A multi-dimension taxonomy of insider threats in cloud computing

Security is considered a significant deficiency in cloud computing, and insider threats problem exacerbate security concerns in the cloud. In addition to that, cloud computing is very complex by itself, because it encompasses numerous technologies and concepts. Apparently, overcoming these challenges requires substantial efforts from information security researchers to develop powerful mitigation solutions for this emerging problem. This entails developing a taxonomy of insider threats in cloud environments encompassing all potential abnormal activities in the cloud, and can be useful for conducting security assessment. This paper describes the first phase of an ongoing research to develop a framework for mitigating insider threats in cloud computing environments. Primarily, it presents a multidimensional taxonomy of insider threats in cloud computing, and demonstrates its viability. The taxonomy provides a fundamental understanding for this complicated problem by identifying five dimensions, it also supports security engineers in identifying hidden paths, thus determining proper countermeasures, and presents a guidance covers all bounders of insiders threats issue in clouds, hence it facilitates researchers’ endeavours in tackling this problem. For instance, according to the hierarchical taxonomy, clearly many significant issues exist in public cloud, while conventional insider mitigation solutions can be used in private clouds. Finally, the taxonomy assists in identifying future research directions in this emerging area

Securing mHealth - Investigating the development of a novel information security framework

The deployment of Mobile Health (mHealth) platforms as well as the use of mobile and wireless technologies have significant potential to transform healthcare services. The use of mHealth technologies allow a real-time remote monitoring as well as direct access to healthcare data so that users (e.g., patients and healthcare professionals) can utilise mHealth services anywhere and anytime. Generally, mHealth offers smart solutions to tackle challenges in healthcare. However, there are still various issues regarding the development of the mHealth system. One of the most common diffi-culties in developing the mHealth system is the security of healthcare data. mHealth systems are still vulnerable to numerous security issues with regard to their weak-nesses in design and data management. Several information security frameworks for mHealth devices as well as information security frameworks for Cloud storage have been proposed, however, the major challenge is developing an effective information se-curity framework that will encompass every component of an mHealth system to secure sensitive healthcare data. This research investigates how healthcare data is managed in mHealth systems and proposes a new information security framework that secures mHealth systems. Moreover, a prototype is developed for the purpose of testing the proposed information security framework. Firstly, risk identification is carried out to determine what could happen to cause potential damage and to gain insight into how, where, and why the damage might happen. The process of risk identification includes the identification of assets those need to be protected, threats that we try to protect against, and vulnerabilities that are weaknesses in mHealth systems. Afterward, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of the most essential security requirements is identified to develop a new information security framework. It then examines existing information security frameworks for mHealth devices and the Cloud, noting similarities and differences. Key mechanisms to implement the new framework are discussed and the new framework is then presented. Furthermore, a prototype is developed for the purpose of testing. It consists of four layers including an mHealth secure storage system, Capability system, Secure transactional layer, and Service management layer. Capability system, Secure transactional layer, and Service management layer are developed as main contributions of the research

Cloud computing services: taxonomy and comparison

Cloud computing is a highly discussed topic in the technical and economic world, and many of the big players of the software industry have entered the development of cloud services. Several companies what to explore the possibilities and benefits of incorporating such cloud computing services in their business, as well as the possibilities to offer own cloud services. However, with the amount of cloud computing services increasing quickly, the need for a taxonomy framework rises. This paper examines the available cloud computing services and identifies and explains their main characteristics. Next, this paper organizes these characteristics and proposes a tree-structured taxonomy. This taxonomy allows quick classifications of the different cloud computing services and makes it easier to compare them. Based on existing taxonomies, this taxonomy provides more detailed characteristics and hierarchies. Additionally, the taxonomy offers a common terminology and baseline information for easy communication. Finally, the taxonomy is explained and verified using existing cloud services as examples

A Taxonomy of Data Grids for Distributed Data Sharing, Management and Processing

Data Grids have been adopted as the platform for scientific communities that need to share, access, transport, process and manage large data collections distributed worldwide. They combine high-end computing technologies with high-performance networking and wide-area storage management techniques. In this paper, we discuss the key concepts behind Data Grids and compare them with other data sharing and distribution paradigms such as content delivery networks, peer-to-peer networks and distributed databases. We then provide comprehensive taxonomies that cover various aspects of architecture, data transportation, data replication and resource allocation and scheduling. Finally, we map the proposed taxonomy to various Data Grid systems not only to validate the taxonomy but also to identify areas for future exploration. Through this taxonomy, we aim to categorise existing systems to better understand their goals and their methodology. This would help evaluate their applicability for solving similar problems. This taxonomy also provides a "gap analysis" of this area through which researchers can potentially identify new issues for investigation. Finally, we hope that the proposed taxonomy and mapping also helps to provide an easy way for new practitioners to understand this complex area of research.Comment: 46 pages, 16 figures, Technical Repor

FISA Reform

Congress and the Executive Branch are poised to take up the issue of FISA reform in 2014. What has been missing from the discussion is a comprehensive view of ways in which reform could be given effect—i.e., a taxonomy of potential options. This article seeks to fill the gap. The aim is to deepen the conversation about abeyant approaches to foreign intelligence gathering, to allow fuller discussion of what a comprehensive package could contain, and to place initiatives that are currently under consideration within a broader, over-arching framework. The article begins by considering the legal underpinnings and challenges to the President\u27s Surveillance Program. It then examines how technology has altered the types of information available, as well as methods of transmission and storage. The article builds on this to develop a taxonomy for how a statutory approach to foreign intelligence gathering could be given force. It divides foreign intelligence gathering into two categories: front-end collection and back-end analysis and use. Each category contains a counterpoise structured to ensure the appropriate exercise of Congressionally-mandated authorities. For the front-end, this means balancing the manner of collection with requirements for approval. For the back-end, this means offsetting implementation with transparency and oversight. The article then considers the constituent parts of each category

Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE

As more businesses and users adopt cloud computing services, security vulnerabilities will be increasingly found and exploited. There are many technological and political challenges where investigation of potentially criminal incidents in the cloud are concerned. Security experts, however, must still be able to acquire and analyze data in a methodical, rigorous and forensically sound manner. This work applies the STRIDE asset-based risk assessment method to cloud computing infrastructure for the purpose of identifying and assessing an organization's ability to respond to and investigate breaches in cloud computing environments. An extension to the STRIDE risk assessment model is proposed to help organizations quickly respond to incidents while ensuring acquisition and integrity of the largest amount of digital evidence possible. Further, the proposed model allows organizations to assess the needs and capacity of their incident responders before an incident occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp. 223-236, 201