Measuring security for cloud service provider: A Third Party approach

One of differences between cloud storage and previous storage is that there is a financial contract between user and the cloud service provider (CSP). User pay for service in exchange for certain guarantees and the cloud is a liable entity. But some mechanisms need to ensure the liability of CSP. Some work use non-repudiation to realize it. Compared with these non-repudiation schemes, we use third party auditor not client to manage proofs and some metadata, which are security critical data in cloud security. It can provide a more security environment for these data. Against the big overhead in update process of current non-repudiation scheme, we propose three schemes to improve it.

Download Full-text

Authenticated Location-Aware Publish/Subscribe Services in Untrusted Outsourced Environments

Security and Communication Networks ◽

10.1155/2017/4215425 ◽

2017 ◽

Vol 2017 ◽

pp. 1-15

Author(s):

Han Yan ◽

Xiang Cheng ◽

Sen Su ◽

Siyao Zhang

Keyword(s):

Real World ◽

Service Provider ◽

Low Cost ◽

Cloud Service ◽

Third Party ◽

Location Based Service ◽

Cloud Service Provider ◽

For Profit ◽

Location Aware ◽

Effectiveness And Efficiency

Location-aware publish/subscribe is an important location-based service based on server-initiated model. Often times, the owner of massive spatio-textual messages and subscriptions outsources its location-aware publish/subscribe services to a third-party service provider, for example, cloud service provider, who is responsible for delivering messages to their relevant subscribers. The issue arising here is that the messages delivered by the service provider might be tailored for profit purposes, intentionally or not. Therefore, it is essential to develop mechanisms which allow subscribers to verify the correctness of the messages delivered by the service provider. In this paper, we study the problem of authenticating messages in outsourced location-aware publish/subscribe services. We propose an authenticated framework which not only can deliver the messages efficiently but also can make the subscribers’ authentication available with low cost. Extensive experiments on a real-world dataset demonstrate the effectiveness and efficiency of our proposed authenticated framework.

Download Full-text

Why aren't we eating our own dog food?

Journal of Information Technology Teaching Cases ◽

10.1057/s41266-017-0022-6 ◽

2018 ◽

Vol 8 (1) ◽

pp. 45-52

Author(s):

Sanjiv Chourasia ◽

Linying Dong

Keyword(s):

Service Provider ◽

It Governance ◽

Cloud Service ◽

Cloud Services ◽

Third Party ◽

Cloud Service Provider ◽

It Alignment ◽

Dog Food ◽

Business Units ◽

Telecommunications Companies

CanTel was one of the fastest growing Canadian telecommunications companies that provided telephone, cable, Internet, and cloud services. In 2015, the company employed over 40,000 employees and boasted of achieving over Cdn$10 billion of annual revenue and serving over 10 million customers. As a cloud service provider, the company faced a dilemma of not being able to fulfill the IT needs of its internal business units. As a result, one of the business units, Digital Channel, resorted to a third-party cloud service, and this set an example for other business units to follow suit. Jeff Smith, the CEO of the company CanTel, and the CIO Jane Lockhart had to find a solution to the issue that had significant implications to its business-IT alignment and IT governance.

Download Full-text

Privacy Preserving Data Access to Cloud

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i8663.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 2612-2617

Keyword(s):

Service Provider ◽

File Systems ◽

Cloud Service ◽

Data Access ◽

Data Encryption ◽

Third Party ◽

Distributed File Systems ◽

User Privacy ◽

Cloud Service Provider ◽

User Data

The current systems stress on protection of data stored in the cloud servers without giving much thought and consideration to the protection of data during user access. Encryption of data is a technique that is popularly used to protect stored data. Encryption essentially scrambles the data and stores it in a form which makes no sense unless decrypted with the suitable key. Every cloud service provider ensures data is stored in an encrypted form in its servers. Encryption of data is not sufficient to protect user data as acquiring the appropriate key can result in decrypting of the data. Encrypting the data before uploading the data to the cloud can help to an extent to preserve data. To access the data it would need to be encrypted twice- once by the cloud service provider and then by the user. Cloud service provider is prevented from accessing user data and also other third-party individuals. However, this approach too is not efficient and sufficient to protect user data. ORAM algorithm is used to enable access to user data stored on distributed file systems that comprises of multiple servers stored either at a single location or multiple locations across the globe in a manner which ensures the user privacy is protected when accessing the data. Reshuffle of data blocks stored in third party servers ensures the access pattern of the user remains hidden. ORAM algorithm does not cause any hindrance to the data access and does not lead to any major drop in data access rate. To ensure security, we propose a load balancing technique to guarantee smooth and safe approach for data access.

Download Full-text

A Comprehensive Survey on Trust Issue and Its Deployed Models in Computing Environment

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch005 ◽

2019 ◽

pp. 127-139

Author(s):

Shivani Jaswal ◽

Gurpreet Singh

Keyword(s):

Cloud Computing ◽

Service Provider ◽

Data Transfer ◽

Cloud Service ◽

Third Party ◽

Cloud Environment ◽

Cloud Service Provider ◽

Security Issues ◽

Comprehensive Survey ◽

Trust Models

Cloud computing is growing with a giant pace in today's world. The speed with which it is growing, the same speed is taken over by the insecure data transfer over the cloud. There are many security issues that are underlying in cloud computing. This chapter presents how a trust is built between any user and a cloud service provider. Various techniques have been adopted to calculate the value of trust and further how it can be strength. This chapter has also explained various trust models based on the necessities of a user. This chapter has also thrown some light over the concept of TTP, i.e., Trusted Third Party which further helps in maintaining trust over the cloud environment.

Download Full-text

A Comprehensive Survey on Trust Issue and Its Deployed Models in Computing Environment

Critical Research on Scalability and Security Issues in Virtual Cloud Environments - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-3029-9.ch007 ◽

2018 ◽

pp. 150-166

Author(s):

Shivani Jaswal ◽

Gurpreet Singh

Keyword(s):

Cloud Computing ◽

Service Provider ◽

Data Transfer ◽

Cloud Service ◽

Third Party ◽

Cloud Environment ◽

Cloud Service Provider ◽

Security Issues ◽

Comprehensive Survey ◽

Trust Models

Cloud computing is growing with a giant pace in today's world. The speed with which it is growing, the same speed is taken over by the insecure data transfer over the cloud. There are many security issues that are underlying in cloud computing. This chapter presents how a trust is built between any user and a cloud service provider. Various techniques have been adopted to calculate the value of trust and further how it can be strength. This chapter has also explained various trust models based on the necessities of a user. This chapter has also thrown some light over the concept of TTP, i.e., Trusted Third Party which further helps in maintaining trust over the cloud environment.

Download Full-text

Augmenting the Operations on Cloud Virtual Forensic Data by employing Probabilistic Data Structures

International Journal of Sensors Wireless Communications and Control ◽

10.2174/2210327909666190710120838 ◽

2019 ◽

Vol 09 ◽

Cited By ~ 1

Author(s):

Gayatri Pandi ◽

Saurabh Shah ◽

K.H Wandra

Keyword(s):

Service Provider ◽

Service Providers ◽

Criminal Activity ◽

Cloud Service ◽

Third Party ◽

Cloud Service Provider ◽

Electronic Evidence ◽

Cloud Service Providers ◽

Cuckoo Filter ◽

Verification Process

Gathering and scrutinizing the different types of logs are the vital steps in the forensic domain. Logs are commonly gathered by the cloud service providers or by some third party layers governed by the cloud service providers. Security of the logs is a crucial issue as the logs can be tampered accidentally or intentionally by an employee in the cloud service provider’s organization or by the forensic investigator, thus maligning the evidence in case a cyber-crime, is committed through the cloud service provider’s infrastructure. The malicious attacker can also conspire with the cloud service provider or the forensic investigator to erase or malign the logs that are generated for one’s own criminal activity. To address such issues, a method is recommended which verifies the tampering of the virtual instance logs, Verification process confirms that the confidentiality and integrity of the logs remains intact. The log integrity is proved by log chains which are created in the implemented system and by the potential electronic evidence of past logs which are posted by the cloud service provider. The proposed system aids in performing the reasonable verifications that the cloud service provider or the forensic investigator is not tampering the logs. The novelty of the research conducted in this paper is a technique which applies the cuckoo filter, to the forensic logs which is supportive in proving the integrity of the evidences at a faster pace in comparison to the other filters.

Download Full-text

Cloud Service Provider Catastrophe Risks

Risk Thinking for Cloud-Based Application Services ◽

10.1201/9781315268835-26 ◽

2017 ◽

pp. 339-342

Keyword(s):

Service Provider ◽

Cloud Service ◽

Cloud Service Provider

Download Full-text

Towards a Cybersecurity Model for Selecting the Secured Cloud Service Provider using Security Risk Approach

International Journal of Computer Applications ◽

10.5120/ijca2015906146 ◽

2015 ◽

Vol 125 (12) ◽

pp. 1-6

Author(s):

Jamal Talbi ◽

Abdelkrim Haqiq

Keyword(s):

Service Provider ◽

Cloud Service ◽

Security Risk ◽

Cloud Service Provider ◽

Risk Approach

Download Full-text

ALGORITHM FOR TASK CONSOLIDATION IN CLOUD COMPUTING: A COMPARATIVE SURVEY

International Journal of Research -GRANTHAALAYAH ◽

10.29121/granthaalayah.v6.i5.2018.1479 ◽

2018 ◽

Vol 6 (5) ◽

pp. 340-345

Author(s):

Rajat Pugaliya ◽

Madhu B R

Keyword(s):

Cloud Computing ◽

Energy Consumption ◽

Resource Utilization ◽

Service Provider ◽

Virtual Machines ◽

Cloud Service ◽

Cloud Service Provider ◽

Dynamic Task ◽

Main Challenge ◽

High Level

Cloud Computing is an emerging field in the IT industry. Cloud computing provides computing services over the Internet. Cloud Computing demand increasing drastically, which has enforced cloud service provider to ensure proper resource utilization with less cost and less energy consumption. In recent time various consolidation problems found in cloud computing like the task, VM, and server consolidation. These consolidation problems become challenging for resource utilization in cloud computing. We found in the literature review that there is a high level of coupling in resource utilization, cost, and energy consumption. The main challenge for cloud service provider is to maximize the resource utilization, reduce the cost and minimize the energy consumption. The dynamic task consolidation of virtual machines can be a way to solve the problem. This paper presents the comparative study of various task consolidation algorithms.

Download Full-text