Integrated Security-as-a-Service Model for Cloud Data Storage
Alshaimaa Abo-alian Ahmed;
Abstract
Cloud computing is an emerging paradigm that delivers a large pool of virtual, on-demand and dynamically scalable resources to users via Internet technologies, following the notion of pay-as-you-go. Examples of these resources include computational power, storage capabilities, hardware platforms and applications. The key advantages of cloud computing are immense flexibility and monetary savings through minimization of infrastructure and software investments as well as management and maintenance costs. Besides popular cloud infrastructure and platform providers, such as Amazon, Google, and Microsoft, there are many cloud storage providers which offer more accessible and user friendly data storage services to cloud customers. Examples of these services include Dropbox, SkyDrive, Box.net, Zoho, Ubuntu One or Apple iCloud.
Along with the widespread interest on cloud computing, however, there are still concerns that hinder the proliferation and the adoption of cloud services. One of the main concerns is data security in cloud storage environments. Numerous research problems belonging to the cloud storage security have been studied intensively before. However, addressing the three dimensions of outsourced data security (i.e., confidentiality, integrity and availability) as a cloud service is still a challenge in cloud storage. As there is always a tradeoff between maintaining security and obtaining efficiency, it is difficult but nevertheless essential to explore how to efficiently address security challenges over dynamic cloud data.
The thesis first addresses the security requirements for cloud storage as identified from the literature, given the difficulty that data are no longer locally possessed by data owners. Then it aims to design an integrated Security-as-a-Service model for data storage in the cloud that provides authentication, access control, auditing and data management services. We propose a new keystroke authentication system for verifying the identity of cloud users. The proposed keystroke authentication system removes redundant or irrelevant features from the large scale keystroke dynamics by combining different feature selection methods and different fusion rules which, in turn, achieve higher authentication accuracy and performance. Moreover, it eliminates the tradeoff between the authentication accuracy and the elapsed time of the verification process by clustering the user profile templates in the keystroke dataset.
Then, a dynamic access control system is proposed to ensure data confidentiality in cloud computing. The proposed access control system supports automatic user role assignments so that it relieves the data owner from the online and computational burdens of user role assignment processes, especially for large scale systems with a huge number of users and continuously changing user role policies. Additionally, the proposed access control system tackles the key escrow and key management problems in a decentralized cloud environment by defining roles in a hierarchy and supporting key delegation.
Along with the widespread interest on cloud computing, however, there are still concerns that hinder the proliferation and the adoption of cloud services. One of the main concerns is data security in cloud storage environments. Numerous research problems belonging to the cloud storage security have been studied intensively before. However, addressing the three dimensions of outsourced data security (i.e., confidentiality, integrity and availability) as a cloud service is still a challenge in cloud storage. As there is always a tradeoff between maintaining security and obtaining efficiency, it is difficult but nevertheless essential to explore how to efficiently address security challenges over dynamic cloud data.
The thesis first addresses the security requirements for cloud storage as identified from the literature, given the difficulty that data are no longer locally possessed by data owners. Then it aims to design an integrated Security-as-a-Service model for data storage in the cloud that provides authentication, access control, auditing and data management services. We propose a new keystroke authentication system for verifying the identity of cloud users. The proposed keystroke authentication system removes redundant or irrelevant features from the large scale keystroke dynamics by combining different feature selection methods and different fusion rules which, in turn, achieve higher authentication accuracy and performance. Moreover, it eliminates the tradeoff between the authentication accuracy and the elapsed time of the verification process by clustering the user profile templates in the keystroke dataset.
Then, a dynamic access control system is proposed to ensure data confidentiality in cloud computing. The proposed access control system supports automatic user role assignments so that it relieves the data owner from the online and computational burdens of user role assignment processes, especially for large scale systems with a huge number of users and continuously changing user role policies. Additionally, the proposed access control system tackles the key escrow and key management problems in a decentralized cloud environment by defining roles in a hierarchy and supporting key delegation.
Other data
| Title | Integrated Security-as-a-Service Model for Cloud Data Storage | Other Titles | نموذج متكامل لتقديم الأمن كخدمة للبيانات في التخزين السحابي | Authors | Alshaimaa Abo-alian Ahmed | Issue Date | 2016 |
Attached Files
| File | Size | Format | |
|---|---|---|---|
| G12639.pdf | 74.24 kB | Adobe PDF | View/Open |
Similar Items from Core Recommender Database
Items in Ain Shams Scholar are protected by copyright, with all rights reserved, unless otherwise indicated.