1,673 research outputs found
Recommended from our members
Dynamic virtual private network provisioning from multiple cloud infrastructure service providers
The Cloud infrastructure service providers currently provision basic virtualized computing resources as on demand and dynamic services but there is no common framework in existence that allows the seamless provisioning of even these basic services across multiple cloud service providers, although this is not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud platforms are built. We present a solution idea which aims to provide a dynamic and service oriented provisioning of secure virtual private networks on top of multiple cloud infrastructure service providers. This solution leverages the benefits of peer to peer overlay networks, i.e., the flexibility and scalability to handle the churn of nodes joining and leaving the VPNs and can adapt the topology of the VPN as per the requirements of the applications utilizing its intercloud secure communication framework
Security Audit Compliance for Cloud Computing
Cloud computing has grown largely over the past three years and is widely popular amongst today's IT landscape. In a comparative study between 250 IT decision makers of UK companies they said, that they already use cloud services for 61% of their systems. Cloud vendors promise "infinite scalability and resources" combined with on-demand access from everywhere. This lets cloud users quickly forget, that there is still a real IT infrastructure behind a cloud. Due to virtualization and multi-tenancy the complexity of these infrastructures is even increased compared to traditional data centers, while it is hidden from the
user and outside of his control. This makes management of service provisioning, monitoring, backup, disaster recovery and especially security more complicated. Due to this, and a number of severe security incidents at commercial providers in recent years there is a growing lack of trust in cloud infrastructures.
This thesis presents research on cloud security challenges and how they can be addressed by cloud security audits. Security requirements of an Infrastructure as a Service (IaaS) cloud are identified and it is shown how they differ from traditional data centres. To address cloud specific security challenges, a new cloud audit criteria catalogue is developed. Subsequently, a novel cloud security audit system gets developed, which provides a flexible audit architecture for frequently changing cloud infrastructures. It is based on lightweight software agents, which monitor key events in a cloud and trigger specific targeted security audits on demand - on a customer and a cloud provider perspective.
To enable these concurrent cloud audits, a Cloud Audit Policy Language is developed and integrated into the audit architecture. Furthermore, to address advanced cloud specific security challenges, an anomaly detection system based on machine learning technology is developed. By creating cloud usage profiles, a continuous evaluation of events - customer specific as well as customer overspanning - helps to detect anomalies within an IaaS cloud. The feasibility of the research is presented as a prototype and its functionality is presented in three demonstrations. Results prove, that the developed cloud audit architecture is able to mitigate cloud specific security challenges
Recommended from our members
Cloud Security Engineering: Theory, Practice and Future Research
The eleven papers in this special issue address security and privacy concerns associated with cloud computing. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in cloud services and cloud systems. A key focus is on the integration of theoretical foundations with practical deployment of security strategies that make cloud systems more secure for both end users and providers – enabling end users to increase the level of trust they have in cloud service providers – and conversely for cloud service providers to provide greater guarantees to end users about the security of their services and data
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
An Overview of Data Storage in Cloud Computing
Cloud computing is a functional paradigm that is evolving and making IT utilization easier by the day for consumers. Cloud computing offers standardized applications to users online and in a manner that can be accessed regularly. Such applications can be accessed by as many persons as permitted within an organisation without bothering about the maintenance of such application. The Cloud also provides a channel to design and deploy user applications including its storage space and database without bothering about the underlying operating system. The application can run without consideration for on-premise infrastructure. Also, the Cloud makes massive storage available both for data and databases. Storage of data on the Cloud is one of the core activities in Cloud computing. Storage utilizes infrastructure spread across several geographical locations. Storage on the Cloud makes use of the internet, virtualization, encryption and others technologies to ensure security of data. This paper presents the state of the art from some literature available on Cloud storage. The study was executed by means of review of literature available on Cloud storage. It examines present trends in the area of Cloud storage and provides a guide for future research. The objective of this paper is to answer the question of what the current trend and development in Cloud storage is? The expected result at the end of this review is the identification of trends in Cloud storage, which can beneficial to prospective Cloud researches, users and even providers
The status of information security in South Africa
Thesis (MPhil)--Stellenbosch University, 2005.ENGLISH ABSTRACT: The business and social environments are increasingly reliant on the information
network, and the quality and integrity of the information to effectively conduct
transactions, and "survive" in the new economy. These information networks facilitate
communication and transactions between customers, suppliers, partners, and
employees. Emerging technologies further encourage the extension of network
boundaries beyond the branch office, to private homes, airports, and even the comer
coffee shop, e.g. wireless internet access. Although technology advances contribute to
significant increases in productivity, convenience, and competitive advantage, it also
increases the risk of attacks on the integrity and confidentiality of any information
interaction. One of the key questions is how to achieve the right level of information
network security and implement effective protection systems, without impacting
productivity by excessively restricting the flow of information.
The issue of information security is not a localised problem, but a problem on global
scale, and South African businesses are no less at risk than any other geographically
located business. The risk of information security is even greater if aspects like
globalisation are taken into account, and the growing inter-connectedness of the global
business environment. The central question is: How does the South African business
environment view information security, their perceived success in implementing
information security measures, and their view of future trends in information security.
Ingenue- Consulting is a global business focusing on technology consulting services,
across a wide range of industries and technologies. Information security has been
identified by Ingenue Consulting to be a global problem, and primary research into this
business issue have been undertaken in different locations globally, e.g. Australia and South African executive level survey of what the perception and importance are of
information security, of business leaders across public and private industries.
Ingenue Consulting has an in-house research facility, and tasked them with conducting
a survey in South Africa. The survey results can then be compared with global trends,
and applied in the business environment, to highlight the impact of information security
risks, and to help businesses to change and improve their information security
processes and technologies. The research department started out doing an extensive
literature study to identify global and local trends in information security, and to assist in
the compilation of the survey questionnaire. A sample group of "blue chip" businesses
across all industries was targeted at executive level to conduct a research survey - fifty
interviews were conducted. The raw data was collated and analysed to formulate an
opinion of the information security practices and perceptions of the business
environment in South Africa.
The survey confirmed that the South African market risks in terms of information
security are very similar to global trends. Some of the key trends are: Information
security agreements are normally signed at the onset of employment, but rarely
updated or highlighted to ensure continued support and implementation. This is almost
contradictory to the fact that information security are taken seriously by the executive
level, and often discussed at board level. The mobility of information with the
emergence of wireless networks is a key issue for most businesses - as information
security is at its most vulnerable.
Most of the respondents rated themselves ahead of the curve and their competitors -
overestimation of competencies, could lead to larger future risks. The sensitive nature
of information security industry makes benchmarking against local or global players
difficult due to the sensitive nature -limited willingness to participate in a consultative
forum. Companies that outsouree IT tend to "wash their hands off' security issues as the responsibility of the outsourcing vendor. Most local businesses haven't got a worldly
view - they do not have an active process to find out what their peers are doing locally
or globally, they rely mostly on vendor and consulting advice, or media coverage.AFRIKAANSE OPSOMMING: Die besigheids en sosiale omgewings is toenemend afhanklik van die inligtings
netwerke, en die kwaliteit en integriteit van inligting om transaksies effektief uit te voer,
en om te "oorleef" in die nuwe ekonomie. Inligtings netwerke fasiliteer kommunikasie
en transaksies tussen kliente, verskaffers, vennote, en werknemers. Nuwe tegnologiee
verder veskuif netwerk grense, wyer as die tak-kantoor, na private huise, lughawens, of
die koffie kafee - deur middel van draadlose internet toegang. Alhoewel tegnologie
ontwikkelings bydra tot verbeterde produktiwiteit, en gemak van gebruik - dra dit ook by
tot groter gevaar van aanvalle op die integriteit en konfidensialiteit van enige inligtings
transaksie. Een van die sleutel vrae is hoe om die regte vlak van inligting netwerk
sekuriteit te bereik, en om die regte beskermings metodes te implementeer - sonder
om die produtiwiteit te inhibeer.
Die inligting sekuritets vraagstuk is nie bloot 'n lokale vraagstuk nie, maar van globale
skaal, en Suid-Afrikaanse besighede is nie minder in gevaar as enige ander besigheid
in 'n ander lande nie, veral nie as aspekte soos globaliseering in ag geneem word nie.
Die sentrale vraag is: Hoe sien die Suid-Afrikaanse besigheids wereld inligtings
sekuriteit, en die waargenome sukses met die implementering van inligtings sekuriteit
prosesse, en ook hoe hul die toekoms sien van inligtings sekuriteit.
Ingenue* Consulting is 'n wereldwye besigheid, gefokus op tegnologie konsultasie
dienste, oor 'n wye reeks industriee en tegnologiee. Inligting sekuriteit is deur Ingenue
Consulting ge-identifiseer as 'n globale probleem, en primere navorsing in die area is al
onderneem in verskillende geografiee, soos Australie en die Verenigde Koninkryk. Die
Suid-Afrikaanse tak van Ingenue het vroeg in 2004 besluit om 'n lokale studie te doen
oor top bestuur se persepsies van inligting sekuriteits risikos, in beide die publieke en
privaat besigheids wereld. Die interne navorsings afdeling van Ingenue Consulting in Suid-Afrika is gevra om die
nodige studie te ondeneem, om dit dan met globale studies te vergelyk, en te kan
bepaal waar gapings mag wees, en hoe om die gapings aan te spreek. Die navorsings
afdeling het begin deur 'n ekstensiewe literatuur studie te doen, as hulp tot die
samestelling van die vrae-lys. 'n Teiken groep van top Suid-Afrikaanse besighede,
verteenwoordigend van alle industriee is genader om 'n onderhoud toe te staan om die
vrae-lys te voltooi - vyftig onderhoude was voltooi. Die rou data is gekollekteer en
geanaliseer, om 'n opinie te formuleer oor die inligtings sekuriteit persepsies en
praktyke van die besigheids omgewing in Suid-Afrika.
Die navorsing het bevestig dat die Suid-Afrikaanse mark baie dieselfde is as ander
geografiese markte - in terme van inligting sekuriteit. Van die sleutel konklusies is:
Inligting sekuriteit ooreenkomste word meestal geteken met die aanvangs van diens,
maar bitter selde dan weer opgevolg of hernu - dit is byna kontradikterend dat top
bestuur ook baie besorg is oor inligting sekuriteit, en dat dit dikwels by raads
vergaderings bespreek word. Die mobiliteit van inligting is 'n groeiende bekommernis,
omrede inligting dan nog meer op risiko is.
Meeste respondente sien hulself as beter of meer gevorderd as hul kompeteerders - 'n
oor-estimasie van sukses in inligtings sekuriteit kan lei tot groter probleme in die
toekoms. Die sensitiewe natuur van inligting sekuriteit maak ope vergelyking van
gedetaileerde prosesse moeilik - en meeste besighede is nie bereid om deel te neem
aan algemene gesprekke nie. Terwyl besighede wat hul tegnologie afdeling deur 'n
derde party bestuur, neem geen verantwoordelikheid vir hul inligtings sekuriteit nie. 'n
Groter bekommernis is dat besighede in Suid-Afrika nie 'n aktiewe proses het om op
hoogte bly van wat die beste opsies is in inligtings sekuriteit nie, of wat hul
teenstanders doen nie - maar vertrou op die advies van verkoops en konsultasie
maatskappye, of media berigte
- …