Change search
Refine search result
1 - 37 of 37
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Abdelraheem, Mohamed Ahmed
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Andersson, Tobias
    RISE - Research Institutes of Sweden, ICT, SICS.
    Gehrmann, Christian
    Lund university, Sweden.
    Searchable Encrypted Relational Databases:Risks and Countermeasures2017In: Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2017 International Workshops, DPM 2017 and CBT 2017, Oslo, Norway, September 14-15, 2017, Proceedings / [ed] Joaquin Garcia-Alfaro et al., Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature , 2017, Vol. 10436, p. 70-85Conference paper (Refereed)
    Abstract [en]

    We point out the risks of protecting relational databases viaSearchable Symmetric Encryption (SSE) schemes by proposing an infer-ence attack exploiting the structural properties of relational databases.We show that record-injection attacks mounted on relational databaseshave worse consequences than their file-injection counterparts on un-structured databases. Moreover, we discuss some techniques to reducethe effectiveness of inference attacks exploiting the access pattern leak-age existing in SSE schemes. To the best of our knowledge, this is thefirst work that investigates the security of relational databases protectedby SSE schemes.

    Download full text (pdf)
    fulltext
  • 2.
    Abdelraheem, Mohammed Ahmed
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Lindström, Malin
    Blekinge Institute of Technology, Sweden.
    Nordahl, Christian
    Blekinge Institute of Technology, Sweden.
    Executing Boolean Queries on an Encrypted Bitmap Index2016In: CCSW 2016: Proceedings of the 2016 ACM on Cloud Computing Security Workshop, 2016, p. 11-22Conference paper (Refereed)
    Abstract [en]

    We propose a simple and efficient searchable symmetric encryption scheme based on a Bitmap index that evaluates Boolean queries. Our scheme provides a practical solution in settings where communications and computations are very constrained as it offers a suitable trade-off between privacy and performance.

  • 3.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Deploying Virtual Machines on Shared Platforms2011Report (Other academic)
    Abstract [en]

    In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials.

    Download full text (pdf)
    FULLTEXT01
  • 4.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Security Considerations for Virtual Platform Provisioning2011Conference paper (Refereed)
    Abstract [en]

    The concept of virtualization is not new but leveraging virtualization in different modes and at different layers has revolutionized its usage scenarios. Virtualization can be applied at application layer to create sandbox environment, operating system layer to virtualize shared system resources (e.g. memory, CPU), at platform level or in any other useful possible hybrid scheme. When virtualization is applied at platform level, the resulting virtualized platform can run multiple virtual machines as if they were physically separated real machines. Provisioning virtualized platforms in this way is often also referred to as Infrastructure-as-a-Service or Platform-as-a-Service when full hosting and application support is also offered. Different business models, like datacenters or telecommunication providers and operators, can get business benefits by using platform virtualization due to the possibility of increased resource utilization and reduced upfront infrastructure setup expenditures. This opportunity comes together with new security issues. An organization that runs services in form of virtual machine images on an offered platform needs security guarantees. In short, it wants evidence that the platforms it utilizes are trustworthy and that sensitive information is protected. Even if this sounds natural and straight forward, few attempts have been made to analyze in details what these expectations means from a security technology perspective in a realistic deployment scenario. In this paper we present a telecommunication virtualized platform provisioning scenario with two major stakeholders, the operator who utilizes virtualized telecommunication platform resources and the service provider, who offers such resources to operators. We make threats analysis for this scenario and derive major security requirements from the different stakeholders’ perspectives. Through investigating a particular virtual machine provisioning use case, we take the first steps towards a better understanding of the major security obstacles with respect to platform service offerings. The last couple of years we have seen increased activities around security for clouds regarding different usage and business models. We contribute to this important area through a thorough security analysis of a concrete deployment scenario. Finally, we use the security requirements derived through the analysis to make a comparison with contemporary related research and to identify future research challenges in the area.

  • 5.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    TCG based approach for secure management of virtualized platforms: state-of-the-art2010Report (Other academic)
    Abstract [en]

    There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms.

    Download full text (pdf)
    FULLTEXT01
  • 6.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS. Mälardalen University, Sweden; COMSATS Institute of Information Technology, Pakistan.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Mälardalen University, Sweden.
    ASArP: Automated Security Assessment & Audit of Remote Platforms using TCG-SCAP synergies2015In: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 22, p. 28-39Article in journal (Refereed)
    Abstract [en]

    Many enterprise solutions today are built upon complex distributed systems which are accessible to the users globally. Due to this global access, the security of the host platforms becomes critical. The platform administrators use security automation techniques such as those provided by Security Content Automation Protocol (SCAP) standards to protect the systems from the vulnerabilities that are reported daily; furthermore, they are responsible for keeping their systems compliant to the relevant security recommendations (governmental or industrial). Additionally, third party audit and certification processes are used to increase user trust in enterprise solutions. However, traditional audit and certification mechanisms are not continuous , that is, not frequent enough to deal with the daily reported vulnerabilities, and for that matter even auditors expect platform administrators to keep the systems updated. As a result, the end user is also forced to trust the platform administrators about the latest state of the platform. In this paper we develop an automated security audit and certification system (ASArP)(ASArP) which can be used by platform users or by third party auditors. We use security automation techniques for continuous monitoring of the platform security posture and make the results trustworthy by using trusted computing (TCG) techniques. The prototype development of ASArPASArP validates the implementation feasibility; it also provides performance benchmarks which show that the ASArPASArP based audit and certification can be done much more frequently (e.g. daily or weekly). The feasibility of ASArPASArP based continuous audits is significantly better than traditional platform audits which are dependent on the physical presence of the auditors, thus making frequent audits much more expensive and operationally infeasible.

  • 7.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Mälardalen University, Sweden.
    Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques2013Conference paper (Refereed)
    Abstract [en]

    In new distributed systems paradigms like cloud computing, the security of the host platforms is very critical. The platform administrators use security automation techniques to ensure that the outsourced platforms are set up correctly and follow the security recommendations. However, the remote platform users still have to trust the platform owner. The third party security audits, used to shift the required user trust from the platform owner to a trusted entity, are scheduled and are not very frequent to deal with the daily reported vulnerabilities. In this paper we propose a continuous remote platform evaluation mechanism to be used by the remote entity to increase the platform user trust. We analyze the existing SCAP and trusted computing (TCG) standards for our solution, identify their shortcomings, and suggest ways to integrate them. Our proposed platform security evaluation framework uses the TCG-SCAP synergy to address the limitations of each technology when used separately.

  • 8.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Security and Trust Preserving VM Migrations in Public Clouds2012Conference paper (Refereed)
    Abstract [en]

    In this paper we consider the security and trust implications of virtual machine (VM) migration from one cloud platform to the other in an Infrastructure-as-a-Service (IaaS) cloud service model. We show how to extend and complement previous Trusted Computing techniques for secure VM launch to also cover the VM migration case. In particular, we propose a Trust_Token based VM migration protocol which guarantees that the user VM can only be migrated to a trustworthy cloud platform. Different from previous schemes, our solution is not dependent on an active (on-line) trusted third party. We show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments.

  • 9.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Rasmusson, Lars
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Björkman, Mats
    Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud2012Conference paper (Refereed)
    Abstract [en]

    In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis.

    Download full text (pdf)
    FULLTEXT01
  • 10.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS.
    Rasmusson, Lars
    RISE, Swedish ICT, SICS.
    Björkman, Mats
    Mälardalens Högskola, Sweden.
    Securely launching virtual machines on trustworthy platforms in a public cloud: An enterprise's perspective2012In: CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science, 2012, p. 511-521Conference paper (Refereed)
    Abstract [en]

    In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the providerpromised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis.

  • 11.
    Baumann, Christoph
    et al.
    KTH Royal Institute of Technology, Sweden.
    Näslund, Mats
    Ericsson Research, Sweden.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Schwarz, Oliver
    RISE, Swedish ICT, SICS, Security Lab.
    Thorsen, Hans
    T2 Data AB, Sweden.
    A High Assurance Virtualization Platform for ARMv82016In: 2016 European Conference on Networks and Communications (EuCNC), 2016, 9, p. 210-214, article id 7561034Conference paper (Refereed)
    Abstract [en]

    This paper presents the first results from the ongoing research project HASPOC, developing a high assurance virtualization platform for the ARMv8 CPU architecture. Formal verification at machine code level guarantees information isolation between different guest systems (e.g.~OSs) running on the platform. To use the platform in networking scenarios, we allow guest systems to securely communicate with each other via platform-provided communication channels and to take exclusive control of peripherals for communication with the outside world. The isolation is shown to be formally equivalent to that of guests executing on physically separate platforms with dedicated communication channels crossing the air-gap. Common Criteria (CC) assurance methodology is applied by preparing the CC documentation required for an EAL6 evaluation of products using the platform. Besides the hypervisor, a secure boot component is included and verified to ensure system integrity.

    Download full text (pdf)
    fulltext
  • 12. Douglas, Heradon
    et al.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Secure Virtualization and Multicore Platforms State-of-the-Art report2009Report (Other academic)
    Download full text (pdf)
    FULLTEXT01
  • 13.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    ARIES WP3 – Needs and Requirements Analyses2011Other (Other academic)
    Abstract [en]

    Information and communication technologies have increasingly influenced and changed our daily life. They allow global connectivity and easy access to distributed applications and digital services over the Internet. This report analysis security requirements on trust establishment and trust evaluation based on two different use case scenarios: "Trusted Communication using COTS" and "Trust Establishment for Cross-organizational Crises Management". A systematic needs analysis is performed on both scenarios which haver resulted in a large and well documented set of requirements. This is the first step in a large effort to define a security architecture for the two use case scenarios. 1

    Download full text (pdf)
    FULLTEXT01
  • 14.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    ONVIF Security Recommendations2010Other (Other academic)
    Abstract [en]

    This white paper gives security implementation and administration guidelines for developers and users of the ONVIF Network Interface Specifications.

    Download full text (pdf)
    FULLTEXT01
  • 15.
    Gehrmann, Christian
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Abdelraheem, Mohamed Ahmed
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    IoT protection through device to cloud synchronization2016In: 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016, p. 527-532, article id 7830733Conference paper (Refereed)
    Abstract [en]

    This paper addresses the problem of protecting distributed IoT units from network based attacks while still having a high level of availability. In particular we suggest a novel method where the IoT device execution state is modeled with a suitable high level application model and where the execution state of the application of the IoT device is 'mirrored' in a cloud executed machine. This machine has very high availability and high attack resistance. The IoT device will only communicate with the mirror machine in the cloud using a dedicated synchronization protocol. All essential IoT state information and state manipulations are communicated through this synchronization protocol while all end application communication directed towards the IoT units is done towards the mirror machine in the cloud. This gives a very robust and secure system with high availability at the price of slower responses. However, for many non-real time IoT application with high security demands this performance penalty can be justified.

  • 16.
    Gehrmann, Christian
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Douglas, Heradon
    RISE, Swedish ICT, SICS.
    Kengo Nilsson, Dennis
    Are there good Reasons for Protecting Mobile Phones with Hypervisors?2011Conference paper (Refereed)
    Abstract [en]

    Security threats on consumer devices such as mobile phones are increasing as the software platforms become more open and complex. Therefore, hypervisors, which bring potential new secure services to embedded systems, are becoming increasingly important. In this paper, we look into how to design a hypervisor-based security architecture for an advanced mobile phone. Key security components of the architecture have been verified through a hypervisor implemented on an emulated ARM platform. We compare the hypervisor security architecture with TrustZone and summarize the major benefits and limitations of the hypervisor approach. In short, hypervisors exhibit several advantages such as support of multiple secure execution domains and monitoring of non-trusted domains; however, this comes at the cost of larger legacy system porting efforts.

    Download full text (pdf)
    fulltext
  • 17.
    Gehrmann, Christian
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Löfvenberg, Jacob
    Trust Evaluation for Embedded Systems Security research challenges identified from an incident network scenario2011Conference paper (Refereed)
    Abstract [en]

    This paper is about trust establishment and trust evaluations techniques. A short background about trust, trusted computing and security in embedded systems is given. An analysis has been done of an incident network scenario with roaming users and a set of basic security needs has been identified. These needs have been used to derive security requirements for devices and systems, supporting the considered scenario. Using the requirements, a list of major security challenges for future research regarding trust establishment in dynamic networks have been collected and elaboration on some different approaches for future research has been done.This work was supported by the Knowledge foundation and RISE within the ARIES project.

    Download full text (pdf)
    fulltext
  • 18.
    Gehrmann, Christian
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Höglund, Rikard
    RISE, Swedish ICT, SICS.
    SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things2015In: 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), 2015, 13, p. 274-282, article id 7338326Conference paper (Refereed)
    Abstract [en]

    Internet of Things (IoT) commonly identifies the upcoming network society where all connectable devices will be able to communicate with one another. In addition, IoT devices are supposed to be directly connected to the Internet, and many of them are likely to be battery powered. Hence, they are particularly vulnerable to Denial of Service (DoS) attacks specifically aimed at quickly draining battery and severely reducing device lifetime. In this paper, we propose SMACK, a security service which efficiently identifies invalid messages early after their reception, by checking a short and lightweight Message Authentication Code (MAC). So doing, further useless processing on invalid messages can be avoided, thus reducing the impact of DoS attacks and preserving battery life. In particular, we provide an adaptation of SMACK for the standard Constrained Application Protocol (CoAP). Finally, we experimentally evaluate SMACK performance through our prototype implementation for the resource constrained CC2538 platform. Our results show that SMACK is efficient and affordable in terms of memory requirements, computing time, and energy consumption.

    Download full text (pdf)
    FULLTEXT01
  • 19.
    Giustolisi, Rosario
    et al.
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Ahlström, Markus
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Holmberg, Simon
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    A secure group-based AKA protocol for machine-type communications2016In: Information Security and Cryptology – ICISC 2016 / [ed] Seokhie Hong, Jong Hwan Park, 2016, p. 3-27, article id 10157Conference paper (Refereed)
    Abstract [en]

    The fifth generation wireless system (5G) is expected to handle with an unpredictable number of heterogeneous connected devices while guaranteeing a high level of security. This paper advances a groupbased Authentication and Key Agreement (AKA) protocol that contributes to reduce latency and bandwidth consumption, and scales up to a very large number of devices. A central feature of the proposed protocol is that it provides a way to dynamically customize the trade-off between security and efficiency. The protocol is lightweight as it resorts on symmetric key encryption only, hence it supports low-end devices and can be already adopted in current standards with little effort. Using ProVerif, we prove that the protocol meets mutual authentication, key confidentiality, and device privacy also in presence of corrupted devices, a threat model not being addressed in the state-of-the-art group-based AKA proposals. We evaluate the protocol performances in terms of latency and bandwidth consumption, and obtain promising results.

  • 20.
    Gunnarsson, Martin
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Gehrmann, Christian
    Lund University, sweden.
    Secure Ownership Transfer for Resource Constrained IoT Infrastructures2022In: International Conference on Information Systems Security and PrivacyICISSP 2020: Information Systems Security and Privacy pp 22-47, Springer Science and Business Media Deutschland GmbH , 2022, p. 22-47Conference paper (Refereed)
    Abstract [en]

    Internet of Things or IoT deployments are becoming more and more common. The list of use-cases for IoT is getting longer and longer, but some examples are smart home appliances and wireless sensor networks. When IoT devices are deployed and used over an extended time, it is not guaranteed that one owner will control the IoT devices over their entire lifetime. If the ownership of an IoT system shall be transferred between two entities, secure ownership transfer arises. In this paper we propose a protocol that enables secure ownership transfer of constrained IoT devices. The protocol is resource-efficient and only rely on symmetric cryptography for the IoT devices. The protocol has been rigorously analyzed to prove the state security requirements. The security analysis has been done partially using formal protocol verification tools, particularly Tamarin Prover. To show our proposed protocol’s resource efficiency, we have done a proof of concept implementation. This implementation, for constrained IoT devices, has been used to verify the efficiency of the protocol. 

  • 21.
    Michalas, Antonis
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Paladi, Nicolae
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Security Aspects of e-Health Systems Migration to the Cloud2014Conference paper (Refereed)
    Abstract [en]

    As adoption of e-health solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud.

    Download full text (pdf)
    fulltext
  • 22.
    Mohanty, Manoranjan
    et al.
    RISE, Swedish ICT, SICS.
    Do, Viktor
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Media Data Protection during Execution on Mobile Platforms – A Review2014Report (Other academic)
    Abstract [en]

    Multimedia content streaming has become an essential part of digital life. The media-on-demand (e.g., video on demand) service of certain enterprises, such as Netflix, Hulu, and Amazon etc. is changing the equations in which media content were accessed. The days, when one has to buy a bulk of media storage devices, or has to wait for the public broadcasting (e.g., television), to enjoy her preferred media has gone. Such change in the way of entertainment, however, has created new issues of piracy and unauthorized media access. To counter these concerns, the digital rights management (DRM) protection schemes have been adopted. In this report, we investigate one of the most important aspects of the DRM technology: the problem of protecting the clear text media content when playing licensing protected content on a mobile device. To this end, we first investigate how this problem has been addressed on different platforms and CPU architectures so far, and then discuss how virtualization technologies can be potentially used to protect the media pipe on mobile platforms. Our study will consider both industry-level and academic-level works, and will discuss the hardware-based and software-based approaches.

    Download full text (pdf)
    FULLTEXT01
  • 23.
    Nawaz, Omer
    et al.
    Blekinge Institute of Technology, Sweden.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Fiedler, Markus
    Blekinge Institute of Technology, Sweden.
    Secure Mobile Social Networks using USIM in a Closed Environment2012In: 7th International Conference for Internet Technology and Secured Transactions, IEEE , 2012, 13, p. 439-446, article id 6470846Conference paper (Refereed)
    Abstract [en]

    Online social networking and corresponding mobile based applications are gaining popularity and now considered a well-integrated service within mobile devices. Basic security mechanisms normally based on passwords for the authentication of social-network users are widely deployed and poses a threat for the user security. In particular, for dedicated social groups with high confidentiality and privacy demands, stronger and user friendly principles for the authentication and identification of group members are needed. On the other hand, most of the mobile units already provide strong authentication procedures through the USIM/ISIM module. This paper explores how to build an architectural framework for secure enrollment and identification of group members in dedicated closed social groups using the USIM/SIM authentication and in particular, the 3GPP Generic Authentication Architecture (GAA), which is built upon the USIM/SIM capabilities. One part of the research is to identify the marketable use-cases with corresponding security challenges to fulfill the requirements that extend beyond the online connectivity. This paper proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have also implemented an initial proof of the concept prototype to simulate the secure identification procedure based on the proposed design. Our implementation has demonstrated the flexibility of the solution to be applied independently for applications requiring secure identification.

    Download full text (pdf)
    FULLTEXT01
  • 24.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Trusted Geolocation-Aware Data Placement in Infrastructure Clouds2014Conference paper (Refereed)
    Abstract [en]

    Data geolocation in the cloud is becoming an increasingly pressing problem, aggravated by incompatible legislation in different jurisdictions and compliance requirements of data owners. In this work we present a mechanism allowing cloud users to control the geographical location of their data, stored or processed in plaintext on the premises of Infrastructure-as-a-Service cloud providers. We use trusted computing principles and remote attestation to establish platform state. We enable cloud users to confine plaintext data exclusively to the jurisdictions they specify, by sealing decryption keys used to obtain plaintext data to the combination of cloud host geolocation and platform state. We provide a detailed description of the implementation as well as performance measurements on an open source cloud infrastructure platform using commodity hardware.

    Download full text (pdf)
    fulltext
  • 25.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Towards Secure Multi-tenant Virtualized Networks2015In: 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, 7, Vol. 1, p. 1180-1185, article id 7345410Conference paper (Refereed)
    Abstract [en]

    Network virtualization enables multi-tenancy over physical network infrastructure, with a side-effect of increased network complexity. Software-defined networking (SDN) is a novel network architectural model – one where the control plane is separated from the data plane by a standardized API – which aims to reduce the network management overhead. However, as the SDN model itself is evolving, its application to multi-tenant virtualized networks raises multiple security challenges. In this paper, we present a security analysis of SDN- based multi-tenant virtualized networks: we outline the security assumptions applicable to such networks, define the relevant adversarial model, identify the main attack vectors for such network infrastructure deployments and finally synthesize a set of high-level security requirements for SDN-based multi-tenant virtualized networks. This paper sets the foundation for future design of secure SDN-based multi-tenant virtualized networks.

    Download full text (pdf)
    fulltext
  • 26.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    TruSDN: Bootstrapping trust in cloud network infrastructure2017In: Security and Privacy in Communication Networks, 2017, p. 104-124Conference paper (Refereed)
    Abstract [en]

    Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

    Download full text (pdf)
    preprint
  • 27.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Morenius, Fredric
    Ericsson, Sweden.
    Trusted Launch of Virtual Machine Instances in Public IaaS Environments2013In: Lecture Notes in Computer Science, Vol. 7839, p. 309-323Article in journal (Refereed)
    Abstract [en]

    Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.

    Download full text (pdf)
    fulltext
  • 28.
    Paladi, Nicolae
    et al.
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Gehrmann, Christian
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Michalas, Antonis
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS.
    Providing User Security Guarantees in Public Infrastructure Clouds2017In: IEEE Transactions on Cloud Computing, ISSN 2168-7161, Vol. 5, no 3, p. 405-419, article id 7399365Article in journal (Refereed)
    Abstract [en]

    The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants – insulated from the minutiae of hardware maintenance – rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organisations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

    Download full text (pdf)
    fulltext
  • 29.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Morenius, Fredric
    Ericsson, Sweden.
    Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds2013Conference paper (Refereed)
    Abstract [en]

    Confidentiality and integrity of data in Infrastructure-as-a-Service (IaaS) environments increase in relevance as adoption of IaaS advances towards maturity. While current solutions assume a high degree of trust in IaaS provider staff and infrastructure management processes, earlier incidents have demon- strated that neither are impeccable. In this paper we introduce Domain-Based Storage Protection (DBSP) a data confidentiality and integrity protection mechanism for IaaS environments, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We describe the building blocks of this mechanism and provide a set of detailed protocols for generation and handling of keys for confidentiality and integrity pro- tection of data stored by guest VM instances. The protocols assume an untrusted IaaS provider and aim to prevent both malicious and accidental faulty config- urations that could lead to breach of data confidentiality and integrity in IaaS deployments.

    Download full text (pdf)
    fulltext
  • 30.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Morenius, Fredric
    State of The Art and Hot Aspects in Cloud Data Storage Security2013Report (Other academic)
    Abstract [en]

    Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed.

    Download full text (pdf)
    fulltext
  • 31.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Michalas, Antonis
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Domain based storage protection with secure access control for the cloud2014Conference paper (Refereed)
    Abstract [en]

    Cloud computing has evolved from a promising concept to one of the fastest growing segments of the IT industry. However, many businesses and individuals continue to view cloud computing as a technology that risks exposing their data to unauthorized users. We introduce a data confidentiality and integrity protection mechanism for Infrastructure-as-a-Service (IaaS) clouds, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We also address the absence of reliable data sharing mechanisms, by providing an XML-based language framework which enables clients of IaaS clouds to securely share data and clearly define access rights granted to peers. The proposed improvements have been prototyped as a code extension for a popular cloud platform.

    Download full text (pdf)
    fulltext
  • 32.
    Papatheocharous, Efi
    et al.
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Michalas, Antonis
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications2015In: Evaluation of Novel Approaches to Software Engineering (ENASE 15), Barcelona, Spain: ENASE 2015/SCITEPRESS , 2015, 14Conference paper (Refereed)
    Abstract [en]

    PaaSword’s vision is three-fold; i) maximize and fortify the trust of individual, professional and corporate customers to Cloud-enabled services and applications; ii) safeguard both corporate and personal sensitive data stored on Cloud infrastructures and Cloud-based storage services, and iii) enable the acceleration of Cloud computing technologies adoption and paradigm shift in the European industry. PaaSword will introduce a holistic data privacy and security by design framework enhanced by sophisticated context-aware policy access models and robust policy access, decision, enforcement and governance mechanisms, which will enable the implementation of secure and transparent Cloud-based applications and services, that will maintain a fully distributed and totally encrypted data persistence layer, and, thus, will ensure data protection, integrity and confidentiality, even in the case wherein there is no control over the underlying third-party Cloud resources utilised.

  • 33.
    Schwarz, Oliver
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Securing DMA through Virtualization2012In: IEEE Conference on Complexity in Engineering, IEEE , 2012, 20, p. 118-123, article id 6242958Conference paper (Refereed)
    Abstract [en]

    We present a solution for preventing guests in a virtualized system from using direct memory access (DMA) to access memory regions of other guests. The principles we suggest, and that we also have implemented, are purely based on software and standard hardware. No additional virtualization hardware such as an I/O Memory Management Unit (IOMMU) is needed. Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre- and postprocessing of DMA transfers and is limited to a few microseconds. The solution was designed with focus on security and the abstract concept of the approach was formally verified.

    Download full text (pdf)
    fulltext
  • 34.
    Schwarz, Oliver
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Do, Viktor
    RISE, Swedish ICT, SICS.
    Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System2014Conference paper (Refereed)
    Abstract [en]

    While security has become important in embedded systems, commodity operating systems often fail in effectively separating processes, mainly due to a too large trusted computing base. System virtualization can establish isolation already with a small code base, but many existing embedded CPU architectures have very limited virtualization hardware support, so that the performance impact is often non-negligible. Targeting both security and performance, we investigate an approach in which a few minor hardware additions together with virtualization offer protected execution in embedded systems while still allowing non-virtualized execution when secure services are not needed. Benchmarks of a prototype implementation on an emulated ARM Cortex A8 platform confirm that switching between those two execution forms can be done efficiently.

    Download full text (pdf)
    fulltext
  • 35.
    Seitz, Ludwig
    et al.
    RISE, Swedish ICT, SICS.
    Selander, Göran
    Ericsson, Sweden.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Authorization Framework for the Internet-of-Things2013Conference paper (Refereed)
    Abstract [en]

    This paper describes a framework that allows fine-grained and flexible access control to connected devices with very limited processing power and memory. We propose a set of security and performance requirements for this setting and derive an authorization framework distributing processing costs between constrained devices and less constrained back-end servers while keeping message exchanges with the constrained devices at a minimum. As a proof of concept we present performance results from a prototype implementing the device part of the framework.

    Download full text (pdf)
    FULLTEXT01
  • 36.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE, Swedish ICT, SICS.
    On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake2017In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 16, no 2, p. 173-193Article in journal (Refereed)
    Abstract [en]

    DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution, and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

    Download full text (pdf)
    FULLTEXT01
  • 37.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE, Swedish ICT, SICS, Security Lab.
    Robust and Scalable DTLS Session Establishment2016In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, p. 31-32Article in journal (Refereed)
    Abstract [en]

    The Datagram Transport Layer Security (DTLS) protocol is highly vulnerable to a form of denial-of-service attack (DoS), aimed at establishing a high number of invalid, half-open, secure sessions. Moreover, even when the efficient pre-shared key provisioning mode is considered, the key storage on the server side scales poorly with the number of clients. SICS Swedish ICT has designed a security architecture that efficiently addresses both issues without breaking the current standard.

    Download full text (pdf)
    FULLTEXT01
1 - 37 of 37
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf