Auflistung nach Autor:in "Huber, Matthias"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragMethods to secure services in an untrusted environment(Software Engineering 2011 – Fachtagung des GI-Fachbereichs Softwaretechnik, 2011) Huber, Matthias; Müller-Quade, JörnSoftware services offer many opportunities like reduced cost for IT infrastructure. They also introduce new risks, for example the clients lose control over their data. While data can be secured against external threats using standard techniques, the service providers themselves have to be trusted to ensure privacy. In this paper, we examine methods that can increase the level of privacy a service offers without the need to fully trust the service provider.
- KonferenzbeitragA provably privacy preserving video surveillance architecture for an assisted living community(Informatik 2014, 2014) Huber, Matthias; Müller-Quade, Jörn; Nilges, Tobias; Thal, CarolinVideo surveillance offers many advantages but also introduces privacy issues. We propose a video surveillance architecture that preserves privacy by providing different levels of anonymization. To this end, we model an assisted living scenario and show that our architecture can provide provable privacy under explicit assumptions while maintaining the utility of the architecture. This shows that video surveillance, tailored to specific scenarios, can be applied in a privacy preserving way.
- ZeitschriftenartikelProzessorientierte Bedrohungsanalyse für IT-gestützte mobile Aufgabenerfüllung(HMD Praxis der Wirtschaftsinformatik: Vol. 51, No. 1, 2014) Alpers, Sascha; Huber, Matthias; Scheidecker, Patrik; Schuster, ThomasDie mobile, prozessorientierte Auftragsbearbeitung ist gegenwärtig aufgrund von Sicherheitsbedenken und daraus resultierenden hohen Investitionskosten zur Absicherung der Anwendungen noch nicht verbreitet. Gleichzeitig wächst die Anzahl marktreifer Lösungen für den mobilen Datenaustausch. Bei der Mobilisierung von Geschäftsprozessen ergeben sich neue Gefahren für die Sicherheit des Prozesses und seine Artefakte (z. B. verarbeitete Daten). Es ist ebenfalls zu beachten, dass durch die Mobilisierung nicht nur neue Angriffsziele entstehen, sondern auch bisherige entfallen können. Aus diesem Grund muss im Rahmen von Mobilisierungsprojekten eine strukturierte Vorgehensweise angewendet werden welche dabei hilft möglichst alle Angriffsziele offenzulegen. Die weitere Risikoanalyse bildet die Grundlage zur Planung von Maßnahmen.
- KonferenzbeitragStructural composition attacks on anonymized data(Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit, 2014) Nilges, Tobias; Müller-Quade, Jörn; Huber, MatthiasAnonymized releases of databases are increasingly available in public. The composition of two releases does not necessarily fulfil any anonymity notion, even if the individual releases do fulfil that anonymity notion on their own. In this paper, we study composition scenarios and provide formalizations. We introduce a formal framework to study the composition of databases on a structural level and show the equivalence of the composition scenarios used in the literature. We show that known attacks on anonymity notions can be reduced to two simple properties and only need limited side information.
- KonferenzbeitragTowards secure cloud computing through a separation of duties(INFORMATIK 2011 – Informatik schafft Communities, 2011) Henrich, Christian; Huber, Matthias; Kempka, Carmen; Müller-Quade, JörnCloud Computing offers many opportunities but also introduces new risks. A user outsourcing his database into the cloud loses control over this data. While the service provider often secures the data against external threats using standard techniques, the service providers themselves have to be trusted to ensure privacy. This work proposes a novel approach to provide security for database services without the need to trust the provider. We suggest employing a separation of duties by distributing critical information and services between two or more providers in a way that the confidentiality of a database can only be compromised if all providers are corrupted and work together. We also present a formal security notion for such a database.