62 research outputs found
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service
Database as a service provides services for accessing and managing customers
data which provides ease of access, and the cost is less for these services.
There is a possibility that the DBaaS service provider may not be trusted, and
data may be stored on untrusted server. The access control mechanism can
restrict users from unauthorized access, but in cloud environment access
control policies are more flexible. However, an attacker can gather sensitive
information for a malicious purpose by abusing the privileges as another user
and so database security is compromised. The other problems associated with the
DBaaS are to manage role hierarchy and secure session management for query
transaction in the database. In this paper, a role-based access control for the
multitenant database with role hierarchy is proposed. The query is granted with
least access privileges, and a session key is used for session management. The
proposed work protects data from privilege escalation and SQL injection. It
uses the partial homomorphic encryption (Paillier Encryption) for the
encrypting the sensitive data. If a query is to perform any operation on
sensitive data, then extra permissions are required for accessing sensitive
data. Data confidentiality and integrity are achieved using the role-based
access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT
for Sustainable Developmen
Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment
Security issues are delaying fast adoption of cloud computing and security mechanisms to ensure its secure adoption has become a crucial immediate need. On the other hand, cloud computing can help enable security controls to be delivered in new ways by service providers. To this end, we need frameworks for efficient delivery of cloud-based security services and for provisioning desirable solutions to customers based on their requirements. In this paper, we focus on policy management systems in cloud environments. Currently, users must use diverse access control solutions available for each cloud service provider to secure data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud provider. Heterogeneity and distribution of these policies pose problems in managing access policy rules for a cloud environment. In this paper, we introduce Policy Management as a Service (PMaaS), a cloud based policy management framework that is designed to give users a unified control point for managing access policies to control access to his resources no matter where they are stored. We present the framework and describe its components and protocols needed for various components to communicate. © 2012 IEEE
Security and privacy risks of using e-mail address as an identity
More and more websites are allowing or requiring users to input their e-mail addresses to be used either as identities or for other purposes. Although username-based identity and password problems resulting from user behaviors have been a research focus for quite some time, the serious issues related to using e-mail address as an identity and the associated online behaviors of users have not been well investigated in the literature. In this paper, we discuss and analyze security and privacy problems resulting from the use of e-mail address as identity via well-designed user behavior survey and by investigating website's design schemes. Our results illustrate that using e-mail address as an identity poses high security and privacy risks. This is mainly because of the multiple usages of e-mail addresses and users' improper online habits. Moreover, we discuss the drawbacks of existing solutions for e-mail address as identity and related password problems, and present two potential solutions that may secure online identity management systems in future. © 2010 IEEE
Security and privacy challenges in cloud computing environments
The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this article, the authors present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. They discuss various approaches to address these challenges, existing solutions, and future work needed to provide a trustworthy cloud computing environment. © 2006 IEEE
- …