Controlling data in the cloud: outsourcing computation without outsourcing control
A group at PARC has been studying the Cloud Computing space and published this paper (download) in CCSW. The particular this paper argued that life in the cloud can be advantageous from a business intelligence standpoint over the isolated alternative that is more common today.
Cloud Computing and Security
The same group also posted a blog entry on several issues are of potential interests for both technical development and business management.
In particular, it points to four (4) levels where Cloud Computing could increase technical vulnerabilities; two (2) areas with known potential business concerns; and two (2) opportunities where Cloud Computing enables new capabilities that is difficult to do today.
===
P@P
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Tuesday, February 16, 2010
Friday, January 8, 2010
Open source and its hook
Marten and Open Source Hook
I was chatting with Marten Mickos recently. The question of what makes an open source effort succeed when others just flounder came up. He suggested that having a specific hook/niche that can be easily articulated is an important factor amongst many others. In the case of MySQL, it was a database designed specifically for web usage.
In the mundane business talk, it is about having an unique value proposition.
CCN and its Open Source
CCN's open source release came out last year. So, Marten's observation got me thinking about what is CCN's hook.
According to the recent Network World article, it is about security and multimedia/content consumption.
Would be interested in your take on what CCN's unique value proposition is. I am all ears.
===
P@P
I was chatting with Marten Mickos recently. The question of what makes an open source effort succeed when others just flounder came up. He suggested that having a specific hook/niche that can be easily articulated is an important factor amongst many others. In the case of MySQL, it was a database designed specifically for web usage.
In the mundane business talk, it is about having an unique value proposition.
CCN and its Open Source
CCN's open source release came out last year. So, Marten's observation got me thinking about what is CCN's hook.
According to the recent Network World article, it is about security and multimedia/content consumption.
Would be interested in your take on what CCN's unique value proposition is. I am all ears.
===
P@P
Tuesday, September 22, 2009
Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control
CCSW 2009: The ACM Cloud Computing Security Workshop
The cloud computing paper "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control" by our security team with Fujitsu has been accepted by the workshop.
Paper Summary
Cloud computing is clearly one of today’s most enticing technology areas due, at least in part, to its cost-efficiency and flexibility. However, despite the surge in activity and interest, there are significant, persistent concerns about cloud computing that are impeding momentum and will eventually compromise the vision of cloud computing as a new IT procurement model. In this paper, we characterize the problems and their impact on adoption. In addition, and equally importantly, we describe how the combination of existing research thrusts has the potential to alleviate many of the concerns impeding adoption. In particular, we argue that with continued research advances in trusted computing and computation-supporting encryption, life in the cloud can be advantageous from a business intelligence standpoint over the isolated alternative that is more common today
New Cloud Computing Directions
Well, the really good stuff is at the end. They include
P@P
The cloud computing paper "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control" by our security team with Fujitsu has been accepted by the workshop.
Paper Summary
Cloud computing is clearly one of today’s most enticing technology areas due, at least in part, to its cost-efficiency and flexibility. However, despite the surge in activity and interest, there are significant, persistent concerns about cloud computing that are impeding momentum and will eventually compromise the vision of cloud computing as a new IT procurement model. In this paper, we characterize the problems and their impact on adoption. In addition, and equally importantly, we describe how the combination of existing research thrusts has the potential to alleviate many of the concerns impeding adoption. In particular, we argue that with continued research advances in trusted computing and computation-supporting encryption, life in the cloud can be advantageous from a business intelligence standpoint over the isolated alternative that is more common today
New Cloud Computing Directions
Well, the really good stuff is at the end. They include
- Information-centric security
- High-Assurance Remote Server Attestation
- Privacy-Enhanced Business Intelligence
P@P
Tuesday, August 25, 2009
Inference Engine and Applications
Inference Engine
One of the things that internet/web enables is to make low-cost data collection and analysis mostly a computational question. Add in the idea of "wisdom of crowd", then you have the making of PARC's inference engine technology - if you would allow for a gross simplification.
What the inference engine is good at is to identify items that may be linked in ways that is not always obvious. My favorite example is how the inference engine easily cracked the heavily redacted story on the location of a CIA agent's first assignment in How to catch a spy.
Web Chatters
But the same technique can also be used to identify emerging trends (chatters) on a specific topic. So, I used the Inference Engine to look at the top terms associated with the Sonia Sotomayor's nomination process to the US Supreme Court at Sotomayor Web Chatter Index.
And, indeed, it is interesting to see what are the top ranking terms associated with that process and how it points to specific concepts that come in and out of favor in the web crowd.
Private Corpus
Finally, it may be worth noting that the same technique can also be applied to data corpus beyond the visible internet. For example, eDiscovery in legal proceeding is a space where this capability would be very helpful by expanding beyond simple keyword search to a more nuanced understanding of how information linked to each other.
===
P@P
One of the things that internet/web enables is to make low-cost data collection and analysis mostly a computational question. Add in the idea of "wisdom of crowd", then you have the making of PARC's inference engine technology - if you would allow for a gross simplification.
What the inference engine is good at is to identify items that may be linked in ways that is not always obvious. My favorite example is how the inference engine easily cracked the heavily redacted story on the location of a CIA agent's first assignment in How to catch a spy.
Web Chatters
But the same technique can also be used to identify emerging trends (chatters) on a specific topic. So, I used the Inference Engine to look at the top terms associated with the Sonia Sotomayor's nomination process to the US Supreme Court at Sotomayor Web Chatter Index.
And, indeed, it is interesting to see what are the top ranking terms associated with that process and how it points to specific concepts that come in and out of favor in the web crowd.
Private Corpus
Finally, it may be worth noting that the same technique can also be applied to data corpus beyond the visible internet. For example, eDiscovery in legal proceeding is a space where this capability would be very helpful by expanding beyond simple keyword search to a more nuanced understanding of how information linked to each other.
===
P@P
Tuesday, May 26, 2009
Sotomayor Web Chatter Index
Catching Sonia Sotomayor
As you may recall from the How to catch a spy entry, PARC has developed a technology that can automatically infer what are the relevant words to a particular topic.
It was announced earlier today that Ms Sotomayor had been nominated for an appointment to the US Supreme Court. I thought it would be interesting to run a regular scan of the web chatter to find out what are the words that web-tizens consider relevant to Ms Sotomayor.
Notes, Technical and Otherwise
This is based on results from three of the most popular search engines - Google, Yahoo, and Microsoft. As a technology geek, it is interesting to see how different engines deal with the same data corpus from the internet.
Before going into the actual results, it is also worth noting that since this is literally day one of the web chatter, there is likely to be some divergence on the results. I would speculate that the results would converge over time, but we shall find out!
Finally, if you are interested in finding out more about the result details or the inference engine, please let me know at "yfjuan (at) parc (dot) com"
Results (top 20 terms ranked in the order of relevance with the most relevant on top)
As you may recall from the How to catch a spy entry, PARC has developed a technology that can automatically infer what are the relevant words to a particular topic.
It was announced earlier today that Ms Sotomayor had been nominated for an appointment to the US Supreme Court. I thought it would be interesting to run a regular scan of the web chatter to find out what are the words that web-tizens consider relevant to Ms Sotomayor.
Notes, Technical and Otherwise
This is based on results from three of the most popular search engines - Google, Yahoo, and Microsoft. As a technology geek, it is interesting to see how different engines deal with the same data corpus from the internet.
Before going into the actual results, it is also worth noting that since this is literally day one of the web chatter, there is likely to be some divergence on the results. I would speculate that the results would converge over time, but we shall find out!
Finally, if you are interested in finding out more about the result details or the inference engine, please let me know at "yfjuan (at) parc (dot) com"
Results (top 20 terms ranked in the order of relevance with the most relevant on top)
| Yahoo | Microsoft | |
|---|---|---|
| 2009/politics/05/26 justices sotomayor presser nominate nominees nominations nominated appeals ruled sotomayorâ believes decisions alito employee gillibrand 21st fourth sekulow claim | sotomayorâ sotomayor souter scotus justices sonia ginsburg scotusblog www.cnn.com alito rel cabranes bader nominee rosen gillibrand sekulow breyer www.huffingtonpost.com leahy | sotomayor court â she her supreme judge sonia obama from new 2009 law may york nomination who has president us |
Thursday, March 5, 2009
How to catch a spy
Source: Plame vs. Whitehouse
For those of you who do not remember, Valerie Plame was working for CIA as an undercover agent and the Whitehouse leaked her CIA identify in 2003. With her cover identify blown, she left CIA in 2005.
In 2007, she published a memoir "Fair Game: My Life as a Spy, My Betrayal by the White House". CIA intervened and redacted (blacked out) "sensitive" information in the published book.
A page of the redacted Fair Game
How to catch a spy, the PARC way
A PARC team has developed a machine learning engine that is able to use contextual information that may not be sensitive by itself but in aggregate provides strong inference on what the missing information should be.
The Plame book is a perfect test case because, although the book has been redacted, the actual information is available in other public sources. In other words, we can run the book through the engine and see what kind of inference the engine can tell us and check it against the known answers.
Test case: where was her first assignment?
So, we fed the available and seemingly innocuous description on the location (redacted) of her first assignment such as "Europe, chaotic, outdoor café, traffic, summer heat" into the software.
Lo and behold, the engine comes back with Greece as the most probable answer which was indeed the case.
--
How would you use this software engine beyond figuring out if your censors are good enough? Conversely, how would you use the output of this engine? How about removing sensitive medical information in unstructured format? Or, finding that smoking gun in the mountain of data and emails in a legal case? This is an instance where tireless software with perfect memory to a large corpus of information is a better solution than the best trained/paid human attention any day.
Let me know how you would use this capability. For the most interesting idea(s), maybe I can get you a copy of the software engine to play with.
Look forward to hearing from you.
===
P@P
For those of you who do not remember, Valerie Plame was working for CIA as an undercover agent and the Whitehouse leaked her CIA identify in 2003. With her cover identify blown, she left CIA in 2005.
In 2007, she published a memoir "Fair Game: My Life as a Spy, My Betrayal by the White House". CIA intervened and redacted (blacked out) "sensitive" information in the published book.
How to catch a spy, the PARC way
A PARC team has developed a machine learning engine that is able to use contextual information that may not be sensitive by itself but in aggregate provides strong inference on what the missing information should be.
The Plame book is a perfect test case because, although the book has been redacted, the actual information is available in other public sources. In other words, we can run the book through the engine and see what kind of inference the engine can tell us and check it against the known answers.
Test case: where was her first assignment?
So, we fed the available and seemingly innocuous description on the location (redacted) of her first assignment such as "Europe, chaotic, outdoor café, traffic, summer heat" into the software.
Lo and behold, the engine comes back with Greece as the most probable answer which was indeed the case.
--
How would you use this software engine beyond figuring out if your censors are good enough? Conversely, how would you use the output of this engine? How about removing sensitive medical information in unstructured format? Or, finding that smoking gun in the mountain of data and emails in a legal case? This is an instance where tireless software with perfect memory to a large corpus of information is a better solution than the best trained/paid human attention any day.
Let me know how you would use this capability. For the most interesting idea(s), maybe I can get you a copy of the software engine to play with.
Look forward to hearing from you.
===
P@P
Thursday, February 19, 2009
Cloud Computing and Security
Cloud Computing and PARC
Cloud Computing is hot - now that is a truism for the technology world today.
Beyond the hype of processing xTb of data in 24 hours by EC2 or Azure and the alphabet soup of cloud solutions, a bit of good ole' fashioned investigation seems to be important to figure out how it actually impacts the technology landscape.
In other words, PARC's Security team is intrigued after the Security Workshop.
PARC Security's Cloud Computing Offer
If you are a practitioner in the cloud computing space, we would love to hear from you. Here is a brief description of what we are doing:
==
PARC is investigating cloud computing security as a potential research area. Knowledge of current practices, use cases, and problems with regards to cloud computing security would be very helpful for this investigation. We hope to understand the actual security issues in the new world of cloud computing.
==
As for being the discovery process, we will share consolidated/anonymized information with you at the end of the study.
Please drop me a note if you wish to participate.
===
P@P
Cloud Computing is hot - now that is a truism for the technology world today.
Beyond the hype of processing xTb of data in 24 hours by EC2 or Azure and the alphabet soup of cloud solutions, a bit of good ole' fashioned investigation seems to be important to figure out how it actually impacts the technology landscape.
In other words, PARC's Security team is intrigued after the Security Workshop.
PARC Security's Cloud Computing Offer
If you are a practitioner in the cloud computing space, we would love to hear from you. Here is a brief description of what we are doing:
==
PARC is investigating cloud computing security as a potential research area. Knowledge of current practices, use cases, and problems with regards to cloud computing security would be very helpful for this investigation. We hope to understand the actual security issues in the new world of cloud computing.
==
As for being the discovery process, we will share consolidated/anonymized information with you at the end of the study.
Please drop me a note if you wish to participate.
===
P@P
Saturday, February 7, 2009
Security Workshop
Security as an Enabler: Visions
Highlights of a Workshop sponsored by Fujitsu Laboratories and PARC
Key areas considered
* Data Loss Prevention (DLP)
* Reputation and Trust
* Malware and Fraud Detection
Homework Questions
Where does Cloud Computing fit? Because of the cooperative nature of cloud computing, frameworks and standards might be important here. In fact, the security problems for cloud computing are at this point is not well-defined.
Interplay of reputation, malware, and social networks. The phenomenon of malvertising seems to show that the problem cannot be solved by any one party. In other words, how can reputation and social networks be used to expose and combat malware?
P@P Workshop Notes
This was a highly interactive workshop that allowed academic, corporate practitioners, and researchers to challenge each other’s ideas and find areas of common interests.
The most fascinating story for me is on the development of the DLP market when people did not think such a need existed. Now DLP is one of the fastest growing segments in the security industry.
Drop me a note if you want a copy of the workshop’s output.
===
P@P
Highlights of a Workshop sponsored by Fujitsu Laboratories and PARC
Key areas considered
* Data Loss Prevention (DLP)
* Reputation and Trust
* Malware and Fraud Detection
Homework Questions
Where does Cloud Computing fit? Because of the cooperative nature of cloud computing, frameworks and standards might be important here. In fact, the security problems for cloud computing are at this point is not well-defined.
Interplay of reputation, malware, and social networks. The phenomenon of malvertising seems to show that the problem cannot be solved by any one party. In other words, how can reputation and social networks be used to expose and combat malware?
P@P Workshop Notes
This was a highly interactive workshop that allowed academic, corporate practitioners, and researchers to challenge each other’s ideas and find areas of common interests.
The most fascinating story for me is on the development of the DLP market when people did not think such a need existed. Now DLP is one of the fastest growing segments in the security industry.
Drop me a note if you want a copy of the workshop’s output.
===
P@P
Subscribe to:
Posts (Atom)
Posts
