KaaShiv InfoTech, Number 1 Inplant Training Experts in Chennai.
Although nearly half respondents believe that their use of the cloud has had no impact on their overall security posture, World Health Organization those who} believe it's had a negative impact (34 percent) is double the amount who report a positive impact (17 percent).
Visibility into the safety practices of cloud suppliers is additionally on the upswing, Ponemon finds. a minimum of 35 % of respondents take into account themselves intimate with the safety practices of their cloud suppliers — compared with 29 % solely 2 years past. But, at identical time, half SaaS users still claim to possess no data of what steps their suppliers square measure taking to secure their sensitive information. In addition, encoding is being additional wide adopted. Among SaaS users, secret writing has enlarged from 32 % in 2011 to 39 % in 2013. For IaaS/PaaS users, respondents report a rise from 17 % to 26 % over identical amount. Still, the report cautions, quite half respondents report that their sensitive information is within the clear and so legible once hold on within the cloud. The perceived responsibility for safeguarding sensitive information within the cloud is incredibly addicted to the sort of cloud service in question. In software-as-a-service (SaaS) environments quite half respondents see the cloud supplier as being primarily liable for security. In distinction, nearly half infrastructure-as-a-service/platform-as-a-service (IaaS/PaaS) users read security as a shared responsibility between the user and cloud supplier.
Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms' security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using. NET and deployed it on a test bed cloud platform. We evaluated the framework by managing the security of a multi-tenant SaaS application exemplar..
Cloud computing is a whole new paradigm that offers a non-traditional computing model for organizations to adopt Information Technology and related functions and aspects without upfront investment and with lower Total Cost of Ownership (TCO). Cloud computing opens doors to multiple, unlimited venues from elastic computing to on demand provisioning to dynamic storage and computing requirement fulfillment. However, despite the potential gains achieved from the cloud computing, the security of an open-ended and rather freely accessible resource is still questionable which impacts the cloud adoption. The security problem becomes amplified under the cloud model as new dimensions enter into the problem scope related to the architecture, multi-tenancy, layer dependency, and elasticity. This paper introduces a detailed analysis of the cloud security problem. It investigates the problem of security from the cloud architecture perspective, the cloud characteristics perspective, cloud delivery model perspective, and the cloud stakeholder perspective. The paper investigates some of the key research challenges of implementing cloud-aware security solutions which can plausibly secure the ever-changing and dynamic cloud model. Based on this analysis it presents a derived detailed specification of the cloud security problem and key features that should be covered by any proposed security solution for cloud computing.
Cloud computing has brought new changes and opportunities to IT industry. It is the result of the evolution of a variety of techniques. And the railway department will use the cloud computing technology to achieve the sharing of the railway information resources and to improve the capacity of information processing. But with the development of the cloud computing, it also faced with many difficulties, cloud computing security has become the leading cause of impeding its development. Cloud computing security has become a hot topic in industry and academic research. This paper will explore the status of the development of cloud computing security, analyze the data privacy, security auditing, data monitoring and other challenges that the cloud computing security faced with. We will describe the solutions which the industry and academia proposed for some key issues of cloud computing security, such as virtualization security and traffic monitoring between virtual machines and so on. And we analyzed the security of cloud computing in railway environment. We proposed a cloud computing security reference framework. The purpose of this paper is attempted to bring greater clarity landscape about cloud computing security.
Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation, (2) provisioning dynamic security services, including creation and management of the dynamic security associations, as a part of the provisioned composite services or virtual infrastructures. The first task is a traditional task in security engineering , while dynamic provisioning of managed security services in virtualized environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required security mechanisms for secure data management in dynamically provisioned Cloud infrastructures. The paper refers to the architectural framework for on-demand infrastructure services provisioning, being developed by authors that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control infrastructure (DACI). The paper proposes the security mechanisms that are required for consistent DACI operation, in particular security tokens used for access control, policy enforcement and authorization session context exchange between provisioned infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for - finding sessions and security context between provisioned services and virtualized platform.
With the emergence of cloud computing, an increasingly greater number of innovative applications are being built on cloud computing platforms (e.g., Elastic Compute Cloud by Amazon, Windows Azure by Microsoft and Cloud Foundry by VMware). However, these cloud applications are also prone to risks and potential vulnerabilities in their system life cycle. In this study, a cloud security self-governance deployment framework is proposed from the system development life cycle perspective (Cloud SSDLC), and especially from government and industry perspectives. The cloud SSDLC incorporates the secure system development life cycle (SSDLC), cloud security critical domain guidelines, and risk considerations. According to the SSDLC, there are five main phases in Cloud SSDLC: initiation, development, implementation, operation, and destruction. Furthermore, critical cloud security domains and corresponding risks are integrated into each phase. From the industry and government perspective, different cases are used to demonstrate practical usage and legal issues in the proposed Cloud SSDLC. The main contribution is the provision of a framework to connect the SSDLC and cloud computing paradigm for enhancing cloud applications.
With the rapid development of Cloud computing, more and more users deposit their data and application on the cloud. But the development of Cloud computing is hindered by many Cloud security problem. Cloud computing has many characteristics, e.g. multi-user, virtualization, scalability and so on. Because of these new characteristics, traditional security technologies can't make Cloud computing fully safe. Therefore, Cloud computing security becomes the current research focus and is also this paper's research direction . In order to solve the problem of data security in cloud computing system, by introducing fully homomorphism encryption algorithm in the cloud computing data security, a new kind of data security solution to the insecurity of the cloud computing is proposed and the scenarios of this application is hereafter constructed. This new security solution is fully fit for the processing and retrieval of the encrypted data, and effectively leading to the broad applicable prospect, the security of data transmission and the storage of the cloud computing
The erosion of trust boundaries already happening in organizations is amplified and accelerated by Cloud computing. One of the most important security challenges is to manage and assure a secure Cloud usage over multi-provider Inter-Cloud environments with dedicated communication infrastructures, security mechanisms, processes and policies. This paper focuses on the identification of functions for different roles within future Inter-Cloud environments that belongs to the Cloud Security Management functional spectrum. Therefore, we describe all identified functional aspects and the distribution of these objects in order to define a platform independent model for the Security Management functional spectrum for Inter-Cloud called SMICS. SMICS will assist Cloud providers to analyze the necessary further development for their security management systems in order to support future Inter-Cloud environments. In addition, the better comprehension of the security management spectrum from a functional perspective will enable the Cloud provider community to design more efficient portals and gateways between Inter-Cloud providers itself respective their customer, and facilitate the adoption of this results in scientific and standardization environments.
Cloud computing has changed the whole picture that distributed computing used to present e.g. Grid computing, server client computing. Cloud has given a new meaning to distributed, and off-premises computing. Although, Cloud offers great benefits, it also introduces a myriad of security threats to the information and data which is now being ported from on-premises to off-premises. Where cloud computing can help organizations accomplish more by paying less (in the longer run) and breaking the physical boundaries between IT infrastructure and its users, due to openness of accessible information and data relying on trust between cloud provider and customer, heightened security threats must be overcome in order to benefit fully from this new computing exemplar. Breach in the security of any component in the cloud can be both disaster for the organization (the customer) and defacing for the provider. This paper explores the security issues related to the cloud. The paper also discusses the existing security approaches to secure the cloud infrastructure and applications and their drawbacks. Finally, we explore some key research challenges of implementing new cloud-aware security solutions that can provide the likes of pre-emptive protection for complex and ever dynamic Cloud infrastructure, followed by conclusion where we try to entail the whole research and try to formulate a security strategy which will enable the Cloud providers and customers alike to fight against ever emerging security threats.
Cloud computing is a latest and fast growing technology that offers an innovative, efficient and scalable business model for organizations to adopt various information technology resources i.e. software, hardware, network, storage, bandwidth etc. Cloud Computing is a jargon term without a commonly accepted non-ambiguous scientific or technical definition. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. It has the capability to incorporate multiple internal and external cloud services together to provide high interoperability there can be multiple accounts associated with a single or multiple service provider (SPs). So, Security in terms of integrity is most important aspects in cloud computing environment. In this paper, a detailed analysis of the cloud security problem is presented. Also the different problem in a cloud computing system and their effect upon the different cloud users are analyzed. It is providing a comparably scalable, position independent. Low cost platform for client's data. Since cloud computing environment is constructed based on open Architecture and interface. Based on this analysis various computing system and their effect upon the system, upon organizations and also upon different cloud users are analyzed. It is providing a comparably scalable, position-independent, low cost platform for client's data. Since cloud computing environment is constructed based on open architecture and interface. Based on this analysis various researches have also presented a view of measures that can be taken to deal with the cloud security problem and prevention that must be taken into account by any organization and cloud users seeking investment in cloud computing.
The re-perimeterization and the erosion of trust boundaries already happening in organizations is amplified and accelerated by Cloud Computing. Cloud service models employed, operational models, and technologies used to enable Cloud services may present additional risks and requirements to an organization compared to traditional IT solutions. This paper focuses on Cloud security management issues and interoperability challenges for Collaborative Clouds. Based on a comprehensive requirements analysis, we identified Cloud security management domains, integrating various Cloud security services of an organization and providing interoperability to identified stakeholders, in order to guideline Cloud activities within an organization. Furthermore we present the status quo of current approaches, systems and standards, with a special focus to objects within the Cloud Security Management Infrastructure (CSMI) that have to be managed and integrated by a Cloud security management system.
Cloud computing allows accessibility and efficient use of the global data ware houses and IT resources to different clients based on their need on the software, platform or infrastructure layer. Irrespective of the different levels of cloud computing service and attributes - customers are withdrawn from its mass usage due to cloud computing security issues. Cloud computing security issues if resolved can jump start cloud computing as the de-facto solution towards computation. From individual consumer to large enterprises - a secure cloud computing infrastructure can serve all clients anywhere and everywhere. Within the body of this research a new strategy towards delivering cloud computing security using reconfigurable computing has been presented. Components of the cloud vendor and cloud client trust mechanisms have been extrapolated from software based solutions to the hardware. Using FPGAs four different types of solutions are being proposed to ensure user authentication and user data security. These four solutions are trusted cloud computing platform for ensuring computational trust, user enabled security groups for data collaboration, data security and verifiable attestation. All four of these solutions implemented together can allow trusted computing that allows collaboration while keeping data secure within a computation environment that is continuously being attested for security measures.
The cloud computing is a new computing model which comes from grid computing, distributed computing, parallel computing, virtualization technology, utility computing and other computer technologies and it has more advantage characters such as large scale computation and data storage, virtualization, high expansibility, high reliability and low price service. The security problem of cloud computing is very important and it can prevent the rapid development of cloud computing. This paper introduces some cloud computing systems and analyzes cloud computing security problem and its strategy according to the cloud computing concepts and characters. The data privacy and service availability in cloud computing are the key security problem. Single security method cannot solve the cloud computing security problem and many traditional and new technologies and strategies must be used together for protecting the total cloud computing system.
Although cloud computing can help companies accomplish more by breaking the physical bonds between an IT infrastructure and its users, heightened security threats must be overcome in order to benefit fully from this new computing paradigm that offers an innovative business model for organizations to adopt IT without upfront investment. Despite the potential gains achieved from the cloud computing, the model security is still questionable which impacts the cloud model adoption. The security problem becomes more complicated under the cloud model as new dimensions have entered into the problem scope related to the model architecture, multi-tenancy, elasticity, and layers dependency stack. In this paper we introduce a detailed analysis of the cloud security problem. We investigated the problem from the cloud architecture perspective, the cloud offered characteristics perspective, the cloud stakeholders' perspective, and the cloud service delivery models perspective. Based on this analysis we derive a detailed specification of the cloud security problem and key features that should be covered by any proposed security solution.
This paper deals with the issues about dynamic cloud security services in mobile internet framework, where some important differences compared with traditional cloud security service exist, such as the complexity, mobility, openness and instability of the user groups. In view of these features, different enterprises and users may have different demands for cloud security services. Therefore, in order to provide different users with different levels of cloud security services, this paper proposed: a cloud service access control model which supports the permission changes, a cloud security service customizing architecture for differential security demands, and a security self-adaptive mechanism for cloud service. These three sub-schemes can help realize the controllability, customizability and adaptability of the cloud security service
Within the context of Cloud Computing, one of the most important security challenges is to manage and assure a secure usage over multi-provider Inter-Cloud environments with dedicated communication infrastructures, security mechanisms, processes and policies. The aim of Security controls in Cloud computing is, for the most part, no different than security controls in any IT environment from a functional security management perspective. The adaption and reuse of existing traditional security management areas that have to be enhanced for specific Cloud computing requirements (e.g., dynamic reconfiguration, distributed services, etc.), is proposed. Based on the collection of various Inter-Cloud use cases and scenarios within the private and public sector like DMTF (Distributed Management Task Force), NIST (National Institute of Standards and Technology), GICTF (Global Inter-Cloud Technology Forum) and ENISA (European Network and Information Security Agency) we analyzed and summarized the range of requirements for security management. As these requirements are not yet fulfilled by current security management approaches, we derived a set of security management areas that describe all identified functional aspects. This set will serve as a foundation of our future development towards security management architecture for the Inter-Cloud..
Mission critical information systems must be certified against a set of security controls to mitigate potential security incidents. Cloud service providers must in turn employ adequate security measures that conform to security controls expected by the organizational information systems they host. Since service implementation details are abstracted away by the cloud, organizations can only rely on service level agreements (SLAs) to assess the compliance of cloud security properties and processes. Various representation schemas allow SLAs to embed service security terms, but are disconnected from documents regulating security controls. This paper demonstrates an extensible solution for building a compliance vocabulary that associates SLA terms with security controls. The terms allow services to express which security controls they comply with and enable at-a-glance comparison of security service offerings so organizations can distinguish among cloud service providers that best comply with security expectations. To exemplify the approach, we build a sample vocabulary of terms based on audit security controls from a standard set of governing documents and apply them to an SLA for an example cloud storage service. We assess the compatibility with existing SLAs and calculate the computational overhead associated with the use of our approach in service matchmaking.
This paper gives an overview on cloud computing security. To clarify cloud security, a definition and scope of cloud computing security is presented. An ecosystem of cloud security is shown to illustrate what each role in industry can do in turn. Then security impacts of cloud security for both customers and operators are analyzed. To overcome challenges from cloud security, many state-of-the-art technical solutions, e.g., continuation protection mechanism, IDM, data security, and virtualization security are discussed. Finally, best practices on perspective of operator are summarized and a conclusion is conducted.
The rate of threats against IT systems is directly proportional to the rate of growing technology. The emergence of new technology requires researchers and practitioner's attention to discover new threats in order to make it reliable. Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Security issues in cloud computing is shown to be the biggest obstacle that could subvert the wide benefits of cloud computing. The new concepts that the cloud introduces, such as multi-tenancy, creates new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for other systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide comprehensive study of cloud computing security that includes classification of known security threats and the state-of-the-art practices in the endeavor to calibrate these threats. This paper also provides the dependency level within classification and provides a solution in form of preventive actions rather than proactive actions.
The cloud computing paradigm is considered as the next-generation of IT technology. It is also the internet based technology, where the users can share resources among the enormous cloud service provider, such as cloud partners and cloud vendors. Cloud computing makes high quality of service and high availability, so that users can simply access to prefer cloud with internet device. This makes many advantages and drawbacks for the users to create and store data in the cloud service provider. One is the data management and software may not be fully trustworthy in the cloud, therefore the security is an important aspect of quality of service. The purpose of this article is to concentrate on cloud data storage security and to manage the user's data in the cloud by Implementation of Kerberos authentication service. I believe this novel article is the background for the next opportunity of growing the cloud security.
Mobile cloud is a machine-to-machine service model, where a mobile device can use the cloud for searching, data mining, and multimedia processing. To protect the processed data, security services, i.e., encryption, decryption, authentications, etc., are performed in the cloud. In general, we can classify cloud security services in two categories: Critical Security (CS) service and Normal Security (NS) service. CS service provides strong security protection such as using longer key size, strict security access policies, and isolations for protecting data, and so on. The CS service usually occupies more cloud computing resources; however it generates more rewards to the cloud provider since the CS service users need to pay more for using the CS service. With the increase of the number of CS and NS service users, it is important to allocate the cloud resource to maximize the system rewards with the considerations of the cloud resource consumption and incomes generated from cloud users. To address this issue, we propose a Security Service Admission Model (SSAM) based on Semi-Markov Decision Process to model the system reward for the cloud provider. We, first, define system states by a tuple represented by the numbers of cloud users and their associated security service categories, and current event type (i.e., arrival or departure).We then derive the system steady-state probability and service request blocking probability by using the proposed SSAM. Numerical results show that the obtained theoretic probabilities are consistent with our simulation results.
In past three decades, the world of computation has changed from centralized (client-server not web-based) to distributed systems and now we are getting back to the virtual centralization (Cloud Computing). Location of data and processes makes the difference in the realm of computation. On one hand, an individual has full control on data and processes in his/her computer. On the other hand, we have the cloud computing wherein, the service and data maintenance is provided by some vendor which leaves the client/customer unaware of where the processes are running or where the data is stored. So, logically speaking, the client has no control over it. The cloud computing uses the internet as the communication media. When we look at the security of data in the cloud computing, the vendor has to provide some assurance in service level agreements (SLA) to convince the customer on security issues. Organizations use cloud computing as a service infrastructure; critically like to examine the security and confidentiality issues for their business critical insensitive applications. Yet, guaranteeing the security of corporate data in the "cloud" is difficult, if not impossible, as they provide different services like Software as a service (SaaS), Platform as a service (PaaS), and Infrastructure as a service (IaaS). Each service has their own security issues. So the SLA has to describe different levels of security and their complexity based on the services to make the customer understand the security policies that are being implemented. There has to be a standardized way to prepare the SLA irrespective to the providers. This can help some of the enterprises to look forward in using the cloud services. In this paper, we put forward some security issues that have to be included in SLA.
Informatization is an important feature of smart grid. With the construction of smart grid and the constant depth development of electric power information, the information networks of electric power have been continued to invade by all kinds of network threats. Traditional information security protection system for electric power had been unable to meet the security threats demand of ever changing and growing. Moreover, the cost of electrical safe operation was increased. Meanwhile, with the further application of electric power information engineering , operation capacity of electric power is required to be fully improved so that safe and stable operation is essential to electric power information system. Cloud security is service form that cloud computing provides for users. In view of the advantages of cloud computing and cloud security, architecture of electric power information security protection based on cloud security (AEPISP-CS) is put forward which combines with the current power information security status. Meanwhile, anti-virus system, spam mail filtering, threat detection based on cloud security are described in detail.
The use of cloud computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers may be untrusted. Dealing with "single cloud" providers is predicted to become less popular with customers due to risks of service availability failure and the possibility of malicious insiders in the single cloud. A movement towards "multi-clouds", or in other words, "interclouds" or "cloud-of-clouds" has emerged recently. This paper surveys recent research related to single and multi-cloud security and addresses possible solutions. It is found that the research into the use of multi-cloud providers to maintain security has received less attention from the research community than has the use of single clouds. This work aims to promote the use of multi-clouds due to its ability to reduce security risks that affect the cloud computing user.
Cloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modeling layer and facilitates a transformation based on security configuration patterns.
The cloud computing paradigm is now adopted in many organizations in various fields because of its low cost, high availability and scalability features. Healthcare, education, business, and many other domains look at cloud computing as an endeavor to solve the continuous shortage in volume, infrastructure, accessibility, and monitoring potency. However, moving data to the cloud implies shifting control of the customer's data to the cloud service provider indefinitely. Hence, the security and privacy of the customer's information becomes an important issue. Being an emerging field, there is a lack of experience in cloud security and lack of consensus on security and privacy. Assessing and comparing among potential cloud computing services, poses an issue for novice customers interested to move their work to the cloud to choose security options that are sufficient and robust at the same time. This paper attempts to identify and categorize a list of attributes which reflect the various aspects of cloud security and privacy. These attributes can be used to assess and compare cloud computing services so that consumers can make well educated choices. Cloud service providers can use them to build and/or offer better cloud solutions.
Secure cloud environment is essential for providing uninterrupted services to customers (individual user, company and government), since customers are relying on cloud for their computing and network service needs. As providers play the central role in cloud security, they need to establish rigorous security measures as a part of their service offerings. In order to limit liabilities for damages caused by the cloud, some form of insurance seems appropriate. For cloud security insurance, however, the question of differential security coverage is relevant as the cost of deploying special protection, detection and response tools varies and requires the coverage estimation. In this paper, we describe a framework to estimate security coverage for different type of service offerings. We have developed software prototype of this framework, called MEGHNAD and tested for various cloud service security requirements. This prototype can serve as a specialized Cloud Doctor in prescribing the right combination of security tools for different cloud services and according to the level of security assurance required.
In the recent era, cloud computing has evolved as a net centric, service oriented computing model. Consumers purchase computing resources as on-demand basis and get worry free with the underlying technologies used. Cloud computing model is composed of three service models Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) and four deployment models Public, Private, Community and Hybrid. A third party service provider, stores & maintains data, application or infrastructure of Cloud user. Relinquishing the control over data and application poses challenges of security, performance, availability and privacy. Security issues in Cloud computing are most significant among all others. Information Technology (IT) auditing mechanisms and framework in cloud can play an important role in compliance of Cloud IT security policies. In this paper, we focus on cloud security audit mechanisms and models.
Cloud Computing is increasingly becoming popular as many enterprise applications and data are moving into cloud platforms. However, a major barrier for cloud adoption is real and perceived lack of security. In this paper, we take a holistic view of cloud computing security - spanning across the possible issues and vulnerabilities connected with virtualization infrastructure, software platform, identity management and access control, data integrity, confidentiality and privacy, physical and process security aspects, and legal compliance in cloud. We present our findings from the points of view of a cloud service provider, cloud consumer, and third-party authorities such as Govt. We also discuss important research directions in cloud security in areas such as Trusted Computing, Information Centric Security and Privacy Preserving Models. Finally, we sketch a set of steps that can be used, at a high level, to assess security preparedness for a business application to be migrated to cloud.
Cloud Computing -- some treat it as a catchphrase, others as the next step in evolution of their organization and the Internet. However, what is for sure is that, it is a way of leveraging less expensive services based environment providing cost-effective solutions to various organizations to cater for their computing needs, without investing in computing infrastructure. However, cloud computing, just like other formats of computing, is not free from issues. One of the major barriers in adoption of cloud is security. Once migrated to cloud, you do not know where your data is physically stored, what laws and regulations govern the same and most important of all, who has access to it. This paper explores security issues related to cloud computing and proposes a paradigm for securing cloud. The paper investigates some of the key research challenges of implementing cloud-aware security solutions which can plausibly secure the ever-changing and dynamic cloud environment, followed by conclusion where we try to entail the whole research and try to formulate a practical security paradigm, which will enable the cloud providers and consumers to ensure that their data and valuable assets are safe from otherwise prying eyes..
Cloud infrastructure becomes the primary business environment for all types of enterprises during recent years. In cloud computing security is a fundamental concern, loss of control and potential lack of trust prevent large set of potential customers to immerse in the cloud world. One of the major key problem is how one can test, monitor or measure the underlying Cloud infrastructure from user/customer space. We have developed a solution which is able to examine the infrastructure, from security point-of-views. We offer a clear, adaptable, concise and easy-to-extend framework to assess the underlying cloud infrastructure. Our developed solution is generic and multipurpose it can act as a vulnerability scanner, and performance benchmarking tool at the same time. It is virtualized, it is agent based and collects assessment information by the decentralized Security Monitor and it archives the results received from the components and visualize them via a web interface for the tester/administrators. In this paper we present our virtualized cloud security monitor and assessment solution, we describe its functionalities and provide some examples of its results captured in real systems.
Cloud computing brings many advantages in terms of externalization, service delivery, elasticity, dependability and scalability. Nevertheless, it can be exposed to several vulnerabilities and security attacks. Therefore, we propose, in our UBIS (Ubiquity and Integration of Services) project, an architectural model that aims to satisfy cloud user requirements and cloud security challenges. For this purpose, our solution is based on two key elements. The former deals with ubiquitous services in Service Oriented Architecture. The latter considers QoS management that includes security aspects based on Event Driven Architecture.
Power cloud technology meets the need of smart grid, which is better in data processing, control technologies and strategies. With the construction of smart grid to speed up, security risks in power cloud can't be ignored. This paper begins with the hierarchy of power cloud, and then focuses on analyzing the potential security risks in power cloud construction. With the cloud security model, some related security protection technologies for power cloud are outlined finally.
Cloud computing is a popular subject across the IT (information technology) industry, but many risks associated with this relatively new delivery model are not yet fully understood. In this paper, we use a qualitative approach to gain insight into the vectors that contribute to cloud computing risks in the areas of security, business, and compliance. The focus is on the identification of risk vectors affecting cloud computing services and the creation of a framework that can help IT managers in their cloud adoption process and risk mitigation strategy. Economic pressures on businesses are creating a demand for an alternative delivery model that can provide flexible payments, dramatic cuts in capital investment, and reductions in operational cost. Cloud computing is positioned to take advantage of these economic pressures with low-cost IT services and a flexible payment model, but with certain security and privacy risks. The frameworks offered by this paper may assist IT professionals obtain a clearer understanding of the risk tradeoffs associated with cloud computing environments.
While creating the cloud security architecture the opportunity arises to apply IT best practices and the principles of security for a particular domain and to solve a specific set of issues related to security, measurability being one of the hardest. The article explains a measurable model for a cloud by providing a set of controls and defining metrics principles. Further this article enlists the set of tools that can be used to evaluate the security of private, public, community or hybrid cloud.
The existing attack trees and attack graphs schemes focused on depicting the possible intrusions by presenting the suspected attack profiles, not for interactions between threats and defenses. Consequently, it limits the adoption of the safeguards with which to select the effective defensive strategies. Accordingly, the present study proposes a new method for solving threat risk analysis problem by means of modified Attack-Defense Trees (ADT) considering the effect of both the attack cost and defense cost. The effectiveness of the proposed approach was evaluated by a set of metrics for mitigating new network threats, like APT attacks. In addition, an illustration case of threat risk analysis of cloud security is given to demonstrate our approach. Finally, the adaptability of the proposed scheme is investigated by the attributes comparison with that of the scheme presented by Edge et al. (2007). Overall, our approach provides an effective means of reconstructing the attack profiles and evaluating the countermeasures in the evolutional process of security management for cloud security.
The Cloud computing offers various services and web based applications over the internet. With the tremendous growth in the development of cloud based services, the security issue is the main challenge and today's concern for the cloud service providers. This paper describes the management of security issues based on Diameter AAA mechanisms for authentication, authorization and accounting (AAA) demanded by cloud service providers. This paper focuses on the integration of Diameter AAA into cloud system architecture.
Data stream in the cloud is characterized by imbalanced distribution and concept drift. To solve the problem of classification of skewed and concept drift data stream in cloud security, we present an one-class classifier dynamic ensemble method which aims at separating virus data, reducing the amount of data analyzed in clouds, improving the efficiency of intrusion detection in cloud security and assisting detection of virus. The proposed method is based on using K-means algorithm to adjust data distribution, makes use of interval estimation combined with AUC value to check concept drift and updates classifiers and dynamically allocates weights. Experimental results illustrate that the proposed method can achieve good classification performance on synthetic dataset and effectively separate most of the virus samples on KDDCUP'99 dataset..
Based on the cloud computing, the construction of digital campus has achieved great success in the social and economic aspect. However, the problem of security also increased. This paper is going to make a discussion from the following aspects: cloud computing and cloud security .On the basis of the security defense ideas in different logical areas according to cloud-levels, and combining with the traditional security approaches and some new safety measures, this paper proposes a safety construction scheme of digital campus based on cloud computing, which would be strong practical guidance
Internet clouds work as service factories built around Web-scale data centers. The elastic cloud resources and huge datasets processed are subject to security breaches, privacy abuses, and copyright violations. Provisioned cloud resources on-demand are especially vulnerable to cyber attacks. The cloud platforms built by Google, IBM, and Amazon all reveal this weaknesses. We propose a new approach to integrating virtual clusters, security-reinforced data centers, and trusted data accesses guided by reputation systems. A hierarchy of P2P reputation systems is suggested to protect clouds and data centers at the site level and to safeguard the data objects at the file-access level. Different security countermeasures are suggested to protect cloud service models: IaaS, PaaS, and SaaS, currently implemented by Amazon, IBM, and Google, respectively.
Cloud computing is the current IT buzzword synonymous with outsourced data center management and agile solution architecture. It has the potential to improve scalability of large enterprise network delivery of services and the capability to revolutionize how data is delivered as a service. At its core, cloud computing is not a new technology but rather a new approach of distributed shared pooling of IT infrastructure linked together to offer centralized IT services on demand. The study results determined that management's perception of security, cost-effectiveness and IT compliance factors significantly influence their decisions to adopt cloud computing. The results of multiple linear regression analysis testing in this study showed that management's perception of cost-effectiveness is more significantly correlated to their decision to adopt cloud computing than security
Electronic documents are considered to be the most valuable information assets in enterprises. This article explains all the typical styles of document security management products. As the cloud securityera is coming, the existing systems need to be upgraded with most cost-effective measures, so a document security management system suitable for cloud security is also designed in this article.
Virtualization is essential to cloud computing, yet its security vulnerabilities in the cloud environment haven't been sufficiently studied. This analysis of cloud security focuses on how virtualization attacks affect different cloud service models.
This work displays metrics about publications available in the literature which deal with some of the seven security threats in Cloud Computing based in the guide entitled "Top Threats to Cloud Computing" from the Cloud Security Alliance (CSA). Through this research, it is identified the most explored threats, distributed the results between fifteen Security Domains and identified between eight types of solutions proposed for the threats. In face of those results, it was observed that publications in the literature mostly show a certain trend as the proposals presented for the involved Threats. However, in some cases some variations occur, what motivated us to fulfill an analysis of standard deviation in the results obtained in our research. Based on these data, we present our conception regarding this behavior.
We are seeing the deployment of new types of networks such as sensor networks for environmental and infrastructural monitoring, social networks such as Facebook, and e-Health networks for patient monitoring. These networks are producing large amounts of data that need to be stored, processed and analyzed. Cloud technology is being used to meet these challenges. However, a key issue is how to provide security for data stored in the Cloud. This paper addresses this issue in two ways. It first proposes a new security framework for Cloud security which deals with all the major system entities. Secondly, it introduces a Capability ID system based on modified IPv6 addressing which can be used to implement a security framework for Cloud storage. The paper then shows how these techniques are being used to build an e-Health system for patient monitoring
Cloud computing has appeared as one of the most influential paradigms in the IT commerce in recent years and this technology needs users to entrust their precious facts and figures to cloud providers, there have been expanding security and privacy concerns on outsourced data. Several schemes employing attribute-based encryption (ABE) have been suggested for get access to control of outsourced data in cloud computing; however, most of them suffer from inflexibility in applying convoluted get access to command principles. In order to recognize scalable, flexible and fine-grained get access to control of outsourced facts and figures in cloud computing, in this paper, we suggest hierarchical attribute-set-based encryption (HASBE) by expanding cipher text-policy attribute set- based encryption (ASBE) with a hierarchical structure of users. The suggested design not only achieves scalability due to its hierarchical structure, but furthermore inherits flexibility and fine-grained get access to command in carrying compound attributes of ASBE. In addition, HASBE uses multiple worth assignments for access expiration time to deal with client revocation more effectively than living schemes. We apply our scheme and show that it is both effective and flexible in dealing with get access to command for outsourced facts in cloud computing with comprehensive trials.
Cloud computing is emerging field because of its performance, high availability, least cost and many others. Besides this companies are binding there business from cloud computing because the fear of data leakage. Due lack of proper security control policy and weakness in safeguard which lead to many vulnerability in cloud computing. This paper has been written to focus on the problem of data leakage and proposes a framework works in two phases. First phase which is known as Data classification is done by client before storing the data. During this phase the data is to be categorized on the basis of CIA (Confidentiality, Integrity, and Availability). The client who wants to send the data for storage needs to give the value of C (confidentiality), I (integrity), A (Availability). The value of C is based on level of secrecy at each junction of data processing and prevents unauthorized disclosure, value of I based on how much assurance of accuracy is provided, reliability of information and unauthorized modification is required, and value of A is based on how frequently it is accessible. With the help of proposed formula, the priority rating is calculated. Accordingly data having the higher rating is considered to be critical and 3D security is recommended on that data. After completion of first phase the data which is received by cloud provider for storage, uses 3 Dimensional technique for accessibility. The sensitive proved data will send for storage to cloud provider. According to the concept of 3D user who wants to access the data need to be authenticated, to avoid impersonation and data leakage. Now there is third entity who is either company's (whose data is stored) employee or customer who want to access, they need to register first and then before every access to data, his/her identity is authenticated for authorization.
In this paper, we have proposed a framework for cloud data security which is capable of securing users' data, such that malicious user is detected quickly. The domain remains unaffected in worst case scenario. In this method, we have introduced a new constant value for classification that can automatically be redirected to access the requests for the corresponding cluster. Each service type has its own range of action value based on the user. Weight of the action has been calculated and once a user of trusted or innocent region does the same malicious work repeatedly, the user would be directly transferred to non-trusted user region and the data would remain un-available to the user, if and only if the threshold value of tolerance is reached. In this work, a service based trust management classifier approach is proposed for cloud security.
With the rapid development of network information, a new term is widely used, that is,"CloudComputing." It will completely change habit that the desktop as the core, and transferred to the core of Web, use storage and services on web. Humans may enter a new information age. So "Cloud Security" has also been more and more people are concerned. "Cloud Security" combines the parallel processing, grid computing, the Judgement of unknown viruses and other emerging technologies and concepts, through the mass of the network client detect status of all abnormal behavior and obtain the latest information of Trojans, viruses and other undesirable program, sent information to the server for automatic analysis and processing, then solutions in turn distributed to each client to solve insecurity.
This article proposes and analyzes a general cloud-based security overlay network that can be used as a transparent overlay network to provide services such as intrusion detection systems, antivirus and antispam software, and distributed denial-of-service prevention. The authors analyze each of these in-cloud security services in terms of resiliency, effectiveness, performance, flexibility, control, and cost.
Despite defensive advances, malicious software (malware) remains an ever present cyber-securitythreat. Cloud environments are far from malware immune, in that: i) they innately support the execution of remotely supplied code, and ii) escaping their virtual machine (VM) confines has proven relatively easy to achieve in practice. The growing interest in clouds by industries and governments is also creating a core need to be able to formally address cloud security and privacy issues. VM introspection provides one of the core cyber-security tools for analyzing the run-time behaviors of code. Traditionally, introspection approaches have required close integration with the underlying hypervisors and substantial re-engineering when OS updates and patches are applied. Such heavy-weight introspection techniques, therefore, are too invasive to fit well within modern commercial clouds. Instead, lighter-weight introspection techniques are required that provide the same levels of within-VM observability but without the tight hypervisor and OS patch-level integration. This work introduces Maitland as a prototype proof-of-concept implementation a lighter-weight introspection tool, which exploits par virtualization to meet these end-goals. The work assesses Maitland's performance, highlights its use to perform packer-independent malware detection, and assesses whether, with further optimizations, Maitland could provide a viable approach for introspection in commercial clouds.
Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.
Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones. Platform as a Service (PaaS) is an outgrowth of Software as a Service (SaaS), a software distribution model in which hosted software applications are made available to customers over the Internet. PaaS has several advantages for developers. With PaaS, operating system features can be changed and upgraded frequently. Geographically distributed development teams can work together on software development projects. Services can be obtained from diverse sources that cross international boundaries. Initial and ongoing costs can be reduced by the use of infrastructure services from a single vendor rather than maintaining multiple hardware facilities that often perform duplicate functions or suffer from incompatibility problems. Overall expenses can also be minimized by unification of programming development efforts.
Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. SaaS is becoming an increasingly prevalent delivery model as underlying technologies that support Web services and service-oriented architecture (SOA) mature and new developmental approaches, such as Ajax, become popular. Meanwhile, broadband service has become increasingly available to support user access from more areas around the world. SaaS is closely related to the ASP (application service provider) and on demand computing software delivery models. IDC identifies two slightly different delivery models for SaaS. The hosted application management (hosted AM) model is similar to ASP: a provider hosts commercially available software for customers and delivers it over the Web. In the software on demand model, the provider gives customers network-based access to a single copy of an application created specifically for SaaS distribution.