Ali Gholam,Anna Lind,Jane Reichel,Jan-Eric Litton,Ake Edlund,Erwin Laure,Brendon Clarke

DOI: https://doi.org/10.2139/ssrn.4733971

2024-01-01

SSRN Electronic Journal

Abstract:Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. In addition, a case study has been implemented as a proof of concept to demonstrate the usability of the proposed methodology. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design.

English Else

Xueluan Gong,Yanjiao Chen,Qian Wang,Meng Wang,Shuyang Li

DOI: https://doi.org/10.1109/MCOM.004.2100867

IF: 9.03

2022-01-01

IEEE Communications Magazine

Abstract:Machine learning models are established with a variety of data collected from individual users who are concerned about their privacy. Various cloud service providers (e.g., Amazon, Google, Alibaba) commercialize their models by selling them or providing limited access via APIs. However, existing studies have shown that such cloud-based models are susceptible to training data inference attacks (i.e., membership inference attacks, attribute inference attacks, and model inversion attacks) since the trained models remember information about the training data. In this article, we perform an exhaustive investigation on the current training data inference attacks against cloud-based models. According to the attack scenario, we divide the existing inference attacks into two categories: centralized and collaborative learning scenarios. We first give a comprehensive review of attacks in each category and then give a qualitative comparison of the existing attacks. Further, we quantitatively compare the performance of different attack strategies by experiments. Last but not least, we pinpoint some open issues and potential future directions that need to be investigated in this area.

Aymen Akremi,Mohsen Rouached

DOI: https://doi.org/10.1007/s11227-020-03594-3

IF: 3.3

2021-01-12

The Journal of Supercomputing

Abstract:Although Cloud computing is gaining popularity by supporting data analysis in an outsourced and cost-effective way, it brings serious privacy issues when sending the original data to Cloud servers. Sensitive data have a significant value, and any infringement of privacy can cause great loss in terms of money and reputation. Thus, for any Cloud ecosystem to be accepted and easily adopted by different stakeholders, privacy concerns are of utmost importance. Users' discomfort is mainly due to the lack of control over their personal's data outsourced and processed on the Cloud environment. However, the lack of Cloud data governance and the absence of up-to-date dedicated technologies represent serious barriers to satisfy different Cloud stakeholders' privacy needs. Consequently, any proposed Cloud platform or technology must consider required technical measures and managerial safeguards to handle sensitive data, to avoid breakdowns, and be intensely investigated by current and future research trends. Several researchers have conducted surveys to understand and target privacy issues in the Cloud. However, their research consists mostly of descriptive literature reviews. In this paper, we propose a holistic and comprehensive taxonomy for Cloud privacy. This study is supported by the results of a systematic literature review, which provides a methodical, structured, and rigorous approach facilitating the understanding of privacy-preserving Cloud strategies and techniques. The study's objective is to offer a credible intellectual guide for upcoming researchers in Cloud privacy and identify active privacy research areas to make the most impact.

Salman Manzoor,Antonios Gouglidis,Matthew Bradbury,Neeraj Suri

DOI: https://doi.org/10.1109/tcc.2024.3365736

IF: 5.697

2024-03-08

IEEE Transactions on Cloud Computing

Abstract:Most Threat Analysis (TA) techniques analyze threats to targeted assets (e.g., components, services) by considering static interconnections among them. However, in dynamic environments, e.g., the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to its users. Existing TA techniques are not capable of addressing such requirements. Moreover, complex multi-layer/multi-asset attacks on Cloud systems are increasing, e.g., the Equifax data breach; thus, TA approaches must be able to analyze them. This article proposes ThreatPro, which supports dynamic interconnections and analysis of multi-layer attacks in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, representing the Cloud's functionality through conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life cycle of a Virtual Machine. ThreatPro contributes to (1) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (2) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database, we validate ThreatPro's capabilities, i.e., identify and trace actual Cloud attacks and speculatively postulate alternate potential attack paths.

computer science, information systems, theory & methods

Ali Gholami,Erwin Laure

DOI: https://doi.org/10.5121/csit.2015.51611

2016-01-07

Abstract:Cloud computing is revolutionizing many ecosystems by providing organizations with computing resources featuring easy deployment, connectivity, configuration, automation and scalability. This paradigm shift raises a broad range of security and privacy issues that must be taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing environments. This paper reviews the existing technologies and a wide array of both earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing research according to the cloud reference architecture orchestration, resource control, physical resource, and cloud service management layers, in addition to reviewing the existing developments in privacy-preserving sensitive data approaches in cloud computing such as privacy threat modeling and privacy enhancing protocols and solutions.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yoshita Sharma,Himanshu Gupta,Sunil Kumar Khatri

DOI: https://doi.org/10.1109/aicai.2019.8701398

2019-02-01

Abstract:As we all are aware that internet acts as a depository to store cyberspace data and provide as a service to its user. cloud computing is a technology by internet, where a large amount of data being pooled by different users is stored. The data being stored comes from various organizations, individuals, and communities etc. Thus, security and privacy of data is of utmost importance to all of its users regardless of the nature of the data being stored. In this research paper the use of multiple encryption technique outlines the importance of data security and privacy protection. Also, what nature of attacks and issues might arise that may corrupt the data; therefore, it is essential to apply effective encryption methods to increase data security.

Ameerah-Muhsinah Jamil,Lotfi Ben Othmane,Altaz Valani

DOI: https://doi.org/10.1007/978-3-031-02067-4_1

2022-01-01

Abstract:AbstractTraditional Cyber-physical Systems (CPSs) were not built with cybersecurity in mind. They operated on separate Operational Technology (OT) networks. As these systems now become more integrated with Information Technology (IT) networks based on IP, they expose vulnerabilities that can be exploited by the attackers through these IT networks. The attackers can control such systems and cause behavior that jeopardizes the performance and safety measures that were originally designed into the system. In this paper, we explore the approaches to identify threats to CPSs and ensure the quality of the created threat models. The study involves interviews with eleven security experts working in several different domains. We found through these interviews that the practitioners use a combination of various threat modeling methods, approaches, and standards together when they perform threat modeling of given CPSs. Key challenges practitioners face are: they cannot transfer the threat modeling knowledge that they acquire in a cyber-physical domain to other domains, threat models of modified systems are often not updated, and the reliance on mostly peer-evaluation and quality checklists to ensure the quality of threat models. The study warns about the difficulty to develop secure CPSs and calls for research on developing practical threat modeling methods for CPSs, techniques for continuous threat modeling, and techniques to ensure the quality of threat models.

Kim Wuyts,Avi Douglen

2024-08-07

Abstract:Analyzing privacy threats in software products is an essential part of software development to ensure systems are privacy-respecting; yet it is still a far from trivial activity. While there have been many advancements in the past decade, they tend to focus on describing 'what' the threats are. What isn't entirely clear yet is 'how' to actually find these threats. Privacy is a complex domain. We propose to use four conceptual layers (feature, ecosystem, business context, and environment) to capture this privacy complexity. These layers can be used as a frame to structure and specify the privacy analysis support in a more tangible and actionable way, thereby improving applicability of the analysis process.

Cryptography and Security

Adeel Javaid

DOI: https://doi.org/10.2139/SSRN.2388377

2014-01-08

Abstract:The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this paper we present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. We discuss various approaches to address these challenges, existing solutions, and work needed to provide a trustworthy cloud computing environment.

Engineering,Computer Science

Hootan Alavizadeh,Hooman Alavizadeh,Julian Jang-Jaccard

DOI: https://doi.org/10.1109/trustcom50675.2020.00171

2020-12-01

Abstract:The cloud model allows many enterprises able to outsource computing resources at an affordable price without having to commit the expense upfront. Although the cloud providers are responsible for the security of the cloud, there are still many security concerns due to inherently complex model the cloud providers operate on (e.g.,multi-tenancy). In addition, the enterprises whose services have migrated into the cloud have a preference for their own cybersecurity situation awareness capability on top of the security mechanisms provided by the cloud providers. In this way, the enterprises can monitor the performance of the security offerings of the cloud and have a choice to decide and select potential response strategies more appropriate to the enterprise in the presence of the attack where the defense provided by the cloud doesn't work for them. However, some response strategies, such as Moving Target Defense (MTD) techniques shown to be effective to secure cloud, cannot be deployed by the enterprise themselves. In this paper, we propose a framework that enables better collaboration between enterprises and cloud providers. Our proposed framework, which offers more in-depth security analysis based on the set of most advanced security metrics, allows the security experts of the enterprise to obtain better situational awareness in the cloud. With better and more effective situation awareness of cloud security, our framework can support better decision-making and further allows to deploy more appropriate threat responses to protect the outsourced resources. We also propose a secure protocol which can facilitate more secure communication between the enterprises and cloud provider. Using our proposed secure protocol, which is based on authentication and key exchange mechanism, the enterprises can send a secure request to the cloud provider to perform a selected defensive strategy.

Liping Xie,Weichao Wang,Yu Wang

DOI: https://doi.org/10.1109/icc.2019.8761810

2019-01-01

Abstract:Cloud manufacturing (CM) is an open and service-oriented platform that virtualizes distributed design, machining, and assembly resources together in order to provide a seamless, adaptive, and high quality transaction of manufacturing procedures. Despite the results in resource discovery and planning, the research in robustness and security of the systems falls behind in many aspects. The lack of such knowledge puts a serious challenge for the wide deployment and adoption of cloud manufacturing which is naturally connected to the Internet and exposed to cyber attacks. To bridge this gap, we study a specific type of equipment contention attack in cloud manufacturing. Through requesting extra shares of scarce resources, an attacker can gain advantage in competition with other users and reduce the efficiency of the overall system. We design a mechanism to mitigate such attacks through measuring the remaining machining capabilities in the cloud. The cloud administrator can control cost difference between the attacker and subsequent service requesters. Simulations of a mid-size city manufacturing cloud are conducted and the results show that our approach will incur low increases in cost for benign users while discouraging the equipment contention attacks.

Muhammad Dawood,Shanshan Tu,Chuangbai Xiao,Hisham Alasmary,Muhammad Waqas,Sadaqat Ur Rehman

DOI: https://doi.org/10.3390/sym15111981

2023-10-27

Symmetry

Abstract:Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, key exposure, auditing, privacy preservability, and cloud-assisted IoT applications. We then propose security attacks and countermeasures specifically for the different cloud models based on the security trends and problems. In the end, we pinpoint some of the futuristic directions and implications relevant to the security of cloud models. The future directions will help researchers in academia and industry work toward cloud computing security.

multidisciplinary sciences

Stefanos Gritzalis,Lin Liu

DOI: https://doi.org/10.1007/s00766-013-0177-4

2013-01-01

Requirements Engineering

Abstract:Being one of the most versatile technologies innovated till date, cloud computing and its managed services have brought about drastic changes to improvise and enhance the existing IT infrastructures. A critical issue that has been raised as a result of the rapid employment of Cloud services and the distributed nature of the enabling Cloud architecture is the satisfaction of new security requirements and the protection of users’ privacy. Specifically, the distinct architectural and functional characteristics of cloud computing raise a number of security and privacy challenges that need to be identified, analysed and modelled. The aim is to design and develop secure, trustworthy and privacy preserving Cloud Systems Application Services. Software engineering in cloud computing is an essential aspect for obtaining a systematic, disciplined and quantifiable approach to the development, operation and maintenance of software services. Incorporating security and privacy during the engineering process is of vital importance for assuring the development of reliable, correct, robust and trustful systems as well as adaptive and evolving software services that satisfy users’ requirements. To this extent, the need to investigate methods and tools that will assist developers in constructing more reliable privacy-oriented information systems and services in Cloud environments is fully justified. This special issue of the Requirements Engineering journal aims at providing researchers and professionals with insights into the state-of-the-art in Requirements Engineering for Security, Privacy and Services in Cloud Environments from the views of modelling language, design framework and policy compliance knowledge patterns.

Rui Mei,Han-Bing Yan,Yongqiang He,Qinqin Wang,Shengqiang Zhu,Weiping Wen

DOI: https://doi.org/10.1007/978-981-19-8285-9_4

2022-01-01

Abstract:With the continuous growth of enterprises' digital transformation, business-driven cloud computing has seen tremendous growth. The security community has proposed a large body of technical mechanisms, operational processes, and practical solutions to achieve cloud security. In addition, diverse jurisdictions also present regulatory requirements on data protection to mitigate possible risks, for instance, unauthorized access, data leakage, sensitive information and privacy disclosure. In view of this, several practical standards, frameworks, and best practices in the industry are proposed to evaluate and improve the protection level of cloud data. However, few evaluation models can conduct a comprehensive quantitative evaluation for cloud data protection that includes security, privacy, and even ethical considerations. In this paper, we first make a comprehensive review of cloud data security and privacy issues, especially also including ethical concerns that we consider as a type of specific risks caused by human factors, which refers to acting honorably, honestly, justly, and legally, due diligence, and due care. Then, we propose a novel evaluation model for cloud data protection that can quantitatively assess the protection level. Finally, based on the parallel evaluation between manual assessment by experts and our evaluation model, results show that our evaluation model is consistent with the manual evaluation conclusion.

Xueluan Gong,Qian Wang,Yanjiao Chen,Wang Yang,Xinchang Jiang

DOI: https://doi.org/10.1109/mcom.001.2000196

IF: 9.03

2020-12-01

IEEE Communications Magazine

Abstract:Machine learning models have achieved state-of-the-art performance in various fields, from image classification to speech recognition. However, such models are trained with a large amount of sensitive training data, and are typically computationally expensive to build. As a result, many cloud providers (e.g., Google) have launched machine-learning-as-a-service, which helps clients benefit from the sophisticated cloud-based machine learning models via accessing public APIs. Such a business paradigm significantly expedites and simplifies the development circles. Unfortunately, the commercial value of such cloud-based machine learning models motivates attackers to conduct model extraction attacks for free use or as a springboard to conduct other attacks (e.g., craft adversarial examples in black-box settings). In this article, we conduct a thorough investigation of existing approaches to model extraction attacks and defenses on cloud-based models. We classify the state-of-the-art attack schemes into two categories based on whether the attacker aims to steal the property (i.e., parameters, hyperparameters, and architecture) or the functionality of the model. We also categorize defending schemes into two groups based on whether the scheme relies on output disturbance or query observation. We not only present a detailed survey of each method, but also demonstrate the comparison of both attack and defense approaches via experiments. We highlight several future directions in both model extraction attacks and its defenses, which shed light on possible avenues for further studies.

telecommunications,engineering, electrical & electronic

Partha Das Chowdhury,Maria Sameen,Jenny Blessing,Nicholas Boucher,Joseph Gardiner,Tom Burrows,Ross Anderson,Awais Rashid

DOI: https://doi.org/10.1002/spe.3341

2024-05-24

Software Practice and Experience

Abstract:Threat modeling is one of the foundations of secure systems engineering and must take heed of the context within which systems operate. In this work, we explore the extent to which real‐world systems engineering reflects a changing threat context. We examine the desktop clients of six widely used end‐to‐end‐encrypted mobile messaging applications to understand the extent to which they adjusted their threat model over space (when enabling clients on new platforms, such as desktop clients) and time (as new threats emerged). We experimented with short‐lived adversarial access against these desktop clients and analyzed the results using two popular threat elicitation frameworks, STRIDE and LINDDUN. The results demonstrate that system designers need to track threats in the evolving context within which systems operate and, more importantly, mitigate them by rescoping trust boundaries so that they remain consistent with administrative boundaries. A nuanced understanding of the relationship between trust and administration is vital for robust security, including the provision of safe defaults.

computer science, software engineering

David W. Chadwick,Wenjun Fan,Gianpiero Costantino,Rogerio de Lemos,Francesco Di Cerbo,Ian Herwono,Mirko Manea,Paolo Mori,Ali Sajjad,Xiao-Si Wang

DOI: https://doi.org/10.1016/j.future.2019.06.026

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:Cyber-attacks affect every aspect of our lives. These attacks have serious consequences, not only for cyber-security, but also for safety, as the cyber and physical worlds are increasingly linked. Providing effective cyber-security requires cooperation and collaboration among all the entities involved. Increasing the amount of cyber threat information (CTI) available for analysis allows better prediction, prevention and mitigation of cyber-attacks. However, organizations are deterred from sharing their CTI over concerns that sensitive and confidential information may be revealed to others. We address this concern by providing a flexible framework that allows the confidential sharing of CTI for analysis between collaborators. We propose a five-level trust model for a cloud-edge based data sharing infrastructure. The data owner can choose an appropriate trust level and CTI data sanitization approach, ranging from plain text, through anonymization/pseudonymization to homomorphic encryption, in order to manipulate the CTI data prior to sharing it for analysis. Furthermore, this sanitization can be performed by either an edge device or by the cloud service provider, depending upon the level of trust the organization has in the latter. We describe our trust model, our cloud-edge infrastructure, and its deployment model, which are designed to satisfy the broadest range of requirements for confidential CTI data sharing. Finally we briefly describe our implementation and the testing that has been carried out so far by four pilot projects that are validating our infrastructure.

Mohammad Goudarzi,Arash Shaghaghi,Simon Finn,Burkhard Stiller,Sanjay Jha

2024-08-22

Abstract:The Internet of Things (IoT) involves complex, interconnected systems and devices that depend on context-sharing platforms for interoperability and information exchange. These platforms are, therefore, critical components of real-world IoT deployments, making their security essential to ensure the resilience and reliability of these 'systems of systems'. In this paper, we take the first steps toward systematically and comprehensively addressing the security of IoT context-sharing platforms. We propose a framework for threat modelling and security analysis of a generic IoT context-sharing solution, employing the MITRE ATT&CK framework. Through an evaluation of various industry-funded projects and academic research, we identify significant security challenges in the design of IoT context-sharing platforms. Our threat modelling provides an in-depth analysis of the techniques and sub-techniques adversaries may use to exploit these systems, offering valuable insights for future research aimed at developing resilient solutions. Additionally, we have developed an open-source threat analysis tool that incorporates our detailed threat modelling, which can be used to evaluate and enhance the security of existing context-sharing platforms.

Cryptography and Security

Farhan Hyder Sahito,Wolfgang Slany

DOI: https://doi.org/10.48550/arXiv.1305.7488

2013-05-31

Cryptography and Security

Abstract:The emergence of cloud computing presents a strategic direction for critical infrastructures and promises to have far-reaching effects on their systems and networks to deliver better outcomes to the nations at a lower cost. However, when considering cloud computing, government entities must address a host of security issues (such as malicious insiders) beyond those of service cost and flexibility. The scope and objective of this paper is to analyze, evaluate and investigate the insider threat in cloud security in sensitive infrastructures as well as to propose two proactive socio-technical solutions for securing commercial and governmental cloud infrastructures. Firstly, it proposes actionable framework, techniques and practices in order to ensure that such disruptions through human threats are infrequent, of minimal duration, manageable, and cause the least damage possible. Secondly, it aims for extreme security measures to analyze and evaluate human threats related assessment methods for employee screening in certain high-risk situations using cognitive analysis technology, in particular functional magnetic Resonance Imaging (fMRI). The significance of this research is also to counter human rights and ethical dilemmas by presenting a set of ethical and professional guidelines. The main objective of this work is to analyze related risks, identify countermeasures and present recommendations to develop a security awareness culture that will allow cloud providers to utilize effectively the benefits of this advanced techniques without sacrificing system security.

Naila Azam,Anna Lito Michala,Shuja Ansari,Nguyen Truong

2024-04-22

Abstract:Data-driven applications and services have been increasingly deployed in all aspects of life including healthcare and medical services in which a huge amount of personal data is collected, aggregated, and processed in a centralised server from various sources. As a consequence, preserving the data privacy and security of these applications is of paramount importance. Since May 2018, the new data protection legislation in the EU/UK, namely the General Data Protection Regulation (GDPR), has come into force and this has called for a critical need for modelling compliance with the GDPR's sophisticated requirements. Existing threat modelling techniques are not designed to model GDPR compliance, particularly in a complex system where personal data is collected, processed, manipulated, and shared with third parties. In this paper, we present a novel comprehensive solution for developing a threat modelling technique to address threats of non-compliance and mitigate them by taking GDPR requirements as the baseline and combining them with the existing security and privacy modelling techniques (i.e., \textit{STRIDE} and \textit{LINDDUN}, respectively). For this purpose, we propose a new data flow diagram integrated with the GDPR principles, develop a knowledge base for the non-compliance threats, and leverage an inference engine for reasoning the GDPR non-compliance threats over the knowledge base. Finally, we demonstrate our solution for threats of non-compliance with legal basis and accountability in a telehealth system to show the feasibility and effectiveness of the proposed solution.

Cryptography and Security