1,038 research outputs found
Collaborative enforcement of firewall policies in virtual private networks
The widely deployed Virtual Private Network (VPN) tech-nology allows roaming users to build an encrypted tunnel to a VPN server, which henceforth allows roaming users to access some resources as if that computer is residing on their home organization’s network. Although the VPN technol-ogy is very useful, it imposes security threats to the remote network because their firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we pro-pose VGuard, a framework that allows a policy owner and a request owner to collaboratively determine whether the re-quest satisfies the policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare whether they have the same num-ber, without disclosing their numbers to each other. Then, we present the VGuard framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to non-overlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-Domain Cooperative Fire-wall (CDCF) framework, which represents the state-of-the-art, VGuard is not only more secure but also orders of mag-nitude more efficient. On real-life firewall policies, for pro-cessing packets, our experimental results show that VGuard is 552 times faster than CDCF on one party and 5035 times faster than CDCF on the other party
A Novel Hybrid Security Framework (HSF) with Vshield Based Firewall to Secure Cloud Computing Environment
Cloud Computing is an emerging technology that provides an enormous amount of computing resources which includes networks, servers and storages which are accessed through the internet. In addition it allows useful provisioning of the resources based on the user’s demands. A crucial aspect of cloud computing infrastructure is to provide secure and reliable services. The main challenge lies in the security issues is to reduce the impact of third party attacks in the cloud computing environment. Hence a novel Hybrid Security Framework(HSF) based on Reinforcement Learning (RL) Methodology with Vshield Firewall is proposed for securing the cloud environment. The RL method is used for deep packet inspection and VShiled based firewall is established to deny the attacks which are malicious when authenticating the signature of incoming packets. The bipartite pattern matching approach is integrated with the RL method to verify the signatures for obtaining the decisions quickly. The simulation results shows that the hybrid security framework is effective when compared with the existing methods by considering response time, resource utilization and denial of malicious attacks. This indicates that our proposed framework achieves not only better security but also attains better efficiency in cloud computing environment
To Provide An Innovative Policy Anomaly Management Framework For Firewalls
- Firewalls have been widely organized on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to choose whether to accept or discard the packet based on its policy. Optimizing firewall policies is vital for improving network performance. In this paper we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically for any two adjacent firewalls belonging to two different administrative domains our protocol can recognize in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. Firewalls are significant in securing private networks of businesses, institutions and home networks. A firewall is frequently placed at the entry between a private network and the external network so that it can ensure each incoming or outgoing packet and choose whether to accept or abandon the packet based on its policy. A firewall policy is typically specified as a sequence of rules called Access Control List (ACL) and each rule has a predicate over multiple packet header fields i.e., source IP, destination IP, source port, destination port, and protocol type and a decision i.e., accept and discard for the packets that counterpart the predicate. In this paper we recommend the first cross-domain privacy- preserving cooperative firewall policy optimization protocol
Infrastructure as a service: exploring network access control challenges
Cloud Computing Infrastructure as a Service (IaaS) is a great model for outsourcing IT infrastructure. It is built to offer fascinating features to support business development, such as elasticity, multi-tenancy, configurability and dynamicity.
However, IaaS faces security challenges on account of its flexible nature. For this article, we studied the IaaS characteristics and investigated their related security challenges. We then elaborated these security challenges by exploring the security threats on live virtual machine migration as it is one of the main IaaS operations. We found that proper access control techniques and models are a critical element in enhancing IaaS and mitigating the identified security threats. Therefore, we investigated and contrasted the implemented and the proposed firewall architectures in IaaS as a firewall is a basic security appliance that enforces access control.
We also explored and contrasted the proposed access control models in the IaaS. It was found that the traditional firewalls and access control models were not sufficient for IaaS. Therefore, there is a need to develop a proper access control model and
enforcement techniques to mitigate IaaS security threats. Based on the security research trend and the results obtained in this articles exploration, we endorse an IaaS access control system built on a computational intelligent approach
Recommended from our members
A survey on security issues and solutions at different layers of Cloud computing
Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment
IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation
The cloud computing paradigm introduces an efficient utilisation of huge computing
resources by multiple users with minimal expense and deployment effort
compared to traditional computing facilities. Although cloud computing has incredible
benefits, some governments and enterprises remain hesitant to transfer
their computing technology to the cloud as a consequence of the associated security
challenges. Security is, therefore, a significant factor in cloud computing
adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform
as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing
services are accessed through network connections and utilised by multi-users who
can share the resources through virtualisation technology. Accordingly, an efficient
access control system is crucial to prevent unauthorised access.
This thesis mainly investigates the IaaS security enhancement from an access
control point of view. [Continues.
Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions
In recent years, low-carbon transportation has become an indispensable part
as sustainable development strategies of various countries, and plays a very
important responsibility in promoting low-carbon cities. However, the security
of low-carbon transportation has been threatened from various ways. For
example, denial of service attacks pose a great threat to the electric vehicles
and vehicle-to-grid networks. To minimize these threats, several methods have
been proposed to defense against them. Yet, these methods are only for certain
types of scenarios or attacks. Therefore, this review addresses security aspect
from holistic view, provides the overview, challenges and future directions of
cyber security technologies in low-carbon transportation. Firstly, based on the
concept and importance of low-carbon transportation, this review positions the
low-carbon transportation services. Then, with the perspective of network
architecture and communication mode, this review classifies its typical attack
risks. The corresponding defense technologies and relevant security suggestions
are further reviewed from perspective of data security, network management
security and network application security. Finally, in view of the long term
development of low-carbon transportation, future research directions have been
concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable
Energy Review
Recommended from our members
A Clean-Slate Design for the Next-Generation Secure Internet
This is the report on a workshop held at CMU on July 12-14, 2005. The workshop is part of the planning process initiated by NSF to explore potential architectures for a next generation secure network designed to meet the needs of the 21st century. In considering future architectures, we ignore issues of backward compatibility with the current Internet but seek to benefit from the experience gained by analyzing both the strengths and weaknesses of the current design. Specifically, this workshop looks at the fundamental interplay between security and underlying network architecture and seeks to chart a preliminary course for future work in this crucial research area. This workshop focused on initiating a productive dialog between experts from the network security and network architecture communities. The agenda was arranged to stimulate initial consideration of the security goals for a new Internet, the design space of possible solutions, how research in security and network architecture could be integrated so that security is included as a first-tier objective in future architectures, and to explore methods for identifying and considering the social consequences of these architecture and security design choices
- …