Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Wenjuan Li,Lingdi Ping

DOI: https://doi.org/10.1007/978-3-642-10665-1_7

2009-01-01

Abstract:Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Ying Chen,Qingni Shen,Pengfei Sun,Yangwei Li,Zhong Chen,Sihan Qing

DOI: https://doi.org/10.1109/IPDPSW.2012.275

2012-01-01

Abstract:Infrastructure as a Service (IaaS), basically consists on the deliverance of virtual machines (VMs) to an IaaS provider, who can rise or shrink the number of VMs so as to offer fast and easy scalability according to variable workloads. However, according to the principle of Buckets Effect, the safety of the entire system relies on its most fragile component. This problem also exists in IaaS cloud. There are many VMs which co-exist in the same physical machine, but they may adopt different security protection. So this could lead VMs with the higher security requirement degrade to the lowest security level. In order to address these issues, we propose Trusted Cloud based on Security Level (TCSL), which is an integrated, secured and trusted architecture based on logical VMs' union, to separate the VMs with different sensitive and security needs from the whole cloud environment, and to meet different customer's security requirements. Experimental results demonstrate that these approaches are effective in isolating the resources with the same security requirements in a shared trusted zone which is built based on different security level. When resources need to migrate to the trusted zone, the Reliable Migration Policies will be automatically enforced and match the migrating resource to an applicable trusted zone in cloud or return a feedback concerning a suggestion. With Reliable Migration Protocol, the secure process of the migrating transaction can be guaranteed in IaaS cloud.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Fei Liu,Jing Wang,Hongtao Bai,Huiping Sun

DOI: https://doi.org/10.1109/ITNG.2015.34

2015-01-01

Abstract:As cloud computing technology develops rapidly, more convenience has been brought to users by various cloud providers with various cloud services. However, difficulty of management, especially when different access control protocols and personal information involved, has become one of barriers that inhibit the development process of cloud technology. In this paper, a user-centered ID MaaS (Identity Management as a Service) is proposed combined with a novel access control model based on trust and risk evaluation. Besides, a format-preserving encryption (FPE) method is proposed as an auxiliary scheme guaranteeing the effectiveness of access control. ID MaaS offers a solution that effectively alleviates the difficulty of realizing unified management of users' identity and information among diverse cloud service providers.

SUN Jingjing,CAI Mian,ZHAO Yang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.04.006

2012-01-01

Abstract:With the community'recognition for cloud computing,its security can't be ignored.Based on user facing data security and privacy issue,this paper gives Based-on trusted computing cloud user security model.this model bases on trusted computing technology,in addition to the traditional security policy,proposed the establishment of private virtual machines,to provide user with the operation of a private space,to prevent other malicious users or administrators to access the virtual machine;and gives a anonymous method of user information,when the user applys services and change services to ensure the privacy of user information,to prevent service providers malicious use and disclose user information,to provides a safe environment for user.

Jun Xu,Feng Xu,Wenna Chang,Haiguang Lai

DOI: https://doi.org/10.1007/978-3-319-27051-7_19

2015-01-01

Abstract:As a flexible security mechanism, trust mechanism is widely used in various complex application scenarios. The research on trust and its spread mechanism has become a new hotspot in the fields of E-commerce, Internet of things and Cloud computing. In this paper, we first deeply analyzed the relationship between trust mechanism and cloud computing security, and pointed out the existing problems of current models. We then surveyed some typical trust mechanism according to different mathematic theories of trust computation. We also summarized the latest research achievements of trust model and trust calculation method in cloud computing environment. Based on these studies, we forecasted the direction of further research on trust mechanism.

Yi Jie Tong,Wei Qi Yan,Jin Yu

DOI: https://doi.org/10.4018/ijdcf.2015010104

2015-01-01

International Journal of Digital Crime and Forensics

Abstract:With an increasing number of personal computers introduced in schools, enterprises and other large organizations, workloads of system administrators have been on the rise due to the issues related to energy costs, IT expenses, PC replacement expenditures, data storage capacity, and information security, etc. However, Application Virtualization (AV) has been proved as a successful cost-effective solution to solve these problems. In this paper, the analytics of a Virtual Desktop Infrastructure (VDI) system will be taken into consideration for a campus network. Our developed system will be introduced and justified. Furthermore, the rationality for these improvements will be introduced.

Xiaofei Zhang,Hui Liu,Bin Li,Xing Wang,Haiqiang Chen,Shizhong Wu

DOI: https://doi.org/10.1109/cloudcom.2010.86

2010-11-01

Abstract:The emergence and application of cloud computing can help users access to various computing resources and services more conveniently. However, it also brings forth many security challenges. This paper proposes the application oriented remote verification trust model, which is capable of adjusting the user's trust authorization verification contents according to the specific security requirements of different applications. The model also dynamically adjusts the users' trust value with the trust feedback mechanism to determine whether or not the requested resource or service should be provided, so as to guarantee the security of information resources. This paper provides a formal description of the basic components and trust properties of the model with a belief formula, and describes the framework for the implementation of the model.

Yongzhi Wang,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/tifs.2017.2787993

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Public cloud vendors have been offering a variety of big data computing services on their clouds. However, runtime integrity is one of the major security concerns that hinder the wide adoption of those services. In this paper, we focus on MapReduce, a popular big data computing framework, and propose the runtime integrity audition (RIA), a solution that remotely verifies the runtime integrity of MapReduce applications. RIA records the runtime variable values of the MapReduce application on the public cloud and checks those values against the application’s code on the private cloud. By doing so, RIA protects the runtime integrity of MapReduce applications. Based on the idea of RIA, we developed a prototype system, called MR Auditor, and tested its applicability and performance with several Hadoop applications. Our experimental results showed that MR Auditor is a general tool that can efficiently audit the runtime integrity of all the MapReduce applications that we tested. In addition, MR Auditor incurs a moderate performance overhead. For example, when verifying the Word Count application, a proper parameter setting of MR Auditor incurs 1% of extra execution time on the public cloud and 14% of extra execution time on the private cloud.

赵阳,刘明芳,林曦君

DOI: https://doi.org/10.3969/j.issn.1671-0428.2013.03.004

IF: 5.105

2013-01-01

Computers & Security

Abstract:With the development of cloud computing, virtualization technology, interaction in virtual machines on the same physical host also encounters hitherto unknown security problem. This paper is based on trusted computing, using shared memory mechanism based on KVM, applies dedicated security trusted pipeline, and uses trusted measurement to verify the authenticity and reliability of two virtual machines. By encrypting memory pseudo address, it isolates other virtual machine except the interaction of the two sides, and guarantees the information trusted and security during the communication process. At last, we analyze and summarize the method.

Sakshi Chhabra,Ashutosh Kumar Singh

DOI: https://doi.org/10.48550/arXiv.2212.05319

2022-12-10

Abstract:The core of the computer business now offers subscription-based on-demand services with the help of cloud computing. We may now share resources among multiple users by using virtualization, which creates a virtual instance of a computer system running in an abstracted hardware layer. It provides infinite computing capabilities through its massive cloud datacenters, in contrast to early distributed computing models, and has been incredibly popular in recent years because to its continually growing infrastructure, user base, and hosted data volume. This article suggests a conceptual framework for a workload management paradigm in cloud settings that is both safe and performance-efficient. A resource management unit is used in this paradigm for energy and performing virtual machine allocation with efficiency, assuring the safe execution of users' applications, and protecting against data breaches brought on by unauthorised virtual machine access real-time. A secure virtual machine management unit controls the resource management unit and is created to produce data on unlawful access or intercommunication. Additionally, a workload analyzer unit works simultaneously to estimate resource consumption data to help the resource management unit be more effective during virtual machine allocation. The suggested model functions differently to effectively serve the same objective, including data encryption and decryption prior to transfer, usage of trust access mechanism to prevent unauthorised access to virtual machines, which creates extra computational cost overhead.

Distributed, Parallel, and Cluster Computing,Artificial Intelligence

SiFan Liu,Jie Wu,ZhiHui Lu,Hui Xiong

DOI: https://doi.org/10.1109/scc.2013.12

2013-01-01

Abstract:Security issues of cloud computing are always being concerned by customers. Research on a virtual machine's quantitative or qualitative value of risk will be a good start to know the security status of a cloud data center. Risk assessment is a solution for really understanding security procedures of the network and information system, analyzing where security threats come from and how much loss the risk can cause. By means of the combination of risk assessment with cloud computing, we can assess the risk value of virtual machines, and the security of data center can be ensured by administrator who has ability to quickly locate the risk points and easily control and reduce the risks. In this paper, we present VMRaS (a novel virtual machine risk assessment scheme in the cloud environment), a scheme that can assess the risk of a virtual machine. First, we introduce the process, criteria and algorithms of risk assessment. And then we present the design and implementation of VMRaS. We evaluate a prototype of VMRaS which is deployed on an Open Stack-based cloud computing resource management platform. The result shows that VMRaS works well in the Open Stack-based cloud environment.

Sisi Cao,Wenbo Zheng,Shaocong Mo,Xin Jin,Chao Dai,Zeyu Fan,Yili Qu,Jiangwei Zhou,Fei Deng

DOI: https://doi.org/10.1109/ICBDA.2018.8367697

2018-01-01

Abstract:Cloud computing security issues become increasingly serious. Trust is a trust relationship entity acts in accordance with its past experience and interactions built up, may be direct or indirect interaction through a third party recommended interactions. User behavior trust evaluation using AHP, access to users by collecting historical behavior information behavior trust evidence, according to the characteristics of trust evidence will be divided into different trust property among the recalculation by users through analytic hierarchy process and the relative weight of each trust property behavior trust value. Combined with IPv6 protocol, the use of IPv6 extension headers, will assess the value placed header, transmission and validation, so that the program is practical.

Xiaolin Wang,Yan Sang,Yi Liu,Yingwei Luo

DOI: https://doi.org/10.1007/978-94-007-2105-0_31

2011-01-01

Abstract:With the development of virtualization technology, some security problems have appeared. Researchers begin to suspect the security of virtualized environment and consider how to evaluate the security degree of virtualized environment. But there are not uniform virtualized environment security evaluation criteria at present. In this paper, we analyze the security problem in virtualized environment and present our virtualized environment security evaluation criteria. We take a further research on support technology and authentication method. First, we introduce the background of the problem. Next, we summarize the related work. After that we present our virtualized environment security evaluation criteria and introduce our work on support technology and authentication method. For support technology, we propose some safety guarantee technology for each security level. For authentication method, we give some ideas for the evaluation of each security level.

Rui Meng,Hangyu Zhao,Ziting Zhang

DOI: https://doi.org/10.1109/miccis58901.2023.00014

2023-04-01

Abstract:Cloud computing can effectively aggregate virtualized computing resources and provide dynamic and economical computing, storage, and various information services for data center terminals. However, with the rapid expansion of cloud data centers, the problems of high energy consumption and carbon emissions have aroused widespread concern. In addition, the traditional authentication mechanism is not suitable for heterogeneous data center networks due to its high resource consumption and low compatibility, which brings security threats to cloud data centers. In this paper, we proposed a lightweight authentication and authorization architecture, which has the advantages of high reliability and security. It does not rely on any communication protocols and has higher compatibility for heterogeneous data center networks. Specifically, the tree-based and support vector-based authentication methods are suggested to enhance identity security. The simulations under real wireless environment verified the effectiveness in authentication performance of the proposed authentication models for green cloud data centers.

Computer Science,Engineering,Environmental Science

Gansen Zhao,Haiyu Wang,Zhongjie Ba,Yangyang Wu,Qi Chen,Jianguo Li,Yong Tang

DOI: https://doi.org/10.1109/WISA.2013.77

2013-01-01

Abstract:IaaS cloud converts physical resources into resource pools. The pool oriented resource management model requires transparency of the underlying physical resources, as well as the on-demand consumption of IT services and the trust verification of the resources from cloud users. A viable way is by creating trusted clusters that consist of trusted physical machines, with strict membership management of these trusted clusters, confining IT services to be hosted within trusted clusters. This paper proposes a trusted cluster scheme which is based on a dynamic group signature scheme. The scheme fits into the pool oriented trust management for cloud computing.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

Li-qin Tian,Chuang Lin,Yang Ni

DOI: https://doi.org/10.1109/iccasm.2010.5620636

2010-01-01

Abstract:Currently, the cloud computing is hot research both in scholars and enterprise, because of its good features such as low investment, easy maintenance, Flexibility and fast deployment, reliable service. But to truly implement cloud computing, we need to gradually improve it in academic, legal and institutional. Especially, the issue of trust is one of the biggest obstacles for the development of cloud computing. In the cloud computing, due to users directly use and operate the software and OS, and even basic programming environment and network infrastructure which provided by the cloud services providers, so the impact and destruction for the software and hardware cloud resources in cloud computing are worse than the current Internet users who use it to share resources. Therefore, that whether user behavior is trusted, how to evaluate user behavior trust is an important research content in cloud computing. mainly discusses evaluation importance of user behavior trust and evaluation strategy, in the cloud computing, including trust object analysis, principle on evaluating user behavior trust, basic idea of evaluating user behavior trust, evaluation strategy of behavior trust for each access, and long access, which laid the theoretical foundation about trust for the practical cloud computing application.