Secure Cloud Storage: A Framework for Data Protection as a Service in the Multi-cloud Environment

This paper introduces Secure Cloud Storage (SCS), a framework for Data Protection as a Service (DPaaS) to cloud computing users. Compared to the existing Data Encryption as a Service (DEaaS) such as those provided by Amazon and Google, DPaaS provides more flexibility to protect data in the cloud. In addition to supporting the basic data encryption capability as DEaaS does, DPaaS allows users to define fine-grained access control policies to protect their data. Once data is put under an access control policy, it is automatically encrypted and only if the policy is satisfied, the data could be decrypted and accessed by either the data owner or anyone else specified in the policy. The key idea of the SCS framework is to separate data management from security management in addition to defining a full cycle of data security automation from encryption to decryption. As a proof-of-concept for the design, we implemented a prototype of the SCS framework that works with both BT Cloud Compute platform and Amazon EC2. Experiments on the prototype have proved the efficiency of the SCS framework

Proactive Device Management for the Internet of Things

IoT ecosystems are rapidly expanding, and device management is emerging as a key challenge due to the scale, complexity, and dynamism of IoT systems. The adoption of autonomous techniques shows promise to alleviate key issues including maintaining organisational security when large volumes of IoT devices are being added and removed from a telecommunications network. Here we propose a proactive IoT device management approach that addresses the need to control network access in a risk-based manner. The proposed system comprises of two novel core components, a Management Platform for IoT (MP-IoT) component and an Intent-Based Microsegmentation (IBMS) component. The MP-IoT component carries out a risk management role and combines with IBMS to provide risk-based network segmentation. The two components work together to proactively manage risks by migrating devices between isolated network segments according to a dynamic assessment of the risk to the system from an individual device. Self-healing techniques may then be used to mitigate risks associated with a device and consequently change the network segment that it resides in. Here we present the key challenges associated with typical IoT environments and demonstrate how they are addressed by the proposed Proactive IoT Device Management architecture. A prototype implementation is also presented to validate the operation of the proposed architecture

An integrated active network approach to the provision of intrusion detection, network access policy and firewall functionality

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Characteristic-Based Security Analysis of Personal Networks

Abstract The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. In this paper, we present a summary of this analysis and discuss its usage

Characteristic−Based Security Analysis for the Personal Network

The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. We argue that this characteristic-based approach is better suited for use in the PN compared to the category-based approach in ITU-T X.1111 because of the high degree of heterogeneity between the PN components. In this paper, we present a summary of this analysis and discuss its usage

Characteristic−Based Security Analysis for the Personal Network

The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. We argue that this characteristic-based approach is better suited for use in the PN compared to the category-based approach in ITU-T X.1111 because of the high degree of heterogeneity between the PN components. In this paper, we present a summary of this analysis and discuss its usage

Characteristic-Based Security Analysis of Personal Networks

Abstract The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. In this paper, we present a summary of this analysis and discuss its usage

Malware detection in migrated virtual machines

A malware detection system to detect malware in a virtual machine (VM), the system including a profile generator adapted to generate a profile of a deployment of the VM, the profile including execution characteristics of the deployment; a VM package generator to generate a VM package including: a VM descriptor describing a particular deployment of the VM; and an image of the particular deployment, the image including a representation of data stored for the particular deployment of the VM; and a malware identifier adapted to identify malware in a deployment of the VM responsive to the identification of a difference between profiles of multiple different deployments of the VM

Malware detection in migrated virtual machines

A malware detection system to detect malware in a virtual machine (VM), the system including a profile generator adapted to generate a profile of a deployment of the VM, the profile including execution characteristics of the deployment; a VM package generator to generate a VM package including: a VM descriptor describing a particular deployment of the VM; and an image of the particular deployment, the image including a representation of data stored for the particular deployment of the VM; and a malware identifier adapted to identify malware in a deployment of the VM responsive to the identification of a difference between profiles of multiple different deployments of the VM