A Solution for Privacy-Preserving and Security in Cloud for Document Oriented Data (By Using NoSQL Database)

Cloud computing delivers massively scalable computing resources as a service with Internet based technologies those can share resources within the cloud users. The cloud offers various types of services that majorly include infrastructure as services, platform as a service, and software as a service and security as a services and deployment model as well. The foremost issues in cloud data security include data security and user privacy, data protection, data availability, data location, and secure transmission. In now day, preserving-privacy of data and user, and manipulating query from big-data is the most challenging problem in the cloud. So many researches were conducted on privacy preserving techniques for sharing data and access control; secure searching on encrypted data and verification of data integrity. This work  included preserving-privacy of document oriented data security, user privacy in the three phases those are data security at rest, at process and at transit by using Full Homomorphic encryption and decryption scheme to achieve afore most mentioned goal. This work implemented on document oriented data only by using NoSQL database and  the encryption/decryption algorithm such as RSA and Paillier’s cryptosystem in Java package with MongoDB, Apache Tomcat Server 9.1, Python, Amazon Web Service mLab for MongoDB as remote server.  Keywords: Privacy-Preserving, NoSQL, MongoDB, Cloud computing, Homomorphic encryption/decryption, public key, private key, RSA Algorithm, Paillier’s cryptosystem DOI: 10.7176/CEIS/11-3-02 Publication date:May 31st 202

Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency

So many of our daily activities now take place “in the cloud,” where we use our devices to tap into massive networks that span the globe. Virtually every time that we plug into a new service, the service requires us to click the seemingly ubiquitous box indicating that we have read and agreed to the provider’s terms of service (TOS) and privacy policy. If a user does not click on this box, he is denied access to the service, but agreeing to these terms without reading them can negatively impact the user’s legal rights. As part of this work, we analyzed and categorized the terms of TOS agreements and privacy policies of several major cloud services to aid in our assessment of the state of user privacy in the cloud. Our empirical analysis showed that providers take similar approaches to user privacy and were consistently more detailed when describing the user’s obligations to the provider than when describing the provider’s obligations to the user. This asymmetry, combined with these terms’ nonnegotiable nature, led us to conclude that the current approach to user privacy in the cloud is in need of serious revision. In this Article, we suggest adopting a legal regime that requires companies to provide baseline protections for personal information and also to take steps to enhance the parties’ control over their own data. We emphasize the need for a regime that allows for “data control” in the cloud, which we define as consisting of two parts: (1) the ability to withdraw data and require a service provider to stop using or storing the user’s information (data withdrawal); and (2) the ability to move data to a new location without being locked into a particular provider (data mobility). Ultimately, our goal with this piece is to apply established law and privacy theories to services in the cloud and set forth a model for the protection of information privacy that recognizes the importance of informed and empowered users

Analysis of access control model for data security and privacy on multi-tenant SaaS

Cloud computing has become most trending and emerging technology in recent years and has changed the way of computation and services delivered to customer. Despite all the advantages that cloud provides, users still feel insecure to adopt cloud computing and having major concern over the data security and privacy. This is due to the data of numerous tenants are being located in the same location or database. In this environment data access by unauthorized user is possible. To overcome this issue, there should be a clear boundary for each tenant. Access control model is used to grant the right level of permission to the user in order to carry out their duties, to prevent unauthorized access and to protect assets of organizations and systems. Access control model also can prevent unauthorized user from accessing protected data, ensure authorized users can access protected data and prevent authorized users from performing illegal actions on protected data. There are many types of access control model available in the industry. However, not all the models can be applied in cloud environment due to various reasons. This paper presents an analysis of existing role based access control models. We use evaluation criteria that outlined by NIST for access control system. First, we identified a list of criteria that are suitable to apply in cloud environment specifically on data security and privacy of multi-tenant SaaS application in public cloud. Then, we analysed the existing access control models against the identified evaluation criteria. The analysis outlines the important gaps and missing elements of an access control model that can be extended into an access control model based testing

CONTROL ENCRYPTION OF TECHNIQUE USING THE CLOUD COMPUTING SYD

Information storage and computing information issues can be overcome by mobile applications by using cloud computing. The new model can also make various data based on the cloud to chat, complete the location services and the operating system in real time well and at the same time. By combining cloud computing, security issues may arise, for example, data secrets and user authorization within cloud computing systems, which concern the first restrictions on the development of a mobile computer cloud. In order to provide a safe and powerful process, the hierarchical access control system is proposed using the encryption based on a fixed schedule and a structure under a modified format in this document. In this study, the independent control system is proposed through the encryption of the file according to the structural design of a three-story structural design. The ABE-based access control system uses several tags to distinguish the attributes the authorized user has to have. Within a certain cloud computing environment, large data for all types of mobile devices, such as mobile phones, calls, PDAs, etc., can be controlled and tested by the system, and the data can respond to an unauthorized third party and restricted to legal users as well

Context-Aware Attribute-Based Techniques for Data Security and Access Control in Mobile Cloud Environment

The explosive growth of mobile applications and Cloud computing has enabled smart mobile devices to host various Cloud-based services such as Google apps, Instagram, and Facebook. Recent developments in smart devices‟ hardware and software provide seamless interaction between the users and devices. As a result, in contrast to the traditional user, the mobile user in mobile Cloud environment generates a large volume of data which can be easily collected by mobile Cloud service providers. However, the users do not know the exact physical location of their personal data. Hence, the users cannot control over their data once it is stored in the Cloud. This thesis investigates security and privacy issues in such mobile Cloud environments and presents new user-centric access control techniques tailored for the mobile Cloud environments. Most of the work to date has tried to address the data security issues on the Cloud server and only little attention has been given to protect the users‟ data privacy. One way to address the privacy issues is to deploy access control technique such as Extensible Access Control Markup Language (XACML) to control data access on users‟ data. XACML defines a standard of access control policies, rule obligations and conditions in data access control. XACML utilizes Extensible Markup Language (XML) schema to define attributes of data requesters, resources, and environment in order to evaluate access requests. A user-centric attribute-based access control model using XACML which enables users to define privacy access policies over the personal data based on their preferences is presented. In order to integrate the data security and user‟s privacy in mobile Cloud environment, the thesis investigates attribute-based encryption (ABE) scheme. ABE scheme enables data owners to enforce access policies during the encryption. Context-related attributes such as requester‟s location and behavior are incorporated within ABE scheme to provide data security and user privacy. This will enable the mobile data owners to dynamically control the access to their data at runtime. In order to improve the performance, a solution that offloads the high-cost computational work and communications from the mobile device to the Cloud is proposed. Anonymisation techniques are applied in the key issuing protocol so that the users‟ identities are protected from being tracked by the service providers during transactions. The proposed schemes are secure from known attacks and hence suitable for mobile Cloud environment. Security of the proposed schemes is formally analyzed using standard methods

The Sea of Stuff: a model to manage shared mutable data in a distributed environment

Managing data is one of the main challenges in distributed systems and computer science in general. Data is created, shared, and managed across heterogeneous distributed systems of users, services, applications, and devices without a clear and comprehensive data model. This technological fragmentation and lack of a common data model result in a poor understanding of what data is, how it evolves over time, how it should be managed in a distributed system, and how it should be protected and shared. From a user perspective, for example, backing up data over multiple devices is a hard and error-prone process, or synchronising data with a cloud storage service can result in conflicts and unpredictable behaviours. This thesis identifies three challenges in data management: (1) how to extend the current data abstractions so that content, for example, is accessible irrespective of its location, versionable, and easy to distribute; (2) how to enable transparent data storage relative to locations, users, applications, and services; and (3) how to allow data owners to protect data against malicious users and automatically control content over a distributed system. These challenges are studied in detail in relation to the current state of the art and addressed throughout the rest of the thesis. The artefact of this work is the Sea of Stuff (SOS), a generic data model of immutable self-describing location-independent entities that allow the construction of a distributed system where data is accessible and organised irrespective of its location, easy to protect, and can be automatically managed according to a set of user-defined rules. The evaluation of this thesis demonstrates the viability of the SOS model for managing data in a distributed system and using user-defined rules to automatically manage data across multiple nodes."This work was supported by Adobe Systems, Inc. and EPSRC [grant number EP/M506631/1]" - from the Acknowledgements pag