49 research outputs found
Dealing with rogue virtual machines in a cloud services environment
In current cloud services hosting solutions, various mechanisms have been developed to minimize the possibility of hosting staff from breaching security. However, while functions such as replicating and moving machines are legitimate actions in clouds, we show that there are risks in administrators being able to perform them. We describe three threat scenarios related to hosting staff on the cloud architecture and indicate how an appropriate accountability architecture can mitigate these risks in the sense that the attacks can be detected and the perpetrators identified. We identify requirements and future research and development needed to protect cloud service environments from these attacks
A survey on top security threats in cloud computing
Cloud computing enables the sharing of resources such as storage, network, applications and software through internet. Cloud users can lease multiple resources according to their requirements, and pay only for the services they use. However, despite all cloud benefits there are many security concerns related to hardware, virtualization, network, data and service providers that act as a significant barrier in the adoption of cloud in the IT industry. In this paper, we survey the top security concerns related to cloud computing. For each of these security threats we describe, i) how it can be used to exploit cloud components and its effect on cloud entities such as providers and users, and ii) the security solutions that must be taken to prevent these threats. These solutions include the security techniques from existing literature as well as the best security practices that must be followed by cloud administrators
Privacy Enhanced Access Control for Outsourced Data Sharing
Traditional access control models often assume that the entity enforcing access control policies is also the owner of data and resources. This assumption no longer holds when data is outsourced to a third-party storage provider, such as the cloud. Existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. However, in this setting, access control policies as well as users' access patterns also become privacy sensitive information that should be protected from the cloud. We propose a two-level access control scheme that combines coarse-grained access control enforced at the cloud, which allows to get acceptable communication overhead and at the same time limits the information that the cloud learns from his partial view of the access rules and the access patterns, and fine-grained cryptographic access control enforced at the user's side, which provides the desired expressiveness of the access control policies. Our solution handles both read and write access control
LibSEAL: revealing service integrity violations using trusted execution
Users of online services such as messaging, code hosting and collaborative document editing expect the services to uphold the integrity of their data. Despite providers’ best efforts, data corruption still occurs, but at present service integrity violations are excluded from SLAs. For providers to include such violations as part of SLAs, the competing requirements of clients and providers must be satisfied. Clients need the ability to independently identify and prove service integrity violations to claim compensation. At the same time, providers must be able to refute spurious claims. We describe LibSEAL, a SEcure Audit Library for Internet services that creates a non-repudiable audit log of service operations and checks invariants to discover violations of service integrity. LibSEAL is a drop-in replacement for TLS libraries used by services, and thus observes and logs all service requests and responses. It runs inside a trusted execution environment, such as Intel SGX, to protect the integrity of the audit log. Logs are stored using an embedded relational database, permitting service invariant violations to be discovered using simple SQL queries. We evaluate LibSEAL with three popular online services (Git, ownCloud and Dropbox) and demonstrate that it is effective in discovering integrity violations, while reducing throughput by at most 14%
Data Security Model Employing Hyperelliptic Curve Cryptography (HECC) and Secure Hash Algorithm-3 (Sha-3) in Cloud Computing
Data owners use the huge space offered by ‘Cloud’ Computing for storage of data and also for carrying out
computations. To eliminate the burden of storing file locally, cloud stores
them on remote servers using virtualization concepts. Therein arises one of the
major issues in the field of cloud computing: security. Data owners lack in
having direct control over files stored in the cloud and consequently, the
problem of data security arises. An efficient scheme to provide data security,
while storing data in the cloud has been proposed which makes use of Hyperelliptic
curve cryptography (HECC) for encryption and decryption and Secure Hash
Algorithm-3 (SHA-3) for data integrity verification. Implementation results
clearly illustrate that HECC remains as a good alternative asymmetric key
technique rather than ECC and RSA when securing documents in cloud