SM Zobaed

DOI: https://doi.org/10.48550/arXiv.2301.00928

2023-01-03

Abstract:With the meteoric growth of technology, individuals and organizations are widely adopting cloud services to mitigate the burdens of maintenance. Despite its scalability and ease of use, many users who own sensitive data refrain from fully utilizing cloud services due to confidentiality concerns. Maintaining data confidentiality for data at rest and in transit has been widely explored but data remains vulnerable in the cloud while it is in use. This vulnerability is further elevated once the scope of computing spans across the edge-to-cloud continuum. Accordingly, the goal of this dissertation is to enable data confidentiality by adopting confidential computing across the continuum. Towards this goal, one approach we explore is to separate the intelligence aspect of data processing from the pattern-matching aspect. We present our approach to make confidential data clustering on the cloud, and then develop confidential search service across edge-to-cloud for unstructured text data. Our proposed clustering solution named ClusPr, performs topic-based clustering for static and dynamic datasets that improves cluster coherency up to 30%-to-60% when compared with other encryption-based clustering techniques. Our trusted enterprise search service named SAED, provides context-aware and personalized semantic search over confidential data across the continuum. We realized that enabling confidential computing across edge-to-cloud requires major contribution from the edge tiers particularly to run multiple Deep Learning (DL) services concurrently. This raises memory contention on the edge tier. To resolve this, we develop Edge-MultiAI framework to manage Neural Network (NN) models of DL applications such that it can meet the latency constraints of the DL applications without compromising inference accuracy.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Xuyang Zhao,Mingyu Li,Erhu Feng,Yubin Xia

DOI: https://doi.org/10.1109/jcc56315.2022.00019

2022-01-01

Abstract:As data security in public clouds attracts more attention and concerns, researchers and practitioners have proposed techniques to secure cloud computing. Confidential computing (CC) is a compelling approach that guarantees both privacy and integrity of data and code in public clouds. In this paper, we first survey the status of CC in today’s commercialized public clouds, including the cloud CC abstractions, infrastructures, metrics, third-party service vendors, and real-world cloud use cases. We also discover the limitations such as re-programming efforts, extra cost, limited availability, etc. We further take a step forward to prospect CC in the joint cloud scenario. We finally showcase the challenges of realizing a secure joint cloud and propose possible solutions.

SM Zobaed,Mohsen Amini Salehi

DOI: https://doi.org/10.48550/arXiv.2307.16447

2023-07-31

Abstract:Confidential computing has gained prominence due to the escalating volume of data-driven applications (e.g., machine learning and big data) and the acute desire for secure processing of sensitive data, particularly, across distributed environments, such as edge-to-cloud continuum. Provided that the works accomplished in this emerging area are scattered across various research fields, this paper aims at surveying the fundamental concepts, and cutting-edge software and hardware solutions developed for confidential computing using trusted execution environments, homomorphic encryption, and secure enclaves. We underscore the significance of building trust in both hardware and software levels and delve into their applications particularly for machine learning (ML) applications. While substantial progress has been made, there are some barely-explored areas that need extra attention from the researchers and practitioners in the community to improve confidentiality aspects, develop more robust attestation mechanisms, and to address vulnerabilities of the existing trusted execution environments. Providing a comprehensive taxonomy of the confidential computing landscape, this survey enables researchers to advance this field to ultimately ensure the secure processing of users' sensitive data across a multitude of applications and computing tiers.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Xiao Zhang,Hong-tao Du,Jian-quan Chen,Yi Lin,Lei-jie Zeng

DOI: https://doi.org/10.1109/ncis.2011.64

2011-01-01

Abstract:The cost of maintain a data center is increasing rapidly, especially for the medium data center. An economic choice is to use cloud computing and cloud storage instead of manage data center by itself. Small companies buy compute and storage service just like water and electronic. The difficulty is how to ensure their data safe in cloud storage. Cloud storage provider claims that they can protect the data, but no one believes them. In this paper, we present a framework to ensure data security in cloud storage system. In the framework, we use SLA as the common standard between user and provider. And we discuss several technologies to make the data stored in cloud safe. These technologies can be divided into three parts: storage protect, transfer protect and authorize.

Abhishek Mahalle,Jianming Yong,Xiaohui Tao,Jun Shen

DOI: https://doi.org/10.1109/cscwd.2018.8465318

2018-01-01

Abstract:Cloud computing architecture and infrastructure has received an acceptance from corporations and governments across the globe. Cloud computing helped to reduce cost of management of physical and technical infrastructure at the same time has made information systems available for locally & globally deployed work force. Cloud computing infrastructure provides access to data and applications from any location and this has made organizations to keep evaluating privacy and security framework. Banking and financial services have data and applications which are internally developed to remain ahead of competition. This data and applications becomes the Intellectual Property (IP) that serves specific business processes and goals. When this data and applications can be accessed from remote locations, there may be a potential risks of data leakages and erosion of IP over a period of time. With an adoption of cloud computing, banking and financial services industry continues to be under strict regulatory and compliance framework to maintain privacy of data and security of systems. Privacy and security of cloud architecture infrastructure continues to be the challenge across the globe. In this paper, various aspects of cloud computing related to data privacy and system security for banking and financial services industry have been introduced.

Wei Liu,Su Peng,Wei Du,Wei Wang,Guo Sun Zeng

DOI: https://doi.org/10.1007/s10115-014-0755-x

IF: 2.7

2014-06-03

Knowledge and Information Systems

Abstract:Massive computation power and storage capacity of cloud computing systems allow scientists to deploy data-intensive applications without the infrastructure investment, where large application datasets can be stored in the cloud. Based on the pay-as-you-go model, data placement strategies have been developed to cost-effectively store large volumes of generated datasets in the scientific cloud workflows. As promising as it is, this paradigm also introduces many new challenges for data security when the users outsource sensitive data for sharing on the cloud servers, which are not within the same trusted domain as the data owners. This challenge is further complicated by the security constraints on the potential sensitive data for the scientific workflows in the cloud. To effectively address this problem, we propose a security-aware intermediate data placement strategy. First, we build a security overhead model to reasonably measure the security overheads incurred by the sensitive data. Second, we develop a data placement strategy to dynamically place the intermediate data for the scientific workflows. Finally, our experimental results show that our strategy can effectively improve the intermediate data security while ensuring the data transfer time during the execution of scientific workflows.

computer science, information systems, artificial intelligence

Anurag Kumar,Prof. Bibha Kumari

DOI: https://doi.org/10.55041/ijsrem37051

2024-08-12

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:Cloud-based deployment architectures have emerged as the preferred model for Big Data operations due to their scalability, flexibility, and cost-effectiveness. However, this shift raises new security concerns as data is no longer directly under the user's control. Securing Big Data in cloud environments is crucial for widespread adoption, but developing a comprehensive security plan is challenging without a thorough analysis of potential vulnerabilities.To address this, a novel security-by-design framework for Big Data deployment on cloud computing, termed Big Cloud, is proposed in this article. The framework leverages systematic security analysis methodologies and automated assessment tools to map domain-specific security knowledge to design best practices. Validation of the framework was conducted through an Apache Hadoop stack use case, demonstrating its effectiveness in enhancing security awareness and reducing design time.The study also evaluates the framework's strengths and limitations, identifying key challenges in the Big Cloud domain.

Yibin Li,Keke Gai,Longfei Qiu,Meikang Qiu,Hui Zhao

DOI: https://doi.org/10.1016/j.ins.2016.09.005

IF: 8.1

2016-01-01

Information Sciences

Abstract:Implementing cloud computing empowers numerous paths for Web-based service offerings to meet diverse needs. However, the data security and privacy has become a critical issue that restricts many cloud applications. One of the major concerns in security and privacy is caused by the fact that cloud operators have chances to reach the sensitive data. This concern dramatically increases users anxiety and reduces the adoptability of cloud computing in many fields, such as the financial industry and governmental agencies. This paper focuses on this issue and proposes an intelligent cryptography approach, by which the cloud service operators cannot directly reach partial data. The proposed approach divides the file and separately stores the data in the distributed cloud servers. An alternative approach is designed to determine whether the data packets need a split in order to shorten the operation time. The proposed scheme is entitled Security-Aware Efficient Distributed Storage (SA-EDS) model, which is mainly supported by our proposed algorithms, including Alternative Data Distribution (AD2) Algorithm, Secure Efficient Data Distributions (SED2) Algorithm and Efficient Data Conflation (EDCon) Algorithm. Our experimental evaluations have assessed both security and efficiency performances and the experimental results depict that our approach can effectively defend main threats from clouds and requires with an acceptable computation time.

Florian Kelbert,Franz Gregor,Rafael Pires,Stefan Köpsell,Marcelo Pasin,Aurélien Havet,Valerio Schiavoni,Pascal Felber,Christof Fetzer,Peter Pietzuch

DOI: https://doi.org/10.23919/DATE.2017.7926999

2018-05-04

Abstract:We present the SecureCloud EU Horizon 2020 project, whose goal is to enable new big data applications that use sensitive data in the cloud without compromising data security and privacy. For this, SecureCloud designs and develops a layered architecture that allows for (i) the secure creation and deployment of secure micro-services; (ii) the secure integration of individual micro-services to full-fledged big data applications; and (iii) the secure execution of these applications within untrusted cloud environments. To provide security guarantees, SecureCloud leverages novel security mechanisms present in recent commodity CPUs, in particular, Intel's Software Guard Extensions (SGX). SecureCloud applies this architecture to big data applications in the context of smart grids. We describe the SecureCloud approach, initial results, and considered use cases.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Jian Yin,Dongfang Zhao

DOI: https://doi.org/10.1109/bigdata.2015.7364111

2015-01-01

Abstract:In this paper, we address the problem of data confidentiality in big data analytics. In many fields, much useful patterns can be extracted by applying machine learning techniques to big data. However, data confidentiality must be protected. In many scenarios, data confidentiality could well be a prerequisite for data to be shared. We present a scheme to provide provable secure data confidentiality and discuss various techniques to optimize performance of such a system.

Abdullah Alabdulatif,Navod Neranjan Thilakarathne,Kassim Kalinaki

DOI: https://doi.org/10.3390/electronics12122646

IF: 2.9

2023-06-13

Electronics

Abstract:In the context of healthcare, big data refers to a complex compilation of digital medical data collected from many sources that are difficult to manage with normal technology and software due to its size and complexity. These big data are useful in various aspects of healthcare, such as disease diagnosis, early prevention of diseases, and predicting epidemics. Even though medical big data has many advantages and a lot of potential for revolutionizing healthcare, it also has a lot of drawbacks and problems, of which security and privacy are of the utmost concern, owing to the severity of the complications once the medical data is compromised. On the other hand, it is evident that existing security and privacy safeguards in healthcare organizations are insufficient to protect their massive, big data repositories and ubiquitous environment. Thus, motivated by the synthesizing of the current knowledge pertaining to the security and privacy of medical big data, including the countermeasures, in the study, firstly, we provide a comprehensive review of the security and privacy of medical big data, including countermeasures. Secondly, we propose a novel cloud-enabled hybrid access control framework for securing the medical big data in healthcare organizations, and the result of this research indicates that the proposed access control model can withstand most cyber-attacks, and it is also proven that the proposed framework can be utilized as a primary base to build secure and safe medical big data solutions. Thus, we believe this research would be useful for future researchers to comprehend the knowledge on the security and privacy of medical big data and the development of countermeasures.

engineering, electrical & electronic,computer science, information systems,physics, applied

Stephen S. Yau,Ho G. An,Arun Balaji Buduru

DOI: https://doi.org/10.4018/jwsr.2012070104

2012-01-01

International Journal of Web Services Research

Abstract:In current cloud computing systems, because users’ data is stored and processed by computing systems managed and operated by various service providers, users are concerned with the risks of unauthorized usage of their sensitive data by various entities, including service providers. The current cloud computing systems protect users’ data confidentiality from all entities, except service providers. In this paper, an approach is presented for improving the protection of users’ data confidentiality in cloud computing systems from all entities, including service providers. The authors’ approach has the following features: (1) separation of cloud application providers, data processing service providers and data storage providers, (2) anonymization of users’ identities, (3) grouping cloud application components and distributing their execution to distinct cloud infrastructures of data processing service providers, and (4) use of data obfuscation and cryptography for protecting the sensitive data from unauthorized access by all entities, including service providers. The proposed approach ensures that users’ sensitive data can be protected from their service providers even if the users do not have full cooperation from their service providers.

Yeghisabet Alaverdyan,Suren Poghosyan,Vahagn Poghosyan

2023-06-19

Abstract:The paper introduces confidential computing approaches focused on protecting hierarchical data within edge-cloud network. Edge-cloud network suggests splitting and sharing data between the main cloud and the range of networks near the endpoint devices. The proposed solutions allow data in this two-level hierarchy to be protected via embedding traditional encryption at rest and in transit while leaving the remaining security issues, such as sensitive data and operations in use, in the scope of trusted execution environment. Hierarchical data for each network device are linked and identified through distinct paths between edge and main cloud using individual blockchain. Methods for data and cryptographic key splitting between the edge and the main cloud are based on strong authentication techniques ensuring the shared data confidentiality, integrity and availability.

Cryptography and Security

Hassan Rehan

DOI: https://doi.org/10.60087/jaigs.v1i1.p66

2024-01-22

Abstract:As organizations increasingly rely on cloud computing for storage, processing, and deployment of sensitive data, ensuring robust security measures becomes paramount. This paper explores the intersection of artificial intelligence (AI) and cloud security, presenting AI-driven solutions as the future of safeguarding sensitive data in the digital age. Leveraging AI algorithms and machine learning techniques, cloud security can adapt and evolve to counter emerging threats in real-time, enhancing detection, prevention, and response capabilities. This paper discusses various AI-driven approaches to cloud security, including anomaly detection, threat intelligence analysis, and behavior analytics, highlighting their effectiveness in mitigating risks and ensuring compliance with regulatory standards. Additionally, it addresses the challenges and ethical considerations associated with AI-driven cloud security, emphasizing the importance of transparency, accountability, and ethical AI principles. By embracing AI-driven solutions, organizations can fortify their defenses against cyber threats and maintain the integrity and confidentiality of their sensitive data in the evolving digital landscape.

Wei Wang,Lei Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2015.06.014

IF: 5.493

2015-01-01

Computer Networks

Abstract:According to the recent rule released by Health and Human Services (HHS), healthcare data can be outsourced to cloud computing services for medical studies. A major concern about outsourcing healthcare data is its associated privacy issues. However, previous solutions have focused on cryptographic techniques which introduce significant cost when applied to healthcare data with high-dimensional sensitive attributes. To address these challenges, we propose a privacy-preserving framework to transit insensitive data to commercial public cloud and the rest to trusted private cloud. Under the framework, we design two protocols to provide personalized privacy protections and defend against potential collusion between the public cloud service provider and the data users. We derive provable privacy guarantees and bounded data distortion to validate the proposed protocols. Extensive experiments over real-world datasets are conducted to demonstrate that the proposed protocols maintain high usability and scale well to large datasets.

Sandeep K. Sood

DOI: https://doi.org/10.1016/j.jnca.2012.07.007

IF: 7.574

2012-11-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e., Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (Message Authentication Code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Dengguo Feng,Yu Qin,Wei Feng,Wei Li,Ketong Shang,Hongzhan Ma

DOI: https://doi.org/10.1049/cmu2.12759

IF: 1.345

2024-04-25

IET Communications

Abstract:This paper provides a comprehensive overview of the development process of confidential computing, summarizing its current research status and issues, which focuses on the security requirements for data security and privacy protection. As the global data strategy deepens and data elements accelerate integrating and flowing more rapidly, the demand for data security and privacy protection has become increasingly prominent. Confidential computing emerges as a crucial security technology to solve security and privacy problem, and it is also a hot subject of in contemporary security technologies. Leveraging collaborative security in both hardware and software, it builds a trusted execution environment to ensure confidentiality and integrity protection for data in use. This paper provides a comprehensive overview of the development process of confidential computing, summarizing its current research status and issues, which focuses on the security requirements for data security and privacy protection. Furthermore, it deeply analyses the common technical features of confidential computing, and proposes a trusted confidential computing architecture based on collaborative hardware and software trust. Then, it elaborates on the research status and issues of confidential computing from four aspects: hardware security, architecture and key technologies, applications, and standards and evaluation. Finally, this paper provides a synthesis and outlook for the future development of confidential computing. In summary, confidential computing is currently in a rapidly developing stage and will play an important role in cyber security in the future.

engineering, electrical & electronic

Xiaojun Zhou,Ping Lin,Zhiyong Li,Yunpeng Wang,Wei Tan,Meng Huang

DOI: https://doi.org/10.1109/ICMCCE48743.2019.00163

2019-01-01

Abstract:To solve the problem of big data security and privacy protection, and expound the concept of cloud computing, big data and the relationship between them, the existing security and privacy protection method characteristic and problems were studied. A reference model is proposed which is based on cloud platform. In this model the physical level, data layer, interface layer and application layer step by step in to implement the system security risk early warning and threat perception, this provides an effective solution for the research of big data security. At the same time, a future research direction that uses the blockchain to solve cloud security and privacy protection is also pointed out.

Dominic P. Mulligan,Gustavo Petri,Nick Spinale,Gareth Stockwell,Hugo J. M. Vincent

DOI: https://doi.org/10.1109/seed51797.2021.00025

2021-09-01

Abstract:The semiconductor industry is witnessing a nascent security paradigm shift in the rise of Confidential Computing. Driven by the need to protect computations delegated to co-tenanted machines operated by Cloud Computing services, mainstream instruction set architectures are gradually introducing novel features that can be used to establish protected isolates offering strong integrity and confidentiality guarantees to code and data contained within. Coupled with a Remote Attestation protocol, a third-party may request the launch of an isolate on an otherwise untrusted machine and know—with a high degree of assurance—that a payload of code and data was indeed loaded into a legitimate isolate with a particular configuration. We argue that this ability to reliably establish a safe “beach-head” on an untrusted third-party’s machine has far-reaching consequences with applications beyond protecting workloads delegated to Cloud Computing services. In a future world where facilities for Confidential Computing are widely deployed and used, we imagine a utopia where inadvertent data leakage is a curiosity of a bygone age, with encrypted data moving from isolate to isolate and never resting in plaintext. Moreover, data is only released in explicitly delimited ways for processing, with systems and individuals exhibiting fine-grained control over data. We report on recent activities within Arm in attempting to realize this vision, and hope that this paper acts as a “call to arms” to others to join with us in fully exploring the potential of these emerging technologies.

Jean Raphael Ngnie Sighom,Pin Zhang,Lin You

DOI: https://doi.org/10.3390/fi9030023

2017-01-01

Future Internet

Abstract:In today’s society, cloud computing has significantly impacted nearly every section of our lives and business structures. Cloud computing is, without any doubt, one of the strategic directions for many companies and the most dominating infrastructure for enterprises as long as end users. Instead of buying IT equipment (hardware and/or software) and managing it themselves, many organizations today prefer to buy services from IT service providers. The number of service providers increase dramatically and the cloud is becoming the tools of choice for more cloud storage services. However, as more personal information and data are moved to the cloud, into social media sites, DropBox, Baidu WangPan, etc., data security and privacy issues are questioned. Daily, academia and industry seek to find an efficient way to secure data migration in the cloud. Various solution approaches and encryption techniques have been implemented. In this work, we will discuss some of these approaches and evaluate the popular ones in order to find the elements that affect system performance. Finally, we will propose a model that enhances data security and privacy by combining Advanced Encryption Standard-256, Information Dispersal Algorithms and Secure Hash Algorithm-512. Our protocol achieves provable security assessments and fast execution times for medium thresholds.