Proceedings being published as LNCS 9478
Title: Cloud Security- A Cryptographic Approach
Sushmita Ruj, Indian Statistical Institute, Kolkata, India
Length: 3 hours
Clouds are increasingly being used to store personal
and sensitive information like health records and important documents.
We address the problem of storing sensitive information in
the cloud, so that the cloud service provider cannot tamper with
the stored data. We will address two problems: access control
of stored data, auditing data stored in untrusted cloud servers
for integrity verification. We will discuss cryptographic solutions
to solve each of these problems. The purpose of this tutorial is
to expose the audience to threats of untrusted cloud servers and
cryptographic solutions to mitigate the attacks. We will look into
practical ways of solving problems in cloud security, both theory
and implementation. Along the way we will look into case study
from healthcare and security in mobile cloud computing. Many
open problems and future directions of work will be discussed.
Title: Common Criteria-a tool to get assurance on an IT security product
Common Criteria Test Laboratory, ERTL(E), STQC, DeitY, Govt. of India, KOLKATA
It is necessary that the user of an IT product should have requisite level of trust and confidence on the security services being offered by the product. Additionally the IT product offering security functionalities should have sufficient self-protection and resilience to external attacks from its operational environment. To achieve this, it is necessary not only to evaluate the security functionalities of the product but also to assess how good the functionalities have been defined, designed and implemented.
The Common Criteria standard is the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the International Community. Common Criteria is an internationally recognized standard for the evaluation of the security of IT products. It is a highly prescriptive framework in which the userscan specify their security requirements, the vendors canmake claims about the security attributes of their products and the testing laboratories can evaluate the products to determine whether the claims made the vendors are actually available in the system. ISO community has also adopted ‘Common Criteria Standard’ as ISO 15408.
In order to realize the benefits that use of the CC offers it is essential that practitioners fully understand the CC concepts on IT security, approach for specifying those and methodology for their assessment.
ERTL (E), Kolkata, as on today, is the only laboratory in the country, engaged in evaluation of IT product according to the Common Criteria standard. In this tutorial, the delegates will get acquainted with the Common Criteria Standard and its use in defining and as well as in evaluating the security requirements of a product.
Title: Program Analysis and Reasoning for Hard to Detect Software Vulnerabilities
Suresh C. Kothari,
Iowa State University, USA
Software is everywhere and so are software vulnerabilities, affecting individuals, companies and nations. Deliberately planted software vulnerabilities (“malware”) have ravaged nuclear reactors and unintended software
vulnerabilities (“bugs”) have recently caused all American Airlines planes to be grounded for hours. Software vulnerabilities
elude regression testing because their occurrence often depends on intricate sequences of low-probability events. The
alternatives, such as completely automated program analysis and/or formal verification, are riddled with intractable
problems that pose practical barriers to achieving scalability and accuracy. This tutorial is aimed at the audience
interested in learning about sophisticated software vulnerabilities with dire consequences, and a novel practical approach
to detect them. We will present a rigorous framework that integrates automated program analysis and human reasoning. We
will demonstrate a suite of supporting tools with unique capabilities that enable human analysts to quickly identify and
Title: Secure Multi-party Computation
International Institute of Information Technology, Bangalore, India
Secure multi-party computation (MPC) is one of the fundamental problems is distributed cryptography. In a nutshell, an MPC protocol allows a set of n mutually distrusting parties with private inputs to jointly compute an agreed upon function of their inputs by keeping the inputs as private as possible. The problem was first formulated by Yao in the two-party setting in his seminal work and later generalized to the n-party setting by other researchers. The MPC problem abstracts any secure distributed computing task, such as secure e-voting, secure e-auction, privacypreserving
data mining, etc. Probably over the past three decades, it is one of the widely studied research topics in cryptography and several interesting results have been achieved, dealing with synchronous communication setting, asynchronous communication setting, tolerating threshold adversary, non-threshold adversary, adaptive corruption, providing conditional and unconditional security, with robustness and non-robustness. Applied MPC has also received tremendous attention in the recent past. The aim of this tutorial is to give an introduction to this exciting and fundamental area of research. Protocols for the two-party setting and multi-party setting setting will be discussed in detail.