Research on Cloud Computing, Security, and Privacy
2011/11/07 Leave a Comment 
Print This Post
I will participate in the program committee of the 1st Workshop on Resilient Cyber-physical SystemS:
Important Dates:
2011/11/05 Leave a Comment Print This Post
I’ll participate in the program committee of the 1st European Workshop on Dependable Cloud Computing (EWDCC ’12). The call for papers can be found at the .
Important dates:
2011/09/20 Leave a Comment Print This Post
I’ve been invited to co-chair the Tracking Protection Working Group of the World-Wide Web Consortium.
The Tracking Protection Working Group is chartered to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements. The group seeks to standardize the technology and meaning of Do Not Track, and of Tracking Selection Lists.
My mission as the chair is to drive the consensus-based standardisation process. My personal goal is to ensure that the privacy requirements of individuals as well as the industry requirements are met by the emerging recommendations.
Our kick-off meeting on September 21+22 in Boston MA, managed to assemble many important stakeholders such as Apple, the Center of Democracy and Privacy, ComScore, the EFF, FTC (Ed Felten), Google, the Interactive Advertising Bureau (IAB), Microsoft, Nielsen, and Yahoo in one room.
2011/05/22 Leave a Comment Print This Post
Today, we received an acceptance note for our submission to ESORICS 2011:
Sören Bleikertz, Thomas Gross, Matthias Schunter, Konrad Eriksson: Automated Information Flow Analysis of Virtualized Infrastructures, European Symposium on Research in Computer Security (ESORICS 2011)
You can download the paper (PDF)
Abstract
The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly configuring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support.
We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information
flow analysis based on graph traversal. The system discovers the actual configurations of diverse virtualization environments and unifies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system effectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components’ information flow.
Case Study: Graph-based Model for mid-size Cloud
2011/05/16 Leave a Comment Print This Post
I’ll participate in the Program Committee of the ACM Cloud Computing Security Workshop. 
. Please consider submitting your latest research on cloud security.
2011/05/01 Leave a Comment Print This Post
The Swiss Telecommunications Association is a non-profit organisation that represents users and providers of telecommunication. All major Swiss telcos are members:
I gave a presentation on cloud security at the 2011 ASUT Seminar that will be held on June 09 at the Kursaal in Berne. The ASUT Seminar constitutes the #1 event for the telco industry in Switzerland.
The program can be found here, abstract here.
Enclosed you find a report about the event (in German) that has been broadcasted by the SF Tagesschau.
2011/04/20 Leave a Comment Print This Post
I will co-organise a Dagstuhl Seminar on Federated Cloud Infrastructures. I initiated this seminar to put additional focus on the security and interoperability challenges of connecting multiple clouds. This this topic is also addressed by my TClouds Project, this seminar aims at creating a broader scientific community discussing these challenges.
The organisers of this seminar are:
The seminar is invitation only and nearly fully booked. If you are interested in being invited, please send me your CV and a short note on your expertise and your potential contributions.
We will then consider you when distributing the remaining seats (no guarantees though).
Read more of this post
2011/04/13 Leave a Comment Print This Post
I’m participating in the program committee of TrustBus 2011:
The Call for Papers can be found here.
2011/04/04 Leave a Comment Print This Post
I’ll participate in the program committee of the 9th European Dependable Computing Conference (EDCC 2012). EDCC is the leading European conference for research in dependable computing. The Call for Papers can be found at http://edcc.dependability.org/p/call-for-papers.html:
2011/03/29 Leave a Comment Print This Post
We’ve submitted an article (in German) to the Datenschutz Datensicherheit journal:
Ninja Marnau, Norbert Schirmer, Eva Schlehahn, Matthias Schunter: TClouds – Herausforderungen und erste Schritte zur sicheren und datenschutzkonformen Cloud. To Appear in Datenschutz und Datensicherheit 2011.
Abstract Das von der Europäischen Kommission geförderte Projekt TClouds hat die Entwicklung einer sicheren und datenschutzkonformen Cloud-Infrastruktur zum Ziel. Dieser Beitrag beschreibt die Herausforderungen und die ersten Lösungsideen.
Contact Me!