Stefano Paraboschi

Protection of data access in networked computer systems
(invited talk ESORICS 2014, Wroclaw)

Computer systems are greatly increasing in their complexity and in their accessibility. The availability of pervasive networks that support the interaction among an increasing collection of computing devices leads to an extremely large variety of security threats, directed toward an extensive and increasingly valuable collection of resources. Classical security techniques are a partial solution to the challenges introduced by these environments. A significant amount of work is going to be dedicated by the security community to the design of adequate approaches.

A central requirement in all these systems is the protection of data. When there is a large number of parties, data confidentiality often has to rely on the extensive use of encryption. For the protection of data at rest, the use of encryption must be consistent with the access control policy. The protection of the confidentiality and integrity of data involved in accesses and computations is a more difficult challenge. A particularly important issue is the support for efficient access to encrypted data that does not disclose the plain data and the accesses. The integrity of computations also requires a reconsideration of classical approaches. The presence of a multiplicity of parties introduces concerns, but it can also be an opportunity for the realization of novel security strategies.