Spelling suggestions: "subject:"cloud computing security"" "subject:"cloud acomputing security""
11 |
Multi-Layered Policy Generation and Management in CloudsFatemi Moghaddam, Faraz 12 December 2017 (has links)
No description available.
|
12 |
A framework for assuring conformance of cloud-based email at higher education institutionsWillett, Melanie January 2013 (has links)
Cloud computing is a relatively immature computing paradigm that could significantly benefit users. Cloud computing solutions are often associated with potential benefits such as cost reduction, less administrative hassle, flexibility and scalability. For organisations to realize such potential benefits, cloud computing solutions need to be chosen, implemented, managed and governed in a way that is secure, compliant with internal and external requirements and indicative of due diligence. This can be a challenge, given the many concerns and risks commonly associated with cloud computing solutions. One cloud computing solution that is being widely adopted around the world is cloud-based email. One of the foremost adopters of this cloud computing solution is higher education institutions. These higher education institutions stand to benefit greatly from using such services. Cloud-based email can be provisioned to staff and students at these institutions for free. Additionally, cloud service providers (CSPs) are able to provide a better email service than some higher education institutions would be able to provide if they were required to do so in-house. CSPs often provide larger inboxes and many extra services with cloud-based email. Cloud-based email is, therefore, clearly an example of a cloud computing solution that has the potential to benefit organisations. There are however, risks and challenges associated with the use of this cloud computing solution. Two of these challenges relate to ensuring conformance to internal and external (legal, regulatory and contractual obligations) requirements and to providing a mechanism of assuring that cloud-based email related activities are sound. The lack of structured guidelines for assuring the conformance of cloud-based email is putting this service at risk at higher education institutions in South Africa. This work addresses this problem by promoting a best practice based approach to assuring the conformance of cloud-based email at higher education institutions. To accomplish this, components of applicable standards and best practice guidelines for IT governance, IT assurance and IT conformance are used to construct a framework for assuring the conformance of cloud-based email. The framework is designed and verified using sound design science principles. The utility and value of the framework has been demonstrated at a higher education institution in South Africa. This framework can be used to assist higher education institutions to demonstrate due diligence in assuring that they conform to legal and best practice requirements for the management and governance of cloud-based email. This is a significant contribution in the relatively new field of cloud computing governance.
|
13 |
A Policy-Based Management Framework for Cloud Computing SecurityRunsewe, Olubisi Atinuke January 2014 (has links)
Cloud Computing has changed how computing is done as applications and services are being consumed from the cloud. It has attracted a lot of attention in recent times due to the opportunities it offers. While Cloud Computing is economical, the security challenges it poses are quite significant and this has affected the adoption rate of the technology. With the potential vulnerabilities being introduced by moving data to the cloud, it has become imperative for cloud service providers to guarantee the security of information, leaving cloud service consumers (e.g., enterprises) with the task of negotiating the terms and conditions of services provided by the cloud service providers as well as trusting them with their data. Although various security solutions used for addressing the security of data within the enterprises are now being applied to the cloud, these security solutions are challenged due to the dynamic, distributed and complex nature of the cloud technology.
This thesis proposes a novel Policy-Based Management (PBM) framework capable of achieving cross-tenant authorization, handling dynamic and anonymous users while reducing the security management task to address cloud security. The framework includes an access control model adapted to the cloud environment that adopts features from role-based, task-based and attribute-based access control frameworks for a fine-grained access control. We demonstrate how this framework can be applied to develop an access control system for an enterprise using cloud services. The framework verifies the correctness of access control policies for cloud security through reasoning technique.
|
14 |
The right to privacy : how the proposed POPI Bill will impact data security in a cloud computing environmentBasson, Benhardus 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: The growing popularity and continuing development of cloud computing services is ever evolving and is slowly being integrated into our daily lives through our interactions with electronic devices. Cloud Computing has been heralded as the solution for enterprises to reduce information technology infrastructure cost by buying cloud services as a utility. While this premise is generally correct, in certain industries for example banking, the sensitive nature of the information submitted to the cloud for storage or processing places information security responsibilities on the party using the cloud services as well as the party providing them. Problems associated with cloud computing are loss of control, lack of trust between the contracting parties in the cloud relationship (customer and cloud service provider) and segregating data securely in the virtual environment.
The risk and responsibilities associated with data loss was previously mainly reputational in nature but with the promulgation and signing by the South African Parliament of the Protection of Personal Information Bill (POPI) in August 2013 these responsibilities to protect information are in the process to be legislated in South Africa. The impact of the new legislation on the cloud computing environment needs to be investigated as the requirements imposed by the Bill might render the use of cloud computing in regard to sensitive data nonviable without replacing some of the IT infrastructure cost benefits that cloud computing allows with increased data security costs.
In order to investigate the impact of the new POPI legislation on cloud computing, the components and characteristics of the cloud will be studied and differentiated from other forms of computing.
The characteristics of cloud computing are the unique identifiers that differentiate it from Grid and Cluster computing. The component study is focused on the service and deployment models that can be associated with cloud computing. The understanding obtained will be used to compile a new definition of cloud computing. By utilizing the cloud definition of what components and processes constitute cloud computing the different types of data security processes and technical security measures can be implemented are studied. This will include information management and governance policies as well as technical security measures such as encryption and virtualisation security. The last part of the study will be focussed on the Bill and the legislated requirements and how these can be complied with using the security processes identified in the rest of the study. The new legislation still has to be signed by the State President after which businesses will have one year to comply and due to the short grace period businesses need to align their business practices with the proposed requirements. The impact is wide ranging from implementing technical information security processes to possible re-drafting of service level agreements with business partners that share sensitive information. The study will highlight the major areas where the Bill will impact businesses as well as identifying possible solutions that could be implemented by cloud computing users when storing or processing data in the cloud. / AFRIKAANSE OPSOMMING: Die groei in gewildheid en die ontwikkeling van wolkbewerking dienste is besig om te verander en is stadig besig om in ons daaglikse lewens geintegreer te word deur ons interaksie met elektroniese toestelle. Wolkbewerking word voorgehou as ‘n oplossing vir besighede om hul inligtings tegnologie infrastruktuur kostes te verminder deur dienste te koop soos hulle dit benodig. Alhoewel die stelling algemeen as korrek aanvaar word, kan spesifieke industrië soos byvoorbeeld die bankwese se inligting so sensitief wees dat om die inligting aan wolkbewerking bloot te stel vir berging en prosesseering dat addisionele verantwoodelikhede geplaas op die verantwoordelike partye wat die wolk dienste gebruik sowel as die persone wat dit voorsien. Probleme geassosieër met wolk- bewerking is die verlies aan beheer, gebrekkige vertroue tussen kontakteurende partye in die wolk verhouding (verbruiker en wolk dienste verskaffer) en die beveiliging van verdeelde inligting in die virtuele omgewing.
Die risiko’s en verantwoordelikhede geassosieër met inligtings verlies was voorheen grootliks gebasseer op die skade wat aan die besigheid se reputasie aangedoen kan word, maar met die publiseering en ondertekening deur die Suid-Afrikaans Parliament van die Beskerming van Persoonlike Inligting Wet (BVPI) in Augustus 2013 is hierdie verantwoordelikhede in die proses om in wetgewing in Suid Afrika vas gelê te word. Die impak van die nuwe wetgewing op die wolkbewering omgewing moet ondersoek word omdat die vereistes van die Wet die gebruik van wolkbewerking in terme van sensitiewe inligting so kan beinvloed dat dit nie die moeite werd kan wees om te gebruik nie, en veroorsaak dat addisionele verminderde IT infrastruktuur koste voordele vervang moet word met addisionele inligting beveiligings kostes.
Om die impak van die nuwe BVPI wetgewing op wolkbewerking te ondersoek moet die komponente en karakter eienskappe van die wolk ondersoek word om vas te stel wat dit uniek maak van ander tipes rekenaar bewerking. Die karakter eienskappe van wolkbewerking is die unieke aspekte wat dit apart identifiseer van Rooster en Groep rekenaar bewerking. Die komponente studie sal fokus op die dienste en implimenterings modelle wat geassosieer word met wolkbewerking. Die verstandhouding wat deur voorsafgaande studie verkry is sal dan gebruik word om ‘n nuwe definisie vir wolkbewerking op te stel. Deur nou van die definisie gebruik te maak kan die inligtings sekuriteit prosesse en tegniese sekuriteits maatreëls wat deur die verantwoordelike party en die wolkbewerkings dienste verskaffer gebruik kan word om die komponente en prosesse te beveilig bestudeer word. Die studie sal insluit, inligtings bestuur prosesse en korporatiewe bestuur asook tegniese beveiligings maatreels soos kodering en virtualisasie sekuriteit. Die laaste deel van die studie sal fokus op die BVPI wetgewing en die vereistes en hoe om daaraan te voldoen deur die sekuritiets maatreëls geidentifiseer in die res van die studie te implimenteer. Die nuwe wetgewing moet nog deur die Staats President onderteken word waarna besighede ‘n jaar sal he om aan die vereistes te voldoen en omdat die periode so kort is moet besighede hulself voorberei en besigheid prosesse aanpas. Die impak van die wetgewing strek baie wyd en beinvloed van tegnise inligtings beveiligings prosesse tot kontrakte aangaande diens lewering wat dalk oor opgestel moet word tussen partye wat sensitiewe inligting uitruil. Die studie sal die prominente areas van impak uitlig asook die moontlike oplossings wat gebruik kan word deur partye wat wolkbewerking gebruik om inligting te stoor of te bewerk.
|
15 |
Public Software as a Service a Business-Driven Guidance for Risk ControlGuillaume, Fumeaux January 2017 (has links)
Because cloud computing adoption grows day-by-day, it is essential for theexecutives of a company to be able to rely on a risks management guidanceto fully grasp all the aspects concerning cloud computing security.The concerns of the industry, the security standards, the official guidelines,and the European laws about the security when using cloud serviceshave been analyzed. The risks, the measures, and the obligations have beengathered. This paper, with all these information collected, describes how torun a risk management for public SaaS security keeping a business-drivenmindset. While running the risk assessment, the management should look atthe impact a threat may have on company activities, image, and finances. Itwill decide on the measures that should be implemented by the administrationor the IT.Following this guidance should minimize the risk of using public SaaScloud computing and allowing a company to align its security goals with itsbusiness goals.
|
16 |
Data security and reliability in cloud backup systems with deduplication.January 2012 (has links)
雲存儲是一個新興的服務模式,讓個人和企業的數據備份外包予較低成本的遠程雲服務提供商。本論文提出的方法,以確保數據的安全性和雲備份系統的可靠性。 / 在本論文的第一部分,我們提出 FadeVersion,安全的雲備份作為今天的雲存儲服務上的安全層服務的系統。 FadeVersion實現標準的版本控制備份設計,從而消除跨不同版本備份的冗餘數據存儲。此外,FadeVersion在此設計上加入了加密技術以保護備份。具體來說,它實現細粒度安全删除,那就是,雲客戶可以穩妥地在雲上删除特定的備份版本或文件,使有關文件永久無法被解讀,而其它共用被删除數據的備份版本或文件將不受影響。我們實現了試驗性原型的 FadeVersion並在亞馬遜S3之上進行實證評價。我們證明了,相對於不支援度安全删除技術傳統的雲備份服務 FadeVersion只增加小量額外開鎖。 / 在本論文的第二部分,提出 CFTDedup一個分佈式代理系統,利用通過重複數據删除增加雲存儲的效率,而同時確保代理之間的崩潰容錯。代理之間會進行同步以保持重複數據删除元數據的一致性。另外,它也分批更新元數據減輕同步帶來的開銷。我們實現了初步的原型CFTDedup並通過試驗台試驗,以存儲虛擬機映像評估其重複數據删除的運行性能。我們還討論了幾個開放問題,例如如何提供可靠、高性能的重複數據删除的存儲。我們的CFTDedup原型提供了一個平台來探討這些問題。 / Cloud storage is an emerging service model that enables individuals and enterprises to outsource the storage of data backups to remote cloud providers at a low cost. This thesis presents methods to ensure the data security and reliability of cloud backup systems. / In the first part of this thesis, we present FadeVersion, a secure cloud backup system that serves as a security layer on top of todays cloud storage services. FadeVersion follows the standard version-controlled backup design, which eliminates the storage of redundant data across different versions of backups. On top of this, FadeVersion applies cryptographic protection to data backups. Specifically, it enables ne-grained assured deletion, that is, cloud clients can assuredly delete particular backup versions or files on the cloud and make them permanently in accessible to anyone, while other versions that share the common data of the deleted versions or les will remain unaffected. We implement a proof-of-concept prototype of FadeVersion and conduct empirical evaluation atop Amazon S3. We show that FadeVersion only adds minimal performance overhead over a traditional cloud backup service that does not support assured deletion. / In the second part of this thesis, we present CFTDedup, a distributed proxy system designed for providing storage efficiency via deduplication in cloud storage, while ensuring crash fault tolerance among proxies. It synchronizes deduplication metadata among proxies to provide strong consistency. It also batches metadata updates to mitigate synchronization overhead. We implement a preliminary prototype of CFTDedup and evaluate via test bed experiments its runtime performance in deduplication storage for virtual machine images. We also discuss several open issues on how to provide reliable, high-performance deduplication storage. Our CFTDedup prototype provides a platform to explore such issues. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Rahumed, Arthur. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 47-51). / Abstracts also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Cloud Based Backup and Assured Deletion --- p.1 / Chapter 1.2 --- Crash Fault Tolerance for Backup Systems with Deduplication --- p.4 / Chapter 1.3 --- Outline of Thesis --- p.6 / Chapter 2 --- Background and Related Work --- p.7 / Chapter 2.1 --- Deduplication --- p.7 / Chapter 2.2 --- Assured Deletion --- p.7 / Chapter 2.3 --- Policy Based Assured Deletion --- p.8 / Chapter 2.4 --- Convergent Encryption --- p.9 / Chapter 2.5 --- Cloud Based Backup Systems --- p.10 / Chapter 2.6 --- Fault Tolerant Deduplication Systems --- p.10 / Chapter 3 --- Design of FadeVersion --- p.12 / Chapter 3.1 --- Threat Model and Assumptions for Fade Version --- p.12 / Chapter 3.2 --- Motivation --- p.13 / Chapter 3.3 --- Main Idea --- p.14 / Chapter 3.4 --- Version Control --- p.14 / Chapter 3.5 --- Assured Deletion --- p.16 / Chapter 3.6 --- Assured Deletion for Multiple Policies --- p.18 / Chapter 3.7 --- Key Management --- p.19 / Chapter 4 --- Implementation of FadeVersion --- p.20 / Chapter 4.1 --- System Entities --- p.20 / Chapter 4.2 --- Metadata Format in FadeVersion --- p.22 / Chapter 5 --- Evaluation of FadeVersion --- p.24 / Chapter 5.1 --- Setup --- p.24 / Chapter 5.2 --- Backup/Restore Time --- p.26 / Chapter 5.3 --- Storage Space --- p.28 / Chapter 5.4 --- Monetary Cost --- p.29 / Chapter 5.5 --- Conclusions --- p.30 / Chapter 6 --- CFTDedup Design --- p.31 / Chapter 6.1 --- Failure Model --- p.31 / Chapter 6.2 --- System Overview --- p.32 / Chapter 6.3 --- Distributed Deduplication --- p.33 / Chapter 6.4 --- Crash Fault Tolerance --- p.35 / Chapter 6.5 --- Implementation --- p.36 / Chapter 7 --- Evaluation of CFTDedup --- p.37 / Chapter 7.1 --- Setup --- p.37 / Chapter 7.2 --- Experiment 1 (Archival) --- p.38 / Chapter 7.3 --- Experiment 2 (Restore) --- p.39 / Chapter 7.4 --- Experiment 3 (Recovery) --- p.40 / Chapter 7.5 --- Summary --- p.41 / Chapter 8 --- Future work and Conclusions of CFTDedup --- p.43 / Chapter 8.1 --- Future Work --- p.43 / Chapter 8.2 --- Conclusions --- p.44 / Chapter 9 --- Conclusion --- p.45 / Bibliography --- p.47
|
17 |
Mobile One Time Passwords and RC4 Encryption for Cloud ComputingAzam, A.S.M Faruque, Johnsson, Markus January 2011 (has links)
Cloud services have grown very quickly over the past couple of years, giving consumers and companies the chance to put services, resources and infrastructures in the hands of a provider. Therefore removing the need of providing these services themselves. This can for example lead to cost savings, better resource utilization and removing the need of technical expertise for the customers. There is big security concerns when using cloud services. Security is very important in cloud computing since people and companies store confidential data in the cloud. It must also be easy to use the services provided, since cloud services have so many users with different technical background. Since the control of services and data needed for the everyday-run of a corporation is being handled by another company, further issues needs to be concerned. The consumer needs to trust the provider, and know that they handle their data in a correct manner, and that resources can be accessed when needed. This thesis focuses on authentication and transmission encryption in cloud services. The current solutions used today to login to cloud services have been investigated and concluded that they don't satisfy the needs for cloud services. They are either insecure, complex or costly. It can also be concluded that the best encryption algorithm to use in a cloud environment is RC4, which is secure and at the same time a fast algorithm. Compared to AES, which together with RC4, are the most common encryption methods used over the Internet today, RC4 is the better choice. This thesis have resulted in an authentication and registration method that is both secure and easy to use, therefore fulfilling the needs of cloud service authentication. The method have been implemented in a fully working finished solution, that use a regular mobile phone to generate one time passwords that is used to login to cloud services. All of the data transmissions between the client and the server have been configured to use RC4 encryption. The conclusions that can be drawn is that the security proposal implemented in this thesis work functions very well, and provide good security together with an ease of use for clients that don't have so much technical knowledge.
|
18 |
Cloud information security : a higher education perspectiveVan der Schyff, Karl Izak January 2014 (has links)
In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
|
19 |
Addressing the Data Location Assurance Problem of Cloud Storage EnvironmentsNoman, Ali 09 April 2018 (has links)
In a cloud storage environment, providing geo-location assurance of data to a cloud user is very challenging as the cloud storage provider physically controls the data and it would be challenging for the user to detect if the data is stored in different datacenters/storage servers other than the one where it is supposed to be. We name this problem as the “Data Location Assurance Problem” of a Cloud Storage Environment. Aside from the privacy and security concerns, the lack of geo-location assurance of cloud data involved in the cloud storage has been identified as one of the main reasons why organizations that deal with sensitive data (e.g., financial data, health-related data, and data related to Personally Identifiable Infor-mation, PII) cannot adopt a cloud storage solution even if they might wish to. It might seem that cryptographic techniques such as Proof of Data Possession (PDP) can be a solution for this problem; however, we show that those cryptographic techniques alone cannot solve that. In this thesis, we address the data location assurance (DLA) problem of the cloud storage environment which includes but is not limited to investigating the necessity for a good data location assurance solution as well as challenges involved in providing this kind of solution; we then come up with efficient solutions for the DLA problem. Note that, for the totally dis-honest cloud storage server attack model, it may be impossible to offer a solution for the DLA problem. So the main objective of this thesis is to come up with solutions for the DLA problem for different system and attack models (from less adversarial system and attack models to more adversarial ones) available in existing cloud storage environments so that it can meet the need for cloud storage applications that exist today.
|
20 |
Secure and Energy Efficient Execution Frameworks Using Virtualization and Light-weight Cryptographic ComponentsNimgaonkar, Satyajeet 08 1900 (has links)
Security is a primary concern in this era of pervasive computing. Hardware based security mechanisms facilitate the construction of trustworthy secure systems; however, existing hardware security approaches require modifications to the micro-architecture of the processor and such changes are extremely time consuming and expensive to test and implement. Additionally, they incorporate cryptographic security mechanisms that are computationally intensive and account for excessive energy consumption, which significantly degrades the performance of the system. In this dissertation, I explore the domain of hardware based security approaches with an objective to overcome the issues that impede their usability. I have proposed viable solutions to successfully test and implement hardware security mechanisms in real world computing systems. Moreover, with an emphasis on cryptographic memory integrity verification technique and embedded systems as the target application, I have presented energy efficient architectures that considerably reduce the energy consumption of the security mechanisms, thereby improving the performance of the system. The detailed simulation results show that the average energy savings are in the range of 36% to 99% during the memory integrity verification phase, whereas the total power savings of the entire embedded processor are approximately 57%.
|
Page generated in 0.0969 seconds