Methodology to obtain the security controls in multi-cloud applications

What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation.European Commission's H202

An Integrated Framework for the Methodological Assurance of Security and Privacy in the Development and Operation of MultiCloud Applications

x, 169 p.This Thesis studies research questions about how to design multiCloud applications taking into account security and privacy requirements to protect the system from potential risks and about how to decide which security and privacy protections to include in the system. In addition, solutions are needed to overcome the difficulties in assuring security and privacy properties defined at design time still hold all along the system life-cycle, from development to operation.In this Thesis an innovative DevOps integrated methodology and framework are presented, which help to rationalise and systematise security and privacy analyses in multiCloud to enable an informed decision-process for risk-cost balanced selection of the protections of the system components and the protections to request from Cloud Service Providers used. The focus of the work is on the Development phase of the analysis and creation of multiCloud applications.The main contributions of this Thesis for multiCloud applications are four: i) The integrated DevOps methodology for security and privacy assurance; and its integrating parts: ii) a security and privacy requirements modelling language, iii) a continuous risk assessment methodology and its complementary risk-based optimisation of defences, and iv) a Security and Privacy Service Level AgreementComposition method.The integrated DevOps methodology and its integrating Development methods have been validated in the case study of a real multiCloud application in the eHealth domain. The validation confirmed the feasibility and benefits of the solution with regards to the rationalisation and systematisation of security and privacy assurance in multiCloud systems

Security and Privacy Enhancing Multi-Cloud Architectures

Security challenges are still among the biggest obstacles when considering the adoption of cloud services. This triggered a lot of research activities, resulting in a quantity of proposals targeting the various cloud security threats. Alongside with these security issues, the cloud paradigm comes with a new set of unique features, which open the path toward novel security approaches, techniques, and architectures. This paper provides a survey on the achievable security merits by making use of multiple distinct clouds simultaneously. Various distinct architectures are introduced and discussed according to their security and privacy capabilities and prospects

Network Coding-Based Next-Generation IoT for Industry 4.0

Industry 4.0 has become the main source of applications of the Internet of Things (IoT), which is generating new business opportunities. The use of cloud computing and artificial intelligence is also showing remarkable improvements in industrial operation, saving millions of dollars to manufacturers. The need for time-critical decision-making is evidencing a trade-off between latency and computation, urging Industrial IoT (IIoT) deployments to integrate fog nodes to perform early analytics. In this chapter, we review next-generation IIoT architectures, which aim to meet the requirements of industrial applications, such as low-latency and highly reliable communications. These architectures can be divided into IoT node, fog, and multicloud layers. We describe these three layers and compare their characteristics, providing also different use-cases of IIoT architectures. We introduce network coding (NC) as a solution to meet some of the requirements of next-generation communications. We review a variety of its approaches as well as different scenarios that improve their performance and reliability thanks to this technique. Then, we describe the communication process across the different levels of the architecture based on NC-based state-of-the-art works. Finally, we summarize the benefits and open challenges of combining IIoT architectures together with NC techniques

DATA SHARING WITH FORWARD SECURITY

Distributed computing is perpetual emanate most up to date innovation in IT industry, the scholarly world and business. The reiteration of utilizing a system of remote servers exhibited on the web to store, oversee, and handle information, sensibly than a nearby server or a PC. Distributed computing is the very available, pliable innovation that puts equipment, programming, and virtualized assets. Distributed computing substructure works over the web on interest premise. Primary elements of distributed computing is that on-interest capacities, wide system access, asset sharing, fast flexibility ,measured administration adaptability and offers shared administrations to client on interest premise in the scattered environment. Moreover, clients are uninformed of area where machines which really course and host their information. The motivation of this paper is to propose protected information getting to and sharing plan, for open clouds

A Novel Approach for Securing Cloud Data Using Cryptographic Approach

— Nowadays, many businesses are making use cloud computing facility either directly (e.g. Google or Amazon) or indirectly (e.g. Twitter) instead of traditional on-site alternatives. Costs reduction, universal access, availability of number of applications and flexibility is a number of reasons for popularity of cloud computing. As the cloud service providers cannot be trusted one, enough security is an important aspect to consider so that user can store sensitive information securely. The concept of Multi Clouds is introduces as cloud computing assures user to provide the data, the cloud computing environment failure may result in loss or unavailability of data. Multi clouds guarantee to provide service at any cost if there is any failure at any cloud due to any reason. The use of multi clouds as it can tackle the security and mainly availability issues much effectively than single cloud that affects cloud computing user. This paper presents survey of recent research related to single and multi cloud security and addresses possible solutions. This aims to promote the use of multi clouds to solve problem of data availability due to failure in individual cloud. To provide data confidentiality, data integrity as well as authenticity, security mechanisms such as data encryption, visual secret sharing scheme (VSS)and digital signature are used

StoreSim: Optimizing Information Leakage in Multicloud Storage Services

Many schemes have been recently advanced for storing data on multiple clouds. Distributing data over different cloud storage providers (CSPs) automatically provides users with a certain degree of information leakage control, as no single point of attack can leak all user's information. However, unplanned distribution of data chunks can lead to high information disclosure even while using multiple clouds. In this paper, to address this problem we present StoreSim, an information leakage aware storage system in multicloud. StoreSim aims to store syntactically similar data on the same cloud, thus minimizing the user's information leakage across multiple clouds. We design an approximate algorithm to efficiently generate similarity-preserving signatures for data chunks based on MinHash and Bloom filter, and also design a function to compute the information leakage based on these signatures. Next, we present an effective storage plan generation algorithm based on clustering for distributing data chunks with minimal information leakage across multiple clouds. Finally, we evaluate our scheme using two real datasets from Wikipedia and GitHub. We show that our scheme can reduce the information leakage by up to 60\% compared to unplanned placement

Security Enhancement on Cloud to multi Cloud using Audio Cryptography

Nowadays, cloud computing is most popular and modern technology of storing the large amount of information on the internet and accessing it from anywhere. Costs reduction, universal access, availability of number of applications and flexibility is a number of reasons for popularity of cloud computing. Users store sensitive information on cloud, providing security becomes important aspect as these cloud service providers cannot be trusted one. As the cloud computing assures user to provide the data, the cloud computing environment failure may result in loss or unavailability of data so the concept of Multi-Clouds is introduces. Dealing with single cloud” service providers are anticipated to become infamous with customers due to scare of service availability failure and the possibility of malicious intruders in the individual cloud. Multi-clouds guarantee to provide service at any cost if there is any failure at any cloud due to any reason. The use of multi-clouds as it can tackle the security and mainly availability issues much effectively than single cloud that affects cloud computing user. The proposed work surveys recent research related to single and multi cloud security and addresses possible solutions. This work aims to promote the use of multi clouds to solve problem of data availability due to failure in individual cloud. To provide data confidentiality as well as data integrity, security mechanism which uses an image audio secret sharing scheme(ASS) cryptography instead of visual secret sharing scheme(VSS)

Data Privacy in Multi-Cloud: An Enhanced Data Fragmentation Framework

Data splitting preserves privacy by partitioning data into various fragments to be stored remotely and shared. It supports most data operations because data can be stored in clear as opposed to methods that rely on cryptography. However, majority of existing data splitting techniques do not consider data already in the multi-cloud. This leads to unnecessary use of resources to re-split data into fragments. This work proposes a data splitting framework that leverages on existing data in the multi-cloud. It improves data splitting mechanisms by reducing the number of splitting operations and resulting fragments. Therefore, decreasing the number of storage locations a data owner manages. Broadcasts queries locate third-party data fragments to avoid costly operations when splitting data. This work examines considerations for the use of third-party fragments and application to existing data splitting techniques. The proposed framework was also applied to an existing data splitting mechanism to complement its capabilities.Comment: Keywords: Data Storage, Multi-Cloud, Cloud Security, Privacy Preservation, Privacy Enhancing, Data Splitting; https://ieeexplore.ieee.org/document/964774

Enhancing data security in cloud using random pattern fragmentation and a distributed nosql database

© 2019 IEEE. The cloud computing model has become very popular among users, as it has proven to be a cost-effective solution to store and process data, thanks to recent advancements in virtualization and distributed computing. Nevertheless, in the cloud environment, the user entrusts the safekeeping of its data entirely to the provider, which introduces the problem of how secure such data is and whether its integrity has been maintained. This paper proposes an approach to the data security in cloud by utilizing a random pattern fragmentation algorithm and combining it with a distributed NoSQL database. This not only increases the security of the data by storing it in different nodes and scramble all the bytes, but also allows the user to implement an alternative method of securing data. The performance of the approach is compared to other approaches, along with AES 256 encryption. Results indicate a significant performance improvement over encryption, highlighting the capabilities of this method for cloud stored data, as it creates a layer of protection without additional overhead