Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2014 | Buch

An Overview of Issues and Recent Developments in Cloud Computing and Storage Security Kapitel lesen Erstes Kapitel lesen

High Performance Cloud Auditing and Applications

herausgegeben von: Keesook J. Han, Baek-Young Choi, Sejun Song

Verlag: Springer New York

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book mainly focuses on cloud security and high performance computing for cloud auditing. The book discusses emerging challenges and techniques developed for high performance semantic cloud auditing, and presents the state of the art in cloud auditing, computing and security techniques with focus on technical aspects and feasibility of auditing issues in federated cloud computing environments.

In summer 2011, the United States Air Force Research Laboratory (AFRL) CyberBAT Cloud Security and Auditing Team initiated the exploration of the cloud security challenges and future cloud auditing research directions that are covered in this book. This work was supported by the United States government funds from the Air Force Office of Scientific Research (AFOSR), the AFOSR Summer Faculty Fellowship Program (SFFP), the Air Force Research Laboratory (AFRL) Visiting Faculty Research Program (VFRP), the National Science Foundation (NSF) and the National Institute of Health (NIH). All chapters were partially supported by the AFOSR Information Operations and Security Program extramural and intramural funds (AFOSR/RSL Program Manager: Dr. Robert Herklotz).

Key Features:

· Contains surveys of cyber threats and security issues in cloud computing and presents secure cloud architectures

· Presents in-depth cloud auditing techniques, federated cloud security architectures, cloud access control models, and access assured information sharing technologies

· Outlines a wide range of challenges and provides solutions to manage and control very large and complex data sets

Inhaltsverzeichnis

Frontmatter

Cloud Architectures and Security Issues

Frontmatter
An Overview of Issues and Recent Developments in Cloud Computing and Storage Security
Abstract
The recent rapid growth in the availability and popularity of cloud services allows for convenient on demand remote storage and computation. Security and privacy concerns, however, are among the top impediments standing in the way of wider adoption of cloud technologies. That is, in addition to the new security threats that emerge with the adoption of new cloud technology, a lack of direct control over one’s data or computation demands new techniques for service provider’s transparency and accountability. The goal of this chapter is to provide a broad overview of recent literature covering various aspects of cloud security. We describe recently discovered attacks on cloud providers and their countermeasures, as well as protection mechanisms that aim at improving privacy and integrity of client’s data and computations. The topics covered in this survey include authentication, virtualization, availability, accountability, and privacy and integrity of remote storage and computation.
Everaldo Aguiar, Yihua Zhang, Marina Blanton
Moving Target Defense for Cloud Infrastructures: Lessons from Botnets
Abstract
While providing elasticity to clients through on-demand service and cost-effectiveness to service providers through efficient resource allocation, current cloud infrastructures are largely homogeneously and statically configured for ease of administration. This leaves ample opportunities for attackers to reconnoiter and penetrate the security perimeter of cloud services. This chapter (1) explores the evolution in botnet technologies from the early static architectures to the recent dynamic and resilient architectures that employ various moving target defense (MTD) techniques to circumvent crackdowns, and (2) draws lessons from botnets in identifying cloud security challenges and proposed solutions to MTD for cloud infrastructures, in which the cloud infrastructure configuration constantly evolves to confuse attackers without significantly degrading the quality of service. Proposed solutions may increase the cost for potential attackers by complicating the attack process and limiting the exposure of network vulnerability in order to make the network more resilient against novel and persistent attacks.
Wei Peng, Feng Li, Xukai Zou
Secure Mobile Cloud Computing and Security Issues
Abstract
The proliferation of mobile devices, coupled by the increase in their capabilities, have enabled the establishment of a rich mobile computing platform that can be utilized in conjunction with cloud services. In this chapter, we overview the latest mobile computing models and architectures focusing on their security properties. In particular, we study a wide range of threats against the availability, privacy and integrity of mobile cloud computing architectures in which the mobile devices and the cloud jointly perform computation. We then present defense mechanisms that ensure the security of mobile cloud computing architectures and their applications. Throughout the chapter, we identify potential threats as well as possible opportunities for defenses.
Qijun Gu, Mina Guirguis
Information Fusion in a Cloud-Enabled Environment
Abstract
Recent advances in cloud computing pose interesting capabilities for information fusion which have similar requirements of big data computations. With a cloud enabled environment, information fusion systems could be conducted over vast amounts of entities across multiple databases. In order to properly implement information fusion in a cloud, information management, system design, and real-time execution must be considered. In this chapter, three aspects of current developments integrating low/high-level information fusion (LLIF/HLIF) and cloud computing are discussed: (1) agent-based service architectures, (2) ontologies, and (3) metrics (timeliness, confidence, and security). We introduce the Cloud-Enabled Bayes Network (CEBN) for wide area motion imagery target tracking and identification. The Google Fusion Tables service is also selected as a case study to illustrate commercial cloud-based information fusion applications.
Erik Blasch, Yu Chen, Genshe Chen, Dan Shen, Ralph Kohler

Cloud Auditing and Assured Information Sharing

Frontmatter
Diagnosing Vulnerability Patterns in Cloud Audit Logs
Abstract
A service cloud architecture that allows web service compositions to answer complex requests improves the accessibility and flexibility of web services from different vendors. However, security issues exist in the service cloud, including both vulnerabilities of traditional web service communications and new issues brought by inter-cloud communications. Cloud-wide auditing to uncover security issues is a complex task due to the large scale and decentralized structure of the cloud environment. Existing security standards, protocols and auditing mechanisms can provide audit logs, but in most cases, these logs cannot pinpoint type, location, and impact of threats. Given a cloud architecture that specifies the scope of audit logs and a definition of the expected auditable events in the cloud providing evidence of potential threats, we define Vulnerability Diagnostic Trees (VDTs) to formally manifest vulnerability patterns across several audit trails generated within the service cloud. Our attack examples are based on the allocation of services to a web service composition that answers a client request through end-to-end round trip messaging.
Rui Xie, Rose Gamble, Norman Ahmed
Exploiting Timing Side Channel in Secure Cloud Scheduling
Abstract
Traditionally, scheduling policies used in event schedulers have been designed to optimize performance based metrics such as throughput and delay while maintaining some notion of fairness. In multi-tenancy cloud environments, it is important to ensure privacy of the users because a scheduler creates a timing based side channel through which malicious users can learn about the service usage pattern of the others. In this chapter, we demonstrate the existence of a timing side channel in shared schedulers and discuss the design of secure scheduling policies. When a processor is shared by multiple users, the delays experienced by jobs from one user are a function of the arrival pattern of jobs from other users, and the scheduling policy of the server. Consequently, a scheduling system creates a timing side channel in which information about arrival pattern from one user is inadvertently leaked to another. In this work, this information leakage is studied for a two user scheduling system. We first introduce a measure of privacy and then demonstrate that no scheduler can provide maximum privacy without idling/taking vacations, and consequently no policy can simultaneously be delay and privacy optimal.
Sachin Kadloor, Negar Kiyavash
Federated Cloud Security Architecture for Secure and Agile Clouds
Abstract
Cyber threats against clouds have evolved rapidly. Traditional reactive cyber defense technologies are not effective and sufficient to protect federated clouds. This chapter introduces the novel federated cloud security architecture that includes proactive cloud defense technologies for secure and agile cloud development. The federated security architecture consists of a set of seamlessly integrated systematic security mechanisms at the application layer, the network layer and the system layer in federated cloud computing environments. Features of the architecture include: (1) it is centered on proactive cyber defense; (2) it facilitates to detect early warning cyber attacks against at one layer and deploy early warning signs of attacks to other layers for countermeasures; (3) it uses command and control (C2) to coordinate both in-cloud and cross-cloud defense activities via federated cloud security centers.
Weiliang Luo, Li Xu, Zhenxin Zhan, Qingji Zheng, Shouhuai Xu
Trust-Based Access Control for Secure Cloud Computing
Abstract
Multi-tenancy, elasticity and dynamicity pose several novel challenges for access control in a cloud environment. Accessing subjects may dynamically change, resources requiring protection may be created or modified, and subject access requirements to resources may change during the course of the application execution. Users may need to acquire different permissions from different administrative domains based on the services in cloud computing environment. Traditional identity-based access control models such as attribute-based access control (ABAC), role-based access control (RBAC), discretionary access control (DAC), or mandatory access control (MAC) cannot be applied directly in clouds. In this chapter, we explore challenges of cloud access control, identify desirable properties of access control models, and introduce the novel graph-theoretic semantics of access control model. We specify how authorization occurs in the proposed model, and present how to incorporate features such as separation of duty (SoD).
Indrajit Ray, Indrakshi Ray
Assured Information Sharing (AIS)Using Private Clouds
Abstract
Assured Information Sharing (AIS) is a framework that allows cooperating organizations to share information in a manner that respects the privacy, confidentiality and security of the data of each individual in each organization. In this chapter, we present an overview of AIS by detailing the motivations behind AIS, a goal-oriented architecture for AIS and challenges that must be overcome before the adoption of AIS. In addition, we present historical as well as recent research advances that have been made towards addressing the challenges that lie within an AIS framework. Finally, we describe the details of two novel cloud-based AIS implementations that support the high availability, scalability, agility and efficiency required for realizing the vision of AIS.
Vaibhav Khadilkar, Tyrone Cadenhead, Murat Kantarcioglu, Bhavani Thuraisingham

High Performance Cloud Computing

Frontmatter
GPGPU Computing for Cloud Auditing
Abstract
With the increasing computational complexity of cloud auditing and other data-intensive analysis applications, there is a growing need for computing platforms that can handle massive data sets and perform rapid analysis. These needs are met by systems with accelerators, such as Graphics Processing Units (GPUs), that can perform data analysis with a high level of parallelism employing tools like Hadoop MapReduce to handle massively parallel computing jobs. Applying GPUs to general purpose processing is known as GPGPU. This chapter uses an introductory approach to cover the basics of GPUs and GPGPU computing and their application to cloud computing and handling of large data sets. The main aim is to give the reader a broad background on how GPGPUs are used and their contribution to advances in cloud auditing.
Virginia W. Ross, Miriam E. Leeser
CPU-GPU System Designs for High Performance Cloud Computing
Abstract
Improvement of parallel computing capability will greatly increase the efficiency of high performance cloud computing. By combining the powerful scalar processing on CPU with the efficient parallel processing on GPU, CPU-GPU systems provide a hybrid computing environment that can be dynamically optimized for cloud computing applications. One of the critical issues in CPU-GPU system designs is the so called memory wall, which denotes the design complexity of memory coherence, bandwidth, capacity, and power budget. The optimization of the memory designs can not only improve the run-time performance but also enhance the reliability of the CPU-GPU system. In this chapter, we will introduce the mainstream and emerging memory hierarchy designs in CPU-GPU systems, discuss the techniques that can optimize the data allocation and migration between CPU and GPU for performance and power efficiency improvement, and present the challenges and opportunities of CPU-GPU systems.
Yiran Chen, Jie Guo, Zhenyu Sun
MapReduce Performance in Federated Cloud Computing Environments
Abstract
Large scale scientific and engineering applications, and cloud auditing generate huge amounts of data. MapReduce framework coupled with cloud computing is emerging as the viable solution for distributed big data processing. Specifically, if data is generated from distributed sources and computation is also distributed then multiple clouds need to be set up to minimize data transfer, which introduces us to federated distributed or multi-domain clouds. In addition to security concerns of general clouds, distributed clouds expose new challenges to the performance of cloud based applications including cloud auditing and analysis. This book chapter focuses on a method to deploy distributed clouds and evaluates the performance of various cloud based applications over distributed clouds. It also proposes a method to optimize the performance of cloud based applications over high speed networks.
Praveenkumar Kondikoppa, Chui-Hui Chiu, Seung-Jong Park
Improving Cloud Performance with Router-Based Filtering
Abstract
Our goal in this chapter is to introduce a router-based filtering technology aimed at enhancing the availability and performance of cloud computing. When this technology is integrated with cloud auditing methods, it can make use of cloud auditing information to detect malicious intrusion and traffic anomalies, and to define appropriate filtering rules that can be exchanged between routers in the network, for filtering malicious traffic early and rerouting excessive legitimate requests to other suitable replicated servers. We first give an overview of the specification and generation of filtering rules used by routers. Then we present a theoretical model to find the best locations for hardware routers in a network to block malicious traffic, and discuss how to integrate this theoretical model with cloud auditing techniques. Finally, we present results of experiments that validate our router-based filtering approach.
Chin-Tser Huang, Heath Carroll, James Perretta
Backmatter
Metadaten
Titel
High Performance Cloud Auditing and Applications
herausgegeben von
Keesook J. Han
Baek-Young Choi
Sejun Song
Copyright-Jahr
2014
Verlag
Springer New York
Electronic ISBN
978-1-4614-3296-8
Print ISBN
978-1-4614-3295-1
DOI
https://doi.org/10.1007/978-1-4614-3296-8