Security aspects of e-health systems migration to the cloud

As adoption of e-health solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud

Hosting critical infrastructure services in the cloud environment considerations

Critical infrastructure technology vendors will inevitability take advantage of the benefits offered by the cloud computing paradigm. While this may offer improved performance and scalability, the associated security threats impede this progression. Hosting critical infrastructure services in the cloud environment may seem inane to some, but currently remote access to the control system over the internet is commonplace. This shares the same characteristics as cloud computing, i.e., on-demand access and resource pooling. There is a wealth of data used within critical infrastructure. There needs to be an assurance that the confidentiality, integrity and availability of this data remains. Authenticity and non-repudiation are also important security requirements for critical infrastructure systems. This paper provides an overview of critical infrastructure and the cloud computing relationship, whilst detailing security concerns and existing protection methods. Discussion on the direction of the area is presented, as is a survey of current protection methods and their weaknesses. Finally, we present our observation and our current research into hosting critical infrastructure services in the cloud environment, and the considerations for detecting cloud attacks. © 2015 Inderscience Enterprises Ltd

A Study on Data Protection in Cloud Environment

Data protection in the online environment pertains to the safeguarding of sensitive or important data kept, analyzed, or sent in cloud-based systems. It entails assuring data confidentiality, integrity, and availability, as well as adhering to appropriate data protection requirements. In a nutshell, cloud data protection seeks to protect data against unauthorized access, deletion, or breaches while retaining its accuracy and accessible to authorized users. This is accomplished in the cloud environment using various security measures, encryption approaches, access controls, disaster recovery and backup processes, and constant monitoring and threat detection.  The research significance of data protection in the cloud environment can be summarized as follows: Security and Privacy: Research in data protection in the cloud helps address the security and privacy concerns associated with storing and processing sensitive data in cloud-based systems. It explores and develops advanced security mechanisms, encryption techniques, and access controls to protect data from unauthorized access, data breaches, and privacy violations. Trust and Confidence: Research in data protection contributes to building trust and confidence in cloud computing. By developing robust security solutions and demonstrating their effectiveness, research helps alleviate concerns about data security and privacy, fostering greater adoption of cloud services by organizations and individuals. Compliance and Regulations: Cloud computing often involves compliance with data protection regulations and industry standards. Research in this area explores the legal and regulatory aspects of data protection in the cloud and helps organizations understand and comply with relevant requirements. Data Resilience and Recovery: Research in data protection focuses on ensuring data resilience and developing efficient data recovery mechanisms in the cloud. It explores backup and disaster recovery strategies, data replication techniques, and data loss prevention methods to minimize downtime, recover data promptly, and maintain business continuity in the event of system failures or disasters. By addressing these research areas, studies on data protection in the cloud environment contribute to enhancing security, privacy, compliance, and resilience in cloud computing. They provide valuable insights, practical solutions, and guidelines for organizations and service providers to protect data effectively and maintain the trust of users in cloud-based services. The weighted product method approach is commonly used to choose the best data protection in cloud environment. CCSS1, CCSS2, CCSS3, CCSS4, CCSS5 data visibility, data integrity, Maintains compliance, Data security, Data storage. From the result it is seen that CCSS2 got highest rank whereas CCSS5 got lowest rank According to the results, CCSS2 was ranked first

Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms

The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several trade-offs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro- and macro-benchmarks.Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681

Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability

Confidentiality, integrity protection, and high availability, abbreviated to CIA, are essential properties for trustworthy data systems. The rise of cloud computing and the growing demand for multiparty applications however means that building modern CIA systems is more challenging than ever. In response, we present the Confidential Consortium Framework (CCF), a general-purpose foundation for developing secure stateful CIA applications. CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure and transparent governance by mutually untrusted parties. CCF leverages hardware-based trusted execution environments for remotely verifiable confidentiality and code integrity. This is coupled with state machine replication backed by an auditable immutable ledger for data integrity and high availability. CCF enables each service to bring its own application logic, custom multiparty governance model, and deployment scenario, decoupling the operators of nodes from the consortium that governs them. CCF is open-source and available now at https://github.com/microsoft/CCF.Comment: 16 pages, 9 figures. To appear in the Proceedings of the VLDB Endowment, Volume 1

Strengths and Vulnerabilities of Cloud Computing in Mauritius

ABSTRACT This research paper is based on the Strengths and vulnerabilities of cloud computing in Mauritius and abroad. In this research paper, a holistic view was taken on some security concern in cloud computing spanning across the possible issues and vulnerabilities connected to different infrastructures and software platforms. It will give an insight of the aspect of securities of cloud computing on data protection, confidentiality, vendor lock-in and data portability and evaluate the security systems implemented within cloud service models like Software as a Service, Platform as a Service, Infrastructure as a Service and Network as a Service. This paper will help you to identify the areas where organisations should focus before choosing an appropriate Cloud Service Provider (CSP) prior to moving to clouds

Comparative Analysis of Some Efficient Data Security Methods among Cryptographic Techniques for Cloud Data Security

The concept of cloud computing model is to grant users access to outsource data from the cloud server without them having to worry about aspects of the hardware and software management. The owner of the data encrypts it before outsourcing to a Cloud Service Provider (CSP) server for effective deployment of sensitive data. Data confidentiality is a demanding task of cloud data protection. Thus, to solve this problem, lots of techniques are needed to defend the shared data. We focus on cryptography to secure the data while transmitting in the network. We deployed Advanced Encryption Standard (AES) used as encryption method for cloud data security, to encrypt the sensitive data which is to be transmitted from sender to receiver in the network and to decrypt so that the receiver can view the original data. Arrays of encryption systems are being deployed in the world of Information Systems by various organizations. In this paper, comparative analysis of some various encryption algorithms in cryptography have been implemented by comparing their performance in terms of stimulated time during Encryption and decryption in the network. Keywords: AES, Data Control, Data Privacy, Data Storage, Encryption Algorithms, Verification

State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed