200 research outputs found
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS
Cloud computing paradigm has gained tremendous momentum and generated intensive interest.
Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption.
In this dissertation, we mainly focus on issues related to policy management and access control in the cloud.
Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs).
Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored.
Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs.
In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component.
In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments.
We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints.
We present a proof of concept implementation of the proposed framework and provide some performance evaluation.
In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness
On the Thermally Induced Failure of Rolling Element Bearings
This dissertation is devoted to the investigation of thermally induced seizure of rolling element bearings. A comprehensive thermal model of the rolling element bearings is developed which can predict the operating temperature of the bearing components in a wide range of operating conditions. The validity of this thermal model is verified by comparing the simulation results with a set of experiments. The results of simulations reveal that the rotational speed, oil viscosity and cooling rate of the housing have a significant influence on the operating temperature of the rolling bearings. To provide detailed information about all of the contact forces between the bearing components, a dynamic model of rolling element bearings is developed that can utilize different rheological models and traction curves in order to calculate the traction coefficient between the rollers and the raceways. The validity of this dynamic model is verified by comparing the simulation results with the previously published experimental results. The simulation results show that the simplified traction curves can be utilized in dynamic simulations only in operating conditions with low slide-to-roll ratios. This dynamic model is also employed to investigate the effect of surface roughness on the dynamic behavior of roller bearings operating at low rotational speeds and large radial loads. It was shown that an increase in the radial load results in a proportional increase in the wear rate and an exponential increase in the heat generation, although it does not affect the film thickness noticeably. Finally, the developed thermal and dynamic models are combined in a unified simulation approach to investigate two types of thermally induced failure in rolling element bearings. The simulations results revealed that the cage failure can occur during the thermal failure in radially–loaded rolling bearings operating at high temperatures, while a severe surface damage and disruption of the lubricant film can occur during the thermally induced failure of spindle bearings in high speed machine tools
Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service
Database as a service provides services for accessing and managing customers
data which provides ease of access, and the cost is less for these services.
There is a possibility that the DBaaS service provider may not be trusted, and
data may be stored on untrusted server. The access control mechanism can
restrict users from unauthorized access, but in cloud environment access
control policies are more flexible. However, an attacker can gather sensitive
information for a malicious purpose by abusing the privileges as another user
and so database security is compromised. The other problems associated with the
DBaaS are to manage role hierarchy and secure session management for query
transaction in the database. In this paper, a role-based access control for the
multitenant database with role hierarchy is proposed. The query is granted with
least access privileges, and a session key is used for session management. The
proposed work protects data from privilege escalation and SQL injection. It
uses the partial homomorphic encryption (Paillier Encryption) for the
encrypting the sensitive data. If a query is to perform any operation on
sensitive data, then extra permissions are required for accessing sensitive
data. Data confidentiality and integrity are achieved using the role-based
access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT
for Sustainable Developmen
DCDIDP: A Distributed, Collaborative, and Data-driven IDP Framework for the Cloud
Recent advances in distributed computing, grid computing, virtualization mechanisms, and utility computing led into Cloud Computing as one of the industry buzz words of our decade. As the popularity of the services provided in the cloud environment grows exponentially, the exploitation of possible vulnerabilities grows with the same pace. Intrusion Detection and Prevention Systems (IDPSs) are one of the most popular tools among the front line fundamental tools to defend the computation and communication infrastructures from the intruders. In this poster, we propose a distributed, collaborative, and data-driven IDP (DCDIDP) framework for cloud computing environments. Both cloud providers and cloud customers will benefit significantly from DCDIDP that dynamically evolves and gradually mobilizes the resources in the cloud as suspicion about attacks increases. Such system will provide homogeneous IDPS for all the cloud providers that collaborate distributively. It will respond to the attacks, by collaborating with other peers and in a distributed manner, as near as possible to attack sources and at different levels of operations (e.g. network, host, VM). We present the DCDIDP framework and explain its components. However, further explanation is part of our ongoing work
SoK: Privacy Preserving Machine Learning using Functional Encryption: Opportunities and Challenges
With the advent of functional encryption, new possibilities for computation
on encrypted data have arisen. Functional Encryption enables data owners to
grant third-party access to perform specified computations without disclosing
their inputs. It also provides computation results in plain, unlike Fully
Homomorphic Encryption. The ubiquitousness of machine learning has led to the
collection of massive private data in the cloud computing environment. This
raises potential privacy issues and the need for more private and secure
computing solutions. Numerous efforts have been made in privacy-preserving
machine learning (PPML) to address security and privacy concerns. There are
approaches based on fully homomorphic encryption (FHE), secure multiparty
computation (SMC), and, more recently, functional encryption (FE). However,
FE-based PPML is still in its infancy and has not yet gotten much attention
compared to FHE-based PPML approaches. In this paper, we provide a
systematization of PPML works based on FE summarizing state-of-the-art in the
literature. We focus on Inner-product-FE and Quadratic-FE-based machine
learning models for the PPML applications. We analyze the performance and
usability of the available FE libraries and their applications to PPML. We also
discuss potential directions for FE-based PPML approaches. To the best of our
knowledge, this is the first work to systematize FE-based PPML approaches
MedBlindTuner: Towards Privacy-preserving Fine-tuning on Biomedical Images with Transformers and Fully Homomorphic Encryption
Advancements in machine learning (ML) have significantly revolutionized
medical image analysis, prompting hospitals to rely on external ML services.
However, the exchange of sensitive patient data, such as chest X-rays, poses
inherent privacy risks when shared with third parties. Addressing this concern,
we propose MedBlindTuner, a privacy-preserving framework leveraging fully
homomorphic encryption (FHE) and a data-efficient image transformer (DEiT).
MedBlindTuner enables the training of ML models exclusively on FHE-encrypted
medical images. Our experimental evaluation demonstrates that MedBlindTuner
achieves comparable accuracy to models trained on non-encrypted images,
offering a secure solution for outsourcing ML computations while preserving
patient data privacy. To the best of our knowledge, this is the first work that
uses data-efficient image transformers and fully homomorphic encryption in this
domain.Comment: Accepted for the presentation at W3PHIAI, The 38th Annual AAAI
Conference on Artificial Intelligence 202
Top Manager’s Perspectives on Cyberinsurance Risk Management for Reducing Cybersecurity Risks
The vulnerability of organizations to security breaches and the severity of these breaches have become key issues in organizations. The cost incurred from the breaches can be damaging and difficult to recover from. Cyberinsurance has been portrayed as a risk management strategy that aims to protect organizations from the crippling cost of security breaches. Thus, this study is interested in understanding the factors affecting the intent to purchase cyberinsurance from the perspective of top managers. Not only do we want to understand the factors affecting top manager’s intent to purchase cyberinsurance as a protective approach, of interest also, is the examination of its effect on the organization’s security posture. We seek to empirical test this observed but largely untested phenomenon using the protection motivation theory which has successfully been used to study the effect of threat and coping appraisals on protective behaviors
- …