DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST

Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT for Sustainable Developmen

Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment

Security issues are delaying fast adoption of cloud computing and security mechanisms to ensure its secure adoption has become a crucial immediate need. On the other hand, cloud computing can help enable security controls to be delivered in new ways by service providers. To this end, we need frameworks for efficient delivery of cloud-based security services and for provisioning desirable solutions to customers based on their requirements. In this paper, we focus on policy management systems in cloud environments. Currently, users must use diverse access control solutions available for each cloud service provider to secure data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud provider. Heterogeneity and distribution of these policies pose problems in managing access policy rules for a cloud environment. In this paper, we introduce Policy Management as a Service (PMaaS), a cloud based policy management framework that is designed to give users a unified control point for managing access policies to control access to his resources no matter where they are stored. We present the framework and describe its components and protocols needed for various components to communicate. © 2012 IEEE

Security and privacy risks of using e-mail address as an identity

More and more websites are allowing or requiring users to input their e-mail addresses to be used either as identities or for other purposes. Although username-based identity and password problems resulting from user behaviors have been a research focus for quite some time, the serious issues related to using e-mail address as an identity and the associated online behaviors of users have not been well investigated in the literature. In this paper, we discuss and analyze security and privacy problems resulting from the use of e-mail address as identity via well-designed user behavior survey and by investigating website's design schemes. Our results illustrate that using e-mail address as an identity poses high security and privacy risks. This is mainly because of the multiple usages of e-mail addresses and users' improper online habits. Moreover, we discuss the drawbacks of existing solutions for e-mail address as identity and related password problems, and present two potential solutions that may secure online identity management systems in future. © 2010 IEEE

Security and privacy challenges in cloud computing environments

The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this article, the authors present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. They discuss various approaches to address these challenges, existing solutions, and future work needed to provide a trustworthy cloud computing environment. © 2006 IEEE