2014

ECIS 2014 paper (co-author)

We provide medical SaaS solution security through the Trusted Cloud Transfer Protocol, which was developed by me.

Citation

Slawik, M. and Ermakova, T. and Repschläger, J. and Küpper, A. (2014). Securing Medical SaaS Solutions using a novel End-to-End Encryption Protocol. Proceedings of the 22nd European Conference on Information Systems (ECIS 2014). Association for Information Systems (AIS).

Abstract

E-Health solutions using the Internet provide many benefits for health centers; hosting such solutions in public Cloud Computing environments as Software-as-a-Service becomes increasingly popular. However, the deployment of e-health services in shared environments is restricted due to regulations prohibiting medical data access by illegitimate parties, such as cloud computing intermediaries. A pivotal requirement is therefore having security “end-to-end”, namely from a user agent to the server process; yet there is no viable approach for contemporary browser-based SaaS solutions. This paper outlines a blueprint for e-health solution architectures featuring an end-to-end security mechanism to prevent intermediary data access and therefore to ensure appropriate patient data privacy and security. This blueprint is instantiated based on a novel security protocol, the Trusted Cloud Transfer Protocol (TCTP) in the form of a prototype implementation. The evaluation of the prototype demonstrates its fulfilment of healthcare-specific security and privacy requirements, as well as low implementation efforts for similar architectures, and no measurable performance overhead in a practical benchmark.

Download

The paper can be downloaded here.

2013

CLOUD 2013 paper (co-author)

We derive the distributed architecture of the TRESOR proxy.

Citation

Thatmann, D. and Slawik, M. and Zickau, S. and Küpper, A. (2013). Deriving a Distributed Cloud Proxy Architecture for Managed Cloud Service Consumption. Proceedings of the 6th International Conference on Cloud Computing (CLOUD 2013). IEEE.

Abstract

Businesses adopting Cloud Computing often have to comply with strict constraints, such as enterprise policies and legal regulations. From these compliance issues arise the need to enable managed cloud service consumption as a prerequisite for adoption. As we have shown before, the proposed TRusted Ecosystem for Standardized and Open cloud-based Resources (TRESOR) cloud ecosystem can achieve management of cloud service consumption. In this paper we motivate and derive the architecture of the distributed TRESOR cloud proxy from technical, business and legal requirements within the context of the TRESOR project. We apply a derivation method where we evaluate the impact of each incremental architecture decision separately. This process enables researchers with supplementary requirements to adapt the intermediate derivations within other contexts in flexible ways.

Download

The public download link will follow shortly.

The paper can be downloaded by IEEE subscribers using this link.

CloudCom 2013 paper (main author)

I developed the Trusted Cloud Transfer Protocol (TCTP), which provides end-to-end security for SaaS solutions.

Citation

Slawik, M. (2013). The Trusted Cloud Transfer Protocol. Proceedings of the 5th Intl. Conference on Cloud Computing Technology and Science (CloudCom 2013). IEEE, 203-208.

Abstract

Contemporary cloud computing solutions incorporate HTTP intermediaries, such as reverse proxies, load balancers, and intrusion prevention systems. These act as TLS server connection ends and access HTTP/TLS plaintext to carry out their functions. This raises many concerns: increased security efforts, the risk of losing confidentiality and integrity, and potentially unauthorized data access. Current HTTP entity-body encryption technologies address these concerns by providing end-to-end security between user agents and origin servers. However, they present disparate deficiencies, e.g., inefficient presentation languages, message-flow vulnerabilities, and the circumvention of HTTP streaming. This paper introduces the Trusted Cloud Transfer Protocol (TCTP), which presents a novel approach to entity-body encryption overcoming these deficiencies. The pivotal idea of TCTP are HTTP application layer encryption channels (HALECs), which integrate TLS functionality into the HTTP application layer. TCTP can be deployed immediately, as it is fully HTTP compliant, and rapidly implemented, as required TLS libraries are widely available. The reliance upon the mature TLS protocol minimizes the risk of introducing new security threats. Furthermore, TLS brings the benefit of relative efficiency, which is demonstrated on the basis of an example TCTP implementation.

Download

My author’s version of the paper can be downloaded here.

2012

GECON 2012 paper (co-author)

We present the preliminary TRESOR system architecture and a prototype of the TRESOR proxy.

Citation

Thatmann, D. and Slawik, M. and Zickau, S. and Küpper, A. (2012). Towards a Federated Cloud Ecosystem: Enabling Managed Cloud Service Consumption. Economics of Grids, Clouds, Systems, and Services, GECON 2012. Springer, 223-233.

Abstract

While cloud computing has seen widespread usage, there exist domains where the diminishing of management capabilities associated with cloud computing prevent adoption. One such domain is the health sector, which is the focus of the TRESOR project. Enabling cloud computing usage under strict compliance constraints such as enterprise policies and legal regulations is the goal of TRESOR. The main approach consists of a distributed cloud proxy, acting as a trusted mediator between cloud consumers and service providers. In this paper we analyze issues which arise within the TRESOR context and show how an architecture for a proposed ecosystem bypasses these issues. The practicability of our solution is shown by a proof of concept proxy implementation. As all components of the architecture will be part of our proposed cloud ecosystem, we provide a holistic and generic proposal to regain management capabilities in cloud computing.

Download

The public download link will follow shortly.

The paper can be downloaded by Springer subscribers using this link.

INFORMATIK 2012 paper (co-author)

We present the TRESOR project and its goals in detail (in German).

Citation

Slawik, M. and Zickau, S. and Thatmann, D. and Repschläger, J. and Ermakova, T. and Küpper, A. and Zarnekow, R. (2012). Innovative Architektur für sicheres Cloud Computing: Beispiel eines Cloud-Ecosystems im Gesundheitswesen. Proceedings of the 42th Annual Conference of the Gesellschaft für Informatik e.V. (INFORMATIK 2012). Köllen Druck + Verlag GmbH, 1075-1082.

Abstract

Der vorliegende Artikel stellt eine innovative Cloud Computing-Architektur vor, die eine Reihe von Herausforderungen im Einsatz von Cloud Computing adressiert: Datensicherheit, Konformität mit rechtlichen und organisatorischen Richtlinien sowie die Interoperabilität von Cloud-Lösungen. Diese ungelösten Herausforderungen bewirken, dass in vielen Branchen mit umfangreichen Anforderungen die Hauptvorteile von Cloud Computing, also Kostenreduzierung und höhere Flexibilität, nicht genutzt werden können. Besonders deutlich wird dies am Beispiel des Gesundheitswesens, wo es einen hohen Bedarf an sicheren und rechtskonformen Cloud Computing-Lösungen gibt. Zum Abschluss des Artikels wird die Evaluierung der vorgestellten Cloud Computing- Architektur im Rahmen des TRESOR Forschungsprojekts dargestellt. Im TRESOR Projekt werden ausgewählte medizinische Anwendungsfälle unter Nutzung dieser Architektur, eingebettet in ein Cloud Computing-Ecosystem, realisiert.

Download

The author’s version of the paper can be downloaded here.

2011

Journal article (co-author)

We derive a new architecture for Business Intelligence cockpits, which does not need a dedicated Data Warehouse.

Citation

Kallinich, Linda; Slawik, Mathias: BI-Cockpit ohne Data-Warehouse: Alternatives Architekturkonzept für maßgeschneiderte BI-Lösungen. In: Chamoni, Peter (Hrsg.): BI-Spektrum, Ausgabe 05/2011. Troisdorf : SIGS DATACOM GmbH

Abstract

Die Vorteile von BI-Cockpits liegen auf der Hand: Ein Blick auf das Cockpit macht die Daten der gesamten Unternehmung erfassbar. Doch die Aufwände für die Realisierung eines BI-Cockpits und der dafür notwendigen Systeme sind erheblich. Daher müssen besonders mittelständische Unternehmen oftmals auf die Vorteile von BI-Cockpits verzichten. Doch das muss nicht sein: Mit einem alternativen Architekturkonzept lassen sich ressourcenschonend maßgeschneiderte BI-Lösungen realisieren.

Download

The article can be either bought or downloaded (for TDWI members or subscribers) here.

Contribution to and typesetting & layouting of coll. publication

We evaluate in German how IBM Jazz supports collaborative lifecycle management.

Citation

Stanierowski, M. (Hrsg.), Bär, F.; Braune, C.: Ehmke, M.; Finkelstein, K.; Heinemann, B.; Leuthold, D.; Meyer, R.; Pietsch, J.; Preiß, M.; Slawik, M.; Wagner, K.: Evaluierung des kollaborativen Lifecycle-Managements mit der IBM Jazz Plattform. In: Courant, J. (Hrsg.); Ginnold, R. (Hrsg.); Pietsch, T. (Hrsg.); Stanierowski, M. (Hrsg.): Schriften zur Wirtschaftsinformatik der HTW Berlin. Band 1. Berlin: Hochschule für Technik und Wirtschaft, 2011 – ISBN 978-3-8442-1289-1

Download

The publication can be bought at ePubli