ICCASA - A Context-Based Security Framework for Cloud Services

This paper discusses the use of Aspect-Oriented Programming (AOP) as an efficient way to handle cloud computing frontend security concerns. Without AOP, the necessary security code would be mixed with the business logic that the cloud service provider implements. This makes the maintenance of both code and business logic tedious and prone to errors. The proposed aspect-oriented approach in this paper is built upon a Web services frontend to the cloud service. Three types of context are taken into account when tuning the aspects (security services). The contexts contain various details on the environment of the Cloud and the Web services, which permit activating the necessary aspects in response to these details. A set of experiments validating this approach, are also reported in this paper

A Framework, Secure and Trustworthy Assessment for Credibility Based Trust Management for Cloud Services.

Cloud Framework Supporting Automate Rank supported Trust Organization benefit of cloud describes the design and implementation of Cloud Framework, The framework provides a automate rank about executive trust system which hand over service with events to produce TaaS, whichever incorporates i) to preserving user seclusion and trust feedbacks for providing credibility’s using trending innovative protocol, ii) to protect cloud services from awful consumers for finding the details of users trust feedbacks also map the dependability of cloud administrations, and iii) a trust management service is managed by the availability context system. model describe the additional functionalities provided to Cloud Framework by increasing security, trustworthy assessment for Data Owner and Cloud Consumer. Extending the SLA period of each owner and consumer based on their request, the studies held from a collection of a real world users trust feedbacks are been verified, established on cloud services. This increases the transparency between user, consumer and cloud on TaaS

Organizational cloud security and control: a proactive approach

Purpose The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship. Design/methodology/approach A case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security. Findings The findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field. Research limitations/implications One of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes. Originality/value This study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments

Medina: Improving cloud services trustworthiness through continuous audit-based certification

One of the reasons of the still limited adoption of Cloud Computing in the EU is the EU customers' perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g., fragmentation in the certification market, and lack of mutual recognition). In this context, the EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme (EUCS). The proposed cloud security certification scheme conveys new technological challenges including the notion of automated monitoring for the whole supply chain, which needs to be solved in order to bring all the expected benefits to EU cloud providers and customers. In this context, MEDINA proposes a framework for supporting a continuous audit-based certification for CSPs based on EU CSA's scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/ testing, machine-readable certification language, cloud security performance, and audit evidence management. MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters.This work has been partially funded by the European project MEDINA (Horizon 2020 research and innovation Programme, under grant agreement no 952633)

Fortifying Public Safety: A Dynamic Role-Based Access Control Paradigm for Cloud-Centric IoT

The evolution of communication technologies, exemplified by the Internet of Things (IoT) and cloud computing, has significantly enhanced the speed and accessibility of Public Safety (PS) services, critical to ensuring the safety and security of our environment. However, these advancements also introduce inherent security and privacy challenges. In response, this research presents a novel and adaptable access control scheme tailored to PS services in cloud-supported IoT environments. Our proposed access control protocol leverages the strengths of Key Policy Attribute Based Encryption (KP-ABE) and Identity-Based Broadcast Encryption (IDBB), combining them to establish a robust security framework for cloud-supported IoT in the context of PS services. Through the implementation of an Elliptic Curve Diffie-Hellman (ECDH) scheme between entities, we ensure entity authentication, data confidentiality, and integrity, addressing fundamental security requirements. A noteworthy aspect of our lightweight protocol is the delegation of user private key generation within the KP-ABE scheme to an untrusted cloud entity. This strategic offloading of computational and communication overhead preserves data privacy, as the cloud is precluded from accessing sensitive information. To achieve this, we employ an IDBB scheme to generate secret private keys for system users based on their roles, requiring the logical conjunction ('AND') of user attributes to access data. This architecture effectively conceals user identities from the cloud service provider. Comprehensive analysis validates the efficacy of the proposed protocol, confirming its ability to ensure system security and availability within acceptable parameters

An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services

International audienceThe growing maturity of orchestration languages is contributing to the elaboration of cloud composite services, whose resources may be deployed over different distributed infrastructures. These composite services are subject to changes over time, that are typically required to support cloud properties, such as scalability and rapid elasticity. In particular, the migration of their elementary resources may be triggered by performance constraints. However, changes induced by this migration may introduce vulnerabilities that may compromise the resources, or even the whole cloud service. In that context, we propose an automated SMT 1-based security framework for supporting the migration of resources in cloud composite services, and preventing the occurrence of new configuration vulnerabilities. We formalize the underlying security automation based on SMT solving, in order to assess the migrated resources and select adequate countermeasures , considering both endogenous and exogenous security mechanisms. We then evaluate its benefits and limits through large series of experiments based on a proof-ofconcept prototype implemented over the CVC4 commonly-used open-source solver. These experiments show a minimal overhead with regular operating systems deployed in cloud environments

Cooperative Trust Framework for Cloud Computing Based on Mobile Agents

Cloud computing opens doors to the multiple, unlimited venues from elastic computing to on demand provisioning to dynamic storage, reduce the potential costs through optimized and efficient computing. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of for any type of intrusion in this environment. To counter these kinds of attacks, a framework of cooperative Hybrid intrusion detection system (Hy-IDS) and Mobile Agents is proposed. This framework allows protection against the intrusion attacks. Our Hybrid IDS is based on two types of IDS, the first for the detection of attacks at the level of virtual machines (VMs), the second for the network attack detection and Mobile Agents. Then, this framework unfolds in three phases: the first, detection intrusion in a virtual environment using mobile agents for collected malicious data. The second, generating new signatures from malicious data, which were collected in the first phase. The third, dynamic deployment of updates between clusters in a cloud computing, using the newest signatures previously created. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively. In this paper, we develop a collaborative approach based on Hy-IDS and Mobile Agents in Cloud Environment, to define a dynamic context which enables the detection of new attacks, with much detail as possible

Evaluating cloud deployment scenarios based on security and privacy requirements

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on demand resources. Despite, however, of the many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs, and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation relevant cloud computing deployment models. Although, the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work

Securing Cross-App Interactions in IoT Platforms

IoT platforms enable users connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The frame- work generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the context security and safety of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing cross- app security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework

Potential Risks of Cloud Computing in Financial Institutions in Tanzania: Perspectives from CRDB Bank Plc

The adoption of cloud computing introduces a range of potential risks that financial institutions must navigate with prudence. Cloud service providers are entrusted with valuable customer information, and any compromise could have severe consequences, including financial losses and reputational damage. The main objective of this research was to assess the potential risks of cloud computing in financial institutions in Tanzania. This is done in the context of CRDB bank. The research employed a mixed methods approach, incorporating both quantitative and qualitative data collection methods. The data was acquired through questionnaires, specifically targeting the employee population of CRB bank. The data underwent quantitative analysis. The research sampled population is 201 respondents from ICT, legal and procurement departments at the financial institution. Cloud computing poses hazards that financial organizations must carefully manage. Security of sensitive financial data comes first. Any compromise of cloud service providers' client data could result in financial losses and reputational damage. Data privacy risks occur as legislative contexts change. Cross-border cloud services can challenge data sovereignty and local legislation. Another crucial factor is operational continuity. Financial institutions depend on uninterrupted service, putting them exposed to cloud service provider outages and technical issues. Maintaining financial services and client satisfaction are crucial. The regulatory compliance challenge is unique. Cloud computing requires vigilance in local and international legal systems. To retain financial ecosystem confidence, financial institutions must ensure their cloud-based solutions meet industry standards and laws. The study stressed the importance of a holistic strategy to cloud computing in financial institutions like CRDB Bank PLC. Cloud technology has many benefits, but stakeholders must be cautious and implement risk management and mitigation strategies. The conclusions of this study can help CRDB Bank PLC and other Tanzanian financial institutions make educated cloud technology implementation decisions. These decisions must prioritize financial system security, privacy, and resilience. The results also highlight the need for financial industry-regulatory cooperation to keep the regulatory framework up to date with technology.&nbsp