Securing Software as a Service Model of Cloud Computing: Issues and Solutions.

ABSTRAC

云数据库

报告包括如下内容：云数据库概念和特点、云数据库与传统的分布式数据库、云数据库的影响、云数据库产品、云数据库领域的研究问题

Software as a Service: Analysing Security Issues

Software-as-a-service (SaaS) is a type of software service delivery model which encompasses a broad range of business opportunities and challenges. Users and service providers are reluctant to integrate their business into SaaS due to its security concerns while at the same time they are attracted by its benefits. This article highlights SaaS utility and applicability in different environments like cloud computing, mobile cloud computing, software defined networking and Internet of things. It then embarks on the analysis of SaaS security challenges spanning across data security, application security and SaaS deployment security. A detailed review of the existing mainstream solutions to tackle the respective security issues mapping into different SaaS security challenges is presented. Finally, possible solutions or techniques which can be applied in tandem are presented for a secure SaaS platform

Enforcing Multi-user Access Policies to Encrypted Cloud Databases

Cloud computing has the advantage that it offers companies (virtually) unlimited data storage at attractive costs. However, it also introduces new challenges for protecting the confidentiality of the data, and the access to the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Moreover, they can be of interest to many users and different policies could apply to each. Companies need new mechanisms to query the encrypted data without revealing anything to the cloud server, and to enforce access policies to the data. Current security schemes do not allow complex encrypted queries over encrypted data in a multi-user setting. Instead, they are limited to keyword searches. Moreover, current solutions assume that all users have the same access rights to the data. This demo shows the implementation of a scheme that allows making SQL-like queries on encrypted databases in a multi-user setting, while at the same time allowing the database owner to assign different access rights to users

Research on Cloud Databases

随着云计算的发展,云数据库的重要性和价值日益显现;介绍了云数据库的特性、影响、相关产品;详细讨论了云数据库领域的研究问题,包括数据模型、系统体系架构、事务一致性、编程模型、数据安全、性能优化和测试基准等;最后讨论了云数据库的未来研究方向。With the recent development of cloud computing, the importance of cloud databases has been widely acknowledged. Here the features, influence and related products of cloud databases are first discussed. Then research issues of cloud databases are presented in detail, which include data model, architecture, consistency, programming model, data security, performance optimization, benchmark, and so on. Finally, some future trends in this area are discussed.国家自然科学基金(61001013, 61102136); 福建省自然科学基金(2011J05156, 2011J05158); 厦门大学基础创新科研基金(中央高校基本科研业务费专项资金)(2011121049, 2010121066

TOWARDS ENHANCING SECURITY IN CLOUD STORAGE ENVIRONMENTS

Although widely adopted, one of the biggest concerns with cloud computing is how to preserve the security and privacy of client data being processed and/or stored in a cloud computing environment. When it comes to cloud data protection, the methods employed can be very similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. Current research in cloud data protection primarily falls into three main categories: 1) Authentication & Access Control, 2) Encryption, and 3) Intrusion Detection. This thesis examines the various mechanisms that currently exist to protect data being stored in a public cloud computing environment. It also looks at the methods employed to detect intrusions targeting cloud data when and if data protection mechanisms fail. In response to these findings, we present three primary contributions that focus on enhancing the overall security of user data residing in a hosted environment such as the cloud. We first provide an analysis of Cloud Storage vendors that shows how data can be exposed when shared - even in the most `secure' environments. Secondly, we o er Pretty Good Privacy (PGP) as a method of securing data within this environment while enhancing PGP'sWeb of Trust validation mechanism using Bitcoin. Lastly, we provide a framework for protecting data exfiltration attempts in Software-as-a-Service (SaaS) Cloud Storage environments using Cyber Deception

Secure Dynamic Cloud-based Collaboration with Hierarchical Access

In recent years, the Cloud has emerged as an attractive way of hosting and delivering services over the Internet. This has resulted in a renewed focus on information security in the case where data is stored in the virtual space of the cloud and is not physically accessible to the customer. Through this thesis the boundaries of securing data in a cloud context, while retaining the benefits of the cloud, are explored. The thesis addresses the increasing security concerns of migrating to the cloud andutilising it for data storage.The research of this thesis is divided into three separate areas: securing data in an untrusted cloud environment, ensuring data access control in the cloud, and securing data outside the cloud in the user's environment. Each area is addressed by separate conceptual designs. Together these comprise a secure dynamic cloud-based collaboration environment with hierarchical access. To further validate the conceptual designs, proof of concept prototypes have been constructed.The conceptual designs have been devised by exploring and extending the boundaries of existing secure data-storage schemes, and then combining these with well-known security principles and cutting-edge research within the field of cryptography. The results of this thesis are feasible conceptual designs for a cloud-based dynamic collaboration environment. The conceptual designs address the challenges of secure cloud-based storage and allow the benefits of cloud-based storage to be utilised. Furthermore, this thesis provides a solid foundation for further work within this field