Credits: 5 EC
Prerequisites: Security and Cryptography (Crp).
Motivation: Cloud computing allows clients to rent major parts of their computing infrastructure instead of owning and maintaining large data centers. Due to virtualization techniques, this approach is scalable and gives flexibility in the used computational resources. Resources can be adapted as required, while the underlying hardware is provided and maintained by the cloud service provider. However, outsourcing vital business data and delegating business critical tasks requires trust in the cloud service provider. It is not surprising that a lack of such required trust is still one of the main obstacles for the full adoption of cloud computing.
Synopsis: This course covers security mechanisms specifically suitable for cloud computing. After a brief introduction to cloud computing, we discuss security mechanisms currently offered by big players such as Amazon and Microsoft and identify potential shortcomings thereof. The major content of this course presents recent research directions regarding data security in cloud computing scenarios. Among others, we will discuss constructions for outsourced encrypted databases and potential attacks on such systems, verifiable computation, hardware-aided security and privacy issues of outsourced data analytics.
Learning outcomes: The student will obtain:
- The skill to identify security challenges raised by data outsourcing.
- An introduction to cloud computing and an overview of current security mechanisms deployed in practice.
- A good understanding of advanced security mechanisms for cloud computing.
- The ability to compare, evaluate and apply these mechanisms for different scenarios.
- Hands-on experience with such advanced security mechanisms.
Lecturers: Dr Florian Hahn (UT)
Examination: (Closed book) written exam (70%); three (practical) assignments (30%)
Contents: Platform-as-a-Service; Virtualization; Sandboxing; Key Management; Database-as-a-Service; Searchable Encryption; Attacks on Searchable Encryption; Oblivious RAM; Private Information Retrieval; Functional Encryption; Secure Multiparty Computation; Homomorphic Encryption; Intel SGX; Verifiable Computation; Machine-Learning-as-a-Service; Model Inversion Attack
Core text: Various papers from the literature