Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud

To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers). To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.

Download Full-text

Improvement of Privacy and Security in Hybrid Cloud with Attribute Group Based Access Control

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit19518 ◽

2019 ◽

pp. 57-61

Author(s):

Kayalvili S ◽

Sowmitha V

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Security Requirements ◽

Security And Privacy ◽

Data Outsourcing ◽

Privacy And Security ◽

Control Approach

Cloud computing enables users to accumulate their sensitive data into cloud service providers to achieve scalable services on-demand. Outstanding security requirements arising from this means of data storage and management include data security and privacy. Attribute-based Encryption (ABE) is an efficient encryption system with fine-grained access control for encrypting out-sourced data in cloud computing. Since data outsourcing systems require flexible access control approach Problems arises when sharing confidential corporate data in cloud computing. User-Identity needs to be managed globally and access policies can be defined by several authorities. Data is dual encrypted for more security and to maintain De-Centralization in Multi-Authority environment.

Download Full-text

Mitigation of Insider Attacks through Multi-Cloud

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v5i1.pp136-141 ◽

2015 ◽

Vol 5 (1) ◽

pp. 136 ◽

Cited By ~ 1

Author(s):

T Gunasekhar ◽

K Thirupathi Rao ◽

V Krishna Reddy ◽

P Sai Kiran ◽

B Thirumala Rao

Keyword(s):

Access Control ◽

Security Policy ◽

Data Centers ◽

Service Providers ◽

Cloud Service ◽

Sensitive Data ◽

Encrypted Data ◽

Cloud Data ◽

Cloud Data Centers ◽

Multi Cloud

The malicious insider can be an employees, user and/or third party business partner. In cloud environment, clients may store sensitive data about their organization in cloud data centers. The cloud service provider should ensure integrity, security, access control and confidentiality about the stored data at cloud data centers. The malicious insiders can perform stealing on sensitive data at cloud storage and at organizations. Most of the organizations ignoring the insider attack because it is harder to detect and mitigate. This is a major emerging problem at the cloud data centers as well as in organizations. In this paper, we proposed a method that ensures security, integrity, access control and confidentiality on sensitive data of cloud clients by employing multi cloud service providers. The organization should encrypt the sensitive data with their security policy and procedures and store the encrypted data in trusted cloud. The keys which are used during encryption process are again encrypted and stored in another cloud area. So that organization contains only keys for keys of encrypted data. The Administrator of organization also does not know what data kept in cloud area and if he accesses the data, easily caught during the auditing. Hence, the only authorized used can access the data and use it and we can mitigate insider attacks by providing restricted privileges.

Download Full-text

Selection of optimal data placement using cloud infrastructure

Proceedings of the Russian higher school Academy of sciences ◽

10.17212/1727-2769-2021-2-34-42 ◽

2021 ◽

pp. 34-42

Author(s):

Vladimir Meikshan ◽

◽

Natalia Teslya ◽

Keyword(s):

Mathematical Model ◽

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Cloud Services ◽

Information Storage ◽

Cloud Infrastructure ◽

Digital Ecosystem ◽

Cloud Service Providers ◽

The Cost

Benefits of using cloud technology are obvious, their application is expanding, as a result, it determines the steady growth of demand. Cloud computing has acquired particular relevance for large companies connected with Internet services, retailing, logistics that generate large volume of business and other information. The use of cloud technologies allows organizing the joint consumption of resources, solving the problems of storing and transferring significant amounts of data. Russian consumer cooperation refers to large territory distributed organizations actively forming their own digital ecosystem. The issue of data storing and processing for consumer coo-peration organizations is very relevant. At the same time, the prices of cloud service providers are significantly different and require solving the problem of minimizing the cost of storing and transferring significant amounts of data. The application of the linear programming method is considered to select the optimal data storage scheme for several cloud service providers having different technical and economic parameters of the package (maximum amount of storage, cost of allocated resources). Mathematical model includes the equation of costs for data storing and transferring and restrictions on the amount of storage, the amount of data and its safety. Software tool that allows to perform numerical calculations is selected Microsoft Excel in combination with the "search for solutions" add-on. In accordance with the mathematical model, the conditions for minimizing the amount of cloud storage costs and the necessary restrictions are established. Initial data are set for three data forming centers, storages of certain size for five cloud service providers and nominal price for information storage and transmission. Calculations of expenses are performed in several variants: without optimization, with the solution of the optimization problem, with price increase by cloud service providers. Results of the calculations confirm the necessity to solve the problem of minimizing the cost of cloud services for corporate clients. The presented model can be expanded for any cost conditions as well as for different areas of cloud applications.

Download Full-text

Assessing Threats and Vulnerable Attacks of Health Care Data in Cloud-Based Environment

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b1610.078219 ◽

2019 ◽

Vol 8 (2) ◽

pp. 567-573

Keyword(s):

Information Systems ◽

Access Control ◽

Service Providers ◽

Universal Access ◽

Cloud Service ◽

Medical Attention ◽

Medical Systems ◽

Medical Practitioners ◽

Mandatory Requirement ◽

The Impact

What: Healthcare industries have been unified with the advent of cloud computing and Internet of Medical Things in recent past. How: As simplicity in access and transfer of medical reports increased, so does the impact of losing potential information. Adopting a cloud environment has eased the work of medical practitioners and provided world class medical attention to patients from remote corners of a nation. It has added the responsibility of cloud service providers to improvise the existing standards for protecting information in a virtual platform. A number of benefits not limitedto universal access, advice from renowned medical experts for deciding on diagnosis plan, alerting patients and hospitals in real timeand reducing the workload of labor are achieved by cloud environments. Hospital Information Systems (HIS) are the evolved data forms maintained manually in medical institutions and they are preferred in a cloud platform to improve interoperability. The information carried in such medical systems possesses critical information about patients that need to be protected over transmission between independent environments. This becomes a mandatory requirement for designing and implementing an access control mechanism to identify intention of users who enter into the environment. Relaxations in access control architectures will compromise the security of entire architecture and practice. Why: Intention - Demand Tree is proposed in this paper to limit the access rights of users based on their roles, requirements and permissions to monitor the usage of Health Information Systems. Investigative results illustrate that the risks of losing credible information has been limited and convenient than previous standards.

Download Full-text

Trusted Cloud Computing

Detection and Mitigation of Insider Attacks in a Cloud Infrastructure - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-7924-3.ch002 ◽

2019 ◽

pp. 12-27

Keyword(s):

Service Providers ◽

Trusted Computing ◽

Cloud Service ◽

Sensitive Data ◽

Remote Attestation ◽

Research Directions ◽

Computing Paradigm ◽

Secure Computing ◽

Cloud Service Providers ◽

The Given

This chapter introduces various ideas to deal with insider attacks using the research directions, which are discussed in earlier chapters such as remote attestation, sealed storage, and integrity measurement. Trusted computing dependent on hardware root of trust has been produced by industry to secure computing frameworks and billions of end points. Remote attestation provides a facility to attestation the required platforms using platform configuration registers (PCR), and sealed storage is used to encrypt the consumer sensitive data using cryptographic operations. Integrity measurements are used to measure the given computing components in respective register. Here, the authors concentrated on a trusted computing paradigm to enable cloud service providers to solve the potential insider attacks at cloud premises.

Download Full-text

Two Factor Authentication Using M-Pin Server for Secure Cloud Computing Environment

Web-Based Services ◽

10.4018/978-1-4666-9466-8.ch046 ◽

2016 ◽

pp. 1053-1066 ◽

Cited By ~ 1

Author(s):

Nitin Nagar ◽

Ugrasen Suman

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Computing Environment ◽

Cloud Computing Environment ◽

Cloud Computing Security ◽

Network Application ◽

Multiple Challenges ◽

Secure Cloud Computing ◽

Malicious Insiders

Cloud computing is comprised of major demand from the every group of organization because of easy availability and cost effectiveness. The responsibilities of cloud service providers will become increasing more due to the great progression in every cloud computing deployment model (public, private and hybrid) and service models (SaaS, PaaS and IaaS). In this perspective, cloud computing faces multiple challenges, especially in cloud computing security at all levels (e.g., host, network, application and data levels). Authentication is the constantly the biggest concerned for IT industries to adopt cloud computing environment. The availability, performance, key logger attack, malicious insiders, outsider attacks and service disruptions explore (service hijacking) issues are the key research challenges in the cloud computing authentication level. In this aspect, traditional user name and password is not enough as a single factor (first factor). This paper has proposed a secure cloud computing framework which uses first factor as a crypt user name and password with the ATM pin as a second factor called M-pin. The proposed work focuses on a solution to the threats that are the major issues in the cloud adoption.

Download Full-text

eHealth Cloud Security Challenges: A Survey

Journal of Healthcare Engineering ◽

10.1155/2019/7516035 ◽

2019 ◽

Vol 2019 ◽

pp. 1-15 ◽

Cited By ~ 11

Author(s):

Yazan Al-Issa ◽

Mohammad Ashraf Ottom ◽

Ahmed Tamrawi

Keyword(s):

Cloud Computing ◽

Resource Sharing ◽

Energy Savings ◽

Service Providers ◽

Healthcare Providers ◽

Cloud Service ◽

Cloud Security ◽

Security And Privacy ◽

Healthcare Industry ◽

Sensitive Data

Cloud computing is a promising technology that is expected to transform the healthcare industry. Cloud computing has many benefits like flexibility, cost and energy savings, resource sharing, and fast deployment. In this paper, we study the use of cloud computing in the healthcare industry and different cloud security and privacy challenges. The centralization of data on the cloud raises many security and privacy concerns for individuals and healthcare providers. This centralization of data (1) provides attackers with one-stop honey-pot to steal data and intercept data in-motion and (2) moves data ownership to the cloud service providers; therefore, the individuals and healthcare providers lose control over sensitive data. As a result, security, privacy, efficiency, and scalability concerns are hindering the wide adoption of the cloud technology. In this work, we found that the state-of-the art solutions address only a subset of those concerns. Thus, there is an immediate need for a holistic solution that balances all the contradicting requirements.

Download Full-text

An Approach to Data Confidentiality Protection in Cloud Environments

International Journal of Web Services Research ◽

10.4018/jwsr.2012070104 ◽

2012 ◽

Vol 9 (3) ◽

pp. 67-83 ◽

Cited By ~ 1

Author(s):

Stephen S. Yau ◽

Ho G. An ◽

Arun Balaji Buduru

Keyword(s):

Cloud Computing ◽

Data Processing ◽

Data Storage ◽

Service Providers ◽

Data Confidentiality ◽

Sensitive Data ◽

Computing Systems ◽

Cloud Application ◽

Cloud Infrastructures ◽

Processing Service

In current cloud computing systems, because users’ data is stored and processed by computing systems managed and operated by various service providers, users are concerned with the risks of unauthorized usage of their sensitive data by various entities, including service providers. The current cloud computing systems protect users’ data confidentiality from all entities, except service providers. In this paper, an approach is presented for improving the protection of users’ data confidentiality in cloud computing systems from all entities, including service providers. The authors’ approach has the following features: (1) separation of cloud application providers, data processing service providers and data storage providers, (2) anonymization of users’ identities, (3) grouping cloud application components and distributing their execution to distinct cloud infrastructures of data processing service providers, and (4) use of data obfuscation and cryptography for protecting the sensitive data from unauthorized access by all entities, including service providers. The proposed approach ensures that users’ sensitive data can be protected from their service providers even if the users do not have full cooperation from their service providers.

Download Full-text

A Privacy-Preserving Outsourcing Data Storage Scheme with Fragile Digital Watermarking-Based Data Auditing

Journal of Electrical and Computer Engineering ◽

10.1155/2016/3219042 ◽

2016 ◽

Vol 2016 ◽

pp. 1-7 ◽

Cited By ~ 3

Author(s):

Xinyue Cao ◽

Zhangjie Fu ◽

Xingming Sun

Keyword(s):

Data Storage ◽

Digital Watermarking ◽

Service Providers ◽

Logistic Map ◽

Cloud Service ◽

Privacy Preserving ◽

Good Effect ◽

Operation Speed ◽

Storage Scheme ◽

Data Auditing

Cloud storage has been recognized as the popular solution to solve the problems of the rising storage costs of IT enterprises for users. However, outsourcing data to the cloud service providers (CSPs) may leak some sensitive privacy information, as the data is out of user’s control. So how to ensure the integrity and privacy of outsourced data has become a big challenge. Encryption and data auditing provide a solution toward the challenge. In this paper, we propose a privacy-preserving and auditing-supporting outsourcing data storage scheme by using encryption and digital watermarking. Logistic map-based chaotic cryptography algorithm is used to preserve the privacy of outsourcing data, which has a fast operation speed and a good effect of encryption. Local histogram shifting digital watermark algorithm is used to protect the data integrity which has high payload and makes the original image restored losslessly if the data is verified to be integrated. Experiments show that our scheme is secure and feasible.

Download Full-text

On Data Security and Encryption Algorithms in Cloud Environment

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.701-702.1106 ◽

2014 ◽

Vol 701-702 ◽

pp. 1106-1111 ◽

Cited By ~ 1

Author(s):

Xin Zheng Zhang ◽

Ya Juan Zhang

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Data Security ◽

Service Providers ◽

Cloud Service ◽

Working Environment ◽

Cloud Environment ◽

Cloud Data ◽

Security Issues ◽

Encryption Algorithms

As information and processes are migrating to the cloud, Cloud Computing is drastically changing IT professionals’ working environment. Cloud Computing solves many problems of conventional computing. However, the new technology has also created new challenges such as data security, data ownership and trans-code data storage. We discussed about Cloud computing security issues, mechanism, challenges that Cloud service providers and consumers face during Cloud engineering. Based on concerning of security issues and challenges, we proposed several encryption algorithms to make cloud data secure and invulnerable. We made comparisons among DES, AES, RSA and ECC algorithms to find combinatorial optimization solutions, which fit Cloud environment well for making cloud data secure and not to be hacked by attackers.

Download Full-text