168,350 research outputs found
Modeling software architecture design on data storage security in cloud computing environments
Cloud-based computation is known as the source architecture of the upcoming generation of IT enterprise. In context to up-coming trade solutions, the Information Technology sections are established under logical, personnel, and physical control, it transfers application software and large database to appropriate data centers, where security and management of database with services are not trustworthy fully. So this process may face many challenges towards society and organizations and that not been well understood over a while duration. This becomes one of the major challenges days today. So in this research, it focuses on security-based data storage using cloud, which plays one of the important aspects bases on qualities of services. To assure user data correctness in the cloud system, a flexible and effective distributed technique with two different salient features was examined by utilizing the token called homomorphic with erasure-coded data for distributed verification, based on this technique it achieved error data localization and integration of storage correctness. Also, it identifies server misbehaving, efficient, and security-based dynamic operations on data blocking such as data append, delete, and update methods. Performance analysis and security show the proposed method is more effective resilient and efficient against Byzantine failure, even server colluding attacks and malicious data modification attacks
Arquitectura master-slave i multiMaster en Oracle
Aquest projecte buscava estudiar els tipus de sistemes distribuïts disponibles al sistema de gestió de bases de dades relacionals Oracle Database. Aquest potent sistema de gestió de bases de dades és el més utilitzat mundialment i permet administrar diferents tipus de sistemes distribuïts. L'objectiu principal d'aquest estudi és aplicar les arquitectures de replicació Master-slave i Multi-master al sistema Oracle Database utilitzant els mètodes que el sistema proporciona. Aquestes arquitectures són tipus d'estructures de replicació de dades en què es poden basar els sistemes distribuïts. Aquests sistemes garanteixen una major disponibilitat i seguretat a les dades, i augmenten el rendiment del sistema.This project sought to study the different types of distributed systems available in the Oracle Database relational database management system. This powerful database management system is the most widely used worldwide and allows you to manage different types of distributed systems. The main goal of this study is to apply the Master-slave and Multi-master replication architectures to the Oracle Database system using the methods provided by the database management system (DMBS). These architectures are types of data replication structures on which distributed systems can be based. These systems ensure greater availability and security of data, and increase system performance.Este proyecto buscaba estudiar los tipos de sistemas distribuidos disponibles en el sistema de gestión de bases de datos relacionales Oracle Database. Este potente sistema de gestión de bases de datos es el más utilizado mundialmente y permite administrar distintos tipos de sistemas distribuidos. El objetivo principal de este estudio es aplicar las arquitecturas de replicación Master-Slave y Multi-Master al sistema Oracle Database utilizando los métodos que el sistema proporciona. Estas arquitecturas son tipos de estructuras de replicación de datos en las que los sistemas distribuidos pueden estar basados. Estos sistemas garantizan una mayor disponibilidad y seguridad de los datos, y aumentan el rendimiento del sistema
Master of Puppets: Analyzing And Attacking A Botnet For Fun And Profit
A botnet is a network of compromised machines (bots), under the control of an
attacker. Many of these machines are infected without their owners' knowledge,
and botnets are the driving force behind several misuses and criminal
activities on the Internet (for example spam emails). Depending on its
topology, a botnet can have zero or more command and control (C&C) servers,
which are centralized machines controlled by the cybercriminal that issue
commands and receive reports back from the co-opted bots.
In this paper, we present a comprehensive analysis of the command and control
infrastructure of one of the world's largest proprietary spamming botnets
between 2007 and 2012: Cutwail/Pushdo. We identify the key functionalities
needed by a spamming botnet to operate effectively. We then develop a number of
attacks against the command and control logic of Cutwail that target those
functionalities, and make the spamming operations of the botnet less effective.
This analysis was made possible by having access to the source code of the C&C
software, as well as setting up our own Cutwail C&C server, and by implementing
a clone of the Cutwail bot. With the help of this tool, we were able to
enumerate the number of bots currently registered with the C&C server,
impersonate an existing bot to report false information to the C&C server, and
manipulate spamming statistics of an arbitrary bot stored in the C&C database.
Furthermore, we were able to make the control server inaccessible by conducting
a distributed denial of service (DDoS) attack. Our results may be used by law
enforcement and practitioners to develop better techniques to mitigate and
cripple other botnets, since many of findings are generic and are due to the
workflow of C&C communication in general
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
Master of puppets: analyzing and attacking a botnet for fun and profit
A botnet is a network of compromised machines (bots),
under the control of an attacker. Many of these machines
are infected without their owners’ knowledge, and botnets
are the driving force behind several misuses and criminal
activities on the Internet (for example spam emails). Depending
on its topology, a botnet can have zero or more
command and control (C&C) servers, which are centralized
machines controlled by the cybercriminal that issue
commands and receive reports back from the co-opted
bots.
In this paper, we present a comprehensive analysis of
the command and control infrastructure of one of the
world’s largest proprietary spamming botnets between
2007 and 2012: Cutwail/Pushdo. We identify the key
functionalities needed by a spamming botnet to operate
effectively. We then develop a number of attacks against
the command and control logic of Cutwail that target
those functionalities, and make the spamming operations
of the botnet less effective. This analysis was made possible
by having access to the source code of the C&C software,
as well as setting up our own Cutwail C&C server,
and by implementing a clone of the Cutwail bot. With the
help of this tool, we were able to enumerate the number
of bots currently registered with the C&C server, impersonate
an existing bot to report false information to the
C&C server, and manipulate spamming statistics of an arbitrary
bot stored in the C&C database. Furthermore, we
were able to make the control server inaccessible by conducting
a distributed denial of service (DDoS) attack. Our
results may be used by law enforcement and practitioners
to develop better techniques to mitigate and cripple other
botnets, since many of findings are generic and are due to
the workflow of C&C communication in general.First author draf
When Things Matter: A Data-Centric View of the Internet of Things
With the recent advances in radio-frequency identification (RFID), low-cost
wireless sensor devices, and Web technologies, the Internet of Things (IoT)
approach has gained momentum in connecting everyday objects to the Internet and
facilitating machine-to-human and machine-to-machine communication with the
physical world. While IoT offers the capability to connect and integrate both
digital and physical entities, enabling a whole new class of applications and
services, several significant challenges need to be addressed before these
applications and services can be fully realized. A fundamental challenge
centers around managing IoT data, typically produced in dynamic and volatile
environments, which is not only extremely large in scale and volume, but also
noisy, and continuous. This article surveys the main techniques and
state-of-the-art research efforts in IoT from data-centric perspectives,
including data stream processing, data storage models, complex event
processing, and searching in IoT. Open research issues for IoT data management
are also discussed
- …