In the cloud environment,ensuring a high level of data security is in high demand.Data planning storage optimization is part of the whole security process in the cloud environment.It enables data security by avoiding ...In the cloud environment,ensuring a high level of data security is in high demand.Data planning storage optimization is part of the whole security process in the cloud environment.It enables data security by avoiding the risk of data loss and data overlapping.The development of data flow scheduling approaches in the cloud environment taking security parameters into account is insufficient.In our work,we propose a data scheduling model for the cloud environment.Themodel is made up of three parts that together help dispatch user data flow to the appropriate cloudVMs.The first component is the Collector Agent whichmust periodically collect information on the state of the network links.The second one is the monitoring agent which must then analyze,classify,and make a decision on the state of the link and finally transmit this information to the scheduler.The third one is the scheduler who must consider previous information to transfer user data,including fair distribution and reliable paths.It should be noted that each part of the proposedmodel requires the development of its algorithms.In this article,we are interested in the development of data transfer algorithms,including fairness distribution with the consideration of a stable link state.These algorithms are based on the grouping of transmitted files and the iterative method.The proposed algorithms showthe performances to obtain an approximate solution to the studied problem which is an NP-hard(Non-Polynomial solution)problem.The experimental results show that the best algorithm is the half-grouped minimum excluding(HME),with a percentage of 91.3%,an average deviation of 0.042,and an execution time of 0.001 s.展开更多
This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering...This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.展开更多
Cloud computing plays a significant role in modern information technology, providing organizations with numerous benefits, including flexibility, scalability, and cost-efficiency. However, it has become essential for ...Cloud computing plays a significant role in modern information technology, providing organizations with numerous benefits, including flexibility, scalability, and cost-efficiency. However, it has become essential for organizations to ensure the security of their applications, data, and cloud-based networks to use cloud services effectively. This systematic literature review aims to determine the latest information regarding cloud computing security, with a specific emphasis on threats and mitigation strategies. Additionally, it highlights some common threats related to cloud computing security, such as distributed denial-of-service (DDoS) attacks, account hijacking, malware attacks, and data breaches. This research also explores some mitigation strategies, including security awareness training, vulnerability management, security information and event management (SIEM), identity and access management (IAM), and encryption techniques. It discusses emerging trends in cloud security, such as integrating artificial intelligence (AI) and machine learning (ML), serverless computing, and containerization, as well as the effectiveness of the shared responsibility model and its related challenges. The importance of user awareness and the impact of emerging technologies on cloud security have also been discussed in detail to mitigate security risks. A literature review of previous research and scholarly articles has also been conducted to provide insights regarding cloud computing security. It shows the need for continuous research and innovation to address emerging threats and maintain a security-conscious culture in the company.展开更多
Security issues in cloud networks and edge computing have become very common. This research focuses on analyzing such issues and developing the best solutions. A detailed literature review has been conducted in this r...Security issues in cloud networks and edge computing have become very common. This research focuses on analyzing such issues and developing the best solutions. A detailed literature review has been conducted in this regard. The findings have shown that many challenges are linked to edge computing, such as privacy concerns, security breaches, high costs, low efficiency, etc. Therefore, there is a need to implement proper security measures to overcome these issues. Using emerging trends, like machine learning, encryption, artificial intelligence, real-time monitoring, etc., can help mitigate security issues. They can also develop a secure and safe future in cloud computing. It was concluded that the security implications of edge computing can easily be covered with the help of new technologies and techniques.展开更多
Attribute-based encryption(ABE)is a technique used to encrypt data,it has the flexibility of access control,high security,and resistance to collusion attacks,and especially it is used in cloud security protection.Howe...Attribute-based encryption(ABE)is a technique used to encrypt data,it has the flexibility of access control,high security,and resistance to collusion attacks,and especially it is used in cloud security protection.However,a large number of bilinear mappings are used in ABE,and the calculation of bilinear pairing is time-consuming.So there is the problem of low efficiency.On the other hand,the decryption key is not uniquely associated with personal identification information,if the decryption key is maliciously sold,ABE is unable to achieve accountability for the user.In practical applications,shared message requires hierarchical sharing in most cases,in this paper,we present a message security hierarchy ABE scheme for this scenario.Firstly,attributes were grouped and weighted according to the importance of attributes,and then an access structure based on a threshold tree was constructed according to attribute weight.This method saved the computing time for decryption while ensuring security and on-demand access to information for users.In addition,with the help of computing power in the cloud,two-step decryption was used to complete the access,which relieved the computing and storage burden on the client side.Finally,we simulated and tested the scheme based on CP-ABE,and selected different security levels to test its performance.The security proof and the experimental simulation result showthat the proposed scheme has high efficiency and good performance,and the solution implements hierarchical access to the shared message.展开更多
In the present scenario of rapid growth in cloud computing models,several companies and users started to share their data on cloud servers.However,when the model is not completely trusted,the data owners face several ...In the present scenario of rapid growth in cloud computing models,several companies and users started to share their data on cloud servers.However,when the model is not completely trusted,the data owners face several security-related problems,such as user privacy breaches,data disclosure,data corruption,and so on,during the process of data outsourcing.For addressing and handling the security-related issues on Cloud,several models were proposed.With that concern,this paper develops a Privacy-Preserved Data Security Approach(PP-DSA)to provide the data security and data integrity for the out-sourcing data in Cloud Environment.Privacy preservation is ensured in this work with the Efficient Authentication Technique(EAT)using the Group Signature method that is applied with Third-Party Auditor(TPA).The role of the auditor is to secure the data and guarantee shared data integrity.Additionally,the Cloud Service Provider(CSP)and Data User(DU)can also be the attackers that are to be handled with the EAT.Here,the major objective of the work is to enhance cloud security and thereby,increase Quality of Service(QoS).The results are evaluated based on the model effectiveness,security,and reliability and show that the proposed model provides better results than existing works.展开更多
Cloud computing is the provision of hosted resources,comprising software,hardware and processing over the World Wide Web.The advantages of rapid deployment,versatility,low expenses and scalability have led to the wide...Cloud computing is the provision of hosted resources,comprising software,hardware and processing over the World Wide Web.The advantages of rapid deployment,versatility,low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes,mostly as a component of the combination/multi-cloud infrastructure structure.While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion,new opportunities and challenges in the context of security vulnerabilities are emerging in this domain.Cloud security,also recognized as cloud computing security,refers to a collection of policies,regulations,systematic processes that function together to secure cloud infrastructure systems.These security procedures are designed to safeguard cloud data,to facilitate regulatory enforcement and to preserve the confidentiality of consumers,as well as to lay down encryption rules for specific devices and applications.This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure.In this league,the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.展开更多
Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achi...Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achievement due to distributed and open architecture that is prone to intruders.Intrusion Detection System(IDS)refers to one of the commonly utilized system for detecting attacks on cloud.IDS proves to be an effective and promising technique,that identifies malicious activities and known threats by observing traffic data in computers,and warnings are given when such threatswere identified.The current mainstream IDS are assisted with machine learning(ML)but have issues of low detection rates and demanded wide feature engineering.This article devises an Enhanced Coyote Optimization with Deep Learning based Intrusion Detection System for Cloud Security(ECODL-IDSCS)model.The ECODL-IDSCS model initially addresses the class imbalance data problem by the use of Adaptive Synthetic(ADASYN)technique.For detecting and classification of intrusions,long short term memory(LSTM)model is exploited.In addition,ECO algorithm is derived to optimally fine tune the hyperparameters related to the LSTM model to enhance its detection efficiency in the cloud environment.Once the presented ECODL-IDSCS model is tested on benchmark dataset,the experimental results show the promising performance of the ECODL-IDSCS model over the existing IDS models.展开更多
Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password.Unfortunately,this approach has many security problems b...Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password.Unfortunately,this approach has many security problems because personal data can be stolen or recognized by hackers.This paper aims to present a cloud-based biometric authentication model(CBioAM)for improving and securing cloud services.The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system(CBioAS),where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’information.The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy,sensitivity,and specificity.The research study introduces a novel algorithm called“Bio_Authen_as_a_Service”for implementing and evaluating the proposed model.The proposed system performs the biometric authentication process securely and preserves the privacy of user information.The experimental result was highly promising for securing cloud services using the proposed model.The experiments showed encouraging results with a performance average of 93.94%,an accuracy average of 96.15%,a sensitivity average of 87.69%,and a specificity average of 97.99%.展开更多
Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between u...Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between users and virtual machines.Whether direct or indirect data leakage,it can be regarded as illegal information flow.Methods,such as access control models can control the information flow,but not the covert information flow.Therefore,it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing architecture.Typical noninterference models are not suitable to certificate information flow in cloud computing architecture.In this paper,we propose several information flow models for cloud architecture.One model is for transitive cloud computing architecture.The others are for intransitive cloud computing architecture.When concurrent access actions execute in the cloud architecture,we want that security domain and security domain do not affect each other,that there is no information flow between security domains.But in fact,there will be more or less indirect information flow between security domains.Our models are concerned with how much information is allowed to flow.For example,in the CIP model,the other domain can learn the sequence of actions.But in the CTA model,the other domain can’t learn the information.Which security model will be used in an architecture depends on the security requirements for that architecture.展开更多
With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dyn...With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtuMized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users' embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.展开更多
Based on the diversified technology and the cross-validation mechanism,the N-variant system provides a secure service architecture for cloud providers to protect the cloud applications from attacks by executing multip...Based on the diversified technology and the cross-validation mechanism,the N-variant system provides a secure service architecture for cloud providers to protect the cloud applications from attacks by executing multiple variants of a single software in parallel and then checking their behaviors’consistency.However,it is complex to upgrade current Software as a Service(SaaS)applications to adapt N-variant system architecture.Challenges arise from the inability of tenants to adjust the application architecture in the cloud environment,and the difficulty for cloud service providers to implement N-variant systems using existing API gateways.This paper proposes SecIngress,an API gateway framework,to overcome the challenge that it is hard in the cloud environment to upgrade the applications based on N-variants system.We design a two-stage timeout processing method to lessen the service latency and an Analytic Hierarchy Process Voting under the Metadata mechanism(AHPVM)to enhance voting accuracy.We implement a prototype in a testbed environment and analyze the security and performance metrics before and after deploying the prototype to show the effectiveness of SecIngress.The results reveal that SecIngress enhances the reliability of cloud applications with acceptable performance degradation.展开更多
Cloud computing offers internet location-based affordable,scalable,and independent services.Cloud computing is a promising and a cost-effective approach that supports big data analytics and advanced applications in th...Cloud computing offers internet location-based affordable,scalable,and independent services.Cloud computing is a promising and a cost-effective approach that supports big data analytics and advanced applications in the event of forced business continuity events,for instance,pandemic situations.To handle massive information,clusters of servers are required to assist the equipment which enables streamlining the widespread quantity of data,with elevated velocity and modified configurations.Data deduplication model enables cloud users to efficiently manage their cloud storage space by getting rid of redundant data stored in the server.Data deduplication also saves network bandwidth.In this paper,a new cloud-based big data security technique utilizing dual encryption is proposed.The clustering model is utilized to analyze the Deduplication process hash function.Multi kernel Fuzzy C means(MKFCM)was used which helps cluster the data stored in cloud,on the basis of confidence data encryption procedure.The confidence finest data is implemented in homomorphic encryption data wherein the Optimal SIMON Cipher(OSC)technique is used.This security process involving dual encryption with the optimization model develops the productivity mechanism.In this paper,the excellence of the technique was confirmed by comparing the proposed technique with other encryption and clustering techniques.The results proved that the proposed technique achieved maximum accuracy and minimum encryption time.展开更多
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this...with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.展开更多
The theory of compressed sensing(CS)has been proposed to reduce the processing time and accelerate the scanning process.In this paper,the image recovery task is considered to outsource to the cloud server for its abun...The theory of compressed sensing(CS)has been proposed to reduce the processing time and accelerate the scanning process.In this paper,the image recovery task is considered to outsource to the cloud server for its abundant computing and storage resources.However,the cloud server is untrusted then may pose a considerable amount of concern for potential privacy leakage.How to protect data privacy and simultaneously maintain management of the image remains challenging.Motivated by the above challenge,we propose an image encryption algorithm based on chaotic system,CS and image saliency.In our scheme,we outsource the image CS samples to cloud for reduced storage and portable computing.Consider privacy,the scheme ensures the cloud to securely reconstruct image.Theoretical analysis and experiment show the scheme achieves effectiveness,efficiency and high security simultaneously.展开更多
Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support ...Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support the keyword search in a public cloud. However,they have some potential limitations. First,most of the existing schemes only consider the scenario with the single data owner. Second,they need secure channels to guarantee the secure transmission of secret keys from the data owner to data users. Third,in some schemes,the data owner should be online to help data users when data users intend to perform the search,which is inconvenient.In this paper,we propose a novel searchable scheme which supports the multi-owner keyword search without secure channels. More than that,our scheme is a non-interactive solution,in which all the users only need to communicate with the cloud server. Furthermore,the analysis proves that our scheme can guarantee the security even without secure channels. Unlike most existing public key encryption based searchable schemes,we evaluate the performance of our scheme,which shows that our scheme is practical.展开更多
The growth of cloud in modern technology is drastic by provisioning services to various industries where data security is considered to be common issue that influences the intrusion detection system(IDS).IDS are consi...The growth of cloud in modern technology is drastic by provisioning services to various industries where data security is considered to be common issue that influences the intrusion detection system(IDS).IDS are considered as an essential factor to fulfill security requirements.Recently,there are diverse Machine Learning(ML)approaches that are used for modeling effectual IDS.Most IDS are based on ML techniques and categorized as supervised and unsupervised.However,IDS with supervised learning is based on labeled data.This is considered as a common drawback and it fails to identify the attack patterns.Similarly,unsupervised learning fails to provide satisfactory outcomes.Therefore,this work concentrates on semi-supervised learning model known as Fuzzy based semi-supervised approach through Latent Dirichlet Allocation(F-LDA)for intrusion detection in cloud system.This helps to resolve the aforementioned challenges.Initially,LDA gives better generalization ability for training the labeled data.Similarly,to handle the unlabelled data,Fuzzy model has been adopted for analyzing the dataset.Here,preprocessing has been carried out to eliminate data redundancy over network dataset.In order to validate the efficiency of F-LDA towards ID,this model is tested under NSL-KDD cup dataset is a common traffic dataset.Simulation is done inMATLAB environment and gives better accuracy while comparing with benchmark standard dataset.The proposed F-LDAgives better accuracy and promising outcomes than the prevailing approaches.展开更多
With the development of information technology,cloud computing technology has brought many conveniences to all aspects of work and life.With the continuous promotion,popularization and vigorous development of e-govern...With the development of information technology,cloud computing technology has brought many conveniences to all aspects of work and life.With the continuous promotion,popularization and vigorous development of e-government and e-commerce,the number of documents in electronic form is getting larger and larger.Electronic document is an indispensable main tool and real record of e-government and business activities.How to scientifically and effectively manage electronic documents?This is an important issue faced by governments and enterprises in improving management efficiency,protecting state secrets or business secrets,and reducing management costs.This paper discusses the application of cloud computing technology in the construction of electronic file management system,proposes an architecture of electronic file management system based on cloud computing,and makes a more detailed discussion on key technologies and implementation.The electronic file management system is built on the cloud architecture to enable users to upload,download,share,set security roles,audit,and retrieve files based on multiple modes.An electronic file management system based on cloud computing can make full use of cloud storage,cloud security,and cloud computing technologies to achieve unified,reliable,and secure management of electronic files.展开更多
With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages i...With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.展开更多
Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical sk...Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.展开更多
基金the deputyship for Research&Innovation,Ministry of Education in Saudi Arabia for funding this research work through the Project Number(IFP-2022-34).
文摘In the cloud environment,ensuring a high level of data security is in high demand.Data planning storage optimization is part of the whole security process in the cloud environment.It enables data security by avoiding the risk of data loss and data overlapping.The development of data flow scheduling approaches in the cloud environment taking security parameters into account is insufficient.In our work,we propose a data scheduling model for the cloud environment.Themodel is made up of three parts that together help dispatch user data flow to the appropriate cloudVMs.The first component is the Collector Agent whichmust periodically collect information on the state of the network links.The second one is the monitoring agent which must then analyze,classify,and make a decision on the state of the link and finally transmit this information to the scheduler.The third one is the scheduler who must consider previous information to transfer user data,including fair distribution and reliable paths.It should be noted that each part of the proposedmodel requires the development of its algorithms.In this article,we are interested in the development of data transfer algorithms,including fairness distribution with the consideration of a stable link state.These algorithms are based on the grouping of transmitted files and the iterative method.The proposed algorithms showthe performances to obtain an approximate solution to the studied problem which is an NP-hard(Non-Polynomial solution)problem.The experimental results show that the best algorithm is the half-grouped minimum excluding(HME),with a percentage of 91.3%,an average deviation of 0.042,and an execution time of 0.001 s.
文摘This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.
文摘Cloud computing plays a significant role in modern information technology, providing organizations with numerous benefits, including flexibility, scalability, and cost-efficiency. However, it has become essential for organizations to ensure the security of their applications, data, and cloud-based networks to use cloud services effectively. This systematic literature review aims to determine the latest information regarding cloud computing security, with a specific emphasis on threats and mitigation strategies. Additionally, it highlights some common threats related to cloud computing security, such as distributed denial-of-service (DDoS) attacks, account hijacking, malware attacks, and data breaches. This research also explores some mitigation strategies, including security awareness training, vulnerability management, security information and event management (SIEM), identity and access management (IAM), and encryption techniques. It discusses emerging trends in cloud security, such as integrating artificial intelligence (AI) and machine learning (ML), serverless computing, and containerization, as well as the effectiveness of the shared responsibility model and its related challenges. The importance of user awareness and the impact of emerging technologies on cloud security have also been discussed in detail to mitigate security risks. A literature review of previous research and scholarly articles has also been conducted to provide insights regarding cloud computing security. It shows the need for continuous research and innovation to address emerging threats and maintain a security-conscious culture in the company.
文摘Security issues in cloud networks and edge computing have become very common. This research focuses on analyzing such issues and developing the best solutions. A detailed literature review has been conducted in this regard. The findings have shown that many challenges are linked to edge computing, such as privacy concerns, security breaches, high costs, low efficiency, etc. Therefore, there is a need to implement proper security measures to overcome these issues. Using emerging trends, like machine learning, encryption, artificial intelligence, real-time monitoring, etc., can help mitigate security issues. They can also develop a secure and safe future in cloud computing. It was concluded that the security implications of edge computing can easily be covered with the help of new technologies and techniques.
基金funded by the Funding of Nanjing Institute of Technology No.JXGG2021017the National Natural Science Foundation of China No.61701221.
文摘Attribute-based encryption(ABE)is a technique used to encrypt data,it has the flexibility of access control,high security,and resistance to collusion attacks,and especially it is used in cloud security protection.However,a large number of bilinear mappings are used in ABE,and the calculation of bilinear pairing is time-consuming.So there is the problem of low efficiency.On the other hand,the decryption key is not uniquely associated with personal identification information,if the decryption key is maliciously sold,ABE is unable to achieve accountability for the user.In practical applications,shared message requires hierarchical sharing in most cases,in this paper,we present a message security hierarchy ABE scheme for this scenario.Firstly,attributes were grouped and weighted according to the importance of attributes,and then an access structure based on a threshold tree was constructed according to attribute weight.This method saved the computing time for decryption while ensuring security and on-demand access to information for users.In addition,with the help of computing power in the cloud,two-step decryption was used to complete the access,which relieved the computing and storage burden on the client side.Finally,we simulated and tested the scheme based on CP-ABE,and selected different security levels to test its performance.The security proof and the experimental simulation result showthat the proposed scheme has high efficiency and good performance,and the solution implements hierarchical access to the shared message.
文摘In the present scenario of rapid growth in cloud computing models,several companies and users started to share their data on cloud servers.However,when the model is not completely trusted,the data owners face several security-related problems,such as user privacy breaches,data disclosure,data corruption,and so on,during the process of data outsourcing.For addressing and handling the security-related issues on Cloud,several models were proposed.With that concern,this paper develops a Privacy-Preserved Data Security Approach(PP-DSA)to provide the data security and data integrity for the out-sourcing data in Cloud Environment.Privacy preservation is ensured in this work with the Efficient Authentication Technique(EAT)using the Group Signature method that is applied with Third-Party Auditor(TPA).The role of the auditor is to secure the data and guarantee shared data integrity.Additionally,the Cloud Service Provider(CSP)and Data User(DU)can also be the attackers that are to be handled with the EAT.Here,the major objective of the work is to enhance cloud security and thereby,increase Quality of Service(QoS).The results are evaluated based on the model effectiveness,security,and reliability and show that the proposed model provides better results than existing works.
基金This work is funded by Prince Sultan University, Riyadh, the Kingdom of Saudi Arabia.
文摘Cloud computing is the provision of hosted resources,comprising software,hardware and processing over the World Wide Web.The advantages of rapid deployment,versatility,low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes,mostly as a component of the combination/multi-cloud infrastructure structure.While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion,new opportunities and challenges in the context of security vulnerabilities are emerging in this domain.Cloud security,also recognized as cloud computing security,refers to a collection of policies,regulations,systematic processes that function together to secure cloud infrastructure systems.These security procedures are designed to safeguard cloud data,to facilitate regulatory enforcement and to preserve the confidentiality of consumers,as well as to lay down encryption rules for specific devices and applications.This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure.In this league,the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.
基金The Deanship of Scientific Research(DSR)at King Abdulaziz University(KAU),Jeddah,Saudi Arabia has funded this project,under grant no.KEP-1-120-42.
文摘Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achievement due to distributed and open architecture that is prone to intruders.Intrusion Detection System(IDS)refers to one of the commonly utilized system for detecting attacks on cloud.IDS proves to be an effective and promising technique,that identifies malicious activities and known threats by observing traffic data in computers,and warnings are given when such threatswere identified.The current mainstream IDS are assisted with machine learning(ML)but have issues of low detection rates and demanded wide feature engineering.This article devises an Enhanced Coyote Optimization with Deep Learning based Intrusion Detection System for Cloud Security(ECODL-IDSCS)model.The ECODL-IDSCS model initially addresses the class imbalance data problem by the use of Adaptive Synthetic(ADASYN)technique.For detecting and classification of intrusions,long short term memory(LSTM)model is exploited.In addition,ECO algorithm is derived to optimally fine tune the hyperparameters related to the LSTM model to enhance its detection efficiency in the cloud environment.Once the presented ECODL-IDSCS model is tested on benchmark dataset,the experimental results show the promising performance of the ECODL-IDSCS model over the existing IDS models.
基金funding for this study from King Khalid University,Grant Number(GRP-35–40/2019).
文摘Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password.Unfortunately,this approach has many security problems because personal data can be stolen or recognized by hackers.This paper aims to present a cloud-based biometric authentication model(CBioAM)for improving and securing cloud services.The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system(CBioAS),where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’information.The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy,sensitivity,and specificity.The research study introduces a novel algorithm called“Bio_Authen_as_a_Service”for implementing and evaluating the proposed model.The proposed system performs the biometric authentication process securely and preserves the privacy of user information.The experimental result was highly promising for securing cloud services using the proposed model.The experiments showed encouraging results with a performance average of 93.94%,an accuracy average of 96.15%,a sensitivity average of 87.69%,and a specificity average of 97.99%.
基金Natural Science Research Project of Jiangsu Province Universities and Colleges(No.17KJD520005,Congdong Lv).
文摘Cloud computing provides services to users through Internet.This open mode not only facilitates the access by users,but also brings potential security risks.In cloud computing,the risk of data leakage exists between users and virtual machines.Whether direct or indirect data leakage,it can be regarded as illegal information flow.Methods,such as access control models can control the information flow,but not the covert information flow.Therefore,it needs to use the noninterference models to detect the existence of illegal information flow in cloud computing architecture.Typical noninterference models are not suitable to certificate information flow in cloud computing architecture.In this paper,we propose several information flow models for cloud architecture.One model is for transitive cloud computing architecture.The others are for intransitive cloud computing architecture.When concurrent access actions execute in the cloud architecture,we want that security domain and security domain do not affect each other,that there is no information flow between security domains.But in fact,there will be more or less indirect information flow between security domains.Our models are concerned with how much information is allowed to flow.For example,in the CIP model,the other domain can learn the sequence of actions.But in the CTA model,the other domain can’t learn the information.Which security model will be used in an architecture depends on the security requirements for that architecture.
基金supported by National Basic Research Program of China (973 Program) (No. 2007CB310800)China Postdoctoral Science Foundation (No. 20090460107 and No. 201003794)
文摘With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtuMized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users' embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.
基金the Foundation of the National Natural Science Foundation of China(62072467)the Foundation for Innovative Research Groups of the National Natural Science Foundation of China(61521003)the Foundation of the National Natural Science Foundation of China(62002383).
文摘Based on the diversified technology and the cross-validation mechanism,the N-variant system provides a secure service architecture for cloud providers to protect the cloud applications from attacks by executing multiple variants of a single software in parallel and then checking their behaviors’consistency.However,it is complex to upgrade current Software as a Service(SaaS)applications to adapt N-variant system architecture.Challenges arise from the inability of tenants to adjust the application architecture in the cloud environment,and the difficulty for cloud service providers to implement N-variant systems using existing API gateways.This paper proposes SecIngress,an API gateway framework,to overcome the challenge that it is hard in the cloud environment to upgrade the applications based on N-variants system.We design a two-stage timeout processing method to lessen the service latency and an Analytic Hierarchy Process Voting under the Metadata mechanism(AHPVM)to enhance voting accuracy.We implement a prototype in a testbed environment and analyze the security and performance metrics before and after deploying the prototype to show the effectiveness of SecIngress.The results reveal that SecIngress enhances the reliability of cloud applications with acceptable performance degradation.
文摘Cloud computing offers internet location-based affordable,scalable,and independent services.Cloud computing is a promising and a cost-effective approach that supports big data analytics and advanced applications in the event of forced business continuity events,for instance,pandemic situations.To handle massive information,clusters of servers are required to assist the equipment which enables streamlining the widespread quantity of data,with elevated velocity and modified configurations.Data deduplication model enables cloud users to efficiently manage their cloud storage space by getting rid of redundant data stored in the server.Data deduplication also saves network bandwidth.In this paper,a new cloud-based big data security technique utilizing dual encryption is proposed.The clustering model is utilized to analyze the Deduplication process hash function.Multi kernel Fuzzy C means(MKFCM)was used which helps cluster the data stored in cloud,on the basis of confidence data encryption procedure.The confidence finest data is implemented in homomorphic encryption data wherein the Optimal SIMON Cipher(OSC)technique is used.This security process involving dual encryption with the optimization model develops the productivity mechanism.In this paper,the excellence of the technique was confirmed by comparing the proposed technique with other encryption and clustering techniques.The results proved that the proposed technique achieved maximum accuracy and minimum encryption time.
基金Supported by the National Natural Science Foundation of China under Grant No. 61370068
文摘with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.
文摘The theory of compressed sensing(CS)has been proposed to reduce the processing time and accelerate the scanning process.In this paper,the image recovery task is considered to outsource to the cloud server for its abundant computing and storage resources.However,the cloud server is untrusted then may pose a considerable amount of concern for potential privacy leakage.How to protect data privacy and simultaneously maintain management of the image remains challenging.Motivated by the above challenge,we propose an image encryption algorithm based on chaotic system,CS and image saliency.In our scheme,we outsource the image CS samples to cloud for reduced storage and portable computing.Consider privacy,the scheme ensures the cloud to securely reconstruct image.Theoretical analysis and experiment show the scheme achieves effectiveness,efficiency and high security simultaneously.
基金supported by Natural Science Foundation of China(No.61303264)
文摘Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support the keyword search in a public cloud. However,they have some potential limitations. First,most of the existing schemes only consider the scenario with the single data owner. Second,they need secure channels to guarantee the secure transmission of secret keys from the data owner to data users. Third,in some schemes,the data owner should be online to help data users when data users intend to perform the search,which is inconvenient.In this paper,we propose a novel searchable scheme which supports the multi-owner keyword search without secure channels. More than that,our scheme is a non-interactive solution,in which all the users only need to communicate with the cloud server. Furthermore,the analysis proves that our scheme can guarantee the security even without secure channels. Unlike most existing public key encryption based searchable schemes,we evaluate the performance of our scheme,which shows that our scheme is practical.
文摘The growth of cloud in modern technology is drastic by provisioning services to various industries where data security is considered to be common issue that influences the intrusion detection system(IDS).IDS are considered as an essential factor to fulfill security requirements.Recently,there are diverse Machine Learning(ML)approaches that are used for modeling effectual IDS.Most IDS are based on ML techniques and categorized as supervised and unsupervised.However,IDS with supervised learning is based on labeled data.This is considered as a common drawback and it fails to identify the attack patterns.Similarly,unsupervised learning fails to provide satisfactory outcomes.Therefore,this work concentrates on semi-supervised learning model known as Fuzzy based semi-supervised approach through Latent Dirichlet Allocation(F-LDA)for intrusion detection in cloud system.This helps to resolve the aforementioned challenges.Initially,LDA gives better generalization ability for training the labeled data.Similarly,to handle the unlabelled data,Fuzzy model has been adopted for analyzing the dataset.Here,preprocessing has been carried out to eliminate data redundancy over network dataset.In order to validate the efficiency of F-LDA towards ID,this model is tested under NSL-KDD cup dataset is a common traffic dataset.Simulation is done inMATLAB environment and gives better accuracy while comparing with benchmark standard dataset.The proposed F-LDAgives better accuracy and promising outcomes than the prevailing approaches.
基金research Grants from the National Social Science Foundation of China(Grant No.18FTQ005).The author of the grant is Shi Jin.The URL of the sponsor site is http://www.npopss-cn.gov.cn/.
文摘With the development of information technology,cloud computing technology has brought many conveniences to all aspects of work and life.With the continuous promotion,popularization and vigorous development of e-government and e-commerce,the number of documents in electronic form is getting larger and larger.Electronic document is an indispensable main tool and real record of e-government and business activities.How to scientifically and effectively manage electronic documents?This is an important issue faced by governments and enterprises in improving management efficiency,protecting state secrets or business secrets,and reducing management costs.This paper discusses the application of cloud computing technology in the construction of electronic file management system,proposes an architecture of electronic file management system based on cloud computing,and makes a more detailed discussion on key technologies and implementation.The electronic file management system is built on the cloud architecture to enable users to upload,download,share,set security roles,audit,and retrieve files based on multiple modes.An electronic file management system based on cloud computing can make full use of cloud storage,cloud security,and cloud computing technologies to achieve unified,reliable,and secure management of electronic files.
文摘With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.
文摘Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infra-structure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be ad-dressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.