Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

Serviços de imagem médica suportados na cloud

Mestrado em Engenharia de Computadores e TelemáticaHoje em dia, as instituições de cuidados de saúde, utilizam a telemedicina para suportar ambientes colaborativos. Na área da imagem médica digital, a quantidade de dados tem crescido substancialmente nos últimos anos, requerendo mais infraestruturas para fornecer um serviço com a qualidade desejada. Os computadores e dispositivos com acesso à Internet estão acessíveis em qualquer altura e em qualquer lugar, criando oportunidades para partilhar e utilizar recursos online. Uma enorme quantidade de processamento computacional e armazenamento são utilizados como uma comodidade no quotidiano. Esta dissertação apresenta uma plataforma para suportar serviços de telemedicina sobre a cloud, permitindo que aplicações armazenem e comuniquem facilmente, utilizando qualquer fornecedor de cloud. Deste modo, os programadores não necessitam de se preocupar onde os recursos vão ser instalados a as suas aplicações não ficam limitadas a um único fornecedor. Foram desenvolvidas duas aplicações para tele-imagiologia com esta plataforma: repositório de imagens médicas e uma infraestrutura de comunicações entre centros hospitalares. Finalmente, a arquitetura desenvolvida é genérica e flexível permitindo facilmente a sua expansão para outras áreas aplicacionais e outros serviços de cloud.Healthcare institutions resort largely, nowadays, to telemedicine in order to support collaborative environments. In the medical imaging area, the huge amount of medical volume data has increased over the past few years, requiring high-performance infrastructures to provide services with required quality. Computing devices and Internet access are now available anywhere and at anytime, creating new opportunities to share and use online resources. A tremendous amount of ubiquitous computational power and an unprecedented number of Internet resources and services are used every day as a normal commodity. This thesis presents a telemedicine service platform over the Cloud that allows applications to store information and to communicate easier, using any Internet cloud provider. With this platform, developers do not concern where the resources will be deployed and the applications will not be restricted to a specific cloud vendor. Two tele-imagiologic applications were developed along with this platform: a medical imaging repository and an interinstitutional communications infrastructure. Lastly, the architecture developed is generic and flexible to expand to other application areas and cloud services

Security-oriented cloud computing platform for critical infrastructures

The rise of virtualisation and cloud computing is one of the most significant features of computing in the last 10 years. However, despite its popularity, there are still a number of technical barriers that prevent it from becoming the truly ubiquitous service it has the potential to be. Central to this are the issues of data security and the lack of trust that users have in relying on cloud services to provide the foundation of their IT infrastructure. This is a highly complex issue, which covers multiple inter-related factors such as platform integrity, robust service guarantees, data and network security, and many others that have yet to be overcome in a meaningful way. This paper presents a concept for an innovative integrated platform to reinforce the integrity and security of cloud services and we apply this in the context of Critical Infrastructures to identify the core requirements, components and features of this infrastructure

TSKY: a dependable middleware solution for data privacy using public storage clouds

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaThis dissertation aims to take advantage of the virtues offered by data storage cloud based systems on the Internet, proposing a solution that avoids security issues by combining different providers’ solutions in a vision of a cloud-of-clouds storage and computing. The solution, TSKY System (or Trusted Sky), is implemented as a middleware system, featuring a set of components designed to establish and to enhance conditions for security, privacy, reliability and availability of data, with these conditions being secured and verifiable by the end-user, independently of each provider. These components, implement cryptographic tools, including threshold and homomorphic cryptographic schemes, combined with encryption, replication, and dynamic indexing mecha-nisms. The solution allows data management and distribution functions over data kept in different storage clouds, not necessarily trusted, improving and ensuring resilience and security guarantees against Byzantine faults and at-tacks. The generic approach of the TSKY system model and its implemented services are evaluated in the context of a Trusted Email Repository System (TSKY-TMS System). The TSKY-TMS system is a prototype that uses the base TSKY middleware services to store mailboxes and email Messages in a cloud-of-clouds

Emerging Technology in Business and Finance

In the globalized scenario where technologies are developing continuously with time, these novel methods are affecting the business and finance in the significant way. In this chapter we are going to discuss about the major emerging technologies in the field of entrepreneurship, application development, finance, and business. The authors are going to start with the introduction about the business, finance, entrepreneurship and application development, and the effect of the emerging technologies on these fields and the way in which technologies are developing from time to time, about adoption of these technologies by industries. The changes in the technologies with special reference to developed and developing country will also be the part of this chapter. Moving ahead we are discussing about these technologies in prevailing businesses as well as upcoming business. Some of the technologies we are going to discuss are Embedded Business Intelligence, Amplified Visual Presentation, Augmented Analytics, Cloud Management. Beside these technologies, we are going to cover about the growing automation in the finance sector such as Cloud banking, Robotic process automation, Blockchain, Internet of things, etc. This chapter will cover all the technologies while getting the complete knowledge about what, why, where, when and how it is changing in the present finance and business scenario. Just like the two opposite faces of the coin, one side these emerging technologies are boon for the business and finances then on the other side there are certain risks involved in these technologies, which can be a great threat to our business as well as in our routine life. So, we also discuss about the potential risks associated with these technologies. We will end our chapter by giving our conclusion, precautions, and suggestions on these technologies

An analysis about the relationship between the cloud computing model and ITIL v3 2011

Cloud Computing is widely recognized as a recent computing paradigm of digital transformation in which scalable and elastic computational resources are delivered as a service through Internet technologies. Its characteristics made this business model increasingly adopted by organizations reaching business goals. Besides its benefits, some risks may impact organizations internally and, in the way they deliver their services to their clients. Therefore, it became important to understand the impacts of the Cloud model on the way companies organize their processes. The goal of this work is to investigate which are the main impacts arising from the Cloud Computing model currently impacting Information Technology Infrastructure Library framework processes. The methodology selected will be through semi-structured interviews with knowledgeable professionals to effectively collect practical information that, according to the Systematic Literature Review performed, could not be collected by the traditional literature. By analyzing the Systematic Literature Review results, several processes of this framework were affected, which may lead to a need for reframing it. Although the organization’s approach to this model must be enhanced and adapted to a new reality, the empirical insights collected from semi-structured interviews, suggest that the framework does not need to be reframed, and ITIL v3 2011 most impacted processes by the introduction of the Cloud-based model, are Change Management and Incident Management.A computação em nuvem é amplamente reconhecida como um paradigma de computação recente da transformação digital, no qual recursos computacionais escaláveis e elásticos são fornecidos como um serviço através de tecnologias na Internet. As suas características fizeram com que esse modelo de negócio fosse cada vez mais adotado por organizações que na prossecução dos seus objetivos de negócio. Além dos benefícios, também existem os riscos podem impactar as organizações internamente e na forma como entregam os seus serviços aos clientes. Portanto, tornou-se importante entender os impactos do modelo de Cloud na forma como as empresas organizam seus próprios processos e práticas. O objetivo deste trabalho é investigar quais são os principais impactos decorrentes do modelo de Cloud que impactam atualmente os processos da Information Technology Infrastructure Library. A metodologia selecionada será por meio de entrevistas semiestruturadas a profissionais capacitados para recolher informações decorrentes de experiências na prática que, de acordo com a Revisão Sistemática da Literatura realizada, não poderiam ser obtidas pela literatura tradicional. Ao analisar os resultados da Revisão Sistemática da Literatura, diversos processos desta framework foram afetados, o que pode levar à necessidade de reformulá-la. As considerações empíricas recolhidas nas entrevistas semiestruturadas, sugerem que a framework não necessita de ser reformulada e que os processos do ITIL v3 2011 mais impactados no modelo Cloud são o de Gestão de Incidentes e de Gestão da Mudança

Foundations and Technological Landscape of Cloud Computing

The cloud computing paradigm has brought the benefits of utility computing to a global scale. It has gained paramount attention in recent years. Companies are seriously considering to adopt this new paradigm and expecting to receive significant benefits. In fact, the concept of cloud computing is not a revolution in terms of technology; it has been established based on the solid ground of virtualization, distributed system, and web services. To comprehend cloud computing, its foundations and technological landscape need to be adequately understood. This paper provides a comprehensive review on the building blocks of cloud computing and relevant technological aspects. It focuses on four key areas including architecture, virtualization, data management, and security issues

Privacy-preserving efficient searchable encryption

Data storage and computation outsourcing to third-party managed data centers, in environments such as Cloud Computing, is increasingly being adopted by individuals, organizations, and governments. However, as cloud-based outsourcing models expand to society-critical data and services, the lack of effective and independent control over security and privacy conditions in such settings presents significant challenges. An interesting solution to these issues is to perform computations on encrypted data, directly in the outsourcing servers. Such an approach benefits from not requiring major data transfers and decryptions, increasing performance and scalability of operations. Searching operations, an important application case when cloud-backed repositories increase in number and size, are good examples where security, efficiency, and precision are relevant requisites. Yet existing proposals for searching encrypted data are still limited from multiple perspectives, including usability, query expressiveness, and client-side performance and scalability. This thesis focuses on the design and evaluation of mechanisms for searching encrypted data with improved efficiency, scalability, and usability. There are two particular concerns addressed in the thesis: on one hand, the thesis aims at supporting multiple media formats, especially text, images, and multimodal data (i.e. data with multiple media formats simultaneously); on the other hand the thesis addresses client-side overhead, and how it can be minimized in order to support client applications executing in both high-performance desktop devices and resource-constrained mobile devices. From the research performed to address these issues, three core contributions were developed and are presented in the thesis: (i) CloudCryptoSearch, a middleware system for storing and searching text documents with privacy guarantees, while supporting multiple modes of deployment (user device, local proxy, or computational cloud) and exploring different tradeoffs between security, usability, and performance; (ii) a novel framework for efficiently searching encrypted images based on IES-CBIR, an Image Encryption Scheme with Content-Based Image Retrieval properties that we also propose and evaluate; (iii) MIE, a Multimodal Indexable Encryption distributed middleware that allows storing, sharing, and searching encrypted multimodal data while minimizing client-side overhead and supporting both desktop and mobile devices