile networks. In this paper, we develop a truthful framework that allows Users to bid for Data allowance. We focus on preventing price cheating, guaranteeing fairness, and minimizing trading maintenance cost in trading. We formulate the Data trading process as a double auction problem and develop algorithms to solve the problem. In particular, we use a uniform price auction based on a competitive equilibrium to defend against price cheating and provide fair-ness. Meanwhile, we leverage linear programming to minimize trading maintenance cost. We conduct extensive simulations to demonstrate the performance of the proposed mechanism. The simulation results show that our trading mechanism is truthful and fair, while incurring a minimized maintenance cost.
-
ICDCS - TAFTA: A Truthful Auction Framework for User Data Allowance Trading in Mobile Networks
2015 IEEE 35th International Conference on Distributed Computing Systems, 2015Co-Authors: Zhongxing Ming, Ning Wang, Bingjie GaoAbstract:User Data allowance trading is emerging as a promising field in mobile Data networks. Mobile operators are establishing Data trading platforms to attract more Users. To date, there has been no coherent study on User Data allowance trading. In this paper, we develop a truthful framework that allows Users to bid for Data allowance. We focus on preventing price cheating, guaranteeing fairness and minimizing trading maintenance cost. We model the Data trading process as a double auction problem. We develop algorithms to solve the problem. The algorithms use a uniform price based on a competitive equilibrium to defend against price cheating and provide fairness, and use linear programming to minimize trading maintenance cost. We conduct extensive simulations to testify the proposed mechanism. Results show that our mechanism is truthful, fair and can minimize the cost of trading.
James Mickens - One of the best experts on this subject based on the ideXlab platform.
-
NSDI - Sieve: cryptographically enforced access control for User Data in untrusted clouds
2016Co-Authors: Frank Wang, Nickolai Zeldovich, James Mickens, Vinod VaikuntanathanAbstract:Modern web services rob Users of low-level control over cloud storage--a User's single logical Data set is scattered across multiple storage silos whose access controls are set by web services, not Users. The consequence is that Users lack the ultimate authority to determine how their Data is shared with other web services. In this paper, we introduce Sieve, a new platform which selectively (and securely) exposes User Data to web services. Sieve has a User-centric storage model: each User uploads encrypted Data to a single cloud store, and by default, only the User knows the decryption keys. Given this storage model, Sieve defines an infrastructure to support rich, legacy web applications. Using attribute-based encryption, Sieve allows Users to define intuitively understandable access policies that are cryptographically enforceable. Using key homomorphism, Sieve can reencrypt User Data on storage providers in situ, revoking decryption keys from web services without revealing new keys to the storage provider. Using secret sharing and two-factor authentication, Sieve protects cryptographic secrets against the loss of User devices like smartphones and laptops. The result is that Users can enjoy rich, legacy web applications, while benefiting from cryptographically strong controls over which Data a web service can access.
-
sieve cryptographically enforced access control for User Data in untrusted clouds
Networked Systems Design and Implementation, 2016Co-Authors: Frank Wang, Nickolai Zeldovich, James Mickens, Vinod VaikuntanathaAbstract:Modern web services rob Users of low-level control over cloud storage--a User's single logical Data set is scattered across multiple storage silos whose access controls are set by web services, not Users. The consequence is that Users lack the ultimate authority to determine how their Data is shared with other web services. In this paper, we introduce Sieve, a new platform which selectively (and securely) exposes User Data to web services. Sieve has a User-centric storage model: each User uploads encrypted Data to a single cloud store, and by default, only the User knows the decryption keys. Given this storage model, Sieve defines an infrastructure to support rich, legacy web applications. Using attribute-based encryption, Sieve allows Users to define intuitively understandable access policies that are cryptographically enforceable. Using key homomorphism, Sieve can reencrypt User Data on storage providers in situ, revoking decryption keys from web services without revealing new keys to the storage provider. Using secret sharing and two-factor authentication, Sieve protects cryptographic secrets against the loss of User devices like smartphones and laptops. The result is that Users can enjoy rich, legacy web applications, while benefiting from cryptographically strong controls over which Data a web service can access.
-
HotOS - Amber: decoupling User Data from web applications
2015Co-Authors: Tej Chajed, Jon Gjengset, Jelle Van Den Hooff, M. Frans Kaashoek, James Mickens, Robert Morris, Nickolai ZeldovichAbstract:User-generated content is becoming increasingly common on the Web, but current web applications isolate their Users' Data, enabling only restricted sharing and cross-service integration. We believe Users should be able to share their Data seamlessly between their applications and with other Users. To that end, we propose Amber, an architecture that decouples Users' Data from applications, while providing applications with powerful global queries to find User Data. We demonstrate how multi-User applications, such as e-mail, can use these global queries to efficiently collect and monitor relevant Data created by other Users. Amber puts Users in control of which applications they use with their Data and with whom it is shared, and enables a new class of applications by removing the artificial partitioning of Users' Data by application.
