SeCloud addresses security challenges in cloud computing environments: SeCloud consortium holds first brokerage event on 9 March 2016
You are here: Home \ News \ Events \ SeCloud addresses security challenges in cloud computing environments
5 February 2016 - 15:47, in Events,

Register here.

Confidentiality and integrity of data is paramount to applications that are hosted in the cloud and to applications that interact with other cloud services. The SeCloud project investigates a security-first and holistic approach to engineering such cloud-based applications. During the brokerage event you will receive more practical information on this topic through different cases and you will be updated about the research results.

Programme

13:00: Welcome

13:30: Presentation of SeCloud

14:00: Session 1: Programming (by VUB Software Languages Lab and NVISO)

“Securing untrusted code in web-based applications”, by Guillermo Polito (VUB SOFT)

Web applications are in general implemented as mashups of code and data from different origins. From a security point of view, not all these origins should be trusted: code and data coming from a malicious origins can corrupt or leak sensitive information. In addition, we need to consider the vulnerabilities introduced by JavaScript code.
Existing research developed several approaches for implementing security policies that limit and control the execution of untrusted JavaScript code. We explore and study several kinds of security policies regarding three aspects: how easily we can implement new policies, how easily we can deploy them, and how we can prevent malicious users to subvert their behavior.

“Cyber Threats in the Financial Industry”, by Vincent Defrenne (NVISO)

In this talk, NVISO reflects on their experiences and expertise in securing financial services.  The presentation focuses on the different cyber security challenges companies in the financial services industry are facing today and in the near future, based on the companies clients’ feedback and their own insights. Although the presentation is oriented mainly on the financial sector, much of this can be extrapolated to other industries as well. The presentation approaches from a managerial point of views topics such as cyber security resilience and cloud services among many others.

 

15:00: Break

15:15: Session 2: Infrastructure (by UC Louvain Crypto Group and Bluekrypt)

“Secret sharing and its applications to the cloud”, by Édouard Cuvelier (UCL Crypto Group)

Nowadays, many companies rely on a cloud to store data and perform computation over it. Others are reluctant because of the potential risks of the cloud such as a privacy breach or integrity issues. How can modern cryptography help? Beyond traditional encryption and authentication, cryptography brings interesting tools such as “Secret Sharing” and “Secure Multi-Party Computation”. Throughout the presentation, we take a look at these new tools.
First, we discuss secret sharing which may be used to privately store data. The idea is to split the data into different pieces called shares and to distribute these shares amongst a set of parties (e.g. data servers in one or different clouds). Distributing the shares is equivalent to storing the initial data in the cloud. However, given one share, a single party cannot recover anything about the data. In order to reassemble the data, the owner must collect all the shares. In this way, the confidentiality of the data rests on the fact that the different parties will not collaborate to retrieve the secret.
From secret sharing, we go a step further by explaining secure multi-party computation. In addition to securely store data, secure multi-party computation techniques allows computing over data, performing tasks ranging from simple search queries to complex data mining. In this way, the owner of the data can outsource its computations to the cloud provider or to a specialized company while guaranteeing the confidentiality. Moreover, as it guarantees the secrecy of the individual data pieces, secure multi-party computation solves the problem of companies reluctant to share sensitive data – e.g. in order to generate joint statistics – by fear that the shared information can be exploited by their competitors. We conclude the presentation with such an example of secure multi-party computation for an electronic auction.



“Secret sharing and secure multi-party computation: two concrete usage examples in the industry”, by Damien Giry (Bluekrypt)

The development of the Internet as well as the virtualisation of IT infrastructures have considerably increased the amount of information exchanged on the networks. The “cloud” and the “big data” are technologies allowing individuals and companies to access innovating and financially interesting services. In order to ensure the confidentiality of these exchanges, data circulating on the Internet are securely transmitted using cryptography, while remaining readable for the sender and for the receiver. Sometimes, the owner of the transmitted data may wish the receiver to be able to exploit the data without being able to access them. Technologies such as “Secret Sharing” and “Secure Multi-Party Computation” allow this possibility.
In our presentation, we are going to expose two concrete industrial projects carried out by our company using these technologies:
– How to calculate the result of an electronic election without opening the digital envelopes transmitted by the voters?
– How can a consulting company (big five) perform complex analyses on a company’s strategic data without consulting them, while protecting its methodology?



16:15: Poster session: First results of the project and possible cooperation between industry and academia

Register here.