DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST

A survey of security issue in multi-agent systems

Multi-agent systems have attracted the attention of researchers because of agents' automatic, pro-active, and dynamic problem solving behaviors. Consequently, there has been a rapid development in agent technology which has enabled us to provide or receive useful and convenient services in a variety of areas such as banking, transportation, e-business, and healthcare. In many of these services, it is, however, necessary that security is guaranteed. Unless we guarantee the security services based on agent-based systems, these services will face significant deployment problems. In this paper, we survey existing work related to security in multi-agent systems, especially focused on access control and trust/reputation, and then present our analyses. We also present existing problems and discuss future research challenges. © Springer Science+Business Media B.V 2011

Search for direct production of charginos and neutralinos in events with three leptons and missing transverse momentum in √s=7 TeV pp collisions with the ATLAS detector

A search for the direct production of charginos and neutralinos in final states with three electrons or muons and missing transverse momentum is presented. The analysis is based on 4.7 fb(-1) of root s = 7 TeV proton-proton collision data delivered by the Large Hadron Collider and recorded with the ATLAS detector. Observations are consistent with Standard Model expectations in three signal regions that are either depleted or enriched in Z-boson decays. Upper limits at 95% confidence level are set in R-parity conserving phenomenological minimal supersymmetric models and in simplified models, significantly extending previous results. (C) 2012 CERN. Published by Elsevier B.V. All rights reserved

Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment

Security issues are delaying fast adoption of cloud computing and security mechanisms to ensure its secure adoption has become a crucial immediate need. On the other hand, cloud computing can help enable security controls to be delivered in new ways by service providers. To this end, we need frameworks for efficient delivery of cloud-based security services and for provisioning desirable solutions to customers based on their requirements. In this paper, we focus on policy management systems in cloud environments. Currently, users must use diverse access control solutions available for each cloud service provider to secure data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud provider. Heterogeneity and distribution of these policies pose problems in managing access policy rules for a cloud environment. In this paper, we introduce Policy Management as a Service (PMaaS), a cloud based policy management framework that is designed to give users a unified control point for managing access policies to control access to his resources no matter where they are stored. We present the framework and describe its components and protocols needed for various components to communicate. © 2012 IEEE

Security and privacy challenges in cloud computing environments

The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this article, the authors present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. They discuss various approaches to address these challenges, existing solutions, and future work needed to provide a trustworthy cloud computing environment. © 2006 IEEE

A trust-based approach against IP-spoofing attacks

IP-spoofing attacks remain one of the most damaging attacks in which an attacker replaces the original source IP address with a new one. Using the existing attacking tools to launch IP spoofing attacks, an attacker can now easily compromise access routers and not only the end-hosts. In this paper, we propose a trust-based approach using a Bayesian inference model that evaluates the trustworthiness of an access router with regards to forwarding packets without modifying their source IP address. The trust values for the access routers is computed by a judge router that samples all traffic being forwarded by the access routers. The simulation results show that our approach effectively detects malicious access routers. The results also show that our approach has a low impact on the network performance when no attack is present, and that it introduces little overhead traffic. © 2011 IEEE

An analysis of expressiveness and design issues for the generalized temporal role-based access control model

The Generalized Temporal Role-Based Access Control (GTRBAC) model provides a comprehensive set of temporal constraint expressions which can facilitate the specification of fine-grained time-based access control policies. However, the issue of the expressiveness and usability of this model has not been previously investigated. In this paper, we present an analysis of the expressiveness of the constructs provided by this model and illustrate that its constraints-set is not minimal. We show that there is a subset of GTRBAC constraints that is sufficient to express all the access constraints that can be expressed using the full set. We also illustrate that a nonminimal GTRBAC constraint set can provide better flexibility and lower complexity of constraint representation. Based on our analysis, a set of design guidelines for the development of GTRBAC-based security administration is presented. © 2005 IEEE

SecureCloud: Towards a comprehensive security framework for cloud computing environments

Cloud computing has recently gained tremendous momentum but still is in its infancy. It has the potential for significant cost reduction and the increased operating efficiencies in computing. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this paper, we propose a comprehensive security framework for cloud computing environments. We also discuss challenges, existing solutions, approaches, and future work needed to provide a trustworthy cloud computing environment. © 2010 IEEE