IP Spoofing In and Out of the Public Cloud: From Policy to Practice

Natalija Vlajic; Mashruf Chowdhury; Marin Litoiu

doi:10.3390/computers8040081

IP Spoofing In and Out of the Public Cloud: From Policy to Practice

Computers ◽

10.3390/computers8040081 ◽

2019 ◽

Vol 8 (4) ◽

pp. 81 ◽

Cited By ~ 1

Author(s):

Natalija Vlajic ◽

Mashruf Chowdhury ◽

Marin Litoiu

Keyword(s):

Real World ◽

Service Providers ◽

Denial Of Service ◽

Research Literature ◽

Third Party ◽

Cloud Provider ◽

Public Cloud ◽

The Public ◽

Cloud Providers ◽

Ip Spoofing

In recent years, a trend that has been gaining particular popularity among cybercriminals is the use of public Cloud to orchestrate and launch distributed denial of service (DDoS) attacks. One of the suspected catalysts for this trend appears to be the increased tightening of regulations and controls against IP spoofing by world-wide Internet service providers (ISPs). Three main contributions of this paper are (1) For the first time in the research literature, we provide a comprehensive look at a number of possible attacks that involve the transmission of spoofed packets from or towards the virtual private servers hosted by a public Cloud provider. (2) We summarize the key findings of our research on the regulation of IP spoofing in the acceptable-use and term-of-service policies of 35 real-world Cloud providers. The findings reveal that in over 50% of cases, these policies make no explicit mention or prohibition of IP spoofing, thus failing to serve as a potential deterrent. (3) Finally, we describe the results of our experimental study on the actual practical feasibility of IP spoofing involving a select number of real-world Cloud providers. These results show that most of the tested public Cloud providers do a very good job of preventing (potential) hackers from using their virtual private servers to launch spoofed-IP campaigns on third-party targets. However, the same very own virtual private servers of these Cloud providers appear themselves vulnerable to a number of attacks that involve the use of spoofed IP packets and/or could be deployed as packet-reflectors in attacks on third party targets. We hope the paper serves as a call for awareness and action and motivates the public Cloud providers to deploy better techniques for detection and elimination of spoofed IP traffic.

Secure Server Key Management Designs for the Public Cloud

Machine Learning and Artificial Intelligence - Frontiers in Artificial Intelligence and Applications ◽

10.3233/faia200789 ◽

2020 ◽

Author(s):

Kevin Foltz ◽

William R. Simpson

Keyword(s):

Key Management ◽

Web Server ◽

Free Access ◽

Cloud Provider ◽

Public Cloud ◽

Web Based ◽

The Public ◽

Cloud Providers ◽

Enterprise Level ◽

Secure Server

The Enterprise Level Security (ELS) model focuses on designing secure, distributed web-based systems starting from basic principles. One area of ELS that poses significant design challenges is protection of web server private keys in a public cloud. Web server private keys are of critical importance because they control who can act as the server to represent the enterprise. This includes responding to requests as well as making requests within the enterprise and to its partners. The cloud provider is not part of this trusted network of servers, so the cloud provider should not have access to server private keys. However, current cloud systems are designed to allow cloud providers free access to server private keys. This paper proposes design solutions to securely manage private keys in a public cloud. An examination of commonly used approaches demonstrates the ease with which cloud providers can currently control server private keys. Two designs are proposed to prevent cloud provider access to keys, and their implementation issues are discussed.

End-User-Driven Approach for Regulatory Compliance in the Public Cloud

International Journal of Service Science Management Engineering and Technology ◽

10.4018/ijssmet.2021050101 ◽

2021 ◽

Vol 12 (3) ◽

pp. 1-19

Author(s):

Jitendra Singh ◽

Vikas Kumar

Keyword(s):

Present State ◽

Business Groups ◽

Regulatory Compliance ◽

Third Party ◽

Expert Advice ◽

Small Scale ◽

Public Cloud ◽

End User ◽

The Public ◽

Limited Budget

Regulatory compliance is equally binding on small and medium business groups. Owing to the small scale and limited budget, such SMBs are unable to seek expert advice. To adequately guard the SMBs in regulatory compliance, the present work proposed a third-party managed-end user-driven approach that renders the list of regulatory acts applicable in one's case according to the country of one's residence, services subscribed, and type of the operations to be carried out in subscribed cloud paradigm. The list of applicable regulatory acts are rendered at the subscriber's end only. In addition, the proposed method notifies the present state of compliance of under-considered cloud providers. Based on the recommendation received, the subscriber can proceed with his decision to subscribe or not to subscribe in the event if desired compliances do not exist. This technological assistance will eliminate the need to possess the required knowledge in regulatory acts or seeking advice from the regulatory expert.

System Benchmarking on Public Clouds

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Advanced Research on Cloud Computing Design and Applications ◽

10.4018/978-1-4666-8676-2.ch004 ◽

2015 ◽

pp. 37-50

Author(s):

Sanjay P. Ahuja ◽

Thomas F. Furman ◽

Kerwin E. Roslie ◽

Jared T. Wheeler

Keyword(s):

Service Providers ◽

Cluster Formation ◽

Cloud Service ◽

Vital Role ◽

Cloud Services ◽

System Level ◽

Public Cloud ◽

Cloud Providers ◽

Set Up ◽

Levels Of Service

There are several public cloud providers that provide service across different cloud models such as IaaS, PaaS, and SaaS. End users require an objective means to assess the performance of the services being offered by the various cloud providers. Benchmarks have typically been used to evaluate the performance of various systems and can play a vital role in assessing performance of the different public cloud platforms in a vendor neutral manner. Amazon's EC2 Service is one of the leading public cloud service providers and offers many different levels of service. The research in this chapter focuses on system level benchmarks and looks into evaluating the memory, CPU, and I/O performance of two different tiers of hardware offered through Amazon's EC2. Using three distinct types of system benchmarks, the performance of the micro spot instance and the M1 small instance are measured and compared. In order to examine the performance and scalability of the hardware, the virtual machines are set up in a cluster formation ranging from two to eight nodes. The results show that the scalability of the cloud is achieved by increasing resources when applicable. This chapter also looks at the economic model and other cloud services offered by Amazon's EC2, Microsoft's Azure, and Google's App Engine.

Cloud services as the ultimate gate(keeper)

Journal of Antitrust Enforcement ◽

10.1093/jaenfo/jny013 ◽

2019 ◽

Vol 7 (2) ◽

pp. 220-248

Author(s):

Björn Lundqvist

Keyword(s):

Service Providers ◽

Cloud Services ◽

Business Strategies ◽

Cloud Provider ◽

Goods And Services ◽

Use Of Data ◽

Cloud Providers ◽

And Storage ◽

The Internet Of Things ◽

Gain Access

Abstract In the Internet of Things (IoT), the amount and smart use of data will determine whether or not a firm can compete successfully. Manufacturing firms will collect data through sensors in their devices and, at least in the cases of SMEs, likely store the collected data in the cloud, purchasing cloud services and storage from the large e-platform providers doubling as cloud providers. The e-platform providers will also collect data from users of their other services. These data are often generated by the same firms that purchase cloud services when they use the e-platforms to sell goods and services. Access to the data and to data analytics on fair business terms, and the possibility to switch cloud and service providers are vital for the SMEs and, in general, to create a competitive and vibrant IoT. However, cloud and e-platform customers seem to be facing difficulties. According to the EU Commission, SMEs are finding it particularly hard to engage cloud and e-platform providers, and to gain access to cloud services on reasonable, transparent terms. The contracts are skewed in favour of the cloud providers. The customers get locked in and may be obliged to agree not to assert any of their intellectual property rights vis-à-vis the cloud provider or the cloud provider’s network. Moreover, the cloud and e-platform providers may under certain circumstances access and make use of the users’ data, and that may give them a competitive advantage vis-à-vis the users, since the providers may have access to much more data, even data originating from the users’ competitors, suppliers, customers, etc. They can thus use all the data available to them to obtain a fuller picture of whole industries, and they may use that advantage in data to leverage and enter users’ markets. Indeed, they may use the data in the cloud for data-driven business strategies to enter the core market of the firms that have provided them with data in the first place. This article discusses whether competition law can address the conduct of the cloud and e-platform providers, so that firms may access and make use of all the possibilities that the IoT harbours.

Regulations and Standards in Public Cloud

Journal of Information Technology Research ◽

10.4018/jitr.2020070102 ◽

2020 ◽

Vol 13 (3) ◽

pp. 21-36

Author(s):

Jitendra Singh ◽

Kamlesh Kumar Raghuvanshi

Keyword(s):

Data Center ◽

Critical Issue ◽

Regulatory Compliance ◽

Cloud Provider ◽

Security Threats ◽

Public Cloud ◽

The Public ◽

Regulatory Standards ◽

The One ◽

Security Standards

Security is a critical issue particularly in public cloud as it rests with the cloud providers. During security implementation, prevailing security threats and regulatory standards are borne in mind. Regulatory compliance varies from one cloud provider to another according to their maturity and location of the data center. Thus, subscribers need to verify the security requirement meeting their objective and the one implemented by the public cloud provider. To this end, subscribers need to visit each cloud provider's site to view the compliance. This is a time-consuming activity at the same time difficult to locate on a website. This work presents the prominent security standards suggested by the leading security institutions including NIST, CSA, ENISA, ISO, etc., that are applicable to the public cloud. A centrally-driven scheme is proposed in order to empower the subscriber to know the regulation and standards applicable according to their services need. The availability of an exhaustive list at one place will lower the users hassle at subscription time.

Flexible selection of heterogeneous and unreliable services in large-scale grids

Philosophical Transactions of The Royal Society A Mathematical Physical and Engineering Sciences ◽

10.1098/rsta.2009.0045 ◽

2009 ◽

Vol 367 (1897) ◽

pp. 2483-2494 ◽

Cited By ~ 4

Author(s):

Sebastian Stein ◽

Terry R. Payne ◽

Nicholas R. Jennings

Keyword(s):

Real World ◽

Large Scale ◽

Service Providers ◽

Service Selection ◽

Third Party ◽

Distributed Services ◽

On Demand ◽

Bioinformatics Workflow ◽

Selection Of

As grids become larger and more interconnected in nature, scientists can benefit from a growing number of distributed services that may be invoked on demand to complete complex computational workflows. However, it also means that these scientists become dependent on the cooperation of third-party service providers, whose behaviour may be uncertain, failure prone and highly heterogeneous. To address this, we have developed a novel decision-theoretic algorithm that automatically selects appropriate services for the tasks of an abstract workflow and deals with failures through redundancy and dynamic re-invocation of functionally equivalent services. In this paper, we summarize our approach, describe in detail how it can be applied to a real-world bioinformatics workflow and show that it offers a significant improvement over current service selection techniques.

Moving Target Defense Strategy for Mitigating Denial of Service Attack in the Public Cloud Environment

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8077.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 1112-1115

Keyword(s):

Denial Of Service ◽

Moving Target ◽

Cloud Environment ◽

Public Cloud ◽

Dos Attack ◽

The Public ◽

Denial Of Service Attack ◽

Digital World ◽

Service Attack ◽

Attack Surface

Internet is a network of interconnected systems which works collaboratively and services the users without any disruption. But for achieving the same in real time, needs the new prominent technology cloud computing. The massive attractive features and simple pay-as-you-go model of cloud makes it reachable to all the users Denial-of-Service (DoS) plays a crucial role in making the services inaccessible to its intended users. The traditional DoS can no longer be successful in the cloud scenario as it poses the auto scaling feature. Still, the DoS can consume the bandwidth of the cloud customers as they need to pay for their complete usage. In spite of the huge number of recovery measures available in cloud, DoS becoming harder every day in terms of attack volume and severity. Hence complete mitigation against DoS attack is the expected solution which needs to be proved in today’s digital world. Moving Target Defence (MTD) is one such prominent emerging solution which aims to avoid the DDoS attacks in the cloud environment. The challenge of MTD is to change the attack surface periodically such that the attackers will be facing difficulty in even the attack attempts. This paper aims to provide solution for avoiding DoS attack by adopting MTD algorithm for making the web servers redundant in the cloud environment. Experimental simulations prove the effectiveness of MTD in the public cloud environment.

Spatial Barriers and the Tendency of the Utilization of Mediated Citizenship by Villagers in Accessing Public Services

ijd-demos ◽

10.37950/ijd.v3i1.82 ◽

2021 ◽

Vol 3 (1) ◽

Author(s):

Rahmad Hidayat ◽

Akhyar Akhyar ◽

Muhammad Sauki

Keyword(s):

Public Services ◽

Service Providers ◽

Third Party ◽

The Public ◽

The Poor ◽

Basic Services ◽

Local Government Level ◽

Local Ngo ◽

Opening Up ◽

Formal Status

AbstractThis paper aims to discuss the dynamic intersection between the spatial barriers and the tendency of the utilization of "mediated citizenship" by villagers in accessing public services. It is important to map out how villagers interact with authoritative service providers at the local government level, which is not done directly, but through the mediation of a third party, namely a local NGO that is implementing a program in their village. Based on the context of Oi Bura Village, the tendency of the utilization of mediator services of "LAKPESDAM PCNU Kabupaten Bima" in accessing public services (especially the residential identities) began to take shape because it was triggered by the poor people's consideration about the spatial stretch of their village area with the site of the service provider that would have an impact on financial expenses and bureaucratic severity factors that must be passed when accessing these basic services. Although the residential identities should be obtained automatically based on formal status as an Indonesian citizen, in practice the access of the poor villagers to basic services is achieved through a third party mediation role. The limitations of the service providers' responsiveness, accountability and institutional capacity to act proactively in solving the public problems are increasingly opening up the chance for "permanence" of facilitation of the state-citizen interaction by third parties.Keywords: access, citizenship, mediator, service, space AbstrakMakalah ini bertujuan untuk membahas persimpangan dinamis antara hambatan spasial dan kecenderungan pemanfaatan "mediated citizenhip" oleh warga desa dalam mengakses layanan publik. Penting untuk memetakan bagaimana masyarakat desa berinteraksi dengan pemberi layanan otoritatif di tingkat pemerintah daerah, yang tidak dilakukan secara langsung, melainkan melalui mediasi pihak ketiga, yaitu LSM lokal yang melaksanakan program di desanya. Berdasarkan konteks Desa Oi Bura, kecenderungan pemanfaatan jasa mediator “LAKPESDAM PCNU Kabupaten Bima” dalam mengakses pelayanan publik (khususnya identitas permukiman) mulai terbentuk karena dipicu oleh pertimbangan masyarakat miskin terhadap tata ruang. hamparan wilayah desanya dengan lokasi penyedia layanan yang tentunya berdampak pada pengeluaran keuangan dan faktor keparahan birokrasi yang harus dilalui saat mengakses layanan dasar tersebut. Meskipun identitas kependudukan seharusnya diperoleh secara otomatis berdasarkan status formal sebagai warga negara Indonesia, pada praktiknya akses masyarakat miskin terhadap layanan dasar dicapai melalui peran mediasi pihak ketiga. Keterbatasan daya tanggap, akuntabilitas, dan kapasitas kelembagaan penyedia layanan untuk bertindak proaktif dalam menyelesaikan masalah publik semakin membuka peluang untuk "kelanggengan" fasilitasi interaksi negara-warga oleh pihak ketiga.Kata kunci: akses, citizenship, mediator, layanan, ruang.

Strategies for Evaluating Cloud System Providers during the Transformation of Businesses

Web-Based Services ◽

10.4018/978-1-4666-9466-8.ch020 ◽

2016 ◽

pp. 451-470

Author(s):

Mohamed Fazil Mohamed Firdhous

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Business Leaders ◽

Cloud Services ◽

Cloud Provider ◽

Public Cloud ◽

It Infrastructure ◽

Customer Requirements ◽

Business Transformation ◽

Advantages And Disadvantages

This chapter takes a comprehensive look at the strategies and mechanisms developed for evaluating cloud services during business transformation. During business transformation, enterprises need to make decisions that would have long lasting impacts on the performance and profitability of the businesses. One of the important decisions business leaders are required to make is whether to own and manage their own IT infrastructure or outsource them from a public cloud provider. Due to the attractiveness of cloud computing, there are many cloud providers in the market creating a confusion in the minds of the customers who to select. Hence it is necessary to use proper strategies and mechanisms to evaluate the performance and the suitability of the service providers in meeting the customer requirements. This chapter takes an in depth look at some of the strategies, frameworks, mechanisms and tools proposed by researchers for evaluating cloud services in the literature with reference to their applicability, suitability, advantages and disadvantages.

An Efficient Framework for Sharing a File in a Secure Manner Using Asymmetric Key Distribution Management in Cloud Environment

Journal of Computer Networks and Communications ◽

10.1155/2019/9852472 ◽

2019 ◽

Vol 2019 ◽

pp. 1-8 ◽

Cited By ~ 2

Author(s):

K. V. Pradeep ◽

V. Vijayakumar ◽

V. Subramaniyaswamy

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Third Party ◽

Cloud Provider ◽

Cloud Environment ◽

Security Threat ◽

Distribution Management ◽

Encryption Decryption

Cloud computing is a platform to share the data and resources used among various organizations, but the survey shows that there is always a security threat. Security is an important aspect of cloud computing. Hence, the responsibility underlines to the cloud service providers for providing security as the quality of service. However, cloud computing has many challenges in security that have not yet been addressed well. The data accessed or shared through any devices from the cloud environment are not safe because they are likely to have various attacks like Identity Access Management (IAM), hijacking an account or a service either by internal/external intruders. The cryptography places a major role to secure the data within the cloud environment. Therefore, there is a need for standard encryption/decryption mechanism to protect the data stored in the cloud, in which key is the mandatory element. Every cloud provider has its own security mechanisms to protect the key. The client cannot trust the service provider completely in spite of the fact that, at any instant, the provider has full access to both data and key. In this paper, we have proposed a new system which can prevent the exposure of the key as well as a framework for sharing a file that will ensure security (CIA) using asymmetric key and distributing it within the cloud environment using a trusted third party. We have compared RSA with ElGamal and Paillier in our proposed framework and found RSA gives a better result.