He-Ming Ruan

A Mechanism on Risk Analysis of Information Security with Dynamic Assessment

Information security audit has become more and more important to organizations. Human is usually the most vulnerable part about information security in an organization. In this paper, we propose a dynamic risk assessment mechanism to help the information security manager realizing the human security awareness and vulnerability assessment in end client devices. The proposed mechanism will generate graphic reports to help security manager to improve the information security of organizations. A practical implementation demonstrates that the proposed mechanism is both useful and effective.

An Analysis of Security Patch Lifecycle Using Google Trend Tool

Information security audit has become more and more important nowadays. Among the audited items, the status of security patch could be the most important part. In this paper, we proposed a security patch lifecycle to assess the information security risk with the help of vulnerability databases. A case study using the Google Trend is also given to demonstrate that the proposed security patch lifecycle is both useful and practical.

Discovery of De-identification Policies Considering Re-identification Risks and Information Loss

In data analysis, it is always a tough task to strike the balance between the privacy and the applicability of the data. Due to the demand for individual privacy, the data are being more or less obscured before being released or outsourced to avoid possible privacy leakage. This process is so called de-identification. To discuss a de-identification policy, the most important two aspects should be the re-identification risk and the information loss. In this paper, we introduce a novel policy searching method to efficiently find out proper de-identification policies according to acceptable re-identification risk while retaining the information resided in the data. With the UCI Machine Learning Repository as our real world dataset, the re-identification risk can therefore be able to reflect the true risk of the de-identified data under the de-identification policies. Moreover, using the proposed algorithm, one can then efficiently acquire policies with higher information entropy.

Fine-Grained Audit Privilege Control for Integrity Audit on Cloud Storage

Cloud storage services have become necessities in our daily life. Although the cloud storage services provide online storage to hold data for the data owner with high accessibility, trust is always an obstacle between the user and the service provider. In this paper, we aim at the audit privilege management issue of integrity audit for cloud storage and search for a proper solution to provide controllable audit privilege dispatch.

Stratus: Check and Share Encrypted Data among Heterogeneous Cloud Storage

A cloud storage service is never sufficient if it only guarantees one of data confidentiality and integrity. Remote storage without encryption could expose private information to outsiders; while storage without integrity could be appended with garbled and useless cipher. This paper presents the Stratus, an integrated encrypted storage atop of heterogeneous cloud storage. Standing on users perspective, we focus on guaranteeing convenient access and integrity verification to the clouds. Also, Stratus preserves implicitly the folder hierarchy of the original storage and allows painless data migration and sharing without backward decryption. By the technique of dummy list, Stratus is able to perform lazy deletion, reducing access overhead. In particular, we use a novel authentication method, the Binomial Merkle Forests (BMF), to offer a lightweight and public verifiable proof of integrity checking. Other salient features of Stratus include assured deletion and space query in O(log N).

Design and Implementation of a Self-growth Security Baseline Database for Automatic Security Auditing

As the security consciousness rising, information security audit has become an important issue nowadays. This circumstance makes the security audit baseline database a crucial research domain. In this paper, we proposed a security baseline database to assist information security auditors to maintain the security update patch baseline automatically with the help of the Microsoft knowledge base and automatic audit process. A practical implementation demonstrates that the proposed structure is both useful and effective.

Data Integrity on Remote Storage for On-line Co-working

Nowadays, the cloud computing have engulfed not only the IT industry but also the general publics all around the world. Our daily life is now full of various cloud services such as Gmail or Google Document. Although the cloud services can provide on-line platforms for co-working between a group of collaborators, trust is always a hesitation for a user to adopt cloud services. In this paper, we aim at the integrity issue for on-line co-working and seek for a proper solution. We develop a framework to enable the remote data integrity verification for on-line co-working scenarios. In addition to provide a framework, we also show the feasibility of our framework by providing a concrete example.