Handling Confidential Data on the Untrusted Cloud: An Agent-based Approach

Cloud computing allows shared computer and storage facilities to be used by a multitude of clients. While cloud management is centralized, the information resides in the cloud and information sharing can be implemented via off-the-shelf techniques for multiuser databases. Users, however, are very diffident for not having full control over their sensitive data. Untrusted database-as-a-server techniques are neither readily extendable to the cloud environment nor easily understandable by non-technical users. To solve this problem, we present an approach where agents share reserved data in a secure manner by the use of simple grant-and-revoke permissions on shared data.Comment: 7 pages, 9 figures, Cloud Computing 201

Comparative study on encryption algorithms in cloud environment

Cloud computing is the Internet based development and used in computer technology where end users are provided with on demand shared resources, software and information. Security is being a major issue in the cloud computing, and it arise attention for Cloud Service Providers (CSP) and end users. Cloud computing security problem raises suspicions and makes many organizations refuse the idea of using the cloud in storing certain data within the cloud computing, especially data with high confidentiality. In addition, cloud users try to avoid being controlled by the CSPs. To avoid the data and data transmission from attackers, appropriate key management is necessary. Besides that, all the data is virtual and cloud is an open service and using a public network such as the Internet for application and services, which has security issues like authentication data loss. Encryption algorithm is a technique that is used to make data on the cloud secured. The aim of the study is to propose the authentication model using Kerberos technique for cloud environment to provides more security. This model can benefit by filtering the unauthorized access and also to reduce the memory usage of cloud provider against authentication checks for each user. It also acts as the third party between cloud server and users to allow authorized access to the cloud services. In this research, the performance of the algorithm is measured based on the computational and communication time. The performance is compared with three algorithms which are RSA, DSA and AES. Result experiment shows that RSA is performing much better than DSA and AES in terms of computational time

iPrivacy: a Distributed Approach to Privacy on the Cloud

The increasing adoption of Cloud storage poses a number of privacy issues. Users wish to preserve full control over their sensitive data and cannot accept that it to be accessible by the remote storage provider. Previous research was made on techniques to protect data stored on untrusted servers; however we argue that the cloud architecture presents a number of open issues. To handle them, we present an approach where confidential data is stored in a highly distributed database, partly located on the cloud and partly on the clients. Data is shared in a secure manner using a simple grant-and-revoke permission of shared data and we have developed a system test implementation, using an in-memory RDBMS with row-level data encryption for fine-grained data access controlComment: 13 pages, International Journal on Advances in Security 2011 vol.4 no 3 & 4. arXiv admin note: substantial text overlap with arXiv:1012.0759, arXiv:1109.355

iPrivacy : a distributed approach to privacy on the cloud

The increasing adoption of Cloud storage poses a number of privacy issues. Users wish to preserve full control over their sensitive data and cannot accept that it is accessible by the remote storage provider. Previous research was made on techniques to protect data stored on untrusted servers; however we argue that the cloud architecture presents a number of open issues. To handle them, we present an approach where confidential data is stored in a highly distributed database, partly located on the cloud and partly on the clients. Data is shared in a secure manner using a simple grant-and-revoke permission of shared data and we have developed a system test implementation, using an in memory Relational Data Base Management System with row-level data encryption for fine-grained data access control

From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions

A DISTRIBUTED APPROACH TO PRIVACY ON THE CLOUD

The increasing adoption of Cloud-based data processing and storage poses a number of privacy issues. Users wish to preserve full control over their sensitive data and cannot accept it to be fully accessible to an external storage provider. Previous research in this area was mostly addressed at techniques to protect data stored on untrusted database servers; however, I argue that the Cloud architecture presents a number of specific problems and issues. This dissertation contains a detailed analysis of open issues. To handle them, I present a novel approach where confidential data is stored in a highly distributed partitioned database, partly located on the Cloud and partly on the clients. In my approach, data can be either private or shared; the latter is shared in a secure manner by means of simple grant-and-revoke permissions. I have developed a proof-of-concept implementation using an in\u2011memory RDBMS with row-level data encryption in order to achieve fine-grained data access control. This type of approach is rarely adopted in conventional outsourced RDBMSs because it requires several complex steps. Benchmarks of my proof-of-concept implementation show that my approach overcomes most of the problems

Toward cloud-based key management for outsourced databases

A major drawback of implementing Database-as-a-Service (DaaS) on untrusted servers is the complexity of key management required for handling revocation. In this paper we put forward the idea of using the cloud for decoupling the management of local, user-specific encryption keys from the one of role-specific protection keys, obtaining simple key management and revocation schemes