Effective Cloud-Based Strategies For Managing Online Reputations

Leasing computing resources are now feasible thanks to the Infrastructure as a Service (IaaS) concept made available by cloud computing. In spite of the fact that leased computing resources provide a more financially advantageous answer to the requirements of virtual networks, customers are reluctant to make use of them due to low levels of trust in these resources. Multi-tenancy is a method for reducing operating expenses by allocating a single set of computer resources to serve the needs of several users simultaneously. The fact that computer resources and communication methods are being shared gives rise to concerns over the security and integrity of the data. Since the users are anonymous, it may be difficult for a person to decide who among their neighbours can be trusted. This may make it difficult for an individual to choose a place to live. It is very necessary to have faith in the capacity of the cloud provider (CP) to match customers with dependable co-tenants. Yet, it is in the CP's best interest to make the most of the usage of the resources. So, it enables the maximum possible degree of co-tenancy, which is unaffected by the actions of the user. We provide a powerful reputation management system that pays CPs for discriminating between genuine and malicious users. This prevents resource sharing across CPs in a federated cloud environment, which is one of the goals of our system. Through a combination of theoretical and empirical research, we demonstrate that the proposed method for managing reputations is effective and legitimate

Addressing Issues of Cloud Resilience, Security and Performance through Simple Detection of Co-locating Sibling Virtual Machine Instances

Most current Infrastructure Clouds are built on shared tenancy architectures, with resources shared amongst large numbers of customers. However, multi tenancy can lead to performance issues (so-called “noisy neighbours”) and also brings potential for serious security breaches such as hypervisor breakouts. Consequently, there has been a focus in the literature on identifying co-locating instances that are being affected by noisy neighbours or suggesting that such instances are vulnerable to attack. However, there is limited evidence of any such attacks in the wild. More beneficially, knowing that there is co-location amongst your own Virtual Machine instances (siblings) can help to avoid being your own worst enemy: avoiding your instances acting as your own noisy neighbours, building resilience through ensuring hostbased redundancy, and/or reducing exposure to a single compromised host. In this paper, we propose and demonstrate a test to detect co-locating sibling instances on Xen-based Clouds, as could help address such needs, and evaluate its efficacy on Amazon’s EC2

Data Exfiltration:A Review of External Attack Vectors and Countermeasures

AbstractContext One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in ‘in use’ state, therefore, future research needs to be directed towards securing data in ‘in rest’ and ‘in transit’ states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework