Spelling suggestions: "subject:"cloud computing security"" "subject:"cloud acomputing security""
1 |
Practical data integrity protection in network-coded cloud storage.January 2012 (has links)
近年雲存儲發展迅速,它具彈性的收費模式還有使用上的便利性吸引了不少用家把它當作一個備份的平台,如何保障雲端上資料的完整性也就成了一項重要的課題。我們試著探討如何能有效地在客戶端檢查雲端上資料的完整性,並且在探測到雲存儲節點故障以後如何有效地進行修復。抹除碼(Erasure codes)透過產生冗餘,令編碼過後的資料能允許一定程度的缺片。雲端使用者可以利用抹除碼把檔案分散到不同的雲節點,即使其中一些節點壞了用戶還是能透過解碼餘下的資料來得出原檔。我們的研究是基於一種叫再造編碼(Regenerating code)的新興抹除碼。再造編碼借用了網絡編碼(Network coding)的概念,使得在修復錯誤節點的時候並不需要把完整的原檔先重構一遍,相比起一些傳統的抹除碼(如里德所羅門碼Reed-Solomoncode)能減少修復節點時需要下載的資料量。其中我們在FMSR這門再造編碼上實現了一個能有效檢測錯誤的系統FMSR-DIP。FMSR-DIP的好處是在檢測的時候只需要下載一小部份的資料,而且不要求節點有任何的編碼能力,可以直接對應現今的雲存儲。為了驗證我們系統的實用性,我們在雲存儲的測試平台上運行了一系列的測試。 / To protect outsourced data in cloud storage against corruptions, enabling integrity protection, fault tolerance, and efficient recovery for cloud storage becomes critical. To enable fault tolerance from a client-side perspective, users can encode their data with an erasure code and stripe the encoded data across different cloud storage nodes. We base our work on regenerating codes, a recently proposed type of erasure code that borrows the concept of network coding and requires less repair traffic than traditional erasure codes during failure recovery. We study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life cloud storage setting. Specifically, we design a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving the intrinsic properties of fault tolerance and repair traffic saving. Our DIP scheme is designed under the Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-cloud storage and allows different parameters to be fine-tuned for the performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a cloud storage testbed under different parameter choices. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment. / Detailed summary in vernacular field only. / Chen, Chuk Hin Henry. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 38-41). / Abstracts also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Preliminaries --- p.4 / Chapter 2.1 --- FMSR Implementation --- p.4 / Chapter 2.2 --- Threat Model --- p.6 / Chapter 2.3 --- Cryptographic Primitives --- p.7 / Chapter 3 --- Design --- p.8 / Chapter 3.1 --- Design Goals --- p.8 / Chapter 3.2 --- Notation --- p.9 / Chapter 3.3 --- Overview of FMSR-DIP --- p.11 / Chapter 3.4 --- Basic Operations --- p.11 / Chapter 3.4.1 --- Upload operation --- p.11 / Chapter 3.4.2 --- Check operation --- p.13 / Chapter 3.4.3 --- Download operation --- p.15 / Chapter 3.4.4 --- Repair operation --- p.16 / Chapter 4 --- Implementation --- p.17 / Chapter 4.1 --- Integration of DIP into NCCloud --- p.17 / Chapter 4.2 --- Instantiating Cryptographic Primitives --- p.18 / Chapter 4.3 --- Trade-off Parameters --- p.19 / Chapter 5 --- Security Analysis --- p.22 / Chapter 5.1 --- Uses of Security Primitives --- p.22 / Chapter 5.2 --- Security Guarantees --- p.23 / Chapter 5.2.1 --- Corrupting an AECC Stripe --- p.23 / Chapter 5.2.2 --- Picking Corrupted Bytes for Checking --- p.25 / Chapter 5.2.3 --- Putting It All Together --- p.26 / Chapter 6 --- Evaluations --- p.27 / Chapter 6.1 --- Running Time Analysis --- p.27 / Chapter 6.2 --- Monetary Cost Analysis --- p.30 / Chapter 6.3 --- Summary --- p.33 / Chapter 7 --- Related Work --- p.34 / Chapter 8 --- Conclusions --- p.37 / Bibliography --- p.38
|
2 |
An evaluation of security issues in cloud-based file sharing technologiesFana, Akhona January 2015 (has links)
Cloud computing is one of the most promising technologies for backup and data storage that provides flexible access to data. Cloud computing plays a vital role in remote backup. It is so unfortunate that this computing technique has flaws that thrilled and edgy end users in implementing it effectively. These flaws include factors like lack of integrity, confidentiality and privacy to information. A secure cloud is impossible unless the computer-generated environment is appropriately secured. In any form of technology it is always advisable that security challenges must be prior identified and fixed before the implementation of that particular technology. Primarily, this study will focus on finding security issues in cloud computing with the objective of finding concerns like credential theft and session management in the ―Cloud‖. Main arguments like HTTP banner disclosure, Bash ―ShellShock‖ Injection and password issues were discovered during the stages of study implementation. These challenges may provide information that will permit hackers in manipulating and exploiting cloud environment. Identifying credential theft and session management in cloud-based file sharing technologies a mixed method approach was implemented throughout the course of the study due to the nature of study and unity of analysis. Penetration tests were performed as security testing technique. Prevention and guideline of security threats leads to a friendly and authentic world of technology.
|
3 |
Proposta de arquitetura e solução de gerenciamento de credenciais para autenticação e autorização em ambientes de computação em nuvem. / Proposal of architecture and solution for credential, management for authentication and authorization in cloud computing environments.Gonzalez, Nelson Mimura 22 January 2014 (has links)
O modelo de computação em nuvem (cloud computing) reúne características como elasticidade, compartilhamento de recursos, obtenção de serviços sob demanda, e escalabilidade. Este modelo aumenta a eficiência de utilização de recursos, reduzindo drasticamente o custo de manutenção de infraestruturas de hardware e software. Contudo, diversos problemas relacionados a aspectos de segurança são observados nos ambientes de nuvem, o que reduz a adoção da tecnologia de maneira significativa. Os principais problemas identificados referem-se à confidencialidade dos dados dos usuário e à proteção dos canais de comunicação. Estes problemas podem ser resolvidos por meio do emprego de mecanismos de autenticação e autorização que controlem efetivamente o acesso aos recursos e aos serviços da nuvem por parte dos usuários e quaisquer outras entidades que consigam acessar estes elementos. Isto sugere a utilização de credenciais, que permitem estabelecer permissões e obrigações das entidades de um ecossistema de computação em nuvem. Esta dissertação apresenta uma proposta de Sistema de Gerenciamento de Credenciais (SGC) para computação em nuvem, que visa implementar uma solução de identificação de entidades e controle de acesso à nuvem. Para isto foi realizada uma pesquisa para levantar as principais referências relativas à computação em nuvem, segurança em computação em nuvem, e gerenciamento de credenciais. A partir dos resultados desta pesquisa, foi definido um modelo conceitual que descreve a solução proposta, identificando os seus requisitos e a sua arquitetura. Finalmente foi desenvolvido um protótipo para realização de testes, de modo a validar a solução proposta e verificar o atendimento aos requisitos definidos previamente. Os resultados revelam a possibilidade de desenvolver um Sistema de Gerenciamento de Credenciais (SGC) capaz de prover os mecanismos de segurança adequados para a nuvem sem a necessidade de modificar as aplicações e serviços originais da mesma, culminando em uma solução transparente para usuários, desenvolvedores, e administradores da nuvem. O sistema proposto foi, também, capaz de estabelecer canais de comunicação seguro entre as entidades da nuvem, permitindo proteger de maneira seletiva as informações que trafegam pela rede. Desta forma, é possível afirmar que soluções em nuvem podem ser tornar mais seguras (e confiáveis) por meio do emprego de mecanismos transparentes e abrangentes para autenticação e autorização de entidades e operações. / Cloud computing is a computing model based on characteristics such as elasticity, resource sharing, on-demand resource acquisition, and scalability. This model increases resource usage efficiency, drastically reducing maintenance costs of hardware and software infrastructures. However, problems related to security aspects represent obstacles for a wider adoption of the technology. The main problems identified are related to data confidentiality and communication channels protection. These problems can be addressed by authentication and authorization mechanisms which are able to effectively control the access to resources and services. This suggests the use of credentials which define the permissions and obligations of entities from a cloud computing ecosystem. This work presents a Credential Management System (CMS) for cloud computing, which implements a solution for identification and access control in the cloud environment. The research included a survey of references related to cloud computing, security in cloud computing, and credential management. Taking the results of this research, it was specified a conceptual model which describes the proposed solution, identifying the main requirements of the solution and its architecture. Finally it was developed a prototype in order to perform tests to validate the solution and verify if the requirements were addressed. The results reveal the possibility of developing a credential management solution able to provide the adequate security mechanisms without the need to modify the original applications and services, leading to a transparent solution for users, developers, and cloud administrators. The solution was also able to establish secure communication channels between cloud entities, allowing to selectively protect information that is exchanged in the network. The conclusion is that it is possible to make cloud applications and services more secure (and reliable) by using transparent and comprehensive mechanisms for authentication and authorization of entities and operations.
|
4 |
FADE: secure overlay cloud storage with access control and file assured deletion. / Secure overlay cloud storage with access control and file assured deletionJanuary 2011 (has links)
Tang, Yang. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 60-65). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Policy-based File Assured Deletion --- p.7 / Chapter 2.1 --- Background --- p.7 / Chapter 2.2 --- Policy-based Deletion --- p.9 / Chapter 3 --- Basic Design of FADE --- p.13 / Chapter 3.1 --- Entities --- p.13 / Chapter 3.2 --- Deployment --- p.15 / Chapter 3.3 --- "Security Goals, Threat Models, and Assumptions" --- p.16 / Chapter 3.4 --- The Basics - File Upload/Download --- p.18 / Chapter 3.5 --- Policy Revocation for File Assured Deletion --- p.23 / Chapter 3.6 --- Multiple Policies --- p.23 / Chapter 3.7 --- Policy Renewal --- p.25 / Chapter 4 --- Extensions of FADE --- p.27 / Chapter 4.1 --- Access Control with ABE --- p.27 / Chapter 4.2 --- Multiple Key Managers --- p.31 / Chapter 5 --- Implementation --- p.35 / Chapter 5.1 --- Representation of Metadata --- p.36 / Chapter 5.2 --- Client --- p.37 / Chapter 5.3 --- Key Managers --- p.38 / Chapter 6 --- Evaluation --- p.40 / Chapter 6.1 --- Experimental Results on Time Performance of FADE --- p.41 / Chapter 6.1.1 --- Evaluation of Basic Design --- p.42 / Chapter 6.1.2 --- Evaluation of Extensions --- p.46 / Chapter 6.2 --- Space Utilization of FADE --- p.49 / Chapter 6.3 --- Cost Model --- p.51 / Chapter 6.4 --- Lessons Learned --- p.53 / Chapter 7 --- Related Work --- p.54 / Chapter 8 --- Conclusions --- p.58 / Bibliography --- p.60
|
5 |
Proposta de arquitetura e solução de gerenciamento de credenciais para autenticação e autorização em ambientes de computação em nuvem. / Proposal of architecture and solution for credential, management for authentication and authorization in cloud computing environments.Nelson Mimura Gonzalez 22 January 2014 (has links)
O modelo de computação em nuvem (cloud computing) reúne características como elasticidade, compartilhamento de recursos, obtenção de serviços sob demanda, e escalabilidade. Este modelo aumenta a eficiência de utilização de recursos, reduzindo drasticamente o custo de manutenção de infraestruturas de hardware e software. Contudo, diversos problemas relacionados a aspectos de segurança são observados nos ambientes de nuvem, o que reduz a adoção da tecnologia de maneira significativa. Os principais problemas identificados referem-se à confidencialidade dos dados dos usuário e à proteção dos canais de comunicação. Estes problemas podem ser resolvidos por meio do emprego de mecanismos de autenticação e autorização que controlem efetivamente o acesso aos recursos e aos serviços da nuvem por parte dos usuários e quaisquer outras entidades que consigam acessar estes elementos. Isto sugere a utilização de credenciais, que permitem estabelecer permissões e obrigações das entidades de um ecossistema de computação em nuvem. Esta dissertação apresenta uma proposta de Sistema de Gerenciamento de Credenciais (SGC) para computação em nuvem, que visa implementar uma solução de identificação de entidades e controle de acesso à nuvem. Para isto foi realizada uma pesquisa para levantar as principais referências relativas à computação em nuvem, segurança em computação em nuvem, e gerenciamento de credenciais. A partir dos resultados desta pesquisa, foi definido um modelo conceitual que descreve a solução proposta, identificando os seus requisitos e a sua arquitetura. Finalmente foi desenvolvido um protótipo para realização de testes, de modo a validar a solução proposta e verificar o atendimento aos requisitos definidos previamente. Os resultados revelam a possibilidade de desenvolver um Sistema de Gerenciamento de Credenciais (SGC) capaz de prover os mecanismos de segurança adequados para a nuvem sem a necessidade de modificar as aplicações e serviços originais da mesma, culminando em uma solução transparente para usuários, desenvolvedores, e administradores da nuvem. O sistema proposto foi, também, capaz de estabelecer canais de comunicação seguro entre as entidades da nuvem, permitindo proteger de maneira seletiva as informações que trafegam pela rede. Desta forma, é possível afirmar que soluções em nuvem podem ser tornar mais seguras (e confiáveis) por meio do emprego de mecanismos transparentes e abrangentes para autenticação e autorização de entidades e operações. / Cloud computing is a computing model based on characteristics such as elasticity, resource sharing, on-demand resource acquisition, and scalability. This model increases resource usage efficiency, drastically reducing maintenance costs of hardware and software infrastructures. However, problems related to security aspects represent obstacles for a wider adoption of the technology. The main problems identified are related to data confidentiality and communication channels protection. These problems can be addressed by authentication and authorization mechanisms which are able to effectively control the access to resources and services. This suggests the use of credentials which define the permissions and obligations of entities from a cloud computing ecosystem. This work presents a Credential Management System (CMS) for cloud computing, which implements a solution for identification and access control in the cloud environment. The research included a survey of references related to cloud computing, security in cloud computing, and credential management. Taking the results of this research, it was specified a conceptual model which describes the proposed solution, identifying the main requirements of the solution and its architecture. Finally it was developed a prototype in order to perform tests to validate the solution and verify if the requirements were addressed. The results reveal the possibility of developing a credential management solution able to provide the adequate security mechanisms without the need to modify the original applications and services, leading to a transparent solution for users, developers, and cloud administrators. The solution was also able to establish secure communication channels between cloud entities, allowing to selectively protect information that is exchanged in the network. The conclusion is that it is possible to make cloud applications and services more secure (and reliable) by using transparent and comprehensive mechanisms for authentication and authorization of entities and operations.
|
6 |
IaaS-cloud security enhancement : an intelligent attribute-based access control model and implementationAl-Amri, Shadha M. S. January 2017 (has links)
The cloud computing paradigm introduces an efficient utilisation of huge computing resources by multiple users with minimal expense and deployment effort compared to traditional computing facilities. Although cloud computing has incredible benefits, some governments and enterprises remain hesitant to transfer their computing technology to the cloud as a consequence of the associated security challenges. Security is, therefore, a significant factor in cloud computing adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing services are accessed through network connections and utilised by multi-users who can share the resources through virtualisation technology. Accordingly, an efficient access control system is crucial to prevent unauthorised access. This thesis mainly investigates the IaaS security enhancement from an access control point of view.
|
7 |
MODELING AND SECURITY IN CLOUD AND RELATED ECOSYSTEMSUnknown Date (has links)
Software systems increasingly interact with each other, forming ecosystems. Cloud is one such ecosystem that has evolved and enabled other technologies like IoT and containers. Such systems are very complex and heterogeneous because their components can have diverse origins, functions, security policies, and communication protocols, which makes it difficult to comprehend, utilize and consequently secure them. Abstract architectural models can be used to handle this complexity and heterogeneity but there is lack of work on precise, implementation/vendor neutral and holistic models which represent ecosystem components and their mutual interactions. We attempted to find similarities in systems and generalize to create abstract models for adding security. We represented the ecosystem as a Reference architecture (RA) and the ecosystem units as patterns. We started with a pattern diagram which showed all the components involved along with their mutual interactions and dependencies. We added components to the already existent Cloud security RA (SRA). Containers, being relatively new virtualization technology, did not have a precise and holistic reference architecture. We have built a partial RA for containers by identifying and modeling components of the ecosystem. Container security issues were identified from the literature as well as analysis of our patterns. We added corresponding security countermeasures to container RA as security patterns to build a container SRA. Finally, using container SRA as an example, we demonstrated an approach for RA validation. We have also built a composite pattern for fog computing that is an intermediate platform between Cloud and IoT devices. We represented an attack, Distributed Denial of Service (DDoS) using IoT devices, in the form of a misuse pattern which explains it from the attacker’s perspective. We found this modelbased approach useful to build RAs in a flexible and incremental way as components can be identified and added as the ecosystems expand. This provided us better insight to analyze security issues across boundaries of individual ecosystems. A unified, precise and holistic view of the system is not just useful for adding or evaluating security, this approach can also be used to ensure compliance, privacy, safety, reliability and/or governance for cloud and related ecosystems. This is the first work we know of where patterns and RAs are used to represent ecosystems and analyze their security. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2019. / FAU Electronic Theses and Dissertations Collection
|
8 |
Protection of personal information in the South African cloud computing environment: a framework for cloud computing adoptionSkolmen, Dayne Edward January 2016 (has links)
Cloud Computing has advanced to the point where it may be considered an attractive proposition for an increasing number of South African organisations, yet the adoption of Cloud Computing in South Africa remains relatively low. Many organisations have been hesitant to adopt Cloud solutions owing to a variety of inhibiting factors and concerns that have created mistrust in Cloud Computing. One of the top concerns identified is security within the Cloud Computing environment. The approaching commencement of new data protection legislation in South Africa, known as the Protection of Personal Information Act (POPI), may provide an ideal opportunity to address the information security-related inhibiting factors and foster a trust relationship between potential Cloud users and Cloud providers. POPI applies to anyone who processes personal information and regulates how they must handle, store and secure that information. POPI is considered to be beneficial to Cloud providers as it gives them the opportunity to build trust with potential Cloud users through achieving compliance and providing assurance. The aim of this dissertation is, therefore, to develop a framework for Cloud Computing adoption that will assist in mitigating the information security-related factors inhibiting Cloud adoption by fostering a trust relationship through compliance with the POPI Act. It is believed that such a framework would be useful to South African Cloud providers and could ultimately assist in the promotion of Cloud adoption in South Africa.
|
9 |
Guidelines for secure cloud-based personal health recordsMxoli, Ncedisa Avuya Mercia January 2017 (has links)
Traditionally, health records have been stored in paper folders at the physician’s consulting rooms – or at the patient’s home. Some people stored the health records of their family members, so as to keep a running history of all the medical procedures they went through, and what medications they were given by different physicians at different stages of their lives. Technology has introduced better and safer ways of storing these records, namely, through the use of Personal Health Records (PHRs). With time, different types of PHRs have emerged, i.e. local, remote server-based, and hybrid PHRs. Web-based PHRs fall under the remote server-based PHRs; and recently, a new market in storing PHRs has emerged. Cloud computing has become a trend in storing PHRs in a more accessible and efficient manner. Despite its many benefits, cloud computing has many privacy and security concerns. As a result, the adoption rate of cloud services is not yet very high. A qualitative and exploratory research design approach was followed in this study, in order to reach the objective of proposing guidelines that could assist PHR providers in selecting a secure Cloud Service Provider (CSP) to store their customers’ health data. The research methods that were used include a literature review, systematic literature review, qualitative content analysis, reasoning, argumentation and elite interviews. A systematic literature review and qualitative content analysis were conducted to examine those risks in the cloud environment that could have a negative impact on the secure storing of PHRs. PHRs must satisfy certain dimensions, in order for them to be meaningful for use. While these were highlighted in the research, it also emerged that certain risks affect the PHR dimensions directly, thus threatening the meaningfulness and usability of cloud-based PHRs. The literature review revealed that specific control measures can be adopted to mitigate the identified risks. These control measures form part of the material used in this study to identify the guidelines for secure cloud-based PHRs. The guidelines were formulated through the use of reasoning and argumentation. After the guidelines were formulated, elite interviews were conducted, in order to validate and finalize the main research output: i.e. guidelines. The results of this study may alert PHR providers to the risks that exist in the cloud environment; so that they can make informed decisions when choosing a CSP for storing their customers’ health data.
|
10 |
User Behavior Trust Based Cloud Computing Access Control ModelJiangcheng, Qin January 2016 (has links)
Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud service users (CSUs) and cloud service providers (CSPs) are arising therefrom. User behavior trust (UBT) evaluation is a valid method to solve security dilemmas of identity-based access control system, but current studies of UBT based access control model is still not mature enough, existing the problems like UBT evaluation complexity, trust dynamic update efficiency, evaluation accuracy, etc. Objective. The aim of the study is to design and develop an improved UBT based CC access control model compare to the current state-of-art. Including an improved UBT evaluation method, able to reflect the user’s credibility according to the user’s interaction behavior, provides access control model with valid evidence to making access control decision; and a dynamic authorization control and re-allocation strategy, able to timely response to user’s malicious behavior during entire interaction process through real-time behavior trust evaluation. Timely updating CSUs trust value and re-allocating authority degree. Methods. This study presented a systematical literature review (SLR) to identify the working structure of UBT based access control model; summarize the CSUs’ behaviors that can be collected as UBT evaluation evidence; identify the attributes of trust that will affect the accuracy of UBT evaluation; and evaluated the current state-of-art of UBT based access control models and their potential advantages, opportunities, and weaknesses. Using the acquired knowledge, design a UBT based access control model, and adopt prototype method to simulate the performance of the model, in order to verify its validation, verify improvements, and limitations. Results. Through the SLR, two types of UBT based access control model working structures are identified and illustrated, essential elements are summarized, and a dynamic trust and access update module is described; 23 CSU’s behavior evidence items are identified and classified into three classes; four important trust attributes, influences, and corresponding countermeasures are identified and summarized; and eight current state-of-art of UBT based access control models are identified and evaluated. A Triple Dynamic Window based Access Control model (TDW) was designed and established as a prototype, the simulation result indicates the TDW model is well performed on the trust fraud problem and trust expiration problem. Conclusions. From the research results that we obtained from this study, we have identified several basic elements of UBT evaluation method, evaluated the current state-of-art UBT based access control models. Towards the weaknesses of trust fraud prevention and trust expiration problem, this paper designed a TDW based access control model. In comparing to the current state-of-art of UBT models, the TDW model has the following advantages, such as it is effectively preventing trust fraud problem with “slow rise” principle, able to timely response to malicious behavior by constantly aggravate punishment strategy (“rapid decrease” principle), effectively prevent malicious behavior and malicious user, and able to reflect the recent credibility of accessing user by expired trust update strategy and most recent trust calculation; finally, it has simple and customizable data structure, simple trust evaluation method, which has good scalability.
|
Page generated in 0.0749 seconds