Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT for Sustainable Developmen

MHCP: Multimedia Hybrid Cloud Computing Protocol and Architecture for Mobile Devices

[EN] Multimedia cloud computing has appeared as a very attractive environment for the business world in terms of providing cost-effective services with a minimum of entry costs and infrastructure requirements. There are some architecture proposals in the related literature, but there is no multimedia cloud computing architecture with hybrid features specifically designed for mobile devices. In this article, we propose a new multimedia hybrid cloud computing architecture and protocol. It merges existing private and public clouds and combines IaaS, SaaS and SECaaS cloud computing models in order to find a common platform to deliver real time traffic from heterogeneous multimedia and social networks for mobile users. The developed protocol provides suitable levels of QoS, while providing a secure and trusted cloud environment.Jimenez, JM.; Díaz Santos, JR.; Lloret, J.; Romero Martínez, JO. (2019). MHCP: Multimedia Hybrid Cloud Computing Protocol and Architecture for Mobile Devices. IEEE Network. 33(1):106-112. https://doi.org/10.1109/MNET.2018.1300246S10611233

Securing multi-tenancy systems through multi DB instances and multiple databases on different physical servers

Use of the same application by multiple users through internet as a service is supported by cloud computing system. Both the user and attacker stay in the same machine as both of them are users of the same application creating an in-secure environment. Service must ensure secrecy both at the application and data layer level. Data isolation and Application isolation are two basic aspects that must be ensured to cater for security as desired by the clients that accesses the service. In this paper a more secured mechanism has been presented that help ensuring data isolation and security when Multi-tenancy of the users to the same service has been implemented

Store Edge Networked Data (SEND): A Data and Performance Driven Edge Storage Framework

The number of devices that the edge of the Internet accommodates and the volume of the data these devices generate are expected to grow dramatically in the years to come. As a result, managing and processing such massive data amounts at the edge becomes a vital issue. This paper proposes "Store Edge Networked Data" (SEND), a novel framework for in-network storage management realized through data repositories deployed at the network edge. SEND considers different criteria (e.g., data popularity, data proximity from processing functions at the edge) to intelligently place different categories of raw and processed data at the edge based on system-wide identifiers of the data context, called labels. We implement a data repository prototype on top of the Google file system, which we evaluate based on real-world datasets of images and Internet of Things device measurements. To scale up our experiments, we perform a network simulation study based on synthetic and real-world datasets evaluating the performance and trade-offs of the SEND design as a whole. Our results demonstrate that SEND achieves data insertion times of 0.06ms-0.9ms, data lookup times of 0.5ms-5.3ms, and on-time completion of up to 92% of user requests for the retrieval of raw and processed data

A Descriptive Literature Review and Classification of Cloud Computing Research

We present a descriptive literature review and classification scheme for cloud computing research. This includes 205 refereed journal articles published since the inception of cloud computing research. The articles are classified based on a scheme that consists of four main categories: technological issues, business issues, domains and applications, and conceptualising cloud computing. The results show that although current research is still skewed towards technological issues, new research themes regarding social and organisational implications are emerging. This review provides a reference source and classification scheme for IS researchers interested in cloud computing, and to indicate under-researched areas as well as future directions

Escalabilidade de serviços em nuvem com gerência de identidade federada

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2014.Com o amadurecimento de abordagens de autorização multi-inquilino e gerenciamento de identidade federada para computação em nuvem, a provisão de serviços utilizando esse paradigma permite maximizar a eficiência para organizações em que o controle de acesso e imprescindível. No entanto, no que tange o suporte a escalabilidade, principalmente horizontal, algumas características dessas abordagens baseadas em protocolos de autenticação central apresentam problemas. Este trabalho visa mitigar esses problemas provendo uma solução baseada em uma adaptação do mecanismo sticky-session para a arquitetura Shibboleth utilizando JASIG CAS. Essa alternativa, em comparação com a abordagem recomendada baseada em distribuição de memória, mostrou mais eficiência e redução da complexidade da infraestrutura, exigindo um percentual de menos 58% de recursos computacionais e aprimorando o throughput (requisições por segundo) em 11%.Abstract : As multi-tenant authorization and federated identity management systems for cloud computing matures, the provisioning of services using this paradigm allows maximum efficiency on business that requires access control. However, regarding scalability support, mainly horizontal, some characteristics of those approaches based on central authentication protocols are problematic. The objective of this work is to address these issues by providing an adapted sticky-session mechanism for a Shibboleth architecture using JASIG CAS. This alternative, comparedwith the recommended shared memory approach, shown improvedeciency and less overall infrastructure complexity, as well as demandingless 58% of computational resources and improving throughput (requests per second) by 11%

Virtual Resources & Internet of Things

Internet of Things (IoT) systems mostly follow a Cloud-centric approach. These systems get the benefits of the extensive computational capabilities and flexibility of the Cloud. Although Cloud-centric systems support virtualization of components to interact with IoT networks, many of these systems introduce high latency and restrict direct access to IoT devices. Fog computing has been presented as an alternative to reduce latency when engaging IoT networks, however, new forms of virtualization are required to access physical devices in a direct manner. This research introduces a definition of Virtual Resources to enable direct access to IoT networks and to allow richer interactions between applications and IoT components. Additionally, this work proposes Virtual Resources as a mechanism to handle the multi-tenancy challenge that emerges when more than one tenant tries to access and manipulate an IoT component simultaneously. Virtual Resources are developed using Go language and CoAP protocol. This work proposes permission-based blockchain to provision Virtual Resources directly on IoT devices. Seven experiments have been done using Raspberry Pi computers and Edison Arduino boards to test the definition of Virtual Resources presented by this work. The results of the experiments demonstrate that Virtual Resources can be deployed across different IoT platforms. Also, the results show that Virtual Resources and blockchain can support multi-tenancy in the IoT space. IBM Bluemix Blockchain as a Service and Multichain blockchain have been evaluated handling the provisioning of Virtual Resources in the IoT network. The results of these experiments show that permission-based blockchain can store the configurations of Virtual Resources and provision these configurations in the IoT network