An Integrated Framework for the Methodological Assurance of Security and Privacy in the Development and Operation of MultiCloud Applications

x, 169 p.This Thesis studies research questions about how to design multiCloud applications taking into account security and privacy requirements to protect the system from potential risks and about how to decide which security and privacy protections to include in the system. In addition, solutions are needed to overcome the difficulties in assuring security and privacy properties defined at design time still hold all along the system life-cycle, from development to operation.In this Thesis an innovative DevOps integrated methodology and framework are presented, which help to rationalise and systematise security and privacy analyses in multiCloud to enable an informed decision-process for risk-cost balanced selection of the protections of the system components and the protections to request from Cloud Service Providers used. The focus of the work is on the Development phase of the analysis and creation of multiCloud applications.The main contributions of this Thesis for multiCloud applications are four: i) The integrated DevOps methodology for security and privacy assurance; and its integrating parts: ii) a security and privacy requirements modelling language, iii) a continuous risk assessment methodology and its complementary risk-based optimisation of defences, and iv) a Security and Privacy Service Level AgreementComposition method.The integrated DevOps methodology and its integrating Development methods have been validated in the case study of a real multiCloud application in the eHealth domain. The validation confirmed the feasibility and benefits of the solution with regards to the rationalisation and systematisation of security and privacy assurance in multiCloud systems

An Intelligent Technique for Framework and Security Issues Association in Multi Cloud Environment

Abstract-Cloud Computing is a recent technology which rapidly developing in area of information technology has the concern of the network. It provides a huge change in technology that Internet based computing, by which software, information and shared resources are provided to computers and the strategy on demand, like the grid of the electricity. Cloud computing is the product of the synthesis of traditional computing technology and network technology like parallel computing, distributed computing. The main goal of cloud computing is to construct a perfect system with powerful computing capability through a large number of relatively low cost computing entity using the advanced business models like SaaS, PaaS, IaaS to distribute the powerful computing capability to end users. Developers, Administrators, and Users have to make a decision about which environment is best suited for them. When we trying to compare such frameworks it is difficult because either users do not have access to all of them or they are comparing the performance of such systems on different resources that make it difficult to obtain objective comparisons. Hence virtualization of resources such as memory, network, processors and storage ensures scalability and high availability of computing capability. However clouds can dynamically provision these virtual resources to hosted applications or to clients that use them to develop their own applications or to store data. The rapid provisioning and dynamic reconfiguration of resources help to handle with variable demand and ensure optimum resource utilization. Proposed proxy-based multicloud computing framework allows dynamic, resource sharing and on the fly collaborations among cloud based services, policy and privacy issues, and addressing trust without pre established collaboration agreements

State level attribute compliance measure based efficient access restriction improved security in cloud environment

In this paper, Advanced Encryption Standard was modified to address the low diffusion rate at the early rounds by adding additional primitive operations such as exclusive OR and modulo arithmetic in the cipher round. Furthermore, byte substitution and round constant addition were appended to the key schedule algorithm. The modified AES was tested against the standard AES by means of avalanche effect and frequency test to measure the diffusion and confusion characteristics respectively. The results of the avalanche effect evaluation show that there was an average increase in diffusion of 61.98% in round 1, 14.79% in round 2 and 13.87% in round 3. Consequently, the results of the frequency test demonstrated an improvement in the randomness of the ciphertext since the average difference between the number of ones to zeros is reduced from 11.6 to 6.4 along with better-computed p-values. The results clearly show that the modified AES has improved diffusion and confusion properties and the ciphertext can still be successfully decrypted and recover back the original plaintext

Incremental Integration of Microservices in Cloud Applications

Microservices have recently appeared as a new architectural style that is native to the cloud. The high availability and agility of the cloud demands organizations to migrate or design microservices, promoting the building of applications as a suite of small and cohesive services (microservices) that are independently developed, deployed and scaled. Current cloud development approaches do not support the incremental integration needed for microservice platforms, and the agility of getting new functionalities out to customers is consequently affected by the lack of support for the integration design and automation of the development and deployment tasks. This paper presents an approach for the incremental integration of microservices that will allow developers to specify and design microservice integration, and provide mechanisms with which to automatically obtain the implementation code for business logic and interoperation among microservices along with deployment and architectural reconfiguration scripts specific to the cloud environment in which the microservice will be deployed

Policies and User Perception based Data Security in the Cloud

In today’s world, most of the companies migrated from desktop devices to the cloud. Cloud is a platform for storing large amount of data. Among this it is very necessary to provide data security over the un-trusted cloud. We cannot trust the cloud provider when sensitive data is stored in the cloud so that, various security aspects are required to protect sensitive data which is stored on the cloud. The main problem is that, how to deal with such security issues to protect sensitive data. With the help of policy based security, it is possible to minimize data security issues and to improve data privacy. This paper proposes a user perception framework. According to this framework, owner of the organization is able to tell which user of that organization will follow which rights. A particular user should provide his/her privileges to the owner and he will protect user’s data by giving full rights to access data based on the identification of the users

MIGRATING DATA TO THE CLOUD: AN ANALYSIS OF CLOUD STORAGE PRIVACY AND SECURITY ISSUES AND SOLUTIONS

The rise of a digital economy has transformed how individuals do business and carry out daily tasks, including how data is maintained. Because of the vast amount of data that organizations own, cloud storage, a component of the cloud computing paradigm, has emerged as a feasible solution to many businesses\u27 data storage concerns. Despite this, organizations are still cautious about moving all of their data to the cloud due to security concerns, particularly since data management is outsourced to third parties. The aim of this paper is to provide an overview of current challenges in the field of cloud storage privacy and security, with an emphasis on issues related to data confidentiality, integrity, and availability. Using a comprehensive literature study, this research investigates innovative strategies for creating a secure cloud storage environment. The idea of maintaining privacy and data security through the very design of the services, or through the so-called "privacy by design" approach, is explained while avoiding getting into the technical details of how the algorithms and presented solutions work

Systemic Risk and Vulnerability Analysis of Multi-cloud Environments

With the increasing use of multi-cloud environments, security professionals face challenges in configuration, management, and integration due to uneven security capabilities and features among providers. As a result, a fragmented approach toward security has been observed, leading to new attack vectors and potential vulnerabilities. Other research has focused on single-cloud platforms or specific applications of multi-cloud environments. Therefore, there is a need for a holistic security and vulnerability assessment and defense strategy that applies to multi-cloud platforms. We perform a risk and vulnerability analysis to identify attack vectors from software, hardware, and the network, as well as interoperability security issues in multi-cloud environments. Applying the STRIDE and DREAD threat modeling methods, we present an analysis of the ecosystem across six attack vectors: cloud architecture, APIs, authentication, automation, management differences, and cybersecurity legislation. We quantitatively determine and rank the threats in multi-cloud environments and suggest mitigation strategies.Comment: 27 pages, 9 figure

Multicloud Resource Allocation:Cooperation, Optimization and Sharing

Nowadays our daily life is not only powered by water, electricity, gas and telephony but by "cloud" as well. Big cloud vendors such as Amazon, Microsoft and Google have built large-scale centralized data centers to achieve economies of scale, on-demand resource provisioning, high resource availability and elasticity. However, those massive data centers also bring about many other problems, e.g., bandwidth bottlenecks, privacy, security, huge energy consumption, legal and physical vulnerabilities. One of the possible solutions for those problems is to employ multicloud architectures. In this thesis, our work provides research contributions to multicloud resource allocation from three perspectives of cooperation, optimization and data sharing. We address the following problems in the multicloud: how resource providers cooperate in a multicloud, how to reduce information leakage in a multicloud storage system and how to share the big data in a cost-effective way. More specifically, we make the following contributions: Cooperation in the decentralized cloud. We propose a decentralized cloud model in which a group of SDCs can cooperate with each other to improve performance. Moreover, we design a general strategy function for SDCs to evaluate the performance of cooperation based on different dimensions of resource sharing. Through extensive simulations using a realistic data center model, we show that the strategies based on reciprocity are more effective than other strategies, e.g., those using prediction based on historical data. Our results show that the reciprocity-based strategy can thrive in a heterogeneous environment with competing strategies. Multicloud optimization on information leakage. In this work, we firstly study an important information leakage problem caused by unplanned data distribution in multicloud storage services. Then, we present StoreSim, an information leakage aware storage system in multicloud. StoreSim aims to store syntactically similar data on the same cloud, thereby minimizing the user's information leakage across multiple clouds. We design an approximate algorithm to efficiently generate similarity-preserving signatures for data chunks based on MinHash and Bloom filter, and also design a function to compute the information leakage based on these signatures. Next, we present an effective storage plan generation algorithm based on clustering for distributing data chunks with minimal information leakage across multiple clouds. Finally, we evaluate our scheme using two real datasets from Wikipedia and GitHub. We show that our scheme can reduce the information leakage by up to 60% compared to unplanned placement. Furthermore, our analysis in terms of system attackability demonstrates that our scheme makes attacks on information much more complex. Smart data sharing. Moving large amounts of distributed data into the cloud or from one cloud to another can incur high costs in both time and bandwidth. The optimization on data sharing in the multicloud can be conducted from two different angles: inter-cloud scheduling and intra-cloud optimization. We first present CoShare, a P2P inspired decentralized cost effective sharing system for data replication to optimize network transfer among small data centers. Then we propose a data summarization method to reduce the total size of dataset, thereby reducing network transfer

From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions