Um Mecanismo de Integração de Identidades Federadas entre Shibboleth e SimpleSAMLphp para aplicações de Nuvens. / A Federated Identity Integration Mechanism between Shibboleth and SimpleSAMLphp for Cloud Applications.

BATISTA NETO, Luiz Aurélio

19 October 2014

Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-04T14:25:51Z No. of bitstreams: 1 Luiz Aurélio Batista Neto.pdf: 2595761 bytes, checksum: 07f714d6c1f7297c78081b105edc8633 (MD5) / Made available in DSpace on 2017-08-04T14:25:51Z (GMT). No. of bitstreams: 1 Luiz Aurélio Batista Neto.pdf: 2595761 bytes, checksum: 07f714d6c1f7297c78081b105edc8633 (MD5) Previous issue date: 2014-10-19 / CAPES / Cloud computing applications are vulnerable to security threats originating from the Internet, because of the resources with other users and managed by third parties sharing. The diversity of services and technologies still presents a challenge to identity integration and user data in the distributed context. To address these issues, identity management techniques, especially those using a federated approach, appear crucial to protect the information from unauthorized access and allow the exchange of resources between the different trusted parties among themselves. The objective of this work is to develop a model that allows integration between identity providers through the Security Assertion Markup Language (SAML) protocol, in order to provide access to applications in multiple domains of Cloud Computing. In this scenario, each domain users and groups services as the mechanism of representation of the user according to the identity management system used (Shibboleth or SimpleSAMLphp). The proposed model is implemented to verify its applicability. In the experiments by computer simulation, the results obtained demonstrate the feasibility of the presented model. / Aplicações de Computação em Nuvem estão vulneráveis a ameaças de segurança oriundas da Internet, por conta do compartilhamento de recursos com outros usuários e gerenciados por terceiros. A diversidade de serviços e tecnologias se apresenta ainda como desafio para integração de identidades e dados de usuários no contexto distribuído. Para lidar com essas questões, técnicas de gerenciamento de identidades, especialmente as que utilizam a abordagem federada, se mostram fundamentais para proteger as informações de acessos não autorizados e permitir o intercâmbio de recursos entre as diferentes partes confiáveis entre si. O objetivo deste trabalho é desenvolver um modelo que permita a integração entre provedores de identidades por meio do protocolo Security Assertion Markup Language (SAML), com a finalidade de prover o acesso a aplicações em múltiplos domínios de Computação em Nuvem. Neste cenário, cada domínio agrupa usuários e serviços conforme o mecanismo de representação do usuário de acordo com o sistema de gerenciamento de identidades utilizado (Shibboleth ou SimpleSAMLphp). O modelo proposto é implementado para verificar a sua aplicabilidade. Nos experimentos realizados por simulação computacional, os resultados obtidos demonstram a viabilidade do modelo apresentado.

Ciência da Computação

Combating Data Leakage in the Cloud

Dlamini, Moses Thandokuhle

January 2020

The increasing number of reports on data leakage incidents increasingly erodes the already low consumer confidence in cloud services. Hence, some organisations are still hesitant to fully trust the cloud with their confidential data. Therefore, this study raises a critical and challenging research question: How can we restore the damaged consumer confidence and improve the uptake and security of cloud services? This study makes a plausible attempt at unpacking and answering the research question in order to holistically address the data leakage problem from three fronts, i.e. conflict-aware virtual machine (VM) placement, strong authentication and digital forensic readiness. Consequently, this study investigates, designs and develops an innovative conceptual architecture that integrates conflict-aware VM placement, cutting-edge authentication and digital forensic readiness to strengthen cloud security and address the data leakage problem in the hope of eventually restoring consumer confidence in cloud services. The study proposes and presents a conflict-aware VM placement model. This model uses varying degrees of conflict tolerance levels, the construct of sphere of conflict and sphere of non-conflict. These are used to provide the physical separation of VMs belonging to conflicting tenants that share the same cloud infrastructure. The model assists the cloud service provider to make informed VM placement decisions that factor in their tenants’ security profile and balance it against the relevant cost constraints and risk appetite. The study also proposes and presents a strong risk-based multi-factor authentication mechanism that scales up and down, based on threat levels or risks posed on the system. This ensures that users are authenticated using the right combination of access credentials according to the risk they pose. This also ensures end-to-end security of authentication data, both at rest and in transit, using an innovative cryptography system and steganography. Furthermore, the study proposes and presents a three-tier digital forensic process model that proactively collects and preserves digital evidence in anticipation of a legal lawsuit or policy breach investigation. This model aims to reduce the time it takes to conduct an investigation in the cloud. Moreover, the three-tier digital forensic readiness process model collects all user activity in a forensically sound manner and notifies investigators of potential security incidents before they occur. The current study also evaluates the effectiveness and efficiency of the proposed solution in addressing the data leakage problem. The results of the conflict-aware VM placement model are derived from simulated and real cloud environments. In both cases, the results show that the conflict-aware VM placement model is well suited to provide the necessary physical isolation of VM instances that belong to conflicting tenants in order to prevent data leakage threats. However, this comes with a performance cost in the sense that higher conflict tolerance levels on bigger VMs take more time to be placed, compared to smaller VM instances with low conflict tolerance levels. From the risk-based multifactor authentication point of view, the results reflect that the proposed solution is effective and to a certain extent also efficient in preventing unauthorised users, armed with legitimate credentials, from gaining access to systems that they are not authorised to access. The results also demonstrate the uniqueness of the approach in that even minor deviations from the norm are correctly classified as anomalies. Lastly, the results reflect that the proposed 3-tier digital forensic readiness process model is effective in the collection and storage of potential digital evidence. This is done in a forensically sound manner and stands to significantly improve the turnaround time of a digital forensic investigation process. Although the classification of incidents may not be perfect, this can be improved with time and is considered part of the future work suggested by the researcher. / Thesis (PhD)--University of Pretoria, 2020. / Computer Science / PhD / Unrestricted

Security of Cloud Computing

Cloud Computing

Digital Forensics

Behavioural Multifactor Authentication

Data Leakage Threats

Information Security

UCTD

INCORPORATING SECURITY IN SERVICE LEVEL AGREEMENTS

Asghar, Syed Usman

January 2020

No description available.

Computer Systems

Datorsystem

Securing Cloud Containers through Intrusion Detection and Remediation

Abed, Amr Sayed Omar

29 August 2017

Linux containers are gaining increasing traction in both individual and industrial use. As these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. However, a little research has been conducted in this area. This research introduces an anomaly-based intrusion detection and remediation system for container-based clouds. The introduced system monitors system calls between the container and the host server to passively detect malfeasance against applications running in cloud containers. We started by applying a basic memory-based machine learning technique to model the container behavior. The same technique was also extended to learn the behavior of a distributed application running in a number of cloud-based containers. In addition to monitoring the behavior of each container independently, the system used prior knowledge for a more informed detection system. We then studied the feasibility and effectiveness of applying a more sophisticated deep learning technique to the same problem. We used a recurrent neural network to model the container behavior. We evaluated the system using a typical web application hosted in two containers, one for the front-end web server, and one for the back-end database server. The system has shown promising results for both of the machine learning techniques used. Finally, we describe a number of incident handling and remediation techniques to be applied upon attack detection. / Ph. D. / Cloud computing plays an important role in our daily lives today. Most of the online services and applications we use are hosted in a cloud environment. Examples include email, cloud storage, online booking systems, and many websites. Typically, a cloud environment would host many of those applications on a single host to maximize efficiency and minimize overhead. To achieve that, cloud service providers, such as Amazon Web Services and Google Cloud Platform, rely on virtual encapsulation environments, such as virtual machines and containers, to encapsulate and isolate applications from other applications running in the cloud. One major concern usually raised when discussing cloud applications is the security of the application and the privacy of the data it handles, e.g. the files stored by the end users on their cloud storage. In addition to firewalls and traditional security measures that attempt to prevent an attack from affecting the application, intrusion detection systems (IDS) are usually used to detect when an application is affected by a successful attack that managed to escape the firewall. Many intrusion detection systems have been introduced to cloud applications using virtual machines, but almost none has been introduced to applications running in containers. In this dissertation, we introduce an intrusion detection system to be deployed by cloud service providers to container-based cloud environments. The system uses machine learning techniques to learn the behavior of the application running in the container and detect when the behavior changes as an indication for a potential attack. Upon detection of the attack, the system applies one of three defense mechanisms to restore the running application to a safe state.

Security in Cloud Computing

Deep learning (Machine learning)

Intrusion Detection

Container Security

Behavior Modeling

Anomaly Detection