A Study On Data Security Issues In Public Cloud

Abstract: The cloud computing concept has been evolving for more than 40 years. Cloud computing is an on demand computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. The cloud computing services are delivered through software as service (SaaS), platform as service (PaaS) and Infrastructure as service (IaaS). Cloud Computing moves the application software and databases to the large data centers, where the management of the data and services are provided by cloud service providers. The common data security concerns are securing data in transit and at rest, access control and data separation. In this survey paper, we review the data in public cloud, identify and discuss the security risks associated with it and analyze its solution strategies

Reconsidering big data security and privacy in cloud and mobile cloud systems

Large scale distributed systems in particular cloud and mobile cloud deployments provide great services improving people\u27s quality of life and organizational efficiency. In order to match the performance needs, cloud computing engages with the perils of peer-to-peer (P2P) computing and brings up the P2P cloud systems as an extension for federated cloud. Having a decentralized architecture built on independent nodes and resources without any specific central control and monitoring, these cloud deployments are able to handle resource provisioning at a very low cost. Hence, we see a vast amount of mobile applications and services that are ready to scale to billions of mobile devices painlessly. Among these, data driven applications are the most successful ones in terms of popularity or monetization. However, data rich applications expose other problems to consider including storage, big data processing and also the crucial task of protecting private or sensitive information. In this work, first, we go through the existing layered cloud architectures and present a solution addressing the big data storage. Secondly, we explore the use of P2P Cloud System (P2PCS) for big data processing and analytics. Thirdly, we propose an efficient hybrid mobile cloud computing model based on cloudlets concept and we apply this model to health care systems as a case study. Then, the model is simulated using Mobile Cloud Computing Simulator (MCCSIM). According to the experimental power and delay results, the hybrid cloud model performs up to 75% better when compared to the traditional cloud models. Lastly, we enhance our proposals by presenting and analyzing security and privacy countermeasures against possible attacks

Privacy Preserving Cyber Threat Intelligence Sharing Framework for Encrypted Analytics

This research focuses on the creation of an encrypted Cyber Threat Intelligence (CTI) sharing framework that supports encrypted data analytics with privacy preservation. It aims to support analytical computation in a centralized node without allowing that node to see any of the plain-text data.To enable privacy preservation of the data and its users, we structured the data into a graph structure that allows traversal over the encrypted data. We used Ciphertext-Policy Attribute-Based Encryption (CPABE), Deterministic Encryption (DE), and Order Revealing Encryption(ORE) to ensure end-to-end encrypted sharing of Cyber threat data. In this work we also cover CYBersecurity information EXchange with Privacy (CYBEX-P) and CYBEX-P with Encrypted Analytics, the precursor projects onwhich the framework is based. Our research aims to solve one of the biggest problems that CTI sharing has: securing the privacy of the data once it leaves the user’s premises. We focus on eliminating attack surfaces present in centralized systems, that is, the attack surface attackers had over the Backend and the surface the Backend has against the system. We also focused on maintaining as many capabilities of a CTI sharing platform, that is, CTI sharing and centralized analytics