Guide to Security Assurance for Cloud Computing / / edited by Shao Ying Zhu, Richard Hill, Marcello Trovati
(Visualizza in formato marc)
(Visualizza in BIBFRAME)
| Titolo: |
Guide to Security Assurance for Cloud Computing / / edited by Shao Ying Zhu, Richard Hill, Marcello Trovati
|
| Pubblicazione: | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2015 |
| Edizione: | 1st ed. 2015. |
| Descrizione fisica: | 1 online resource (XVIII, 229 p. 39 illus.) |
| Disciplina: | 005.8 |
| Soggetto topico: | Computer security |
| Computer communication systems | |
| Management information systems | |
| Computer science | |
| Systems and Data Security | |
| Computer Communication Networks | |
| Management of Computing and Information Systems | |
| Persona (resp. second.): | ZhuShao Ying |
| HillRichard | |
| TrovatiMarcello | |
| Note generali: | Bibliographic Level Mode of Issuance: Monograph |
| Nota di contenuto: | Intro -- Foreword -- Preface -- Overview and Goals -- Organisation and Features -- Target Audiences -- Suggested Uses -- Acknowledgements -- Contents -- Contributors -- About the Editors -- Part I Key Concepts -- 1 Privacy, Compliance and the Cloud -- 1.1 Introduction -- 1.2 Compliance: The State of the Art -- 1.3 Compliance: Emerging Standards -- 1.4 Compliance: Future Work -- 1.5 How Effective Is the Compliance Model? -- 1.6 Concluding Remarks -- 1.7 Review Questions -- References -- 2 Cryptographic Tools for Cloud Environments -- 2.1 Introduction -- 2.2 Fundamental Cryptographic Mechanisms -- 2.2.1 Symmetric Encryption -- 2.2.2 Public-Key Encryption -- 2.2.3 Hash Functions -- 2.2.4 Message Authentication Codes -- 2.2.5 Digital Signature Schemes -- 2.2.6 Authenticated Encryption -- 2.3 Limitations of Conventional Cryptography -- 2.4 Cryptographic Mechanisms for the Cloud -- 2.4.1 Processing Encrypted Data -- 2.4.1.1 Searching Over Encrypted Data -- 2.4.1.2 Homomorphic Encryption -- 2.4.1.3 Computing Aggregates Over Encrypted Data -- 2.4.1.4 Order-Preserving Encryption -- 2.4.2 Functional Encryption -- 2.4.2.1 Identity-Based Encryption -- 2.4.2.2 Attribute-Based Encryption -- 2.4.2.3 Predicate Encryption -- 2.4.3 Verifiable Computing -- 2.4.3.1 Verifiable Outsourced Computation -- 2.4.3.2 Verifiable Storage -- 2.4.4 Other Tools -- 2.4.4.1 Proxy Re-encryption -- 2.4.4.2 Oblivious RAM -- 2.4.4.3 Format-Preserving Encryption -- 2.4.4.4 Secure Deduplication -- 2.5 Closing Remarks -- 2.6 Review Questions -- References -- 3 Migrating to Public Clouds - From a Security Perspective -- 3.1 Introduction -- 3.2 Clouds and Features -- 3.3 Migration Concerns -- 3.4 Security and Privacy in Public Clouds -- 3.5 Migrating to Public Clouds - An Experimental Analysis -- 3.5.1 Research Design -- 3.5.2 Statistical Analysis -- 3.6 Results and Interpretation. |
| 3.6.1 Question 1 -- 3.6.2 Question 2 -- 3.6.3 Question 3 -- 3.6.4 Question 4 -- 3.6.5 Question 5 -- 3.6.6 Question 6 -- 3.6.7 Question 7 -- 3.7 Summary -- 3.8 Conclusion -- 3.9 Review Questions -- References -- 4 Virtualization Security in Cloud Computing -- 4.1 Introduction -- 4.2 Virtualization -- 4.3 Virtualization Security -- 4.4 Virtualization Attacks -- 4.4.1 Hypervisor Attacks -- 4.4.2 Virtual Machine Attacks -- 4.4.3 Disk Image Attacks -- 4.5 Security Solutions -- 4.5.1 Hypervisor Security -- 4.5.2 Virtual Machine Security -- 4.5.3 Disk Images Security -- 4.6 Recommendations for Secure Usage of Virtual Machines -- 4.6.1 Secure Network -- 4.6.2 Disabling the Non-required Features -- 4.6.3 Disconnect Unused Hardware Devices -- 4.6.4 Backup of Virtual Machine Images -- 4.6.5 Hardening of Virtual Machines -- 4.6.6 Auditing -- 4.7 Industrial Survey -- 4.7.1 Storage Made Easy -- 4.7.2 Piston Cloud -- 4.7.3 Metacloud -- 4.8 Conclusion -- 4.9 Review Questions -- References -- 5 Security of Cloud-Based Storage -- 5.1 Introduction to Cloud Storage -- 5.2 Organization -- 5.3 Cloud Storage Architecture -- 5.4 Cloud Storage Security Architecture -- 5.5 Deduplication for Efficient Storage -- 5.6 Techniques Used for Maintaining Security in Cloud Storage -- 5.7 Comparison Between Various Available Secure Cloud Storage Techniques -- 5.7.1 Cloud Storage Techniques of Category A -- 5.7.1.1 ESPAC Scheme -- 5.7.1.2 Kamara et al.'s Scheme -- 5.7.1.3 Key to Cloud (K2C) Scheme -- 5.7.1.4 Cryptonite Scheme -- 5.7.1.5 Sec2 Scheme -- 5.7.2 Cloud Storage Techniques of Category B -- 5.7.2.1 Chow et al.'s Scheme -- 5.7.2.2 Cloud Storage System (CS2) -- 5.8 Security-Related Case Studies in Cloud Storage -- 5.8.1 Dropbox -- 5.8.2 Microsoft Azure -- 5.8.3 Amazon EC2 -- 5.9 Security Guidelines for Cloud Storage -- 5.9.1 Login Credential Safety. | |
| 5.9.2 Encryption of the Stored Data -- 5.9.3 Security Along with Deduplication -- 5.9.4 Transport Security -- 5.9.5 Multiple Devices Accessibility -- 5.9.6 Update Functionality of System -- 5.10 Summary -- 5.11 Review Questions -- References -- 6 Cloud Computing Governance, Risk, and Compliance - The Quintessential Globalization Challenge -- 6.1 Industry Buy-in, Consensus, and Reciprocity -- 6.2 Definitions -- 6.3 Governance Focus Areas -- 6.4 Organizations and Standards -- 6.4.1 Industry Community Groups -- 6.4.2 FEDRAMP -- 6.4.3 ISO -- 6.4.3.1 ISO 9001:2015 -- 6.4.3.2 ISO 12207:2008 -- 6.4.3.3 ISO 15504:2012 -- 6.4.3.4 ISO 20000-1:2011 -- 6.4.3.5 ISO 26262:2011 -- 6.4.3.6 ISO 27000 Series -- 6.5 Way Forward -- 6.6 Review Questions -- References -- 7 Cloud Computing and Security in the Future -- 7.1 Introduction -- 7.2 The Cloud Model -- 7.3 Privacy and Security -- 7.4 The Data Protection Act and Cloud Computing -- 7.5 The Future -- 7.6 Conclusion -- 7.7 Review Questions -- References -- Part II Application and Approaches -- 8 Security Certification for the Cloud: The CUMULUS Approach -- 8.1 Introduction -- 8.2 Certification Process and Framework Architecture -- 8.2.1 CM Instance and CM Template -- 8.2.2 Certification Process -- 8.2.3 Architecture -- 8.3 Basic Certification Models -- 8.3.1 Monitoring-Based Certification Models -- 8.3.2 Test-Based Certification Models -- 8.3.3 TC-Based Certification Models -- 8.4 Advanced Certification Models -- 8.4.1 Hybrid Certification Models -- 8.4.2 Compositional Certification Models -- 8.4.3 Incremental Certification Models -- 8.4.3.1 CM Instance Adaptation -- 8.4.3.2 CM Template Adaptation -- 8.5 Trust Model -- 8.6 Related Work -- 8.7 Conclusions -- 8.8 Review Questions -- References -- 9 Improving Cloud Assurance and Transparency Through Accountability Mechanisms -- 9.1 Introduction -- 9.2 State of the Art. | |
| 9.3 The Relationship Between Accountability and Assurance -- 9.4 Case Study -- 9.5 Risk Assessment -- 9.6 Service Level Agreements -- 9.6.1 Importance of secSLAs and PLAs for Cloud Transparency -- 9.6.2 How Are secSLAs and PLAs Structured? -- 9.7 Continuous Assurance During Service Provision -- 9.8 Example Tools -- 9.8.1 Phase 1: Provisioning for Accountability -- 9.8.1.1 Cloud Offerings Advisory Tool (COAT) -- 9.8.1.2 Data Protection Impact Assessment Tool (DPIAT) -- 9.8.2 Phase 2: Operating in an Accountable Manner -- 9.8.3 Phase 3: Audit and Validate -- 9.8.4 Architecture of the Audit Agent System -- 9.8.4.1 Input: Audit Policy Module (APM) -- 9.8.4.2 Runtime Management: Audit Agent Controller (AAC) -- 9.8.4.3 Collection and Storage: Evidence Collection Agents and Evidence Store -- 9.8.4.4 Processing and Presentation: Evidence Processor and Presenter -- 9.9 Conclusions -- 9.10 Review Questions -- References -- 10 DDoS Protection and Security Assurance in Cloud -- 10.1 Introduction -- 10.2 DDoS in Cloud Computing -- 10.2.1 History and Recent Incidents -- 10.2.2 DDoS on Fixed Infrastructure -- 10.2.3 DDoS on Cloud Infrastructure -- 10.3 Attack Model and Threat Model -- 10.3.1 Attack Model -- 10.3.2 Threat Model -- 10.4 System Model -- 10.5 DDoS Protection in Cloud -- 10.5.1 DDoS Prevention Methods -- 10.5.2 Anomaly Detection -- 10.5.3 Resource Allocation-Based Methods -- 10.6 DDoS Security Assurance in Cloud -- 10.7 Chapter Summary -- 10.8 Review Questions -- References -- 11 Cloud Data Auditing Using Proofs of Retrievability -- 11.1 Introduction -- 11.2 Preliminaries -- 11.2.1 Notation -- 11.2.2 Message Authentication Code (MAC) -- 11.2.3 Bilinear Maps -- 11.2.4 Digital Signature -- 11.2.5 Erasure Code -- 11.2.6 Oblivious RAM -- 11.2.7 Proofs of Retrievability -- 11.3 Proofs of Retrievability for Static Data. | |
| 11.3.1 POR Scheme by Juels and Kaliski -- 11.3.2 POR Schemes by Shacham and Waters -- 11.3.2.1 POR Scheme with Private Verification -- 11.3.2.2 POR Scheme with Public Verification -- 11.4 Proofs of Retrievability for Dynamic Data -- 11.4.1 POR Scheme by Cash, Küpçü and Wichs -- 11.4.2 POR Scheme by Shi, Stefanov, and Papamanthou -- 11.5 Conclusion -- 11.6 Review Questions -- References -- 12 Vehicular Cloud Networks: Architecture and Security -- 12.1 Cloud Computing -- 12.2 Vehicular Ad Hoc Networks (VANET) -- 12.2.1 VANET Architecture -- 12.2.2 Components of VANET -- 12.2.3 Important Characteristics of VANET -- 12.2.3.1 Decentralized Systems -- 12.2.3.2 High-Speed Mobility and Dynamic Topology -- 12.2.3.3 Cooperative Message Routing -- 12.2.3.4 Real-Time Processing -- 12.2.3.5 User and Data Privacy -- 12.3 Vehicular Cloud Networking (VCN) -- 12.3.1 Vehicular-Based Cloud Networking (VCN) Architecture -- 12.3.2 Vehicular-Based Cloud Networking (VCN) Operation -- 12.4 Threats in Vehicular-Based Cloud Networking -- 12.4.1 Threats to Tier-1 and Tier-2 Clouds -- 12.4.1.1 Vehicle -- 12.4.1.2 Adjacent Infrastructure -- 12.4.1.3 Wireless Communication -- 12.4.1.4 Messages -- 12.4.1.5 Vehicular Cloud -- 12.4.1.6 Infrastructure Cloud -- 12.4.2 Threats to Tier-3 Cloud -- 12.4.2.1 Data Breaches -- 12.4.2.2 Data Loss -- 12.4.2.3 Account or Service Hijacking -- 12.4.2.4 Denial of Service -- 12.4.2.5 Insecure Interfaces and APIs -- 12.4.2.6 Malicious Insider -- 12.4.2.7 Abuse of Cloud Services -- 12.4.2.8 Shared Technology Vulnerabilities -- 12.5 Review Questions -- References -- Index. | |
| Sommario/riassunto: | This practical and didactic text/reference discusses the leading edge of secure cloud computing, exploring the essential concepts and principles, tools, techniques and deployment models in this field. Enlightening perspectives are presented by an international collection of pre-eminent authorities in cloud security assurance from both academia and industry. Topics and features: · Describes the important general concepts and principles of security assurance in cloud-based environments · Presents applications and approaches to cloud security that illustrate the current state of the art · Reviews pertinent issues in relation to challenges that prevent organizations moving to cloud architectures · Provides relevant theoretical frameworks and the latest empirical research findings · <Discusses real-world vulnerabilities of cloud-based software in order to address the challenges of securing distributed software · Highlights the practicalities of cloud security, and how applications can assure and comply with legislation · Includes review questions at the end of each chapter This Guide to Security Assurance for Cloud Computing will be of great benefit to a broad audience covering enterprise architects, business analysts and leaders, IT infrastructure managers, cloud security engineers and consultants, and application developers involved in system design and implementation. The work is also suitable as a textbook for university instructors, with the outline for a possible course structure suggested in the preface. The editors are all members of the Computing and Mathematics Department at the University of Derby, UK, where Dr. Shao Ying Zhu serves as a Senior Lecturer in Computing, Dr. Richard Hill as a Professor and Head of the Computing and Mathematics Department, and Dr. Marcello Trovati as a Senior Lecturer in Mathematics. The other publications of the editors include the Springer titles Big-Data Analytics and Cloud Computing, Guide to Cloud Computing and Cloud Computing for Enterprise Architectures. |
| Titolo autorizzato: | Guide to Security Assurance for Cloud Computing |
| ISBN: | 3-319-25988-1 |
| Formato: | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione: | Inglese |
| Record Nr.: | 9910298966203321 |
| Lo trovi qui: | Univ. Federico II |
| Opac: | Controlla la disponibilità qui |
Serie:
Computer Communications and Networks, . 1617-7975