keynote

Security against the business partner

Authors:

Florian Kerschbaum,

Rafael J. DeitosAuthors Info & Claims

SWS '08: Proceedings of the 2008 ACM workshop on Secure web services

Pages 1 - 10

https://doi.org/10.1145/1456492.1456493

Published: 31 October 2008 Publication History

Abstract

Security research has long focused on protecting against outside attackers. This was augmented with protection against insider threats, but recently networked business is emerging. With it a new threat is emerging: security against the business partner.

A possible solution is secure multi-party computation (SMC) and we give examples of its usefulness. We show with the example of supply chain optimization that only SMC provides the necessary security guarantees.

A major challenge of SMC is its practical realization. We give a detailed study and analysis of multi-party permutation and show the relations of the different theoretical complexities in this case.

The paper concludes with a comparison of service-oriented architectures and SMC. We show several architectural differences that need to be overcome.

References

[1]

Baker, W., Hylender, D., and Valentine, A. 2008 Data Breach Investigations Report. Available at http://www.verizonbusiness.com/resources/security/databreachreport.pdf, 2008.

[2]

Ben-Or, M., Goldwasser, S., and Wigderson, A. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the 20th annual ACM symposium on Theory of computing, 1988.

Digital Library

[3]

Bogetoft, P., Christensen, D., Damgard, I., Geisler, M., Jakobsen, T., Kroigaard, M., Nielsen, J., Nielsen, J., Nielsen, K., Pagter, J., Schwartzbach, M., and Toft., T. Multiparty Computation Goes Live. Available at http://eprint.iacr.org/2008/068, 2008.

[4]

Bona, M. Combinatorics of Permutations. Chapman Hall-CRC, 2004.

Digital Library

[5]

Camenisch, J., and Van Herreweghen, E. Design and Implementation of the idemix Anonymous Credential System. In Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002.

Digital Library

[6]

Clark, A., and Scarf, H. Optimal policies for a multi-echelon inventory problem. Management Science 6(4), 1960.

[7]

Cramer, R., Damgard, I., and Nielsen, J. B. Multiparty computation from threshold homomorphic encryption. In Proceedings of Eurocrypt, 2001.

Digital Library

[8]

Damgard, I., and Jurik, M. A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System. In Proceedings of 4th International Workshop on Practice and Theory in Public Key Cryptography, 2001.

Digital Library

[9]

Dantzig, G. B. Linear Programming and Extensions. Princeton University Press, 1963.

Digital Library

[10]

Deitos, R., Kerschbaum, F., Robinson, P., and Haller, J. A comprehensive security architecture for dynamic, web service based virtual organizations for businesses. Proceedings of the 3rd ACM Workshop On Secure Web Services, 2006.

Digital Library

[11]

Dingledine, R., Mathewson, N., and Syverson, P. Tor: The Second Generation Onion Router. Proceedings of USENIX Security Symposium, 2004.

Digital Library

[12]

Goldreich, O., Micali, S., and Wigderson, A. How to play any mental game. Proceedings of the 19th annual ACM conference on Theory of computing, 1987.

Digital Library

[13]

IBM. IBM Anonymous Resolution Version 4.1 Technical Information. See http://ibm.com/db2/eas/, 2006.

[14]

Juric, M., Rozman, I. Brumen, B., Colnaric, M., and Hericko, M. Comparison of Performance of Web Services, WS-Security, RMI, and RMI-SSL. Journal of Systems and Software 79(5), 2006.

Digital Library

[15]

Kerschbaum, F. Building A Privacy-Preserving Benchmarking Enterprise System. em In Proceedings of the 11th IEEE International EDOC Conference, 2007.

Digital Library

[16]

Kerschbaum, F. Distance-Preserving Pseudonymization for Timestamps and Spatial Data. In Proceedings of the ACM Workshop on Privacy in the Electronic Society, 2007.

Digital Library

[17]

Kerschbaum, F. Practical Privacy-Preserving Benchmarking. In Proceedings of the 23rd IFIP International Information Security Conference, 2008.

[18]

Kerschbaum, F., Dahlmeier, D., Schropfer, A., and Biswas, D. An Experimental Study on the Practical Importance of Communication Complexity for Secure Multi-Party Computation Protocols. SAP Internal Technical Report, 2008.

[19]

Kerschbaum, F., Haller, J., Karabulut, Y., and Robinson, P. PathTrust: A Trust-Based Reputation Service for Virtual Organization Formation. Proceedings of the 4th International Conference on Trust Management, 2006.

Digital Library

[20]

Kerschbaum, F. and Schaad, A. Privacy-Preserving Social Network Analysis for Criminal Investigations. In Proceedings of the ACM Workshop on Privacy in the Electronic Society, 2008.

Digital Library

[21]

Kerschbaum, F., and Vayssiere, J. Privacy-Preserving Logical Vector Clocks using Secure Computation Techniques. In Proceedings of the 13th International Conference on Parallel and Distributed Systems, 2007.

Digital Library

[22]

Kerschbaum, F., and Vayssiere, J. Privacy-Preserving Data Analytics as an Outsourced Service. In Proceedings of the ACM Workshop on Secure Web Services, 2008.

Digital Library

[23]

Li, J., and Atallah, M. J. Secure and private collaborative linear programming. In Proceedings of International Conference on Collaborative Computing, 2006.

[24]

Padmanabhan, H., and Whang, S. Information distortion in a supply chain. Management Science 43(4), 1997.

[25]

Paillier, P. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of Eurocrypt, 1999.

Digital Library

[26]

Pibernik, R., and Sucky, E. Centralised and decentralised supply chain planning. International Journal of Integrated Supply Management 2(1/2), 2006.

[27]

Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. Role Based Access Control Models. IEEE Computer 29(2), 1996.

Digital Library

[28]

Toft, T. Primitives and Applications for Multi-Party Computation. PhD. Thesis of the University of Aarhus, 2007.

[29]

Yao, A. Protocols for Secure Computations. In Proceedings of the annual IEEE Symposium on Foundations of Computer Science, 1982.

Digital Library

Cited By

Yan ZYu XDing W(2017)Context-Aware Verifiable Cloud ComputingIEEE Access10.1109/ACCESS.2017.26668395(2211-2227)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2666839
Irshad HShafiq BVaidya JBashir MAsif HGhayyur SShamail SNabil A(2016)A Privacy-Sensitive Collaborative Approach to Business Process DevelopmentE-Business and Telecommunications10.1007/978-3-319-30222-5_15(318-342)Online publication date: 1-Mar-2016
https://doi.org/10.1007/978-3-319-30222-5_15
Yan ZZhang PVasilakos A(2014)A survey on trust management for Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2014.01.01442(120-134)Online publication date: Jun-2014
https://doi.org/10.1016/j.jnca.2014.01.014
Show More Cited By

Index Terms

Security against the business partner
1. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Organizing principles for web applications

Recommendations

Business Espionage: Risks, Threats, and Countermeasures
Security Model Based on Network Business Security
ICCTD '09: Proceedings of the 2009 International Conference on Computer Technology and Development - Volume 01

Enterprise Network Information System is not only the platform for information sharing and information exchanging, but also the platform for Enterprise Production Automation System and Enterprise Management System working together. As a result, the ...
From information security to...business security?

This short opinion paper argues that information security, the discipline responsible for protecting a company's information assets against business risks, has now become such a crucial component of good Corporate Governance, that it should rather be ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SWS '08: Proceedings of the 2008 ACM workshop on Secure web services

October 2008

116 pages

ISBN:9781605582924

DOI:10.1145/1456492

Program Chairs:
Ernesto Damiani
Information Technology Dept., University of Milan, Italy
,
Seth Proctor
Sun Microsystems Laboratories, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Keynote

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 31, 2008

Virginia, Alexandria, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
353
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yan ZYu XDing W(2017)Context-Aware Verifiable Cloud ComputingIEEE Access10.1109/ACCESS.2017.26668395(2211-2227)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2666839
Irshad HShafiq BVaidya JBashir MAsif HGhayyur SShamail SNabil A(2016)A Privacy-Sensitive Collaborative Approach to Business Process DevelopmentE-Business and Telecommunications10.1007/978-3-319-30222-5_15(318-342)Online publication date: 1-Mar-2016
https://doi.org/10.1007/978-3-319-30222-5_15
Yan ZZhang PVasilakos A(2014)A survey on trust management for Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2014.01.01442(120-134)Online publication date: Jun-2014
https://doi.org/10.1016/j.jnca.2014.01.014
Jensen M(2013)Towards Privacy-Friendly Transparency Services in Inter-organizational Business ProcessesProceedings of the 2013 IEEE 37th Annual Computer Software and Applications Conference Workshops10.1109/COMPSACW.2013.27(200-205)Online publication date: 22-Jul-2013
https://dl.acm.org/doi/10.1109/COMPSACW.2013.27
Khalfaoui MMolva RGomez L(2013)Secure Product Tracking in Supply ChainInformation Security and Cryptology10.1007/978-3-642-38519-3_22(351-370)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38519-3_22
Majernik FJensen MSchwenk J(2011)MARV - Data Level Confidentiality Protection in BPEL-Based Web Service Compositions2011 Conference on Network and Information Systems Security10.1109/SAR-SSI.2011.5931365(1-8)Online publication date: May-2011
https://doi.org/10.1109/SAR-SSI.2011.5931365
Scheckenbach J(2011)DEAL: A Heuristic Approach for Collaborative Planning in Detailed SchedulingSupply Chain Coordination under Uncertainty10.1007/978-3-642-19257-9_18(457-481)Online publication date: 30-May-2011
https://doi.org/10.1007/978-3-642-19257-9_18
Deitos RKerschbaum F(2009)Improving Practical Performance on Secure and Private Collaborative Linear ProgrammingProceedings of the 2009 20th International Workshop on Database and Expert Systems Application10.1109/DEXA.2009.32(122-126)Online publication date: 31-Aug-2009
https://dl.acm.org/doi/10.1109/DEXA.2009.32
Deitos RKerschbaum F(2009)Parallelizing secure linear programmingConcurrency and Computation: Practice and Experience10.1002/cpe.142421:10(1321-1350)Online publication date: 24-Apr-2009
https://doi.org/10.1002/cpe.1424
Robinson NValeri LCave JStarkey TGraux HCreese SHopkins P(undefined)The Cloud: Understanding the Security, Privacy and Trust ChallengesSSRN Electronic Journal10.2139/ssrn.2141970
https://doi.org/10.2139/ssrn.2141970

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten