Andreas Happe

ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing

Cloud based collaboration gives rise to many new applications and business opportunities in both the private and the business domain. However, building such systems in a secure and robust manner is a challenging task. In this paper, we present a new architecture for secure cloud based data sharing called ARCHISTAR. It builds upon a distributed storage system and thus avoids any single point of trust or failure. Besides providing confidentiality of data, our focus is on availability and in particular on robustness against active attacks or failures. Our system provides full multi-user support and enables advanced sharing scenarios without complex key management and revocation mechanisms. We also present a prototype implementation of the ARCHISTAR system and discuss open issues.

Enhancing cloud security and privacy: Time for a new approach?

Achieving cloud security is not a trivial problem and developing and enforcing good cloud security controls is a fundamental requirement if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of unikernel based systems. The main thrust of this paper is to discuss the key issues which need to be addressed, noting which of those might be covered by our proposed approach. We discuss how our proposed approach may help better address the key security issues we have identified.

Enterprise IoT security and scalability: how unikernels can improve the status Quo

Cloud computing has been a great enabler for both the In-ternet of Things and Big Data. However, as with all newcomputing developments, development of the technology is usually much faster than consideration for, and development of, solutions for security and privacy. In a previous paper, we proposed that a unikernel solution could be used to improve security and privacy in a cloud scenario. In this paper, we outline how we might apply this approach to the Internet of Things, which can demonstrate an improvement over existing approaches.

The Archistar Secret-Sharing Backup Proxy

Cloud-Storage has become part of the standard toolkit for enterprise-grade computing. While being cost- and energy-efficient, cloud storages availability and data confidentiality can be problematic. A common approach of mitigating those issues are cloud-of-cloud solutions. Another challenge is the integration of such a solution into existing legacy systems. This paper introduces the Archistar Backup Proxy which allows integration of multi-cloud storage into existing legacy enterprise computing landscapes by overloading the industry-standard Amazon S3 protocol. The paper provides multiple lessons-learned during implementation and concludes with a performance evaluation with traditional backup solutions utilizing redundant remote storage.

Timing synchronization with photon pairs for quantum communications

In quantum communication experiments using entangled photon pairs far-distant measurement results are correlated on the sub-nanosecond level. For best performances the timing of the coincidence window and its width are critical. In contrast to lab experiments, where accurate timing could be adjusted easily by e.g. matched cable length, in distributed experiments a common clock more accurate than the coincidence time is requested by means of time stable synchronization channels or atom clocks synchronized by GPS. Synchronization of distant clocks is far from trivial. Efficient synchronization mechanisms are required to enable novel architectures like switched star shaped QKD-networks and facilitate quantum communication of a high number of potential users.

Malicious Clients in Distributed Secret Sharing Based Storage Networks

Multi-cloud storage is a viable alternative to traditional storage solutions. Recent approaches realize safe and secure solutions by combining secret-sharing with Byzantine fault-tolerant distribution schemes into safe and secure storage systems protecting a user against arbitrarily misbehaving storage servers.

Unikernels for Cloud Architectures : How Single Responsibility can Reduce Complexity, Thus Improving Enterprise Cloud Security

ACKNOWLEDGEMENTS This work was in part funded by the European Commission through grant agreement no 644962 (PRISMACLOUD).

Cloud Cyber Security: Finding an Effective Approach with Unikernels

Achieving cloud security is not a trivial problem to address. Developing and enforcing good cloud security controls are fundamental requirements if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of well-designed unikernel-based systems. We have identified a range of issues, which need to be dealt with properly to ensure a robust level of security and privacy can be achieved. We have addressed these issues in both the context of conventional cloud-based systems, as well as in regard to addressing some of the many weaknesses inherent in the Internet of things. We discuss how our proposed approach may help better address these key security issues which we have identified.

Malicious Clients in Distributed Secret Sharing Based Storage Networks (Transcript of Discussion)

Malicious clients in distributed storage networks. The presentation will be split up into two parts. In the initial part, we’re going to talk about distributed storage networks that use secret-sharing, and in the second part I’m going to introduce malicious clients, their possible attack vectors and how to protect against those attack vectors.