Assessing Threats and Vulnerable Attacks of Health Care Data in Cloud-Based Environment

What: Healthcare industries have been unified with the advent of cloud computing and Internet of Medical Things in recent past. How: As simplicity in access and transfer of medical reports increased, so does the impact of losing potential information. Adopting a cloud environment has eased the work of medical practitioners and provided world class medical attention to patients from remote corners of a nation. It has added the responsibility of cloud service providers to improvise the existing standards for protecting information in a virtual platform. A number of benefits not limitedto universal access, advice from renowned medical experts for deciding on diagnosis plan, alerting patients and hospitals in real timeand reducing the workload of labor are achieved by cloud environments. Hospital Information Systems (HIS) are the evolved data forms maintained manually in medical institutions and they are preferred in a cloud platform to improve interoperability. The information carried in such medical systems possesses critical information about patients that need to be protected over transmission between independent environments. This becomes a mandatory requirement for designing and implementing an access control mechanism to identify intention of users who enter into the environment. Relaxations in access control architectures will compromise the security of entire architecture and practice. Why: Intention - Demand Tree is proposed in this paper to limit the access rights of users based on their roles, requirements and permissions to monitor the usage of Health Information Systems. Investigative results illustrate that the risks of losing credible information has been limited and convenient than previous standards.

Download Full-text

Forecast Cloudy—Fair or Stormy Weather: Cloud Computing Insights and Issues

Journal of Information Systems ◽

10.2308/isys-18-037 ◽

2020 ◽

Vol 34 (2) ◽

pp. 23-46

Author(s):

Kimberly Swanson Church ◽

Pamela J. Schmidt ◽

Kemi Ajayi

Keyword(s):

Cloud Computing ◽

Information Systems ◽

Service Providers ◽

Cloud Service ◽

Theory And Practice ◽

Accounting Information Systems ◽

Computing Services ◽

Stormy Weather ◽

Cloud Computing Services ◽

The Impact

ABSTRACT To engage theory and practice of cloud computing in business, the third annual Journal of Information Systems Conference (JISC) brought together 29 academic researchers and 14 practitioners. This commentary reviews and synthesizes discussions and insights provided by three keynote presentations and panel discussions. In addition to sharing insights from the conference, this commentary identifies major themes, incorporates relevant current literature, and suggests potential research questions expressed by practitioners. The JISC emphasized the impact of the rapid maturing of cloud computing services on accounting information systems (AIS). Several recurring themes emerged throughout the conference: (1) rapid growth and evolution of cloud managed services, (2) security, privacy, and risk in the cloud ecosystem, (3) impact of cloud computing for data analytics, and (4) emerging and disruptive financial technologies and trends for the cloud. Most of the discussion surrounding these themes predominantly focused on the perspectives of cloud assurance and cloud service providers.

Download Full-text

Improvement of Privacy and Security in Hybrid Cloud with Attribute Group Based Access Control

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit19518 ◽

2019 ◽

pp. 57-61

Author(s):

Kayalvili S ◽

Sowmitha V

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Security Requirements ◽

Security And Privacy ◽

Data Outsourcing ◽

Privacy And Security ◽

Control Approach

Cloud computing enables users to accumulate their sensitive data into cloud service providers to achieve scalable services on-demand. Outstanding security requirements arising from this means of data storage and management include data security and privacy. Attribute-based Encryption (ABE) is an efficient encryption system with fine-grained access control for encrypting out-sourced data in cloud computing. Since data outsourcing systems require flexible access control approach Problems arises when sharing confidential corporate data in cloud computing. User-Identity needs to be managed globally and access policies can be defined by several authorities. Data is dual encrypted for more security and to maintain De-Centralization in Multi-Authority environment.

Download Full-text

Broker-based optimization of SLA negotiations in cloud computing

Multiagent and Grid Systems ◽

10.3233/mgs-210349 ◽

2021 ◽

Vol 17 (2) ◽

pp. 179-195

Author(s):

Priyanka Bharti ◽

Rajeev Ranjan ◽

Bhanu Prasad

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Service Level Agreement ◽

Cloud Service ◽

Service Level ◽

Cloud Environment ◽

Negotiation Strategies ◽

Sla Negotiation ◽

Conflicting Interests ◽

The Impact

Cloud computing provisions and allocates resources, in advance or real-time, to dynamic applications planned for execution. This is a challenging task as the Cloud-Service-Providers (CSPs) may not have sufficient resources at all times to satisfy the resource requests of the Cloud-Service-Users (CSUs). Further, the CSPs and CSUs have conflicting interests and may have different utilities. Service-Level-Agreement (SLA) negotiations among CSPs and CSUs can address these limitations. User Agents (UAs) negotiate for resources on behalf of the CSUs and help reduce the overall costs for the CSUs and enhance the resource utilization for the CSPs. This research proposes a broker-based mediation framework to optimize the SLA negotiation strategies between UAs and CSPs in Cloud environment. The impact of the proposed framework on utility, negotiation time, and request satisfaction are evaluated. The empirical results show that these strategies favor cooperative negotiation and achieve significantly higher utilities, higher satisfaction, and faster negotiation speed for all the entities involved in the negotiation.

Download Full-text

Dolus : cyber defense using pretense against DDoS attacks in cloud platforms

10.32469/10355/66749 ◽

2017 ◽

Author(s):

◽

Roshan Lal Neupane

Keyword(s):

Virtual Machines ◽

Service Providers ◽

Denial Of Service ◽

Cloud Service ◽

Cloud Services ◽

Ddos Attacks ◽

Child Play ◽

Original Target ◽

Multiple Network ◽

The Impact

Cloud-hosted services are being increasingly used in online businesses in e.g., retail, healthcare, manufacturing, entertainment due to benefits such as scalability and reliability. These benefits are fueled by innovations in orchestration of cloud platforms that make them totally programmable as Software Defined everything Infrastructures (SDxI). At the same time, sophisticated targeted attacks such as Distributed Denial-of-Service (DDoS) are growing on an unprecedented scale threatening the availability of online businesses. In this thesis, we present a novel defense system called Dolus to mitigate the impact of DDoS attacks launched against high-value services hosted in SDxI-based cloud platforms. Our Dolus system is able to initiate a pretense in a scalable and collaborative manner to deter the attacker based on threat intelligence obtained from attack feature analysis in a two-stage ensemble learning scheme. Using foundations from pretense theory in child play, Dolus takes advantage of elastic capacity provisioning via quarantine virtual machines and SDxI policy co-ordination across multiple network domains. To maintain the pretense of false sense of success after attack identification, Dolus uses two strategies: (i) dummy traffic pressure in a quarantine to mimic target response time profiles that were present before legitimate users were migrated away, and (ii) Scapy-based packet manipulation to generate responses with spoofed IP addresses of the original target before the attack traffic started being quarantined. From the time gained through pretense initiation, Dolus enables cloud service providers to decide on a variety of policies to mitigate the attack impact, without disrupting the cloud services experience for legitimate users. We evaluate the efficacy of Dolus using a GENI Cloud testbed and demonstrate its real-time capabilities to: (a) detect DDoS attacks and redirect attack traffic to quarantine resources to engage the attacker under pretense, and (b) coordinate SDxI policies to possibly block DDoS attacks closer to the attack source(s).

Download Full-text

Mitigating the Threat due to Data Deduplication Attacks in Cloud Migration using User Layer Authentication with Light Weight Cryptography

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.c8463.019320 ◽

2020 ◽

Vol 9 (3) ◽

pp. 2539-2545

Keyword(s):

Data Security ◽

Service Providers ◽

Data Integrity ◽

Cloud Service ◽

Behavioral Pattern ◽

Data Migration ◽

Data Deduplication ◽

Cloud Data ◽

Template Attacks ◽

The Impact

The widespread adoption of multi-cloud in enterprises is one of the root causes of cost-effectiveness. Cloud service providers reduce storage costs through advanced data de-duplication, which also provides vulnerabilities for attackers. Traditional approaches to authentication and data security for a single cloud need to be upgraded to be best suitable for cloud-to-cloud data migration security in order to mitigate the impact of dictionary and template attacks on authentication and data integrity, respectively. This paper proposes a scheme of user layer authentication along with lightweight cryptography. The proposed simulates its mathematical model to analyze the behavioral pattern of time-complexity of data security along with user auth protection. The performance pattern validates the model for scalability and reliability against both authentication and data integrity.

Download Full-text

Admission Control in the Cloud

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Handbook of Research on Architectural Trends in Service-Driven Computing ◽

10.4018/978-1-4666-6178-3.ch028 ◽

2014 ◽

pp. 701-717

Author(s):

Jose Luis Vazquez-Poletti ◽

Rafael Moreno-Vozmediano ◽

Ignacio M. Llorente

Keyword(s):

Admission Control ◽

Data Centers ◽

Service Providers ◽

Cloud Service ◽

Service Level ◽

Control Algorithms ◽

Net Income ◽

Business Decision ◽

Definition Of ◽

The Impact

Cloud computing is a paradigm that allows the flexible and on-demand provisioning of computing resources. For this reason, many institutions and enterprises have moved their data centers to the Cloud and, in particular, to public infrastructures. Unfortunately, an increase in the demand for Cloud results in resource shortages affecting both providers and consumers. With this factor in mind, Cloud service providers need Admission Control algorithms in order to make a good business decision on the types of requests to be fulfilled. Cloud providers have a desire to maximize the net income derived from provisioning the accepted service requests and minimize the impact of unprovisioned resources. This chapter introduces and compares Admission Control algorithms and proposes a service model that allows the definition of Service Level Agreements for the Cloud.

Download Full-text

Authentication and Identity Management for Secure Cloud Businesses and Services

Advances in Business Information Systems and Analytics - Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments ◽

10.4018/978-1-4666-5788-5.ch011 ◽

2014 ◽

pp. 180-201 ◽

Cited By ~ 1

Author(s):

Bing He ◽

Tuan T. Tran ◽

Bin Xie

Keyword(s):

Access Control ◽

Identity Management ◽

Service Providers ◽

Cloud Service ◽

Data Access ◽

Fine Grained ◽

Industry Standards ◽

Cloud Service Providers ◽

Potential Benefits ◽

Identity Management System

Today, cloud-based services and applications are ubiquitous in many systems. The cloud provides undeniable potential benefits to the users by offering lower costs and simpler deployment. The users significantly reduce their system management responsibilities by outsourcing services to the cloud service providers. However, the management shift has posed significant security challenges to the cloud service providers. Security concerns are the main reasons that delay organizations from moving to the cloud. The security and efficiency of user identity management and access control in the cloud needs to be well addressed to realize the power of the cloud. In this chapter, the authors identify the key challenges and provide solutions to the authentication and identity management for secure cloud business and services. The authors first identify and discuss the challenges and requirements of the authentication and identity management system in the cloud. Several prevailing industry standards and protocols for authentication and access control in cloud environments are provided and discussed. The authors then present and discuss the latest advances in authentication and identity management in cloud, especially for mobile cloud computing and identity as a service. They further discuss how proximity-based access control can be applied for an effective and fine-grained data access control in the cloud.

Download Full-text

MCACM: A Cloud Storage Access Control Model for Multi-Clouds Environment Based on XACML

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.713-715.2451 ◽

2015 ◽

Vol 713-715 ◽

pp. 2451-2454

Author(s):

Kai Ze Yin ◽

Hai Hang Wang

Keyword(s):

Access Control ◽

Cloud Storage ◽

Service Providers ◽

Cloud Service ◽

Control Model ◽

Cloud Services ◽

Access Control Model ◽

Access Control Models ◽

And Performance ◽

Different Sources

Cloud storage as a popular application in cloud services, are developing from single cloud service provider towards multiple cloud service providers. As a consequence, users need to manage their files from different sources and share in multi-clouds. While the conventional access control models are no longer suitable in multi-clouds environment. Therefore, a multi-clouds access control model based on XACML, named MCACM, is proposed here to implement access control in multi-clouds environment. In this model, cross-clouds access control is enabled through extending standard XACML framework. At last, we implemented a prototype of MCACM, and performance evaluation results show that our scheme is efficient.

Download Full-text

Mitigation of Insider Attacks through Multi-Cloud

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v5i1.pp136-141 ◽

2015 ◽

Vol 5 (1) ◽

pp. 136 ◽

Cited By ~ 1

Author(s):

T Gunasekhar ◽

K Thirupathi Rao ◽

V Krishna Reddy ◽

P Sai Kiran ◽

B Thirumala Rao

Keyword(s):

Access Control ◽

Security Policy ◽

Data Centers ◽

Service Providers ◽

Cloud Service ◽

Sensitive Data ◽

Encrypted Data ◽

Cloud Data ◽

Cloud Data Centers ◽

Multi Cloud

The malicious insider can be an employees, user and/or third party business partner. In cloud environment, clients may store sensitive data about their organization in cloud data centers. The cloud service provider should ensure integrity, security, access control and confidentiality about the stored data at cloud data centers. The malicious insiders can perform stealing on sensitive data at cloud storage and at organizations. Most of the organizations ignoring the insider attack because it is harder to detect and mitigate. This is a major emerging problem at the cloud data centers as well as in organizations. In this paper, we proposed a method that ensures security, integrity, access control and confidentiality on sensitive data of cloud clients by employing multi cloud service providers. The organization should encrypt the sensitive data with their security policy and procedures and store the encrypted data in trusted cloud. The keys which are used during encryption process are again encrypted and stored in another cloud area. So that organization contains only keys for keys of encrypted data. The Administrator of organization also does not know what data kept in cloud area and if he accesses the data, easily caught during the auditing. Hence, the only authorized used can access the data and use it and we can mitigate insider attacks by providing restricted privileges.

Download Full-text

PROTECTION MODELS AND METHODS AGAINST THREATED PROGRAMS INFORMATION SYSTEMS

Collection of scientific works of the Military Institute of Kyiv National Taras Shevchenko University ◽

10.17721/2519-481x/2020/67-08 ◽

2020 ◽

pp. 72-84

Author(s):

V.M. Dzhulij ◽

V.A. Boychuk ◽

V.Y. Titova ◽

O.V. Selyukov ◽

O.V. Miroshnichenko

Keyword(s):

Information System ◽

Information Systems ◽

Access Control ◽

Hard Disk ◽

Security System ◽

Modern Information ◽

Access Rights ◽

The Impact

The article proposes an approach to the development of protection methods against threatening programs in modern information systems, which consists in the development of security methods based on the implementation of access control to files by their types, which can be identified by file extensions that significantly exceed the known methods of antivirus protection, such as on the effectiveness of protection, as well as the impact on the load of computing resources of the information system. It is shown that the most important for protection are executable binary and script files, and that these classes of malware require mandatory storage of the threatening file on the hard disk before its execution (read). This led to the conclusion that protection against threatening programs can be built by implementing control (delineation) of access to files. A general approach to the implementation of protection against threatening programs is proposed, based on the implementation of control of access to files by their types, which can be identified by file extensions. The possibility of using such an approach is substantiated by a study of remedies. Methods of protection against threatening programs allow to protect the information system, both from loading, and from execution of binary and scripted threat files, differing in the possibility of taking into account the location of executable files, the possibility of administration with a working security system, the ability to control the modification of access objects, renaming access features, the ability to protect against scripted threat programs, including the ability to give threatening properties to interpreters (virtual x machines). Models of access control have been developed, which allowed the built-in access matrices to formulate requirements for building a secure system, the implementation of which prevents the leakage of given access rights of subjects to objects.

Download Full-text