To see the other types of publications on this topic, follow the link: SECURE CLOUD SYSTEMS.
Dissertations / Theses on the topic 'SECURE CLOUD SYSTEMS'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 33 dissertations / theses for your research on the topic 'SECURE CLOUD SYSTEMS.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Lim, Jun Ming Kelvin. "Multi-level secure information sharing between smart cloud systems of systems." Thesis, Monterey, California: Naval Postgraduate School, 2014. http://hdl.handle.net/10945/41410.
Full textAbstract:
Approved for public release; distribution is unlimited.<br>Reissued 1 Jul 2014 with corrections to in-text Figure and Table citations.<br>There is a need to have secure information sharing in the industry and government sectors. For example, countries within the North Atlantic Treaty Organization (NATO) often have a common goal requiring them to communicate, but they lack a technological platform for fast information sharing, especially if the countries have different access rights to the information. Thus, the same information that an organization wants to share with multiple partners needs to be securely shared at multiple levels. In addition, the manner in which information is shared needs to be flexible enough to accommodate changes on demand, due to the nature of the information or relationship with the sharing organizations. This thesis proposes a configurable, cloud infrastructure that enables multiple layers of secure information sharing between multiple organizations. This thesis follows a systems engineering process to propose a preliminary architecture of such a system, including an analysis of alternatives of some of the attributes of the system. Secondly, the thesis instantiates part of the proposed architecture with a proof-of-concept physical system in a laboratory environment. The proof-of-concept chooses a specific scenario of information sharing that would allow NATO members to access shared data faster, and in a secure fashion, in order to make decisions more quickly with the authorized information.
2
Gai, Keke. "An Approach for Designing Secure and High Performance Cloud Systems." Thesis, Pace University, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10635446.
Full textAbstract:
<p> Recent expansions of cloud computing have been growing at a phenomenal rate. Security and privacy issues have become a considerable issue while the applications of big data are growing dramatically fast in cloud computing. However, there exists a contradiction between ensuring a high performance and achieving a high-level security and privacy protection due to the restrictions of the computing resources, based on the findings of the literature review. This study focuses on this contradiction issue and intend to develop an approach of effectuating the cloud system design for a high-level security and privacy protection while acquiring a high performance. The work consists of four research tasks that support the solution to the proposed problem. They are (i) designing a <i>Optimal Fully Homomorphic Encryption</i> (O-FHE) mechanism that can both avoid noise and execute efficiently; (ii) designing a privacy-preserving data encryption strategy while considering efficiency; (iii) developing an approach of the data analytics manager system for in-memory big data analytics; (iv) designing an adaptive energy-aware data allocation approach for heterogeneous memory and creating an efficient data allocation approach for cloud-based heterogeneous memory. The research implements experimental evaluations to examine the performance of the proposed approaches. The main contributions of this study address three aspects. First, this study has proposed an O-FHE method that is different from all approaches proposed by the prior researches. Second, this study addresses the contradiction between the data security and system performance and presents a privacy-preserving strategy for secure data transmissions in cloud systems. Finally, this study attempts to increase the computation efficiency by enhancing the functioning of hardware, more specifically, using heterogeneous memory and in-memory data analytics.</p><p>
3
Tang, Yuzhe. "Secure and high-performance big-data systems in the cloud." Diss., Georgia Institute of Technology, 2014. http://hdl.handle.net/1853/53995.
Full textAbstract:
Cloud computing and big data technology continue to revolutionize how computing and data analysis are delivered today and in the future. To store and process the fast-changing big data, various scalable systems (e.g. key-value stores and MapReduce) have recently emerged in industry. However, there is a huge gap between what these open-source software systems can offer and what the real-world applications demand. First, scalable key-value stores are designed for simple data access methods, which limit their use in advanced database applications. Second, existing systems in the cloud need automatic performance optimization for better resource management with minimized operational overhead. Third, the demand continues to grow for privacy-preserving search and information sharing between autonomous data providers, as exemplified by the Healthcare information networks.
My Ph.D. research aims at bridging these gaps.
First, I proposed HINDEX, for secondary index support on top of write-optimized key-value stores (e.g. HBase and Cassandra). To update the index structure efficiently in the face of an intensive write stream, HINDEX synchronously executes append-only operations and defers the so-called index-repair operations which are expensive. The core contribution of HINDEX is a scheduling framework for deferred and lightweight execution of index repairs. HINDEX has been implemented and is currently being transferred to an IBM big data product.
Second, I proposed Auto-pipelining for automatic performance optimization of streaming applications on multi-core machines. The goal is to prevent the bottleneck scenario in which the streaming system is blocked by a single core while all other cores are idling, which wastes resources. To partition the streaming workload evenly to all the cores and to search for the best partitioning among many possibilities, I proposed a heuristic based search strategy that achieves locally optimal partitioning with lightweight search overhead. The key idea is to use a white-box approach to search for the theoretically best partitioning and then use a black-box approach to verify the effectiveness of such partitioning. The proposed technique, called Auto-pipelining, is implemented on IBM Stream S.
Third, I proposed ǫ-PPI, a suite of privacy preserving index algorithms that allow data sharing among unknown parties and yet maintaining a desired level of data privacy. To differentiate privacy concerns of different persons, I proposed a personalized privacy definition and substantiated this new privacy requirement by the injection of false positives in the published ǫ-PPI data. To construct the ǫ-PPI securely and efficiently, I proposed to optimize the performance of multi-party computations which are otherwise expensive; the key idea is to use addition-homomorphic secret sharing mechanism which is inexpensive and to do the distributed computation in a scalable P2P overlay.
4
Wang, Zhaohong. "Information-Theoretic Secure Outsourced Computation in Distributed Systems." UKnowledge, 2016. http://uknowledge.uky.edu/ece_etds/88.
Full textAbstract:
Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir's secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design.
5
Harmon, Eric. "Strategies Used by Cloud Security Managers to Implement Secure Access Methods." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/4728.
Full textAbstract:
Cloud computing can be used as a way to access services and resources for many organizations; however, hackers have created security concerns for users that incorporate cloud computing in their everyday functions. The purpose of this qualitative multiple case study was to explore strategies used by cloud security managers to implement secure access methods to protect data on the cloud infrastructure. The population for this study was cloud security managers employed by 2 medium size businesses in the Atlanta, Georgia metropolitan area and that have strategies to implement secure access methods to protect data on the cloud infrastructure. The technology acceptance model was used as the conceptual framework for the study. Data were collected from semi-structured interviews of 7 security managers and review of 21 archived documents that reflected security strategies from past security issues that occurred. Data analysis was performed using methodological triangulation and resulted in the identification of three major themes: implementing security policies, implementing strong authentication methods, and implementing strong access control methods. The findings from this research may contribute to positive social by decreasing customers' concerns regarding personal information that is stored on the cloud being compromised.
6
Goméz, Villanueva Daniel. "Secure E-mail System for Cloud Portals : Master Thesis in Information and Communication Systems Security." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-108080.
Full textAbstract:
Email is a well established technology used worldwide for enterprise and private communication through the Internet. It allows people to communicate using text, but also other information formats used either as HTML or attached files. The communication is performed without the need of synchronized endpoints, based on the use of email servers that take care of storing and forwarding email letters. All these properties and much more standardized ones do not include security, which makes the choice of service provider hard when the letters sent in the email system include sensitive information. In the last few years there has been a big interest and growth in the area of cloud computing. Placing resources (computers, applications, information) out of local environments, thanks to the high speed connections in the Internet, provides countless possibilities. Actually, even email systems can be deployed in cloud computing environments, including all the email services (interface, client, and server) or a part of them. From a security point of view, the use of cloud computing leads to many threats generated by external parties and even the cloud providers. Because of these reasons, this work intends to present an innovative approach to security in a cloud environment, focusing on the security of an email system. The purpose is to find a solution for an email system deployable in a cloud environment, with all the functionality deployed on a external machine. This email system must be completely protected, minimizing the actions taken by the user, which should just connect to a portal through a web browser. Along this report there are details about the foundations, progress and findings of the research that has been carried out. The main objectives involve: researching on the concepts and state of the art of cloud computing, email systems and security; presenting a cloud computing architecture that will take care of the general aspects of security; designing an email system for that architecture that contains mechanisms protecting it from the possible security threats; and finally, implementing a simplified version of the design to test and prove the feasibility of it. After all the mentioned activities, the findings are commented, mentioning the applicability of research results to the current situation. Obviously, there is place for more research in depth of several topics related to cloud computing and email, that is why some of them are suggested.
7
Wiss, Thomas. "Evaluation of Internet of Things Communication Protocols Adapted for Secure Transmission in Fog Computing Environments." Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-35298.
Full textAbstract:
A current challenge in the Internet of Things is the seeking after conceptual structures to connect the presumably billions of devices of innumerable forms and capabilities. An emerging architectural concept, the fog cloud computing, moves the seemingly unlimited computational power of the distant cloud to the edge of the network, closer to the potentially computationally limited things, effectively diminishing the experienced latency. To allow computationally-constrained devices partaking in the network they have to be relieved from the burden of constant availability and extensive computational execution. Establishing a publish/subscribe communication pattern with the utilization of the popular Internet of Things application layer protocol Constrained Application Protocol is depicted one approach of overcoming this issue. In this project, a Java based library to establish a publish/subscribe communication pattern for the Constrained Application Protocol was develop. Furthermore, efforts to build and assess prototypes of several publish/subscribe application layer protocols executed over varying common as well as secured versions of the standard and non-standard transport layer protocols were made to take advantage, evaluate, and compare the developed library. The results indicate that the standard protocol stacks represent solid candidates yet one non-standard protocol stack is the considered prime candidate which still maintains a low response time while not adding a significant amount of communication overhead.
8
Kathirvel, Anitha, and Siddharth Madan. "Efficient Privacy Preserving Key Management for Public Cloud Networks." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-148048.
Full textAbstract:
Most applications and documents are stored in a public cloud for storage and management purposes in a cloud computing environment. The major advantages of storing applications and documents in public cloud are lower cost through use of shared computing resources and no upfront infrastructure costs. However, in this case the management of data and other services is insecure. Therefore, security is a major problem in a public cloud as the cloud and the network are open to many other users. In order to provide security, it is necessary for data owners to store their data in the public cloud in a secure way and to use an appropriate access control scheme. Designing a computation and communication efficient key management scheme to selectively share documents based on fine-grained attribute-based access control policies in a public cloud is a challenging task. There are many existing approaches that encrypt documents prior to storage in the public cloud: These approaches use different keys and a public key cryptographic system to implement attribute-based encryption and/or proxy re-encryption. However, these approaches do not efficiently handle users joining and leaving the system when identity attributes and policies change. Moreover, these approaches require keeping multiple encrypted copies of the same documents, which has a high computational cost or incurs unnecessary storage costs. Therefore, this project focused on the design and development of an efficient key management scheme to allow the data owner to store data in a cloud service in a secure way. Additionally, the proposed approach enables cloud users to access the data stored in a cloud in a secure way. Many researchers have proposed key management schemes for wired and wireless networks. All of these existing key management schemes differ from the key management schemes proposed in this thesis. First, the key management scheme proposed in this thesis increases access level security. Second, the proposed key management scheme minimizes the computational complexity of the cloud users by performing only one mathematical operation to find the new group key that was computed earlier by the data owner. In addition, this proposed key management scheme is suitable for a cloud network. Third, the proposed key distribution and key management scheme utilizes privacy preserving methods, thus preserving the privacy of the user. Finally, a batch key updating algorithm (also called batch rekeying) has been proposed to reduce the number of rekeying operations required for performing batch leave or join operations. The key management scheme proposed in this thesis is designed to reduce the computation and communication complexity in all but a few cases, while increasing the security and privacy of the data.<br>De flesta program och dokument lagras i ett offentligt moln för lagring och hantering ändamål i en molnmiljö. De stora fördelarna med att lagra program och dokument i offentliga moln är lägre kostnad genom användning av delade datorresurser och ingen upfront infrastruktur costs.However, i detta fall hanteringen av data och andra tjänster är osäker. Därför är säkerhet ett stort problem i en offentlig moln som molnet och nätverket är öppna för många andra användare. För att ge trygghet, är det nödvändigt för dataägare att lagra sina data i det offentliga molnet på ett säkert sätt och att använda en lämplig åtkomstkontroll schema. Utforma en beräkning och kommunikation effektiv nyckelhantering system för att selektivt dela dokument som grundar sig på finkorniga attributbaserad åtkomstkontroll politik i en offentlig moln är en utmanande uppgift. Det finns många befintliga metoder som krypterar dokument före lagring i det offentliga molnet: Dessa metoder använder olika tangenter och en publik nyckel kryptografiskt system för att genomföra attributbaserad kryptering och / eller proxy re-kryptering. Dock har dessa metoder inte effektivt hantera användare som ansluter och lämnar systemet när identitetsattribut och politik förändras. Dessutom är dessa metoder kräver att hålla flera krypterade kopior av samma dokument, som har en hög beräkningskostnad eller ådrar sig onödiga lagringskostnader. Därför fokuserade projektet på design och utveckling av en effektiv nyckelhantering system för att möjliggöra dataägaren att lagra data i en molntjänst på ett säkert sätt. Dessutom, den föreslagna metoden gör det möjligt för molnanvändare att få tillgång till uppgifter lagras i ett cloud på ett säkert sätt. Många forskare har föreslagit viktiga förvaltningssystem för fasta och trådlösa nätverk. Alla dessa befintliga system ke, skiljer sig från de centrala förvaltningssystemen som föreslås i denna avhandling. Först föreslog nyckelhanteringssystemet i denna avhandling ökar Medverkan nivå säkerhet. För det andra, minimerar den föreslagna nyckelhanteringssystemet beräkningskomplexiteten för molnanvändare genom att utföra endast en matematisk operation för att hitta den nya gruppknapp som tidigare beräknades av dataägaren. Dessutom är denna föreslagna nyckelhanteringsschema lämpligt för ett moln nätverk. För det tredje, den föreslagna nyckeldistribution och nyckelhantering systemet utnyttjar integritets bevara metoder och därmed skydda privatlivet för användaren. Slutligen har ett parti viktig uppdatering algoritm (även kallad batch nya nycklar) föreslagits för att minska antalet Ny serieläggning av operationer som krävs för att utföra batch ledighet eller gå med i verksamheten. Nyckelhanteringssystemet som föreslås i denna avhandling är utformad för att minska beräknings-och kommunikations komplexitet i alla utom ett fåtal fall, och samtidigt öka säkerheten och integriteten av uppgifterna.
9
Pokherl, Bibesh. "Secure Web System in a Cloud Environment." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-117352.
Full textAbstract:
Advent of cloud computing has brought a lot of benefits for users based on its essential characteristics. Users are attracted by its costs per use service and rapidly deploy their applications in the cloud and scale by using virtualization technology without investing in their own IT infrastructure. These applications can be accessed through web based technology, such as web browsers or mobile apps. However, security becomes a major challenge when user’s data and applications are stored in a remote server in a virtualized environment and Internet is medium for accessing them. Internet is always prone to known and unknown threats and a successful breach in the security in cloud environment could lead to a massive loss to property, data and thereafter future of cloud computing technology. In order to meet the challenges of security needs in cloud computing, security architecture is presented in this Thesis. This Cloud Security Architecture delivers security solutions to deployed applications in the cloud as a service. Security solutions that are delivered by the architecture are Authentication, Authorization, Identity Management and Access Control. With these security solutions by Cloud Security Architecture, the Thesis proposes Secure Web System that incorporates secure authentication and privacy enhancing applications in cloud environment. Authentication utilizes the use of the smart card technology and thus is able to provide robustness to the procedure. Further, two more methods of authentication, browser certificate and username/password based give flexible approach when smart card is not available to clients. Applications deployed in a cloud environment would provide security and privacy for users while searching for any query in remote search engine or browsing a remote web server. Thus, the Thesis lays a foundation towards approaching security and privacy for applications that are deployed in Cloud Security Architecture and building up a Secure Web System.
10
Abolafya, Natan. "Secure Documents Sharing System for Cloud Environments." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-121297.
Full textAbstract:
With the current trend of cloud services available in every market area in IT business, it is somewhat surprising that security services are not migrated to the cloud widely. Security as a Service (SECaaS) model is hardly popular at the moment even though the infrastructure of the cloud, or web, can support most of the functionalities of conventional distributed security services. Another uncommon phenomenon in the cloud is sharing secure files with multi-tenant support. This kind of service would be best available integrated with a SECaaS platform that may offer more similar application services. This thesis proposes, studies, designs, develops and evaluates a Secure Documents Sharing System for Cloud Environment with the possibility of integrating to a SECaaS platform.
11
Sahli, Nabil. "Contribution au problème de la sécurité sémantique des systèmes : approche basée sur l'ingénierie dirigée par les modèles." Electronic Thesis or Diss., Aix-Marseille, 2019. http://www.theses.fr/2019AIXM0699.
Full textAbstract:
Les infrastructures industrielles critiques seront dotées de plusieurs équipements embarqués intelligents. Elles exploitent des systèmes complexes, embarqués, intelligents et sémantiques pour leurs fonctionnements, en local et à distance, dans un contexte de développement, de villes intelligentes et du web des objets. Elles emploient, de plus en plus de systèmes «contrôle/commande», pour la surveillance des plateformes industrielles critiques, en temps réel. Les infrastructures critiques seront de plus en plus communicantes dans le cadre des échanges des alarmes et la mise en place de marchés euro-méditerranéens de l’électricité et davantage plus vulnérables. La cybernétique des plateformes critiques se développe, de jour en jour, essentiellement avec l’usage de systèmes complexes embarqués intelligents sémantiques, des services web, des ontologies,..etc. Ils sont tous embarqués sur les instruments intelligents, composant les systèmes sémantiques. Des réseaux de télécommunication intelligents, filaire et sans fil, dit hybrides, se développent. Ils représentent un grand challenge, pour la sécurité des systèmes communicants futurs. Dans un contexte de développement du web, des objets et des villes intelligentes, nos travaux de recherche visent à renforcer les bases de la sécurité et de la cybernétique sémantique, pour les systèmes communicants. Dans notre solution globale, en matière de sécurité sémantique, des infrastructures critiques, nous avons proposé plusieurs sous-solutions, tels que des méta-modèles et des modèles, ainsi qu’une stratégie de sécurité de bout en bout, avec un fonctionnement sur un réseau Cloud global, hybride et sécurisé<br>Critical, modern, current, and even future industrial infrastructures will be equipped with several intelligent embedded equipment. They exploit complex, embedded, intelligent and semantic systems for their operations, locally and remotely, in a context of development, smart cities and the web of things. They are using more and more SCADA and DCS control systems to monitor critical industrial platforms in real time. Critical infrastructures will be more and more communicating in the framework of the exchanges of allarmes and the establishment of Euro-Mediterranean markets of the életcricité and also more and more vulnerable, to classic and even semantic attacks, to viruses, to Trojan horses. The cybernetics of critical platforms is growing, day by day, mainly with the use of complex embedded intelligent semantic systems, web services, ontologies, and format files (XML, OWL, RDF, etc.). They are all embedded in intelligent instruments, making up semantic SCADA systems. Intelligent telecommunication networks, wired and wireless, called hybrids, are developing. They represent a great challenge for the security of future communicating systems. In a context of development of the web of things and smart cities, our research aims to strengthen the bases of security and semantic cybernetics, for communicating systems. In our global solution for semantic security, critical infrastructures, we have proposed several sub-solutions, such as metamodels and models, as well as an end-to-end security strategy, with operation on a global cloud network, hybrid and secure
12
Ladjel, Riad. "Secure distributed computations for the personal cloud." Electronic Thesis or Diss., université Paris-Saclay, 2020. http://www.theses.fr/2020UPASG043.
Full textAbstract:
Grâce aux “smart disclosure initiatives”, traduit en français par « ouvertures intelligentes » et aux nouvelles réglementations comme le RGPD, les individus ont la possibilité de reprendre le contrôle sur leurs données en les stockant localement de manière décentralisée. En parallèle, les solutions dites de clouds personnels ou « système personnel de gestion de données » se multiplient, leur objectif étant de permettre aux utilisateurs d'exploiter leurs données personnelles pour leur propre bien.Cette gestion décentralisée des données personnelles offre une protection naturelle contre les attaques massives sur les serveurs centralisés et ouvre de nouvelles opportunités en permettant aux utilisateurs de croiser leurs données collectées auprès de différentes sources. D'un autre côté, cette approche empêche le croisement de données provenant de plusieurs utilisateurs pour effectuer des calculs distribués.L'objectif de cette thèse est de concevoir un protocole de calcul distribué, générique, qui passe à l’échelle et qui permet de croiser les données personnelles de plusieurs utilisateurs en offrant de fortes garanties de sécurité et de protection de la vie privée. Le protocole répond également aux deux questions soulevées par cette approche : comment préserver la confiance des individus dans leur cloud personnel lorsqu'ils effectuent des calculs croisant des données provenant de plusieurs individus ? Et comment garantir l'intégrité du résultat final lorsqu'il a été calculé par une myriade de clouds personnels collaboratifs mais indépendants ?<br>Thanks to smart disclosure initiatives and new regulations like GDPR, individuals are able to get the control back on their data and store them locally in a decentralized way. In parallel, personal data management system (PDMS) solutions, also called personal clouds, are flourishing. Their goal is to empower users to leverage their personal data for their own good. This decentralized way of managing personal data provides a de facto protection against massive attacks on central servers and opens new opportunities by allowing users to cross their data gathered from different sources. On the other side, this approach prevents the crossing of data from multiple users to perform distributed computations. The goal of this thesis is to design a generic and scalable secure decentralized computing framework which allows the crossing of personal data of multiple users while answering the following two questions raised by this approach. How to preserve individuals' trust on their PDMS when performing global computations crossing data from multiple individuals? And how to guarantee the integrity of the final result when it has been computed by a myriad of collaborative but independent PDMSs?
13
Rostrom, Timothy James. "Framework to Secure Cloud-based Medical Image Storage and Management System Communications." BYU ScholarsArchive, 2011. https://scholarsarchive.byu.edu/etd/3124.
Full textAbstract:
Picture Archiving and Communication Systems (PACS) have been traditionally constrained to the premises of the healthcare provider. This has limited the availability of these systems in many parts of the world and mandated major costs in infrastructure for those who employ them. Public cloud services could be a solution that eases the cost of ownership and provides greater flexibility for PACS implementations. This could make it possible to bring medical imaging services to places where it was previously unavailable and reduce the costs associated with these services for those who utilize them. Moving these systems to public cloud infrastructure requires that an authentication and encryption policy for communications is established within the PACS environment to mitigate the risks incurred by using the Internet for the communication of medical data. This thesis proposes a framework which can be used to create an authenticated and encrypted channel to secure the communications with a cloud-based PACS. This framework uses the Transport Layer Security (TLS) protocol and X.509 certificates to create a secured channel. An enterprise style PKI is used to provide a trust model to authorize endpoints to access the system. The validity of this framework was tested by creating a prototype cloud-based PACS with secured communications. Using this framework will provide a system based on trusted industry standards which will protect the confidentiality and integrity of medical data in transit when using a cloud-based PACS service.
14
Shei, Shaun. "A model-driven approach towards designing and analysing secure systems for multi-clouds." Thesis, University of Brighton, 2018. https://research.brighton.ac.uk/en/studentTheses/53c11a93-3d8d-4cbe-82df-deb34be6ab1f.
Full text
15
Spillner, Josef. "Untersuchungen zur Risikominimierungstechnik Stealth Computing für verteilte datenverarbeitende Software-Anwendungen mit nutzerkontrollierbar zusicherbaren Eigenschaften." Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2016. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-203797.
Full textAbstract:
Die Sicherheit und Zuverlässigkeit von Anwendungen, welche schutzwürdige Daten verarbeiten, lässt sich durch die geschützte Verlagerung in die Cloud mit einer Kombination aus zielgrößenabhängiger Datenkodierung, kontinuierlicher mehrfacher Dienstauswahl, dienstabhängiger optimierter Datenverteilung und kodierungsabhängiger Algorithmen deutlich erhöhen und anwenderseitig kontrollieren. Die Kombination der Verfahren zu einer anwendungsintegrierten Stealth-Schutzschicht ist eine notwendige Grundlage für die Konstruktion sicherer Anwendungen mit zusicherbaren Sicherheitseigenschaften im Rahmen eines darauf angepassten Softwareentwicklungsprozesses<br>The security and reliability of applications processing sensitive data can be significantly increased and controlled by the user by a combination of techniques. These encompass a targeted data coding, continuous multiple service selection, service-specific optimal data distribution and coding-specific algorithms. The combination of the techniques towards an application-integrated stealth protection layer is a necessary precondition for the construction of safe applications with guaranteeable safety properties in the context of a custom software development process
16
SHARMA, JYOTSNA. "DESIGN METHODOLOGY FOR SECURE CLOUD SYSTEMS." Thesis, 2015. http://dspace.dtu.ac.in:8080/jspui/handle/repository/17485.
Full textAbstract:
Cloud computing popularity over traditional software and hardware has increased considerably over last decade. The on-demand, scalable, multi-tenant and measured service provisioning is making Cloud Computing and Services a hot favorite among not only industry big players but small to medium scale SMEs. As companies, customers and end users are moving their business and data to cloud, more concerns over Cloud Security is getting raised. As more and more software vulnerabilities are getting exploited by attackers and malicious users, huge cost is been spent in security attacks mitigation. This requires integration of security into application development lifecycle and adaptation of security related activities in software engineering practices and methodologies.
In this thesis, we propose a Design Methodology using Security Engineering Framework that involves converting security requirement and threats into design decisions to mitigate identified vulnerabilities. A security design template is prepared considering various constraints and mitigation techniques that will help in later stages of design process.
17
Tysowski, Piotr Konrad. "Highly Scalable and Secure Mobile Applications in Cloud Computing Systems." Thesis, 2013. http://hdl.handle.net/10012/7449.
Full textAbstract:
Cloud computing provides scalable processing and storage resources that are hosted on a third-party provider to permit clients to economically meet real-time service demands. The confidentiality of client data outsourced to the cloud is a paramount concern since the provider cannot necessarily be trusted with read access to voluminous sensitive client data. A particular challenge of mobile cloud computing is that a cloud application may be accessed by a very large and dynamically changing population of mobile devices requiring access control. The thesis addresses the problems of achieving efficient and highly scalable key management for resource-constrained users of an untrusted cloud, and also of preserving the privacy of users. A model for key distribution is first proposed that is based on dynamic proxy re-encryption of data. Keys are managed inside the client domain for trust reasons, computationally-intensive re-encryption is performed by the cloud provider, and key distribution is minimized to conserve communication. A mechanism manages key evolution for a continuously changing user population. Next, a novel form of attribute-based encryption is proposed that authorizes users based on the satisfaction of required attributes. The greater computational load from cryptographic operations is performed by the cloud provider and a trusted manager rather than the mobile data owner. Furthermore, data re-encryption may be optionally performed by the cloud provider to reduce the expense of user revocation. Another key management scheme based on threshold cryptography is proposed where encrypted key shares are stored in the cloud, taking advantage of the scalability of storage in the cloud. The key share material erodes over time to allow user revocation to occur efficiently without additional coordination by the data owner; multiple classes of user privileges are also supported. Lastly, an alternative exists where cloud data is considered public knowledge, but the specific information queried by a user must be kept private. A technique is presented utilizing private information retrieval, where the query is performed in a computationally efficient manner without requiring a trusted third-party component. A cloaking mechanism increases the privacy of a mobile user while maintaining constant traffic cost.
18
LEE, KUN-CHE, and 李坤哲. "A Novel Secure Data Exchange Scheme for Cloud Manufacturing Systems based on Disposable Key-based Data Coding Scheme." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/aq5ew6.
Full textAbstract:
碩士<br>中國文化大學<br>資訊工程學系<br>106<br>In recent years, cloud manufacturing (CMfg) (i.e., cloud-based manufacturing) has become a hot research topic for smart manufacturing. The concept of CMfg is to encapsulate and virtualize distributed manufacturing resources (both hardware and software) into cloud services (i.e., manufacturing services) that can then be used on-demand over networks to support manufacturing activities, including product design, simulation, testing, and other equipment services (e.g., fault diagnosis, prognosis, and predictive maintenance). A CMfg system can utilize Internet of Things (IoT) to connect production equipment for data collection and transmission and to communicate with cloud services. Because process data are confidential for a factory, how to protect the security of data exchange between a factory and CMfg services is an important issue for smart manufacturing. Thus, this thesis proposes a novel secure data transmission mechanism based on disposable-key data encoding and designs associated coding and decoding algorithms for protecting the security of data transmitted between the factory side and CMfg services. Finally, several experimental tests of transmitting real process data with different sizes from the factory side to a CMfg service are conducted. Testing results validate the effectiveness of the proposed secure data transmission mechanism and demonstrate its performance.
19
(7013471), NIRANJAN RAVI. "Integration of UAVS with Real Time Operating Systems and Establishing a Secure Data Transmission." Thesis, 2019.
Find full textAbstract:
In today’s world, the applications of Unmanned Aerial Vehicle (UAV) systems
are leaping by extending their scope from military applications on to commercial and
medical sectors as well. Owing to this commercialization, the need to append external
hardware with UAV systems becomes inevitable. This external hardware could aid in
enabling wireless data transfer between the UAV system and remote Wireless Sensor
Networks (WSN) using low powered architecture like Thread, BLE (Bluetooth Low
Energy). The data is being transmitted from the flight controller to the ground
control station using a MAVlink (Micro Air Vehicle Link) protocol. But this radio
transmission method is not secure, which may lead to data leakage problems. The
ideal aim of this research is to address the issues of integrating different hardware with
the flight controller of the UAV system using a light-weight protocol called UAVCAN
(Unmanned Aerial Vehicle Controller Area Network). This would result in reduced
wiring and would harness the problem of integrating multiple systems to UAV. At
the same time, data security is addressed by deploying an encryption chip into the
UAV system to encrypt the data transfer using ECC (Elliptic curve cryptography)
and transmitting it to cloud platforms instead of radio transmission.
20
Huang, Yu-Ping, and 黃宇平. "FileFarm: A Secured Cloud-of-Clouds Storage System." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/zfanq5.
Full textAbstract:
碩士<br>國立臺灣大學<br>電信工程學研究所<br>107<br>In this thesis, we describe FileFarm: a secured storage overlay that leverages existing cloud services to form a cloud-of-clouds storage system with better robustness, no single-point-of-failure and minimal data leakage concerns. To resolve the consistency and load-balancing issues caused by a centralized database design in conventional cloud-of-clouds work, FileFarm adopts a P2P strategy, in which each cloud operates as an independent node providing identical service for clients. The storage nodes, called farmers, cooperate with each other to form a peer-to-peer network, which tolerates concurrent failures occurring at any K-1 farmers, where K is a configurable system-wise parameter. In case of failure occurring at any farmer, a storage repair procedure will be triggered automatically, which backs up data to surviving farmers and maintain K copies of each piece of data. To lookup resources efficiently in a P2P network, FileFarm implements Kademlia DHT(Distributed Hash Table) protocol. Several desired properties of FileFarm are inherited from Kademlia: (1) redundancy maintenance, (2) efficient search and (3) load-balancing design. However, in order to serve as an enterprise-level storage, 4 further properties are required: (1) data confidentiality, (2) access management, (3) cost-efficiency, (4) retrievability. FileFarm meets these requirements by designing corresponding mechanisms, which collectively make FileFarm a robust, secure and cost-efficient storage solution: (1) Encryption and Information Dispersal Algorithm, (2) Decentralized Authentication, (3) Storage Release and Prioritized Download, (4)Public Farmer ID Assignment. We compare FileFarm with related implementations in various aspects of properties. We also implement a proof-of-concept and perform a series of experiments on it to verify our claims. The proof-of-concept not only confirms our claims but also served as a product prototype of our structured P2P file storage solution.
21
Stauffer, Jake. "A Smart and Interactive Edge-Cloud Big Data System." Thesis, 2021. http://dx.doi.org/10.7912/C2/75.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)<br>Data and information have increased exponentially in recent years. The promising era of big data is advancing many new practices. One of the emerging big data applications is healthcare. Large quantities of data with varying complexities have been leading to a great need in smart and secure big data systems.
Mobile edge, more specifically the smart phone, is a natural source of big data and is ubiquitous in our daily lives. Smartphones offer a variety of sensors, which make them a very valuable source of data that can be used for analysis. Since this data is coming directly from personal phones, that means the generated data is sensitive and must be handled in a smart and secure way. In addition to generating data, it is also important to interact with the big data. Therefore, it is critical to create edge systems that enable users to access their data and ensure that these applications are smart and secure. As the first major contribution of this thesis, we have implemented a mobile edge system, called s2Edge. This edge system leverages Amazon Web Service (AWS) security features and is backed by an AWS cloud system. The implemented mobile application securely logs in, signs up, and signs out users, as well as connects users to the vast amounts of data they generate. With a high interactive capability, the system allows users (like patients) to retrieve and view their data and records, as well as communicate with the cloud users (like physicians). The resulting mobile edge system is promising and is expected to demonstrate the potential of smart and secure big data interaction.
The smart and secure transmission and management of the big data on the cloud is essential for healthcare big data, including both patient information and patient measurements. The second major contribution of this thesis is to demonstrate a novel big data cloud system, s2Cloud, which can help enhance healthcare systems to better monitor patients and give doctors critical insights into their patients' health. s2Cloud achieves big data security through secure sign up and log in for the doctors, as well as data transmission protection. The system allows the doctors to manage both patients and their records effectively. The doctors can add and edit the patient and record information through the interactive website. Furthermore, the system supports both real-time and historical modes for big data management. Therefore, the patient measurement information can, not only be visualized and demonstrated in real-time, but also be retrieved for further analysis. The smart website also allows doctors and patients to interact with each other effectively through instantaneous chat. Overall, the proposed s2Cloud system, empowered by smart secure design innovations, has demonstrated the feasibility and potential for healthcare big data applications. This study will further broadly benefit and advance other smart home and world big data applications.
22
Chiang, Chao-hsun, and 蔣朝勛. "The implementation of secure cloud storage caching system." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/kmd8p9.
Full textAbstract:
碩士<br>國立中山大學<br>資訊工程學系研究所<br>102<br>Cloud storage is very popular in recent years. People usually store their important data in cloud storage. However, the cloud storage provider might secretly access our data. It is really a big threats to personal privacy and confidentially of business information. Even if we want to build our own cloud storage system, it will cost a lot of resources.
This paper will discuss on how to implement a secure cloud storage caching system. The system consists of two main parts: local cache server and the connection between local cache server and cloud storage. Users can encrypt and upload their data to the cloud storage through this system. When they need to access their data, they will using this system to download and decrypt data from cloud storage. Besides, the system will preserve some data in local storage as cache, so it will not necessary that to download files from cloud storage every time. Users can also share their files to other users in the system.
Though systems like this, we will not limit by the disadvantages of cloud storage. We could improve the security of data and the efficiency of accessing data at the same time with low-cost.
23
Huang, Kuan-Ying, and 黃冠穎. "A Secure and Elastic Cloud Data Encryption System." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/18084299885303990794.
Full textAbstract:
碩士<br>國立交通大學<br>網路工程研究所<br>100<br>“Cloud computing” is quite popular in recent years, more and more service provider proposed cloud services especially cloud storage service. The cloud storage service brought many conveniences, for instance, users do not have to carry flash storage drives. The file could be accessed by using the computers or mobile devices via network at anytime and anywhere. Users do not need to care about the uploaded file that could be lost, because the service provider provides special techniques to backup. However, the most worrying problem that we care is security.
The security which we mentioned here is that the file may be eavesdropped during transmission, and the file which stored in the storage server may be stolen by some bad guys. Nowadays, most of the cloud storage to let user upload the file to the server and then encrypt file by server, but in this way makes so many people feel uneasy. Some users usually use other third-party encryption system to encrypt the file before uploading. We found that most of the encryption systems save the decryption key could only in the computer, this leads inconvenience of using and it also could be stolen if the computer is public. So how to improve the flexible of storing decryption key is another issue we concern about.
In this thesis, we proposed an integrated service which named SSTreasury+. It includes encryption application and storage service, user could encrypt files before uploading to the cloud to prevent being stolen during transmission or in the cloud storage. In addition, the decryption key which generated by application can be carried to increase flexibility and convenience. In the back-end storages we use existing cloud storage as a backup storage in order to reduce construction costs. We expected to achieve a safe and flexible cloud storage service by the above methods.
24
Santos, João Manuel Ferreira dos. "Chameleon: A Secure Cloud-Enabled and Queryable System with Elastic Properties." Master's thesis, 2021. http://hdl.handle.net/10362/135419.
Full textAbstract:
There are two dominant themes that have become increasingly more important in our
technological society. First, the recurrent use of cloud-based solutions which provide
infrastructures, computation platforms and storage as services. Secondly, the use of applicational
large logs for analytics and operational monitoring in critical systems. Moreover,
auditing activities, debugging of applications and inspection of events generated by errors
or potential unexpected operations - including those generated as alerts by intrusion
detection systems - are common situations where extensive logs must be analyzed, and
easy access is required. More often than not, a part of the generated logs can be deemed
as sensitive, requiring a privacy-enhancing and queryable solution.
In this dissertation, our main goal is to propose a novel approach of storing encrypted
critical data in an elastic and scalable cloud-based storage, focusing on handling JSONbased
ciphered documents. To this end, we make use of Searchable and Homomorphic
Encryption methods to allow operations on the ciphered documents. Additionally, our
solution allows for the user to be near oblivious to our system’s internals, providing
transparency while in use. The achieved end goal is a unified middleware system capable
of providing improved system usability, privacy, and rich querying over the data. This
previously mentioned objective is addressed while maintaining server-side auditable logs,
allowing for searchable capabilities by the log owner or authorized users, with integrity
and authenticity proofs.
Our proposed solution, named Chameleon, provides rich querying facilities on ciphered
data - including conjunctive keyword, ordering correlation and boolean queries
- while supporting field searching and nested aggregations. The aforementioned operations
allow our solution to provide data analytics upon ciphered JSON documents, using
Elasticsearch as our storage and search engine.<br>O uso recorrente de soluções baseadas em nuvem tornaram-se cada vez mais importantes
na nossa sociedade. Tais soluções fornecem infraestruturas, computação e armazenamento
como serviços, para alem do uso de logs volumosos de sistemas e aplicações para
análise e monitoramento operacional em sistemas críticos. Atividades de auditoria, debugging
de aplicações ou inspeção de eventos gerados por erros ou possíveis operações
inesperadas - incluindo alertas por sistemas de detecção de intrusão - são situações comuns
onde logs extensos devem ser analisados com facilidade. Frequentemente, parte dos
logs gerados podem ser considerados confidenciais, exigindo uma solução que permite
manter a confidencialidades dos dados durante procuras.
Nesta dissertação, o principal objetivo é propor uma nova abordagem de armazenar
logs críticos num armazenamento elástico e escalável baseado na cloud. A solução proposta
suporta documentos JSON encriptados, fazendo uso de Searchable Encryption e
métodos de criptografia homomórfica com provas de integridade e autenticação. O objetivo
alcançado é um sistema de middleware unificado capaz de fornecer privacidade,
integridade e autenticidade, mantendo registos auditáveis do lado do servidor e permitindo
pesquisas pelo proprietário dos logs ou usuários autorizados. A solução proposta,
Chameleon, visa fornecer recursos de consulta atuando em cima de dados cifrados - incluindo
queries conjuntivas, de ordenação e booleanas - suportando pesquisas de campo
e agregações aninhadas. As operações suportadas permitem à nossa solução suportar data
analytics sobre documentos JSON cifrados, utilizando o Elasticsearch como armazenamento
e motor de busca.
25
Zhong, Huai-Bin, and 鍾懷彬. "Implementation of Secure Mobile Medical Information System Based on Private Cloud." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/00345895432490564438.
Full textAbstract:
碩士<br>國立勤益科技大學<br>電子工程系<br>102<br>Mobile technology and Applications are growing rapidly which provide another service way. In the area of Engineering in Medicine and Biology, which contains Hospital Information System (HIS), Radiology Information System (RIS) and Picture Archive and Communication Systems (PACS), and it is a positively affected by new technology and availability. PACS is one of popular research area at mobile technology and application, and it is an evolving healthcare technology for the short and long term storage, retrieval, management, distribution and presentation of medical images, which has replaced traditional handling way of medicine images, and it makes medical images can be access and management easier. In addition, Digital Imaging and Communications in Medicine (DICOM) is a standard for handling, storing, printing, and transmitting information in medical image.
Based on the relational structure of PACS, HIS and RIS, this study will make medical image portable where uses modern technology as well as analyze waiting time of patient and propose improvement, which is process during register until diagnosis. In this thesis, we proposed a prototype of mobile DICOM image retrieval and synchronization application with QR-Code authentication, moreover we simulate and analyze waiting time of patient and propose improvement.
26
Kumar, Ramesh. "A Secure Framework for Cloud Based Intelligent Transportation System(C-ITS)." Thesis, 2016. http://ethesis.nitrkl.ac.in/8110/1/2016_MT__214CS2134_Secure.pdf.
Full textAbstract:
Intelligent Transportation System(ITS)currently plays a critical role in transportation network providing the efficiency in traffic management, reducing accidents resulting in timesaving and increased customer satisfaction. The main challenges of ITS, however, are to manage the authenticity, confidentiality and preserving the privacy of the customers. The vision of all vehicle to be connected brings the new challenge of maintenance of massive vehicular data produced. With the advancement of cloud technology one cloud consider it as a decent candidate. In this paper, we propose a novel framework for cloud-based intelligent transportation system (C-ITS). The main idea is to have multiple ITS service provider in a single city so that a customer has a choice to register multiple ITSs for different services. The ITS can exploit cloud resources to provide high-end services to its user. Our proposed model could use different cryptosystem to meet the necessary security requirements. We introduce a security solution to meet the fundamental safety requirements for proposed model using Identity-Based cryptosystem, and proxy re-encryption.
27
Lin, Cheng-Ting, and 林正庭. "A Secret-Sharing-Based Method for Cloud Storage System." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/69726621877613632163.
Full textAbstract:
碩士<br>國立中山大學<br>資訊工程學系研究所<br>104<br>In recent years, at an era of information explosion, cloud storage system is wide-spread
used in our daily life. However, cloud storage system include many information security issues.
The technical of secret sharing is applied to solve these problem include data privacy, data
integrity and computational cost. Nevertheless, applying Shamir’s secret sharing scheme to
cloud storage system, there are two fetal problems. When we upload the file to the cloud
storage system, the size of each share equals to the file such that it waste amount of storage to
save these shares; furthermore, a heavy computational cost is required to make shares which is
going to be saved in the cloud servers.
Therefore, we then proposed a secret-sharing-based method by generating pseudo-random
number to replace the real shares such that it reduces the storage cost; in addition, we use
just EXCLUSIVE-OR (XOR) operation to reduce the computational cost when computing the
shares for each cloud servers.
28
HUANG, PO-TSUN, and 黃柏尊. "A Secure Electronic Medical Record (EMR) Authorization System for Smart Device Application in Cloud Computing Environments." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/9rt3pj.
Full textAbstract:
碩士<br>朝陽科技大學<br>資訊工程系<br>107<br>As cloud computing technology matures, along with an increased application of distributed networks, increasingly larger amounts of data are being stored in the cloud, and is thus available for pervasive application. At the same time, current independent medical record systems tend to be inefficient, and most previous studies in this field fail to meet the security requirements of anonymity and unlinkability. Some proposed schemes are even vulnerable to malicious impersonation attacks. The scheme proposed in this study therefore combines public and private clouds in order to more efficiently and securely preserve and manage electronic medical records (EMR). In this study, a new secure EMR authorization system is proposed, which uses elliptic curve encryption and public-key encryption, providing a health care system with both public and private cloud environments with a message authentication mechanism, allowing the secure sharing of medical resources. Analysis shows that the proposed scheme prevents known attacks, such as replay attacks, man-in-the-middle attacks and impersonation attacks, and provides user anonymity, unlinkability, integrity, non-repudiation, and forward and backward security.
29
Hussain, Mohammed. "The Design and Applications of a Privacy-Preserving Identity and Trust-Management System." Thesis, 2010. http://hdl.handle.net/1974/5520.
Full textAbstract:
Identities are present in the interactions between individuals and organizations.
Online shopping requires credit card information, while e-government services require social security or passport numbers. The involvement of identities, however, makes them susceptible to theft and misuse.
The most prominent approach for maintaining the privacy of individuals is the enforcement of privacy policies that regulate the flow and use of identity information.
This approach suffers two drawbacks that severely limit its effectiveness. First, recent research in data-mining facilitates the fusion of partial identities into complete identities. That holds true even if the attributes examined are not, normally considered, to be identifying. Second, policies are prone to human error, allowing for identity information to be released accidentally.
This thesis presents a system that enables an individual to interact with organizations, without allowing these organizations to link the interactions of that individual together. The system does not release individuals' identities to
organizations. Instead, certified artificial identities are used to guarantee that individuals possess the required attributes to successfully participate in the interactions. The system limits the fusion of partial identities and minimizes the effects of human error. The concept of using certified artificial identities has been
extensively researched. The system, however, tackles several unaddressed scenarios.
The system works not only for interactions that involve an individual and an organization, but also for interactions
that involve a set of individuals connected by structured relations. The individuals should prove the existence of relations among
them to organizations, yet organizations cannot profile the actions of these individuals. Further, the system allows organizations to be anonymous, while proving their attributes to individuals. Reputation-based trust is incorporated to help individuals make informed decisions whether to deal with a particular organization.
The system is used to design applications in e-commerce, access control, reputation management, and cloud computing. The thesis describes the applications in detail.<br>Thesis (Ph.D, Computing) -- Queen's University, 2010-04-07 11:17:37.68
30
Cheperdak, David J. B. "Attribute-based access control for distributed systems." Thesis, 2012. http://hdl.handle.net/1828/4561.
Full textAbstract:
Securing information systems from cyber attacks, malware and
internal cyber threats is a difficult problem. Attacks on authentication and
authorization (access control) is one of the more predominant and potentially
rewarding attacks on distributed architectures. Attribute-Based Access Control
(ABAC) is one of the more recent mechanisms to provide access control
capabilities. ABAC combines the strength of cryptography with semantic
expressions and relational assertions. By this composition, a powerful grammar
is devised that can not only define complex and scalable access control policies,
but defend against attacks on the policy itself. This thesis demonstrates
how ABAC can be used as a primary access control solution for enterprise and
commercial applications.<br>Graduate<br>0984<br>djbchepe@gmail.com
31
Chu, Yu Chen, and 朱祐呈. "A System for Integrating Multiple Cloud Storage Services: Implementation of Secured and Synchronized Desktop Applications." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/44229925530222294705.
Full textAbstract:
碩士<br>國立清華大學<br>通訊工程研究所<br>103<br>In recent years, due to rapid advancement in network and computer technologies, cloud services have been gradually developed. Among all cloud services, online storage or cloud storage attracts a lot of attention. Many companies, such as Dropbox, Google and etc. have started offering cloud storage services. Being able to access our data from anywhere and at any time, the convenience offered by cloud storage services has fundamentally changed our daily lives.
However, the cloud storage services offered by commercial companies in their current form have two drawbacks. First, to use the cloud storage service conveniently offered by a specific cloud storage service provider, users have to install a synchronization program offered by the service provider in their local hosts. This synchronization program keeps the files in the local host synchronized with their remote copies in the cloud. The synchronization programs inevitably allow only one cloud storage service account in each local host. This limits the storage space that users can use. The second drawback of the current cloud storage services is security concern. Although all companies offering cloud storage services claim that users' files are securely encrypted and that maintaining users' privacy has the top priority, most users still worry since the companies also hold the decryption keys.
In this thesis we present an architecture to address the two drawbacks described above. In our architecture locally files are maintained in a file tree and remotely our architecture distributes files in multiple cloud storage accounts, such that no account violates its space limit. In our architecture files are encrypted before they are stored in cloud storage accounts. Only users have the decryption keys. In this thesis we also present a prototype implementation of the architecture.
32
Spillner, Josef. "Untersuchungen zur Risikominimierungstechnik Stealth Computing für verteilte datenverarbeitende Software-Anwendungen mit nutzerkontrollierbar zusicherbaren Eigenschaften." Doctoral thesis, 2015. https://tud.qucosa.de/id/qucosa%3A29546.
Full textAbstract:
Die Sicherheit und Zuverlässigkeit von Anwendungen, welche schutzwürdige Daten verarbeiten, lässt sich durch die geschützte Verlagerung in die Cloud mit einer Kombination aus zielgrößenabhängiger Datenkodierung, kontinuierlicher mehrfacher Dienstauswahl, dienstabhängiger optimierter Datenverteilung und kodierungsabhängiger Algorithmen deutlich erhöhen und anwenderseitig kontrollieren. Die Kombination der Verfahren zu einer anwendungsintegrierten Stealth-Schutzschicht ist eine notwendige Grundlage für die Konstruktion sicherer Anwendungen mit zusicherbaren Sicherheitseigenschaften im Rahmen eines darauf angepassten Softwareentwicklungsprozesses.:1 Problemdarstellung
1.1 Einführung
1.2 Grundlegende Betrachtungen
1.3 Problemdefinition
1.4 Einordnung und Abgrenzung
2 Vorgehensweise und Problemlösungsmethodik
2.1 Annahmen und Beiträge
2.2 Wissenschaftliche Methoden
2.3 Struktur der Arbeit
3 Stealth-Kodierung für die abgesicherte Datennutzung
3.1 Datenkodierung
3.2 Datenverteilung
3.3 Semantische Verknüpfung verteilter kodierter Daten
3.4 Verarbeitung verteilter kodierter Daten
3.5 Zusammenfassung der Beiträge
4 Stealth-Konzepte für zuverlässige Dienste und Anwendungen
4.1 Überblick über Plattformkonzepte und -dienste
4.2 Netzwerkmultiplexerschnittstelle
4.3 Dateispeicherschnittstelle
4.4 Datenbankschnittstelle
4.5 Stromspeicherdienstschnittstelle
4.6 Ereignisverarbeitungsschnittstelle
4.7 Dienstintegration
4.8 Entwicklung von Anwendungen
4.9 Plattformäquivalente Cloud-Integration sicherer Dienste und Anwendungen
4.10 Zusammenfassung der Beiträge
5 Szenarien und Anwendungsfelder
5.1 Online-Speicherung von Dateien mit Suchfunktion
5.2 Persönliche Datenanalyse
5.3 Mehrwertdienste für das Internet der Dinge
6 Validierung
6.1 Infrastruktur für Experimente
6.2 Experimentelle Validierung der Datenkodierung
6.3 Experimentelle Validierung der Datenverteilung
6.4 Experimentelle Validierung der Datenverarbeitung
6.5 Funktionstüchtigkeit und Eigenschaften der Speicherdienstanbindung
6.6 Funktionstüchtigkeit und Eigenschaften der Speicherdienstintegration
6.7 Funktionstüchtigkeit und Eigenschaften der Datenverwaltung
6.8 Funktionstüchtigkeit und Eigenschaften der Datenstromverarbeitung
6.9 Integriertes Szenario: Online-Speicherung von Dateien
6.10 Integriertes Szenario: Persönliche Datenanalyse
6.11 Integriertes Szenario: Mobile Anwendungen für das Internet der Dinge
7 Zusammenfassung
7.1 Zusammenfassung der Beiträge
7.2 Kritische Diskussion und Bewertung
7.3 Ausblick
Verzeichnisse
Tabellenverzeichnis
Abbildungsverzeichnis
Listings
Literaturverzeichnis
Symbole und Notationen
Software-Beiträge für native Cloud-Anwendungen
Repositorien mit Experimentdaten<br>The security and reliability of applications processing sensitive data can be significantly increased and controlled by the user by a combination of techniques. These encompass a targeted data coding, continuous multiple service selection, service-specific optimal data distribution and coding-specific algorithms. The combination of the techniques towards an application-integrated stealth protection layer is a necessary precondition for the construction of safe applications with guaranteeable safety properties in the context of a custom software development process.:1 Problemdarstellung
1.1 Einführung
1.2 Grundlegende Betrachtungen
1.3 Problemdefinition
1.4 Einordnung und Abgrenzung
2 Vorgehensweise und Problemlösungsmethodik
2.1 Annahmen und Beiträge
2.2 Wissenschaftliche Methoden
2.3 Struktur der Arbeit
3 Stealth-Kodierung für die abgesicherte Datennutzung
3.1 Datenkodierung
3.2 Datenverteilung
3.3 Semantische Verknüpfung verteilter kodierter Daten
3.4 Verarbeitung verteilter kodierter Daten
3.5 Zusammenfassung der Beiträge
4 Stealth-Konzepte für zuverlässige Dienste und Anwendungen
4.1 Überblick über Plattformkonzepte und -dienste
4.2 Netzwerkmultiplexerschnittstelle
4.3 Dateispeicherschnittstelle
4.4 Datenbankschnittstelle
4.5 Stromspeicherdienstschnittstelle
4.6 Ereignisverarbeitungsschnittstelle
4.7 Dienstintegration
4.8 Entwicklung von Anwendungen
4.9 Plattformäquivalente Cloud-Integration sicherer Dienste und Anwendungen
4.10 Zusammenfassung der Beiträge
5 Szenarien und Anwendungsfelder
5.1 Online-Speicherung von Dateien mit Suchfunktion
5.2 Persönliche Datenanalyse
5.3 Mehrwertdienste für das Internet der Dinge
6 Validierung
6.1 Infrastruktur für Experimente
6.2 Experimentelle Validierung der Datenkodierung
6.3 Experimentelle Validierung der Datenverteilung
6.4 Experimentelle Validierung der Datenverarbeitung
6.5 Funktionstüchtigkeit und Eigenschaften der Speicherdienstanbindung
6.6 Funktionstüchtigkeit und Eigenschaften der Speicherdienstintegration
6.7 Funktionstüchtigkeit und Eigenschaften der Datenverwaltung
6.8 Funktionstüchtigkeit und Eigenschaften der Datenstromverarbeitung
6.9 Integriertes Szenario: Online-Speicherung von Dateien
6.10 Integriertes Szenario: Persönliche Datenanalyse
6.11 Integriertes Szenario: Mobile Anwendungen für das Internet der Dinge
7 Zusammenfassung
7.1 Zusammenfassung der Beiträge
7.2 Kritische Diskussion und Bewertung
7.3 Ausblick
Verzeichnisse
Tabellenverzeichnis
Abbildungsverzeichnis
Listings
Literaturverzeichnis
Symbole und Notationen
Software-Beiträge für native Cloud-Anwendungen
Repositorien mit Experimentdaten
33
Yu-TingHuang and 黃鈺婷. "An SLA-aware Data Dispersion Method for Short-Secret-Sharing Cloud Storage System." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/24484662428767207595.
Full textAbstract:
碩士<br>國立成功大學<br>資訊工程學系碩博士班<br>101<br>In the era of information explosion, people usually share various kinds of information through networks. As more information is going to be shared and stored, the maintenance costs of data also increase. Since cloud storage systems have large storage space, high transmission bandwidth, and the supports of data maintenance, the management costs of clients can further be reduced, and therefore more companies would like to outsource their data into cloud storage systems. However, because of the lacks of physical controls of data, the data security and the data availability are always concerned. Hence, this thesis mainly focuses on proposing a method to leverage between the data security, the data availability, the access performance, and the client cost.
Nevertheless, clients often cannot be served with what they actually want because the Service Level Agreement (SLA) provided by existing cloud storage systems is not customized. Therefore, this thesis first defines the corresponding SLA elements according to the four major concerns of clients. Based on the customized SLA negotiated with clients, their actual requirements can be discovered and exploited to adjust the system parameters for completing services.
Among existing cloud storage systems with the data security support, Short-Secret-Sharing (SSS) cloud storage system has the characteristics including the smallest storage consumption, the highest performance and key management supports. By adjusting the parameters (n, k) of SSS, the cloud storage system can provide different levels of protection in the data security and the data availability whereas obtaining different access performance and client costs. This thesis would like to propose a method to obtain the optimal result by adjusting the parameters (n, k) based on the customized SLA of clients.
Finally, by analyzing several scenarios, the customized SLAs negotiated with different clients are obtained. Moreover, optimal results are presented when clients are served by different cloud storage systems.