35,776 research outputs found
Every Cloud Has a Push Data Lining: Incorporating Cloud Services in a Context-Aware Application
We investigated context-awareness by utilising multiple sources of context in a mobile device setting. In our experiment we developed a system consisting of a mobile client, running on the Android platform, integrated with a cloud-based service. These components were integrated using pushmessaging technology.One of the key featureswas the automatic adaptation of smartphones in accordance with implicit user needs. The novelty of our approach consists in the use of multiple sources of context input to the system, which included the use of calendar data and web based user configuration tool, as well as that of an external, cloud-based, configuration file storing user interface preferences which, pushed at log-on time irrespective of access device, frees the user from having to manually configure its interface.The systemwas evaluated via two rounds of user evaluations (n = 50 users), the feedback of which was generally positive and demonstrated the viability of using cloud-based services to provide an enhanced context-aware user experience
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
Progger: an efficient, tamper-evident kernel-space logger for cloud data provenance tracking
Cloud data provenance, or "what has happened to my data in the cloud", is a critical data security component which addresses pressing data accountability and data governance issues in cloud computing systems. In this paper, we present Progger (Provenance Logger), a kernel-space logger which potentially empowers all cloud stakeholders to trace their data. Logging from the kernel space empowers security analysts to collect provenance from the lowest possible atomic data actions, and enables several higher-level tools to be built for effective end-to-end tracking of data provenance. Within the last few years, there has been an increasing number of proposed kernel space provenance tools but they faced several critical data security and integrity problems. Some of these prior tools' limitations include (1) the inability to provide log tamper-evidence and prevention of fake/manual entries, (2) accurate and granular timestamp synchronisation across several machines, (3) log space requirements and growth, and (4) the efficient logging of root usage of the system. Progger has resolved all these critical issues, and as such, provides high assurance of data security and data activity audit. With this in mind, the paper will discuss these elements of high-assurance cloud data provenance, describe the design of Progger and its efficiency, and present compelling results which paves the way for Progger being a foundation tool used for data activity tracking across all cloud systems
Fog Computing in Medical Internet-of-Things: Architecture, Implementation, and Applications
In the era when the market segment of Internet of Things (IoT) tops the chart
in various business reports, it is apparently envisioned that the field of
medicine expects to gain a large benefit from the explosion of wearables and
internet-connected sensors that surround us to acquire and communicate
unprecedented data on symptoms, medication, food intake, and daily-life
activities impacting one's health and wellness. However, IoT-driven healthcare
would have to overcome many barriers, such as: 1) There is an increasing demand
for data storage on cloud servers where the analysis of the medical big data
becomes increasingly complex, 2) The data, when communicated, are vulnerable to
security and privacy issues, 3) The communication of the continuously collected
data is not only costly but also energy hungry, 4) Operating and maintaining
the sensors directly from the cloud servers are non-trial tasks. This book
chapter defined Fog Computing in the context of medical IoT. Conceptually, Fog
Computing is a service-oriented intermediate layer in IoT, providing the
interfaces between the sensors and cloud servers for facilitating connectivity,
data transfer, and queryable local database. The centerpiece of Fog computing
is a low-power, intelligent, wireless, embedded computing node that carries out
signal conditioning and data analytics on raw data collected from wearables or
other medical sensors and offers efficient means to serve telehealth
interventions. We implemented and tested an fog computing system using the
Intel Edison and Raspberry Pi that allows acquisition, computing, storage and
communication of the various medical data such as pathological speech data of
individuals with speech disorders, Phonocardiogram (PCG) signal for heart rate
estimation, and Electrocardiogram (ECG)-based Q, R, S detection.Comment: 29 pages, 30 figures, 5 tables. Keywords: Big Data, Body Area
Network, Body Sensor Network, Edge Computing, Fog Computing, Medical
Cyberphysical Systems, Medical Internet-of-Things, Telecare, Tele-treatment,
Wearable Devices, Chapter in Handbook of Large-Scale Distributed Computing in
Smart Healthcare (2017), Springe
- âŠ