Attack Surface Reduction (KTRIM)
Authenticated encryption with new security model and construction. StoA authenticated encryption with variable stretch is vulnerable to some attacks that misuse the variable stretch. A new security definition is proposed and followed by a new construction.
Shared Ownership allows joint access control decisions on collaboratively created cloud data. In our work we present an instantiation of shared ownership that is more efficient than previous work and allows fair accounting through block-chains.
Proofs of retrievability for data replications. It allows the data replication be handled by the cloud provider, who will then generate proofs of retrievability of these replicas upon user attestation.
De-duplication on the authenticators used for Proofs of Retrievability across multiple users. Relying on key-message homomorphic encryption, the cloud providers are able to merge the PoR authenticators generated by different users using different credentials and the merged authenticators is verifiable by all users.
The primitive provides secure deletion on an honest-but-curious cloud storage. Therefore, clients can store all the files on the cloud as usual, but still achieve secure deletion, which cannot be guaranteed otherwise. The solution is based on encryption.
Logical Partitioning Hypervisor
Provides light-weight isolation on many-core platforms. Allows management of encrypted and integrity-protected virtual machine images.
Multi-tenancy Access Control (EPICA)
The aim of the primitive is to provide an enforcement component for distributed attribute-based access control (ABAC) policies that ensures that authorized users always get access to the selected cloud resource (either data or service) whilst the access is refused to malicious parties, in the context of a multi-tenant cloud infrastructure.
TPM-based Remote Attestation (TRAVIS)
Remote Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network. The Remote Attestation generates the evidence of whether or not the untrusted cloud platform is running in the expected state, and therefore, the result of the service, application or VM image outsourced to the cloud is trustworthy.