Research on Cloud Computing, Security, and Privacy
2011/11/30 Leave a Comment 
Print This Post
Christian Cachin and I published an overview on trusted clouds at IEEE Spektrum:
Christian Cachin, Matthias Schunter: A Cloud You Can Trust -
How to ensure that cloud computing’s problems—data breaches, leaks, service outages—don’t obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.
Read it online at
http://spectrum.ieee.org/computing/networks/a-cloud-you-can-trust/0
2011/11/05 Leave a Comment Print This Post
I’ll participate in the program committee of the 1st European Workshop on Dependable Cloud Computing (EWDCC ’12). The call for papers can be found at the .
Important dates:
2011/09/20 Leave a Comment Print This Post
I’ve been invited to co-chair the Tracking Protection Working Group of the World-Wide Web Consortium.
The Tracking Protection Working Group is chartered to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements. The group seeks to standardize the technology and meaning of Do Not Track, and of Tracking Selection Lists.
My mission as the chair is to drive the consensus-based standardisation process. My personal goal is to ensure that the privacy requirements of individuals as well as the industry requirements are met by the emerging recommendations.
Our kick-off meeting on September 21+22 in Boston MA, managed to assemble many important stakeholders such as Apple, the Center of Democracy and Privacy, ComScore, the EFF, FTC (Ed Felten), Google, the Interactive Advertising Bureau (IAB), Microsoft, Nielsen, and Yahoo in one room.
2011/05/22 Leave a Comment Print This Post
Today, we received an acceptance note for our submission to ESORICS 2011:
Sören Bleikertz, Thomas Gross, Matthias Schunter, Konrad Eriksson: Automated Information Flow Analysis of Virtualized Infrastructures, European Symposium on Research in Computer Security (ESORICS 2011)
You can download the paper (PDF)
Abstract
The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly configuring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support.
We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information
flow analysis based on graph traversal. The system discovers the actual configurations of diverse virtualization environments and unifies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system effectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components’ information flow.
Case Study: Graph-based Model for mid-size Cloud
2011/04/20 Leave a Comment Print This Post
I will co-organise a Dagstuhl Seminar on Federated Cloud Infrastructures. I initiated this seminar to put additional focus on the security and interoperability challenges of connecting multiple clouds. This this topic is also addressed by my TClouds Project, this seminar aims at creating a broader scientific community discussing these challenges.
The organisers of this seminar are:
The seminar is invitation only and nearly fully booked. If you are interested in being invited, please send me your CV and a short note on your expertise and your potential contributions.
We will then consider you when distributing the remaining seats (no guarantees though).
Read more of this post
2011/03/29 Leave a Comment Print This Post
We’ve submitted an article (in German) to the Datenschutz Datensicherheit journal:
Ninja Marnau, Norbert Schirmer, Eva Schlehahn, Matthias Schunter: TClouds – Herausforderungen und erste Schritte zur sicheren und datenschutzkonformen Cloud. To Appear in Datenschutz und Datensicherheit 2011.
Abstract Das von der Europäischen Kommission geförderte Projekt TClouds hat die Entwicklung einer sicheren und datenschutzkonformen Cloud-Infrastruktur zum Ziel. Dieser Beitrag beschreibt die Herausforderungen und die ersten Lösungsideen.
2011/03/27 Leave a Comment Print This Post
Some members of the TClouds team were invited to write the following book chapter that will be published in May:
Glott, Rüdiger, E.Husmann, A. Sadeghi, and Matthias Schunter (2011): Trustworthy Clouds underpinning the Future Internet, to appear in J. Domingue et al. (Eds.): Future Internet Assembly, LNCS 6656, Springer-Verlag, pp. 209–221, 2011.
Abstract:
Cloud computing is a new service delivery paradigm that aims to provide standardized services with self-service, pay-per-use, and seemingly unlimited scalability. This paradigm can be implemented on multiple service levels (infrastructures, run-time platform, or actual Software as a Service). They are are expected to be an important component
in the future Internet.
This article introduces upcoming security challenges for cloud services such as multi-tenancy, transparency and establishing trust into correct operation, and security interoperability. For each of these challenges, we introduce existing concepts to mitigate these risks and survey related research in these areas.t:
Submission version (PDF) Open Access Version of the complete book at Springer-Verlag
2011/03/15 Leave a Comment Print This Post
I’m honored to give a keynote on “Cloud Computing – Sicherheitsrisiko oder Chance?” at the Eurocloud Swiss conference. See http://www.swisscloudconference.ch for details:
Zusammenfassung:
Cloud Computing strebt die industrialisierte Produktion von IT Dienstleistungen an. Der Vortrag gibt einen Überblick über die Sicherheit von Cloud Infrastrukturen. Es werden die neuen Cloud Sicherheits-Risiken sowie ausgewählte Ansätze zum Schutz von Cloud Infrastrukturen wie das von der EU gestartete “Trustworthy Cloud Project” vorgestellt.
2011/03/14 Leave a Comment Print This Post
We have organized a Workshop on Cryptography and Security in Clouds. The workshop was well received. We had about 110 participant with a fair share of participants from industry:
“The aim of this workshop is to bring together researchers and practitioners working in cryptography and security, from academia and industry, who are interested in the security of current and future cloud computing technology. The workshop considers the viewpoint of cloud-service providers as well as the concerns of cloud users. The goal is to create a dialogue about common goals and to discuss solutions for security problems in cloud computing, with emphasis on cryptographic methods.
Invited speakers:
The workshop is co-sponsored by the EU Projects 
and 
.
2010/10/10 Leave a Comment Print This Post
Storyboard: Optimistic Deterministic Multithreading
Rüdiger Kapitza, Matthias Schunter, and Christian Cachin, IBM Research—Zurich; Klaus Stengel and Tobias Distler, Friedrich-Alexander University Erlangen-Nuremberg, 6th USENIX Workshop on Hot Topics in System Dependability (HotDep ’10), Vancouver BC, CAN, October 4–6, 2010.
Abstract: State-machine replication is a general approach to address the increasing importance of network-based services by improving their availability and reliability via replicated execution. If a service is deterministic, multiple replicas will produce the same results, and faults can be tolerated by means of agreement protocols. Unfortunately, real-life services are often not deterministic. One major source of non-determinism is multi-threaded execution with shared data access in which the thread execution order is determined by the run-time system and the outcome may depend on which thread accesses data first. We present Storyboard, an approach that ensures deterministic execution of multi-threaded programs. Storyboard achieves this by utilizing application-specific knowledge to minimize costly inter-replica coordination and to exploit concurrency in a similar way as non-deterministic execution. This is accomplished by making a forecast for a likely execution path, provided as an ordered sequence of locks that protect critical sections. If this forecast is correct, a request is executed in parallel to other running requests without further actions. Only in case of an incorrect forecast will an alternative execution path be resolved by inter-replica coordination.
Contact Me!