To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers). To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we proposemore »
Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications
Software applications that employ secure multi-party computation (MPC) can empower individuals and organizations to benefit from privacy-preserving data analyses when data sharing is encumbered by confidentiality concerns, legal constraints, or corporate policies. MPC is already being incorporated into software solutions in some domains; however, individual use cases do not fully convey the variety, extent, and complexity of the opportunities of MPC. This position paper articulates a role-based perspective that can provide some insight into how future research directions, infrastructure development and evaluation approaches, and deployment practices for MPC may evolve. Drawing on our own lessons from existing real-world deployments and the fundamental characteristics of MPC that make it a compelling technology, we propose a role-based conceptual framework for describing MPC deployment scenarios. Our framework acknowledges and leverages a novel assortment of roles that emerge from the fundamental ways in which MPC protocols support federation of functionalities and responsibilities. Defining these roles using the new opportunities for federation that MPC enables in turn can help identify and organize the capabilities, concerns, incentives, and trade-offs that affect the entities (software engineers, government regulators, corporate executives, end-users, and others) that participate in an MPC deployment scenario. This framework can not only guide the more »
- Publication Date:
- NSF-PAR ID:
- 10165776
- Journal Name:
- IEEE SecDev
- Volume:
- 2019
- Page Range or eLocation-ID:
- 129 - 140
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Enterprise software updates depend on the interaction between user and developer organizations. This interaction becomes especially complex when a single developer organization writes software that services hundreds of different user organizations. Miscommunication during patching and deployment efforts lead to insecure or malfunctioning software installations. While developers oversee the code, the update process starts and ends outside their control. Since developer test suites may fail to capture buggy behavior finding and fixing these bugs starts with user generated bug reports and 3rd party disclosures. The process ends when the fixed code is deployed in production. Any friction between user, and developer results in a delay patching critical bugs. Two common causes for friction are a failure to replicate user specific circumstances that cause buggy behavior and incompatible software releases that break critical functionality. Existing test generation techniques are insufficient. They fail to test candidate patches for post-deployment bugs and to test whether the new release adversely effects customer workloads. With existing test generation and deployment techniques, users can't choose (nor validate) compatible portions of new versions and retain their previous version's functionality. We present two new technologies to alleviate this friction. First, Test Generation for Ad Hoc Circumstances transforms buggy executionsmore »
-
The topic of engineering identity is neither new nor complete in its coverage within current literature. In fact, although this body of work predates the last ten years, researchers have argued that some of the most significant burgeoning in this area has occurred in the last decade. By applying both quantitative and qualitative lenses to this inquiry, researchers have concluded that, much like a STEM identity, an engineering identity describes how students see themselves, their competence and potential for success in the academic and career context of the field. To further examine the latter component i.e. potential for academic and career success, we attend to an emerging concept of an entrepreneurial engineering identity. This preliminary work unfolded organically; the authors’ primary goal involved a larger Interpretative Phenomenological Analysis (IPA) study that investigated persistence and advanced degree aspirations among 20 Black male engineering undergraduate students from a variety of institutional settings. While we did not intentionally seek to examine this emerging component of engineering identity, our preliminary analysis of participants’ interview data led us down this path. What we observed was a latent phenomenon of interest among participants: these Black male engineering undergraduates recurringly articulated clear intentions for academic and careermore »
-
Benjamin, L ; Henderson, J A ; Hines, E M (Ed.)The topic of engineering identity is neither new nor complete in its coverage within current literature. In fact, although this body of work predates the last ten years, researchers have argued that some of the most significant burgeoning in this area has occurred in the last decade. By applying both quantitative and qualitative lenses to this inquiry, researchers have concluded that, much like a STEM identity, an engineering identity describes how students see themselves, their competence and potential for success in the academic and career context of the field. To further examine the latter component i.e. potential for academic and career success, we attend to an emerging concept of an entrepreneurial engineering identity. This preliminary work unfolded organically; the authors’ primary goal involved a larger Interpretative Phenomenological Analysis (IPA) study that investigated persistence and advanced degree aspirations among 20 Black male engineering undergraduate students from a variety of institutional settings. While we did not intentionally seek to examine this emerging component of engineering identity, our preliminary analysis of participants’ interview data led us down this path. What we observed was a latent phenomenon of interest among participants: these Black male engineering undergraduates recurringly articulated clear intentions for academic and careermore »
-
Process safety is at the heart of operation of many chemical processing companies. However, the Chemical Safety Board (CSB) has still documented over 800 investigations of process safety failures since the year 2000. While not all of these incidents were severe, some did lead to employee injuries or death and environmental harm. As a result, chemical engineering companies are increasingly dedicated to process safety through training programs and detailed vigilance as part of their operations practice. AIChE and OSHA also offer courses in process safety to help support the industry. These efforts illustrate the paramount importance that chemical engineering graduates have an appreciation and understanding of process safety as they transition from their degree program into industrial positions. Previous studies have shown that despite difficulties due to course load constraints, process safety has been incorporated into chemical engineering curriculum through either the addition of new courses, incorporation of the content within existing classes, or a combination of the two methods. A review performed in Process Safety Progress suggested that a key step for departments moving forward is to perform an assessment of the process safety culture within their institution in order to determine how faculty and students view process safety.more »