Security Strategies to Prevent Data Breaches in Infrastructure as a Service Cloud Computing

Due to the ever-growing threat of security breaches that information technology (IT) organizations continually face, protecting customer information stored within the cloud is critical to ensuring data integrity. Research shows that new categories of data breaches constantly emerge; thus, security strategies that build trust in consumers and improve system performance are a must. The purpose of this qualitative multiple case study was to explore and analyze the strategies used by database administrators (DBAs) to secure data in a private infrastructure as a service (IaaS) cloud computing. The participants comprised of 6 DBAs from 2 IT companies in Baltimore, Maryland, with experience and knowledge of security strategies to secure data in private IaaS cloud computing. The disruptive innovation theory was the conceptual framework for this study. Data were collected using semistructured interviews and a review of 7 organizational documents. A thematic analysis was used to analyze the data. Four key themes emerged: importance of well-defined security measures in cloud computing, measures to address security controls in cloud computing, limitations of existing security controls in cloud computing, and future and potential security measures solutions in cloud computing. The findings may benefit DBAs and IT organizations by providing strategies to prevent future data breaches. Well-defined security strategies may protect an individual’s data, which in turn may promote individual well-being and build strong communities

Self-adapting security monitoring in Eucalyptus cloud environment

This paper discusses the importance of virtual machine (VM) scheduling strategies in cloud computing environments for handling the increasing number of tasks due to virtualization and cloud computing technology adoption. The paper evaluates legacy methods and specific VM scheduling algorithms for the Eucalyptus cloud environment and compare existing algorithms using QoS. The paper also presents a self-adapting security monitoring system for cloud infrastructure that takes into account the specific monitoring requirements of each tenant. The system uses Master Adaptation Drivers to convert tenant requirements into configuration settings and the Adaptation Manager to coordinate the adaptation process. The framework ensures security, cost efficiency, and responsiveness to dynamic events in the cloud environment. The paper also presents the need for improvement in the current security monitoring platform to support more types of monitoring devices and cover the consequences of multi-tenant setups. Future work includes incorporating log collectors and aggregators and addressing the needs of a super-tenant in the security monitoring architecture. The equitable sharing of monitoring resources between tenants and the provider should be established with an adjustable threshold mentioned in the SLA. The results of experiments show that Enhanced Round-Robin uses less energy compared to other methods, and the Fusion Method outperforms other techniques by reducing the number of Physical Machines turned on and increasing power efficienc

Um estudo sobre a segurança e privacidade no armazenamento de dados em nuvens

Orientador: Marco Aurélio Amaral HenriquesDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Armazenamento de dados na nuvem é um serviço que traz diversas vantagens aos seus usuários. Contudo, em sistemas de nuvens públicas, os riscos envolvidos na terceirização do armazenamento de dados pode ser uma barreira para a adoção deste serviço por aqueles preocupados com sua privacidade. Vários provedores de serviços em nuvem que afirmam proteger os dados do usuário não atendem alguns requisitos considerados essenciais em um serviço seguro, confiável e de fácil utilização, levantando questionamentos sobre a segurança efetivamente obtida. Apresentamos neste trabalho um estudo relacionado aos requisitos de privacidade dos usuários e de segurança de seus dados em nuvens públicas. O estudo apresenta algumas técnicas normalmente usadas para atender tais requisitos, juntamente com uma análise de seus benefícios e custos relativos. Além disso, ele faz uma avaliação destes requisitos em vários sistemas de nuvens públicas. Depois de comparar estes sistemas, propomos um conjunto de requisitos e apresentamos, como prova de conceito, uma aplicação baseada nos mesmos, a qual melhora a segurança dos dados e a privacidade dos usuários. Nós mostramos que é possível proteger os dados armazenados nas nuvens contra o acesso por terceiros (incluindo os administradores das nuvens) sem sobrecarregar o usuário com protocolos ou procedimentos complexos de segurança, tornando o serviço de armazenamento em nuvens uma escolha mais confiável para usuários preocupados com sua privacidadeAbstract: Cloud data storage is a service that brings several advantages for its users. However, in public cloud systems, the risks involved in the outsourcing of data storage can be a barrier to the adoption of this service by those concerned with privacy. Several cloud service providers that claim to protect user's data do not fulfill some requirements considered essential in a secure, reliable and easy to use service, raising questions about the effective security obtained. We present here a study related to user's privacy and data security requirements on public clouds. The study presents some techniques normally used to fulfill those requirements, along with an analysis of their relative costs and benefits. Moreover, it makes an evaluation of them in several public cloud systems. After comparing those systems, we propose a set of requirements and present a proof of concept application based on them, which improves data security and user privacy in public clouds. We show that it is possible to protect cloud stored data against third party (including cloud administrators) access without burdening the user with complex security protocols or procedures, making the public cloud storage service a more reliable choice to privacy concerned usersMestradoEngenharia de ComputaçãoMestre em Engenharia Elétrica153392/2014-2CNP

Gerenciamento de nuvem computacional usando critérios de segurança

Orientador: Paulo Lício de GeusTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: A nuvem computacional introduziu novas tecnologias e arquiteturas, mudando a computação empresarial. Atualmente, um grande número de organizações optam por utilizar arquiteturas computacionais tradicionais por considerarem esta tecnologia não confiável, devido a problemas não resolvidos relacionados a segurança e privacidade. Em particular, quanto á contratação de um serviço na nuvem, um aspecto importante é a forma como as políticas de segurança serão aplicadas neste ambiente caracterizado pela virtualização e serviços em grande escala de multi-locação. Métricas de segurança podem ser vistas como ferramentas para fornecer informações sobre o estado do ambiente. Com o objetivo de melhorar a segurança na nuvem computacional, este trabalho apresenta uma metodologia para a gestão da nuvem computacional usando a segurança como um critério, através de uma arquitetura para monitoramento da segurança com base em acordos de níveis de serviço de segurança Security-SLA para serviços de IaaS, PaaS e SaaS, que usa métricas de segurançaAbstract: Cloud Computing has introduced new technology and architectures that changed enterprise computing. Currently, there is a large number of organizations that choose to stick to traditional architectures, since this technology is considered unreliable due to yet unsolved problems related to security and privacy. In particular, when hiring a service in the cloud, an important aspect is how security policies will be applied in this environment characterized by both virtualization and large-scale multi-tenancy service. Security metrics can be seen as tools to provide information about the status of the environment. Aimed at improving security in the Cloud Computing, this work presents a methodology for Cloud Computing management using security as a criterion, across an architecture for security monitoring based on Security-SLA for IaaS, PaaS and SaaS services using security metricsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação23/200.308/2009FUNDEC

The impact of cloud computing security on business operations

Abstract: Cloud computing is a novel platform which affords users the opportunity to exploit the best that Information Technology (IT) infrastructure, platforms and software offer at a fraction of the cost to acquire such resources. Cloud computing has three delivery models, firstly, Infrastructure as a Service, secondly, Platform as a Service, and lastly, Software as a Service. Furthermore, cloud computing has four basic deployment models, namely, public, private, community and hybrid clouds. With all the opportunities presented by cloud computing as a business process, there are nonetheless potential risks associated with the process, especially in the area of security. The aim of this paper is to determine whether or not it is secure for businesses to utilise the services of cloud computing as part of their daily operations to meet the needs of their customers and to ultimately achieve their business objectives. Evidence was gathered through a detailed content analysis of existing research on the subject of cloud computing and cloud security. The paper concludes that with adequate security controls in place, cloud computing is a secure and efficient platform for businesses to utilise for their daily operations.M.Com. (Computer Auditing

Security Analysis of Hidden Analog-Domain Vulnerabilities in Digital Electronic Systems: A Deep Dive into Power Delivery Networks

The Power Delivery Network (PDN) is an essential universal sub-system for any electronic system to operate correctly. Modern electronic systems are growing exponentially in their functionalities and complexity, and so does the sophistication of the PDNs they must depend on. Consequently, these complex PDNs create many pathways for unintended interactions and expose the system to numerous power side-channel attacks. Recent works have shown that many such vulnerabilities can be exploited remotely, making them especially potent security threats to modern electronic devices with ubiquitous connectivity. However, facing emerging PDN-based attacks, both attackers and defenders tend to treat PDN as a black box and overlook it in the security analysis due to its analog/mixed-signal nature and lack of functional abstraction. On the other hand, previous investigations on PDN mainly focus on the trade-off between performance, efficiency, and supply noise. As a result, such a gap in security analysis for PDN exacerbates PDN becoming a server security concern in electronic systems. In this dissertation, we aim to address the above gap and answer the research question: What is the role of PDN in power side-channel attacks, and what are the gains and losses brought by PDN from a security perspective? We proposed systemic security analysis for PDN and achieved unique contributions to the field. To understand the role of PDN in power side-channel attacks, we propose a security-oriented PDN modeling framework. Based on the insights on fundamental mechanisms causing PDN-based vulnerabilities, I then explore the utility and risk brought by modern PDN. We reveal that the PDN impedance can be used to detect PCB anomalies. However, at the chip level, the PDN impedance-based signatures can also invalidate cloud computing security measures. In addition, as a risk, PDN can also create a new vulnerability by allowing attackers to attack touchscreens through charger noises.The broader scope of this dissertation focuses on the security analysis of hidden analog domain properties in the digital systems. IC designers have long enjoyed the benefits of simplifying circuit behaviors into corresponding digital abstraction. Although beneficial for productivity, confining the security analysis only to the digital domain is insufficient to protect against vulnerabilities manifesting as analog behaviors. The analog behaviors are due to either the analog modules (e.g., the PDN) or the increasing parasitic effects (e.g., A2 Trojan) in advanced nodes. The contributions of this dissertation on PDN analysis and detecting analog vulnerabilities provide unique insights into the field when facing more advanced nodes and complex electronic systems