Reading materials related to the Lectures


Presentation of Research Papers (April 9, 2014) [TOPIC: Security and Privacy in Social Networks]

 

NOTE: while the readers are expected/required to ask some questions, all are expected to ask questions and discuss.

 

1.    Detecting and Resolving Privacy Conflicts for Collaborative Data Sharing in Online Social Networks

 

Presenter: Sarah Kern

Readers: [1] Matthew Saunders [2] Shauna Policicchio

 

2.    Preserving User Privacy from Third-party Applications in Online Social Networks

 

Presenter: Salisa Viphusiri

Readers: [1] Antonio Greco [2] Raja Jasper

 

3.    Vegas - A Secure and Privacy-Preserving Peer-to-Peer Online Social Network

 

Presenter: Wuttinun Tunsukatanon

Readers: [1] Ajinkya Raut, [2] Brian Daniel D'Souza.

 

4.    PriMatch: Fairness-aware Secure Friend Discovery Protocol in Mobile Social Network

 

Presenter: Pavel Shulikov

Readers: Donald McKeon, Joseph Johnson

 

 

Presentation of Research Papers (April 2, 2014) [TOPIC: Security and Privacy in Cloud Computing]

 

1.    A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud

Presenter: Donald McKeon
Readers: [1] Raja Jasper, [2] Antonio Greco

 

2.    ID-Based Cryptography for Secure Cloud Data Storage


Presenter: Shauna Policicchio
Readers: [1] Sarha Kern, [2] Pavel Shulikov


3.     Security Risk Assessment of Cloud Carrier

Presenter: Joseph Johnson
Readers: [1] Salisa Viphusiri, [2] Brian Daniel D'Souza.


4.     Result Integrity Check for MapReduce Computation on Hybrid Clouds

Presenter: Mathew Saunders
Readers: [1] Wuttinun Tunsukatanon, [2] Ajinkya Raut

 


 

1.             Reading materials for Guest Lecture by Prof. Balaji Palanisamy (March 25)

Required

1.    MapReduce: Simpli[1]ed Data Processing on Large Clusters,  OSDI 2004 (http://static.googleusercontent.com/media/research.google.com/en/us/archive/mapreduce-osdi04.pdf)

2.    Mix Zones: User Privacy in Location-aware Services (http://www.cl.cam.ac.uk/~fms27/papers/2004-BeresfordSta-mix.pdf)

 

Other recommended

 

3.    Purlieus: Locality-aware Resource Allocation for MapReduce in a Cloud, SC 2011 (http://www.cc.gatech.edu/~lingliu/papers/2011/Balaji-SC2011.pdf)

4.    Airavat: Security and Privacy for MapReduce, NSDI 2010 (https://www.usenix.org/legacy/event/nsdi10/tech/full_papers/roy.pdf)

5.    Cura: A Cost-optimized Model for MapReduce in a Cloud, IPDPS 2013 (http://www.sis.pitt.edu/bpalan/papers/Cura-IPDPS2013.pdf)

6.    VNCache: Map Reduce Analysis for Cloud-archived Data, CCGrid 2014 (http://www.sis.pitt.edu/bpalan/papers/VNCache-CCGrid14.pdf)

7.    MobiMix: Protecting Location Privacy with Mix-zones over Road Networks, ICDE 2011 (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.186.614&rep=rep1&type=pdf)

 

 

·                      Reading materials for Lecture 6 (Cloud Computing Security and Privacy”

1.                 H. Takabi, J. Joshi, G-J Ahn, “Security and Privacy Challenges in Cloud Computing Environments” IEEE Security and Privacy, 2010

2.                 NIST 800-144, “Guidelines on Security and Privacy in Public Cloud Computing”

3.                 Vivek Kundra, “Federal Cloud Computing Strategy,” 2011

4.                 Ernst&Young Report:”Cloud Computing Issues and Impacts”

5.                 COSO report, “Enterprise Risk Management for Cloud Computing,” 2012

6.                 Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia, “Above the Clouds: A Berkeley View of Cloud Computing”, 2009

 

Other recommended readings

1.     “Overview and Issues for Implementation of the Federal Cloud Computing Initiative: Implications for Federal Information Technology Reform Management”

2.     Enisa Report: Cloud Computing Benefits, risks and recommendations for information security

 

·                      Notes for Lecture 4 (Note 7, Note 8)

1.    NIST 800-39: Managing Information Security Risk: Organization, Mission, and Information System View (NIST SP 800-39)

 

·                      Notes for Lecture 3

1.    NIST 800-86: Guide to Integrating Forensic Techniques into Incident Response (NIST SP800-86)

 

·                      Notes for Lecture 2 (Note 1, Note 2, Note 3)

1.    NIST 800-34: Contingency Planning Guide for Information Technology System (NIST 800-34

2.    NIST 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST 800-14)

 

·                      Notes for Lecture 1 (Note 1, Note 2)

 

 

 


Reading materials for HW 1

·                      Paper 1: Information Security management: A human challenge?

·                      Paper 2: An integrated system theory of information security management

Sample Template, Sample review

Reading materials for HW 2

·                    You are expected to extensively search IEEE, ACM, Springer, Elsevier, NIST publications and white papers and reports from industry

 


NIST Documents


1.        FIPS PUB 199: Standards for Security Categorization of Federal Information and Information Systems

2.        Guide to Mapping Types of Information and Information Systems to Security Categories (NIST 800-60)

3.        Computer Security Incident Handling Guide (Chapters 4, 5, 6 and 8)   (NIST 800-61)

4.        Security Considerations in the Systems Development Life Cycle  (NIST 800-64)

5.        Information Security Handbook: A Guide for Managers

6.        Guidelines on Security and Privacy in Public Cloud Computing

7.        Guide to Malware Incident Prevention and Handling for Desktops and Laptops (Draft)

8.        Contingency Planning Guide for Information Technology System (NIST 800-34)

9.        Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST 800-14)

10.     Guide for Developing Security Plans for Federal Information Systems (SP 800-18 Rev. 1)

11.     Information Security Continuous Monitoring for Federal Information Systems and Organizations (SP 800-137)

12.     Building an Information Technology Security Awareness and Training Program (SP 800-50)

13.     Managing Information Security Risk: Organization, Mission, and Information System View (SP 800-39)

14.     Performance Measurement Guide for Information Security NIST 800-55) (SP 800-55 Rev. 1)

15.     Security Guide for Interconnecting Information Technology Systems (NIST 800-47) (SP 800-47)

16.     Guidelines on Active Content and Mobile Code (NIST 800-28) (SP 800-28 Version 2)

17.     Integrating IT Security into the Capital Planning and Investment Control Process (SP 800-65)