Reading materials related to the Lectures


Presentation of Research Papers (April 9, 2014) [TOPIC:Security and Privacy in Social Networks]

 

NOTE: whilethe readers are expected/required to ask some questions, all are expected toask questions and discuss.

 

1.   Detecting and ResolvingPrivacy Conflicts for Collaborative Data Sharing in Online Social Networks

 

Presenter:Sarah Kern

Readers:[1] Matthew Saunders [2] Shauna Policicchio

 

2.   Preserving User Privacy fromThird-party Applications in Online Social Networks

 

Presenter:Salisa Viphusiri

Readers:[1] Antonio Greco [2] Raja Jasper

 

3.   Vegas- A Secure and Privacy-Preserving Peer-to-Peer Online Social Network

 

Presenter:Wuttinun Tunsukatanon

Readers:[1] Ajinkya Raut, [2] Brian Daniel D'Souza.

 

4.   PriMatch:Fairness-aware Secure Friend Discovery Protocol in Mobile Social Network

 

Presenter:Pavel Shulikov

Readers:Donald McKeon, Joseph Johnson

 

 

Presentation of Research Papers (April 2, 2014) [TOPIC: Security andPrivacy in Cloud Computing]

 

1.    AServer-Side Solution to Cache-Based Side-Channel Attacks in the Cloud

Presenter: Donald McKeon
Readers: [1] Raja Jasper, [2] Antonio Greco

 

2.    ID-BasedCryptography for Secure Cloud Data Storage


Presenter: Shauna Policicchio
Readers: [1] Sarha Kern, [2] Pavel Shulikov


3.     SecurityRisk Assessment of Cloud Carrier

Presenter: Joseph Johnson
Readers: [1] Salisa Viphusiri, [2] Brian Daniel D'Souza.

4.     ResultIntegrity Check for MapReduce Computation on Hybrid Clouds

Presenter:Mathew Saunders
Readers: [1] Wuttinun Tunsukatanon, [2] Ajinkya Raut

 


 

1.            Reading materials for Guest Lecture by Prof. BalajiPalanisamy (March 25)

Required

1.    MapReduce:Simpli[1]ed Data Processing onLarge Clusters,  OSDI 2004 (http://static.googleusercontent.com/media/research.google.com/en/us/archive/mapreduce-osdi04.pdf)

2.    Mix Zones:User Privacy in Location-aware Services (http://www.cl.cam.ac.uk/~fms27/papers/2004-BeresfordSta-mix.pdf)

 

Other recommended

 

3.    Purlieus:Locality-aware Resource Allocation for MapReduce in a Cloud, SC 2011 (http://www.cc.gatech.edu/~lingliu/papers/2011/Balaji-SC2011.pdf)

4.    Airavat:Security and Privacy for MapReduce, NSDI 2010 (https://www.usenix.org/legacy/event/nsdi10/tech/full_papers/roy.pdf)

5.    Cura: ACost-optimized Model for MapReduce in a Cloud, IPDPS 2013 (http://www.sis.pitt.edu/bpalan/papers/Cura-IPDPS2013.pdf)

6.    VNCache: MapReduce Analysis for Cloud-archived Data, CCGrid 2014 (http://www.sis.pitt.edu/bpalan/papers/VNCache-CCGrid14.pdf)

7.    MobiMix:Protecting Location Privacy with Mix-zones over Road Networks, ICDE 2011 (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.186.614&rep=rep1&type=pdf)

 

 

·                     Readingmaterials for Lecture6 (Cloud Computing Security and Privacy”

1.                H.Takabi, J. Joshi, G-J Ahn, “Securityand Privacy Challenges in Cloud Computing Environments” IEEE Security andPrivacy, 2010

2.                NIST800-144, “Guidelineson Security and Privacy in Public Cloud Computing”

3.                VivekKundra, “FederalCloud Computing Strategy,” 2011

4.                Ernst&YoungReport:”CloudComputing Issues and Impacts”

5.                COSOreport, “EnterpriseRisk Management for Cloud Computing,” 2012

6.                MichaelArmbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, AndyKonwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, and MateiZaharia, “Abovethe Clouds: A Berkeley View of Cloud Computing”, 2009

 

Otherrecommended readings

1.    “Overview and Issues forImplementation of the Federal Cloud Computing Initiative: Implications forFederal Information Technology Reform Management”

2.    EnisaReport: CloudComputing Benefits, risks and recommendations for information security

 

·                     Notesfor Lecture4 (Note 7, Note8)

1.    NIST800-39: Managing Information Security Risk: Organization, Mission, andInformation System View (NISTSP 800-39)

 

·                     Notesfor Lecture3

1.   NIST 800-86: Guide to Integrating Forensic Techniques into Incident Response (NIST SP800-86)

 

·                     Notesfor Lecture2 (Note 1,Note 2,Note 3)

1.    NIST800-34: Contingency Planning Guide forInformation Technology System (NIST800-34) 

2.    NIST800-14: Generally Accepted Principlesand Practices for Securing Information Technology Systems (NIST 800-14)

 

·                     Notesfor Lecture1 (Note 1,Note 2)

 

 

 


Reading materials for HW 1

·                     Paper 1: Information Security management: A humanchallenge?

·                     Paper 2: An integrated system theory of informationsecurity management

SampleTemplate, Samplereview

Reading materials for HW 2

·                   Youare expected to extensively search IEEE, ACM, Springer, Elsevier, NISTpublications and white papers and reports from industry

 


NIST Documents


1.       FIPSPUB 199: Standards for Security Categorization of Federal Information andInformation Systems

2.       Guideto Mapping Types of Information and Information Systems to Security Categories(NIST 800-60)

3.       ComputerSecurity Incident Handling Guide (Chapters 4, 5, 6 and 8)   (NIST 800-61)

4.       SecurityConsiderations in the Systems Development Life Cycle  (NIST 800-64)

5.       InformationSecurity Handbook: A Guide for Managers

6.       Guidelineson Security and Privacy in Public Cloud Computing

7.       Guideto Malware Incident Prevention and Handling for Desktops and Laptops (Draft)

8.       Contingency Planning Guide forInformation Technology System(NIST 800-34)

9.       GenerallyAccepted Principles and Practices for Securing Information TechnologySystems (NIST 800-14)

10.    Guidefor Developing Security Plans for Federal Information Systems (SP 800-18 Rev. 1)

11.    InformationSecurity Continuous Monitoring for Federal Information Systems andOrganizations (SP 800-137)

12.    Buildingan Information Technology Security Awareness and Training Program (SP 800-50)

13.    ManagingInformation Security Risk: Organization, Mission, and Information System View (SP 800-39)

14.    PerformanceMeasurement Guide for Information Security NIST 800-55) (SP 800-55 Rev. 1)

15.    SecurityGuide for Interconnecting Information Technology Systems (NIST 800-47) (SP 800-47)

16.    Guidelineson Active Content and Mobile Code (NIST 800-28) (SP 800-28 Version 2)

17.    IntegratingIT Security into the Capital Planning and Investment Control Process (SP 800-65)