Cloud-Based Security Driven Human Resource Management System

With the emergence of cloud computing, it has become easy to store large volumes of data in the cloud to enhance Human Resource Management (HRM), based on the elasticity and scalability that cloud computing offers. This paper proposes the OnibereOdunayoSecurity-4 (OOS-4) security model for Human Resource Information System (HRIS) deployed on a cloud platform. The OOS-4 framework is a holistic and integrated model that is expected to allow for better interrelatedness of the various components of a HRM organization with adequate consideration for security. Furthermore, utilizing the Platform as a Service (PaaS) cloud computing architecture, the model was implemented using the Google App Engine. The result is a scalable application in which the data in storage is encrypted and visible on the Google Cloud Platform data store. The application is secured by proving encryption for data in storage on the Google Cloud Platform. The application will enhance HRM

FEDSACE: A Framework for Enhanced user Data Security algorithms in Cloud Computing Environment

With technological advancements and constant changes of Internet, cloud computing has been today's trend. With the lower cost and convenience of cloud computing services, users have increasingly put their Web resources and information in the cloud environment. Increasing data volume is giving the bigger task of Data Centers to provide a better quality of cloud computing. The main usage of cloud computing is data storage. It is more reliable and flexible to users to store and retrieve their data at anytime and anywhere. the security of cloud computing plays a major role in the cloud computing, as customers often store important information with cloud storage providers but these providers may be unsafe. Customers are wondering about attacks on the integrity and the availability of their data in the cloud from malicious insiders and outsiders, and from any collateral damage of cloud services. These issues are extremely significant but there is still much room for security research in cloud computing. This paper presents a framework for global data security of the cloud with two-level Security model. The proposed framework is intended for adapting a system and the framework allows the network service provider to deploy a security in different data centers dynamically while the customers need more security for increasing the data storage

Data security in cloud storage services

Cloud Computing is considered to be the next-generation architecture for ICT where it moves the application software and databases to the centralized large data centers. It aims to offer elastic IT services where clients can benefit from significant cost savings of the pay-per-use model and can easily scale up or down, and do not have to make large investments in new hardware. However, the management of the data and services in this cloud model is under the control of the provider. Consequently, the cloud clients have less control over their outsourced data and they have to trust cloud service provider to protect their data and infrastructure from both external and internal attacks. This is especially true with cloud storage services. Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, tablets, notebooks, etc.). Besides famous cloud storage providers, such as Amazon, Google, and Microsoft, more and more third-party cloud storage service providers are emerging. These services are dedicated to offering more accessible and user friendly storage services to cloud customers. Examples of these services include Dropbox, Box.net, Sparkleshare, UbuntuOne or JungleDisk. These cloud storage services deliver a very simple interface on top of the cloud storage provided by storage service providers. File and folder synchronization between different machines, sharing files and folders with other users, file versioning as well as automated backups are the key functionalities of these emerging cloud storage services. Cloud storage services have changed the way users manage and interact with data outsourced to public providers. With these services, multiple subscribers can collaboratively work and share data without concerns about their data consistency, availability and reliability. Although these cloud storage services offer attractive features, many customers have not adopted these services. Since data stored in these services is under the control of service providers resulting in confidentiality and security concerns and risks. Therefore, using cloud storage services for storing valuable data depends mainly on whether the service provider can offer sufficient security and assurance to meet client requirements. From the way most cloud storage services are constructed, we can notice that these storage services do not provide users with sufficient levels of security leading to an inherent risk on users\u27 data from external and internal attacks. These attacks take the form of: data exposure (lack of data confidentiality); data tampering (lack of data integrity); and denial of data (lack of data availability) by third parties on the cloud or by the cloud provider himself. Therefore, the cloud storage services should ensure the data confidentiality in the following state: data in motion (while transmitting over networks), data at rest (when stored at provider\u27s disks). To address the above concerns, confidentiality and access controllability of outsourced data with strong cryptographic guarantee should be maintained. To ensure data confidentiality in public cloud storage services, data should be encrypted data before it is outsourced to these services. Although, users can rely on client side cloud storage services or software encryption tools for encrypting user\u27s data; however, many of these services fail to achieve data confidentiality. Box, for example, does not encrypt user files via SSL and within Box servers. Client side cloud storage services can intentionally/unintentionally disclose user decryption keys to its provider. In addition, some cloud storage services support convergent encryption for encrypting users\u27 data exposing it to “confirmation of a file attack. On the other hand, software encryption tools use full-disk encryption (FDE) which is not feasible for cloud-based file sharing services, because it encrypts the data as virtual hard disks. Although encryption can ensure data confidentiality; however, it fails to achieve fine-grained access control over outsourced data. Since, public cloud storage services are managed by un-trusted cloud service provider, secure and efficient fine-grained access control cannot be realized through these services as these policies are managed by storage services that have full control over the sharing process. Therefore, there is not any guarantee that they will provide good means for efficient and secure sharing and they can also deduce confidential information about the outsourced data and users\u27 personal information. In this work, we would like to improve the currently employed security measures for securing data in cloud store services. To achieve better data confidentiality for data stored in the cloud without relying on cloud service providers (CSPs) or putting any burden on users, in this thesis, we designed a secure cloud storage system framework that simultaneously achieves data confidentiality, fine-grained access control on encrypted data and scalable user revocation. This framework is built on a third part trusted (TTP) service that can be employed either locally on users\u27 machine or premises, or remotely on top of cloud storage services. This service shall encrypts users data before uploading it to the cloud and decrypts it after downloading from the cloud; therefore, it remove the burden of storing, managing and maintaining encryption/decryption keys from data owner\u27s. In addition, this service only retains user\u27s secret key(s) not data. Moreover, to ensure high security for these keys, it stores them on hardware device. Furthermore, this service combines multi-authority ciphertext policy attribute-based encryption (CP-ABE) and attribute-based Signature (ABS) for achieving many-read-many-write fine-grained data access control on storage services. Moreover, it efficiently revokes users\u27 privileges without relying on the data owner for re-encrypting massive amounts of data and re-distributing the new keys to the authorized users. It removes the heavy computation of re-encryption from users and delegates this task to the cloud service provider (CSP) proxy servers. These proxy servers achieve flexible and efficient re-encryption without revealing underlying data to the cloud. In our designed architecture, we addressed the problem of ensuring data confidentiality against cloud and against accesses beyond authorized rights. To resolve these issues, we designed a trusted third party (TTP) service that is in charge of storing data in an encrypted format in the cloud. To improve the efficiency of the designed architecture, the service allows the users to choose the level of severity of the data and according to this level different encryption algorithms are employed. To achieve many-read-many-write fine grained access control, we merge two algorithms (multi-authority ciphertext policy attribute-based encryption (MA- CP-ABE) and attribute-based Signature (ABS)). Moreover, we support two levels of revocation: user and attribute revocation so that we can comply with the collaborative environment. Last but not least, we validate the effectiveness of our design by carrying out a detailed security analysis. This analysis shall prove the correctness of our design in terms of data confidentiality each stage of user interaction with the cloud

Recommendations and best practices for cloud enterprise security

© 2014 IEEE. Enterprise security is essential to achieve global information security in business and organizations. Enterprise Cloud computing is a new paradigm for that enterprise where businesses need to be secured. Enterprise Cloud computing has established its businesses and software as a service paradigm is increasing its demand for more services. However, this new trend needs to be more systematic with respect to Enterprise Cloud security. Enterprise Cloud security is the key factor in sustaining Enterprise Cloud technology by building-in trust. For example, current challenges that are witnessed today with cyber security and application security flaws are important lessons to be learned. It also has provided best practices that can be adapted. Similarly, as the demand for Enterprise Cloud services increases and so increased importance sought for security and privacy. This paper presents recommendations for enterprise security to analyze and model Enterprise Cloud organizational security of the Enterprise Cloud and its data. In particular, Enterprise Cloud data and Enterprise Cloud storage technologies have become more commonly used in organization that adopt Cloud Computing. Therefore, building trust for Enterprise Cloud users should be the one of the main focuses of Enterprise Cloud computing research

A Survey on Cloud Storage Auditing Protocols

As Today�s world depends on dynamically updated data, the best way to store and update data is cloud storage service. The common issue for storing data in cloud storage is its security though every individual client holds his/her own secret key the key service has to be supportive and is effective to the customer in different situations, so key redesign of outsourcing is important. The key overhauls can be handled by some authorized inspector known as TPA (Third Party Auditor) to reduce key upgrade burden from customer. It is the responsible of TPA now, to save key upgrades and makes key updates transparent for client. In existing solutions, client has to update key by himself at periodic times which leads to problem for those who need to concentrate on their main role in the market or with the people who have limited resources. This paper encloses a survey on the key exposure problem in cloud storage is formulated where the main goal is that cloud storage settings and key updates are safely outsourced to some third party where TPA can only hold encrypted version of client secret key formalizing security model. Security proof can be analyzed and make sure that design is secure and efficient