Wenjuan Li,Lingdi Ping

DOI: https://doi.org/10.1007/978-3-642-10665-1_7

2009-01-01

Abstract:Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Xiang Li,Xin Jin,Qixu Wang,Mingsheng Cao,Xingshu Chen

DOI: https://doi.org/10.1155/2018/3078272

2018-01-01

Wireless Communications and Mobile Computing

Abstract:The Internet of Things (IoT) offers a wide variety of benefits to our daily lives in many ways, ranging from smart wearable devices to industrial systems. However, it also brings well-known security and compliance concerns, especially in the physical layer. In addition, due to numerous IoT architectures which have been developed and deployed based on the cloud, the security and compliance of IoT depend on the cloud thoroughly. In this paper, a secure and compliant continuous assessment framework (SCCAF) is proposed to evaluate the security and compliance levels of cloud services in life-cycle. The SCCAF facilitates cloud service to customers to select an optimal cloud service provider (CSP) which satisfies their desired security requirements. Moreover, it also enables cloud service customers to evaluate the compliance of the selected CSP in the process of using cloud services. To evaluate the performance and availability of SCCAF, we carry out a series of experiments with case study and real-world scenario datasets. Experimental results show that SCCAF can assess the security and compliance of CSPs efficiently and effectively.

Yu-Chi Wei,Yu-Chun Chang,Wei-Chen Wu

DOI: https://doi.org/10.2298/csis230822012w

2024-01-01

Computer Science and Information Systems

Abstract:In the realm of IoT information security and other domains, various information security standards exist, such as the IEC 62443 series standards published by the International Electrotechnical Commission and ISO/IEC 27001 by the International Organization for Standardization. Business organizations are striving to improve and protect their operations through the implementation and study of these information security standards. However, comparing or pinpointing applicable control measures is becoming increasingly labor-intensive and prone to errors or deviations, especially given the plethora of information standards available. Identifying specific control measures scattered across different information security standards is gradually becoming an important issue. In this research, we utilise a range of domestic and international information security standards as the foundation, employing text mining and deep learning methods to map the similar parts of control measures between standards, thereby enhancing the efficiency of comparison tasks and allowing human resources to be allocated to more pertinent issues.

computer science, information systems, software engineering

Xiaochen Liu,Chunhe Xia,Jiajin Cao,Jinghua Gao,Zhao Wei

DOI: https://doi.org/10.14257/ijsia.2014.8.6.32

2014-01-01

International Journal of Security and Its Applications

Abstract:Cloud services have become state of the art of resource sharing and interoperability among different service providers. The federated cloud seek to reduce costs and maximize efficiency, provide flexible and reliable services composed of various external cloud service and internal services, but this would introduce a risk of security due to outsourcing. For organization which provide an integrity cloud service must rely on SLA to illustrate the capacity of risk and performance, the various providers involved in the federations or services compositions should effectively distribute the organizational responsibilities and SLA. To solve the fears and deal with the threats associated with outsourcing, new method for selection of outsourcing cloud service providers(CSP) based on assessment of security and performance is urgently needed. This paper presents an approach on how to select the proper CSP to guarantee organizational SLA, which quantify the SLA terms and calculate a security weight, the organization can choose the appropriate CSP based on security weight, meanwhile minimize the business cost. This paper make contribution on modeling the capacity of the CSP, considering the business cost and historical performance. The proposed approach is validated through case study that shows selected CSP through our approach can best meet the organizational security and cost needs.

Bo Zhou,Quan Zhang,Qi Shi,Qiang Yang,Po Yang,Yinyan Yu

DOI: https://doi.org/10.1016/j.compeleceng.2017.06.020

IF: 4.152

2017-01-01

Computers & Electrical Engineering

Abstract:Technologies such as Internet of Things allow small devices to offer web-based services in an open and dynamic networking environments on a massive scale. End users or service consumers face a hard decision over which service to choose among the available ones, as security holds a key in the decision making process. In this paper a base linguistic evaluation set is designed, based on which all the other fuzzy term sets that used for describing security attributes are uniformed and integrated for calculating an overall security value of the services. This work, to the best of our knowledge, is the first practical solution to offer direct comparisons and rankings of network services based on multiple security attributes such as confidentiality, availability, privacy and accountability. We analysed four major cloud service platforms to illustrate the proposed approach. (C) 2017 Elsevier Ltd. All rights reserved.

Rui Mei,Han-Bing Yan,Yongqiang He,Qinqin Wang,Shengqiang Zhu,Weiping Wen

DOI: https://doi.org/10.1007/978-981-19-8285-9_4

2022-01-01

Abstract:With the continuous growth of enterprises' digital transformation, business-driven cloud computing has seen tremendous growth. The security community has proposed a large body of technical mechanisms, operational processes, and practical solutions to achieve cloud security. In addition, diverse jurisdictions also present regulatory requirements on data protection to mitigate possible risks, for instance, unauthorized access, data leakage, sensitive information and privacy disclosure. In view of this, several practical standards, frameworks, and best practices in the industry are proposed to evaluate and improve the protection level of cloud data. However, few evaluation models can conduct a comprehensive quantitative evaluation for cloud data protection that includes security, privacy, and even ethical considerations. In this paper, we first make a comprehensive review of cloud data security and privacy issues, especially also including ethical concerns that we consider as a type of specific risks caused by human factors, which refers to acting honorably, honestly, justly, and legally, due diligence, and due care. Then, we propose a novel evaluation model for cloud data protection that can quantitatively assess the protection level. Finally, based on the parallel evaluation between manual assessment by experts and our evaluation model, results show that our evaluation model is consistent with the manual evaluation conclusion.

Li Liu,Caiwu Lu,Fengjun Xiao,Ruimin Liu,Neal Naixue Xiong

DOI: https://doi.org/10.1109/access.2021.3089991

IF: 3.9

2021-01-01

IEEE Access

Abstract:Currently, with the rapid development and broad application of cloud computing technology, companies tend to use cloud services to build their applications or business systems. Selecting a trustworthy cloud service is a challenging multi-criteria decision-making (MCDM) problem. Moreover, decision makers are more inclined to use linguistic descriptions to assess the quality of service (QoS) for cloud services due to the limitation of the decision makers' knowledge and the vagueness of criteria information. Therefore, we propose a practical, integrated MCDM scheme for cloud service evaluation and selection of cloud systems, allowing decision makers to compare cloud services based on QoS criteria. First, to more accurately and effectively express the uncertainty of qualitative concepts, the cloud model is used as a conversion tool for qualitative and quantitative information to quantify linguistic terms. Second, given the shortcomings of traditional differentiating measures between cloud models, a more comprehensive distance measurement algorithm using cloud droplet distribution is proposed for the cloud model. The new distance measurement algorithm is applied to the calculation of cloud model similarity and the gray correlation coefficient. The dynamic expertise weights are determined by calculating the similarity between the expert evaluation cloud model and the arithmetic mean cloud model. Then, we propose a technique for order preference by similarity to an ideal solution (TOPSIS) improved by the grey relational analysis (GRA) to calculate the relative closeness of alternatives to the positive and negative ideal solutions and establish a multi-objective optimization model that maximizes the relative closeness of all alternatives to determine the weights of the criteria. Finally, we reconstructed the QoS evaluation criteria for cloud services from both application and service perspectives, and the classical TOPSIS is applied to generate alternati-e rankings. The practicability and robustness of the scheme were tested through the cloud service selection problem experienced by a real mining company's scheduling platform, which can provide practical references with the theoretical basis for the selection and evaluation of cloud services.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ruijuan Zheng,Mingchuan Zhang,Qingtao Wu,Wangyang Wei,Chunlei Yang

DOI: https://doi.org/10.6138/jit.2015.16.7.20150304

2015-01-01

Abstract:Around autonomic assessment problem of security risk, considering the high hybrid and heterogeneity of Internet of Things (IOT, for short), the potential influence and occurrence possibility of each main threat is described, evaluated and measured in accordance with fuzziness and randomicity of IOT security index. By which, the security risk grade and system tolerance degree of hybrid IOT security scene with incremental deployment characteristics is qualitatively analyzed. Multidimensional Normal Cloud is adopted to make synthesis of risk indicators, and the autonomic assessment strategy of security risk is constructed. On the basis of above work, transmission multi-rules mapping between qualitative input of security risk and quantitative inference of assessment rules is researched, autonomic inference rules and the optimization strategy are proposed. At last, the effectiveness, autonomy and accuracy of the proposed approach are verified by simulations.

Seoungmo An,Taehoon Eom,Jong Sou Park,Jin B. Hong,Armstrong Nhlabatsi,Noora Fetais,Khaled M. Khan,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.1903.04271

2019-03-11

Abstract:Cloud computing has been adopted widely, providing on-demand computing resources to improve perfornance and reduce the operational costs. However, these new functionalities also bring new ways to exploit the cloud computing environment. To assess the security of the cloud, graphical security models can be used, such as Attack Graphs and Attack Trees. However, existing models do not consider all types of threats, and also automating the security assessment functions are difficult. In this paper, we propose a new security assessment tool for the cloud named CloudSafe, an automated security assessment for the cloud. The CloudSafe tool collates various tools and frameworks to automate the security assessment process. To demonstrate the applicability of the CloudSafe, we conducted security assessment in Amazon AWS, where our experimental results showed that we can effectively gather security information of the cloud and carry out security assessment to produce security reports. Users and cloud service providers can use the security report generated by the CloudSafe to understand the security posture of the cloud being used/provided.

Cryptography and Security

Ying Gao,Qin Su,Yue Fang,Pinyan Lai

DOI: https://doi.org/10.3233/faia200733

2020-01-01

Abstract:The aim of this study is to investigate and discuss the potential security issues arising from the deployment of the Cloud Enterprise Resource Planning system, and to propose a perfect and standard set of security evaluation index system for Cloud ERP security issues. Considering the issues which may be inherent in the conventional Enterprise Resource Planning systems and new ones brought by Cloud Computing, Cloud Platform, Cloud ERP, we use text mining technology to mine the related standard files in this paper. Since the standard literature is based on the comprehensive results of technology, science and practice, its characteristics of standardization, objectivity and validity also ensure the effectiveness and applicability of indicators. By using NLP methods, we construct a Cloud ERP security evaluation index system consisting of five parts: evaluation method security, information access security, data security, management security and others. The entropy method is used to assign weights for the Cloud ERP security evaluation index system, which is more scientific and rational and the method moderates the lack of objectivity caused by traditional evaluation methods which over-relies on evaluators. By analyzing cases of Cloud ERP collected in various application reports and research papers, we improve our system and find that compared to other evaluation systems, our system can evaluate the security of Cloud ERP more comprehensively.

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Carlo Marcelo Revoredo da Silva,Jose Lutiano Costa da Silva,Ricardo Batista Rodrigues,Leandro Marques do Nascimento,Vinicius Cardoso Garcia

DOI: https://doi.org/10.48550/arXiv.1303.6782

2013-03-27

Abstract:Today, Cloud Computing is rising strongly, presenting itself to the market by its main service models, known as IaaS, PaaS and SaaS, that offer advantages in operational investments by means of on-demand costs, where consumers pay by resources used. In face of this growth, security threats also rise, compromising the Confidentiality, Integrity and Availability of the services provided. Our work is a Systematic Mapping where we hope to present metrics about publications available in literature that deal with some of the seven security threats in Cloud Computing, based in the guide entitled "Top Threats to Cloud Computing" from the Cloud Security Alliance (CSA). In our research we identified the more explored threats, distributed the results between fifteen Security Domains and identified the types of solutions proposed for the threats. In face of those results, we highlight the publications that are concerned to fulfill some standard of compliance.

Cryptography and Security

Yuzhao Wu,Yongqiang Lyu,Yuanchun Shi

DOI: https://doi.org/10.26599/tst.2018.9010127

2019-01-01

Tsinghua Science & Technology

Abstract:With ever greater amounts of data stored in cloud servers, data security and privacy issues have become increasingly important. Public cloud storage providers are semi-trustworthy because they may not have adequate security mechanisms to protect user data from being stolen or misused. Therefore, it is crucial for cloud users to evaluate the security of cloud storage providers. However, existing security assessment methods mainly focus on external security risks without considering the trustworthiness of cloud providers. In addition, the widely used third-party mediators are assumed to be trusted and we are not aware of any work that considers the security of these mediators. This study fills these gaps by assessing the security of public cloud storage providers and third-party mediators through equilibrium analysis. More specifically, we conduct evaluations on a series of game models between public cloud storage providers and users to thoroughly analyze the security of different service scenarios. Using our proposed security assessment, users can determine the risk of whether their privacy data is likely to be hacked by the cloud service providers; the cloud service providers can also decide on strategies to make their services more trustworthy. An experimental study of 32 users verified our method and indicated its potential for real service improvement.

Ruijuan Zheng,Zhengchao Ma,Qingtao Wu,Mingchuan Zhang

2013-01-01

Abstract:Cloud Model, described by numerical characteristics: expectation , entropy and super entropy , combines the fuzzy and randomness to construct the map between qualitative and quantitative description. On the basis of analyzing the numerical characteristics in Multidimentional Normal Cloud Model, this paper introduces Cloud Model to IOT security risk, and proposes a method of IOT security risk assessment based on Cloud model to effectively assess its level. Based on the security event of IOT, single security event generalizes attributes by using one-dimension Cloud model to acquire the multi-dimensional attribute Cloud. Then we establish the corresponding multi-dimensional assessment Cloud for security assessment of all-level IOT. Finally, the results of security risk assessment are obtained by calculating the similarity between two kinds of Cloud model. The experiment results show that, this method can not only describe multiple attributes of IOT and calculate the integrated similarity of security attributes, but also obviously show the effect of different attributes to the comprehensive assessment results.

Masky Mackita,Soo-Young Shin,Tae-Young Choe

DOI: https://doi.org/10.3390/fi11090195

2019-09-10

Future Internet

Abstract:Many companies are adapting cloud computing technology because moving to the cloud has an array of benefits. During decision-making, having processed for adopting cloud computing, the importance of risk management is progressively recognized. However, traditional risk management methods cannot be applied directly to cloud computing when data are transmitted and processed by external providers. When they are directly applied, risk management processes can fail by ignoring the distributed nature of cloud computing and leaving numerous risks unidentified. In order to fix this backdrop, this paper introduces a new risk management method, Enterprise Risk Management for Operationally Critical Threat, Asset, and Vulnerability Evaluation (ERMOCTAVE), which combines Enterprise Risk Management and Operationally Critical Threat, Asset, and Vulnerability Evaluation for mitigating risks that can arise with cloud computing. ERMOCTAVE is composed of two risk management methods by combining each component with another processes for comprehensive perception of risks. In order to explain ERMOCTAVE in detail, a case study scenario is presented where an Internet seller migrates some modules to Microsoft Azure cloud. The functionality comparison with ENISA and Microsoft cloud risk assessment shows that ERMOCTAVE has additional features, such as key objectives and strategies, critical assets, and risk measurement criteria.

Y. Matseniuk,A. Partyka

DOI: https://doi.org/10.23939/csn2024.01.108

2024-06-01

Computer systems and network

Abstract:The primary objective of this research is to develop an advanced automated method for configuring and managing public cloud accounts and subscriptions on prominent platforms such as AWS GCP and Azure. This method involves the application of standardized configurations to ensure optimal performance and security compliance. A significant component of this methodology is the intermittent scanning of the infrastructure of these cloud accounts and subscriptions. This scanning is meticulously designed to identify and address any deviations or non-compliance issues with globally recognized security standards including NIST 800-53 ISO 27001 HIPAA and PCIDSS. The approach leverages cutting-edge automation technologies to streamline the deployment and management of cloud resources. By automating the application of configurations the method aims to reduce manual effort minimize the likelihood of human error and enhance operational efficiency. This automation extends to the continuous monitoring and auditing processes enabling real-time detection of configuration drifts or security vulnerabilities. Furthermore the research delves into the development of a dynamic responsive system capable of adapting to the evolving requirements of cloud security. The automated scanning component plays a pivotal role in this aspect providing ongoing assurance that the cloud environments adhere to the strictest security protocols and standards. Continuous compliance monitoring is critical in today's ever-changing digital landscape where threats to data security and privacy are increasingly sophisticated. By integrating these automated processes the proposed method promises not only to bolster the security posture of cloud environments but also to offer a scalable efficient solution for cloud infrastructure management. This automated approach is poised to set a new standard in cloud management aligning with best practices in IT security and compliance and paving the way for more secure manageable and efficient cloud computing practices. Keywords: Hosting security standards automation cloud technologies cloud service models.

Jianhua Che,Yamin Duan,Tao Zhang,Jie Fan

DOI: https://doi.org/10.1016/j.proeng.2011.11.2551

2011-01-01

Procedia Engineering

Abstract:Cloud computing is introducing many huge changes to people's lifestyle and working pattern recently for its multitudinous benefits. However, the security of cloud computing is always the focus of numerous potential cloud customers, and a big barrier for its widespread applications. In this paper, to facilitate customers to understand the security status quo of cloud computing and contribute some efforts to improving the security level of cloud computing, we surveyed the existing popular security models of cloud computing, e.g. multiple-tenancy model, risk accumulation model, cube model of cloud computing, and summarized the main security risks of cloud computing deriving from different organizations. Finally, we gave some security strategies from the perspective of construction, operation and security incident response to relieve the common security issues of cloud computing.

English Else

Yu-Ding WANG,Jia-Hai YANG,Cong XU,Xiao LING,Yang YANG

DOI: https://doi.org/10.13328/j.cnki.jos.004820

2015-01-01

Abstract:With the intensive and large scale development of cloud computing, security becomes one of the most important problems. As an important part of security domain, access control technique is used to limit users' capability and scope to access data and ensure the information resources not to be used and accessed illegally. This paper focuses on the state-of-the-art research of access control technology in cloud computing environment. First, it briefly introduces access control theory, and discusses the access control framework in cloud computing environment. Then, it thoroughly surveys the access control problems in cloud computing environment from three aspects including cloud access control model, cloud access control based on ABE (attribute-based encryption) cryptosystem, and multi-tenant and virtualization access control in cloud. In addition, it probes the best current practices of access control technologies within the major cloud service providers and open source cloud platforms. Finally, it summarizes the problems in the current research and prospects the development of future research.

Hongwei Jiang

DOI: https://doi.org/10.12694/scpe.v24i4.2069

2023-11-17

Abstract:Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources. User’s data is stored in large database. The stored data can be accessed and modified by the clients over the Internet. The data is monitored by the Third Party Auditor (TPA) on behalf of the client. Therefore, integrity is lacked by the data stored on the servers. The data integrity is ensured by the cloud services that provide trust to the privacy of users. Aiming at the urgent problem of network data security in cloud computing operations, this paper proposed a security situation assessment system to grasp the security situation in real time. A set of cloud computing network data storage security is proposed. Through this model, the extraction of network data storage security situation elements, the design of network data storage security situation assessment scheme and the calculation method of network data storage security situation value are completed. The experimental results show the error of the predicted value obtained by the network data storage security situation assessment system. The effectiveness of the system model and the superiority of the improved algorithm is verified by the experimental results. This paper uses the cloud model to predict the cloud computing network security situation. On the other hand, the security situation value obtained by the situation assessment process can be used directly without training the original situation value. Performance improvement by the proposed technique over existing technique is seen and it is observe that the proposed technique is 23% and 34% better than the existing techniques.

English Else