Cloud Security Verification

We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?


MORE INFO

Cloud topologies are complex!

Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?


MORE INFO

Infrastructure Cloud Information Flow Analysis

We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?


MORE INFO

Smart Identity Card

European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?


MORE INFO
0123

Identity & Privacy

Identity & Privacy

Identity and privacy research are intertwined.

The former aims at protocols and systems for managing, exchanging and authenticating identity attributes, the latter governs the protection of a user's identity in the widest sense.

Other Interests: [Information Security]   [Applied Rigorous Methods]

Identity

Identity refers to the attributes associated with a user who interacts with a system's service interface.

It may be a (unique) identifier (e.g., a username) or personal identifiable information (PII) or other attributes (e.g., pseudo-identifiers).

Taken as basis for authentication, the identity serves authorization and thereby determine the user's access control rights on the system and security thereof.

The user's claim on her identity is certified by credentials. Electronic Identity (EID) proposals establish credentials on an electronic token, such as an electronic ID card.

Identity Management refers to systems and protocol to handle identity. User-centric identity management places the user in the center of transactions and has user-consent as guiding principle. Federated identity management (FIM) refers to identity management access trust domains, e.g., for single sign-on authentication.

See Federated Identity Management and the User-centricity Taxonomy.

Privacy

In first approximation, privacy is the protection of the user's identity.

Privacy can take many forms, the privacy terminology [PfiHan2010] provides a good overview.

Anonymous Credential Systems and attribute-based credentials allow privacy-preserving authentication based on selective disclosure of attributes (or statements about attributes).

Research Foci: Privacy for eID and Social Networks

  • Privacy of eID systems
  • Privacy in social networks

Relevant Projects

Selected Papers

Jan Camenisch and Thomas Groß. Efficient attributes for anonymous credentials. In ACM Transactions on Information and System Security (TISSEC), 2011.

Jan Camenisch, Nathalie Casati, Thomas Groß and Victor Shoup. Credential Authenticated Identification and Key Exchange. In Advances in Cryptology - CRYPTO 2010, pages 255-276. LNCS 6223. Springer, August 2010.

Patrik Bichsel, Jan Camenisch, Thomas Groß and Victor Shoup. Anonymous Credentials on a Standard Java Card. In ACM Computer and Communications Security (CCS), 2009, pages 600-610. ACM Press, November 2009.

Abhilasha Bhargav-Spantzel, Jan Camenisch, Thomas Groß and Dieter Sommer. User centricity: A taxonomy and open issues. In Journal of Computer Security 15(5): pages 493-527, IOS Press, 2007.

References

[PfiHan2010] Andreas Pfitzmann and Marit Hansen. Terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, v0.34. Aug. 2010. TU Dresden.

Login

User Menu