18,110 research outputs found
Evolution Oriented Monitoring oriented to Security Properties for Cloud Applications
Internet is changing from an information space to a dynamic computing
space. Data distribution and remotely accessible software
services, dynamism, and autonomy are prime attributes. Cloud technology
offers a powerful and fast growing approach to the provision
of infrastructure (platform and software services) avoiding the high
costs of owning, operating, and maintaining the computational
infrastructures required for this purpose. Nevertheless, cloud technology
still raises concerns regarding security, privacy, governance,
and compliance of data and software services offered through it.
Concerns are due to the difficulty to verify security properties of
the different types of applications and services available through
cloud technology, the uncertainty of their owners and users about
the security of their services, and the applications based on them,
once they are deployed and offered through a cloud. This work
presents an innovative and novel evolution-oriented, cloud-specific
monitoring model (including an architecture and a language) that
aim at helping cloud application developers to design and monitor
the behavior and functionality of their applications in a cloud
environment.Universidad de Málaga. Campus de Excelencia Internacional AndalucĂa Tech
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
The Internet-of-Things Meets Business Process Management: Mutual Benefits and Challenges
The Internet of Things (IoT) refers to a network of connected devices
collecting and exchanging data over the Internet. These things can be
artificial or natural, and interact as autonomous agents forming a complex
system. In turn, Business Process Management (BPM) was established to analyze,
discover, design, implement, execute, monitor and evolve collaborative business
processes within and across organizations. While the IoT and BPM have been
regarded as separate topics in research and practice, we strongly believe that
the management of IoT applications will strongly benefit from BPM concepts,
methods and technologies on the one hand; on the other one, the IoT poses
challenges that will require enhancements and extensions of the current
state-of-the-art in the BPM field. In this paper, we question to what extent
these two paradigms can be combined and we discuss the emerging challenges
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
- …