Secure data access in cloud computing

Sanka, Sunil; Hota, Chittaranjan; Rajarajan, Muttukrishnan

doi:10.1109/imsaa.2010.5729397

Cited by 66 publications

(29 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Bracci et al [28] propose to provide adequate encryption and key management support by using a real use case of Vitaever, i.e., a home health-care SaaS application deployed on Amazon AWS. Sanka et al [29] propose symmetric key sharing between CSP and the user by using the Diffie-Hellman key exchange protocol. The authors make a lot of assumptions, which can be potentially harmful in the real-world scenario.…”

Section: Focused Security Solutions For Cloud Databasesmentioning

confidence: 99%

DB-SECaaS: a cloud-based protection system for document-oriented NoSQL databases

Ghazi

Masood

Rauf

et al. 2016

EURASIP J. on Info. Security

View full text Add to dashboard Cite

The trend of cloud databases is leaning towards Not Only SQL (NoSQL) databases as they provide better support for scalable storage and quick retrieval of exponentially voluminous data. One of the more prominent types of NoSQL databases is document-based storage, which is being increasingly used in the dynamic cloud paradigm. However, there are inherent security issues in cloud, including remote data residency along with the non-existent control of owners over their own data. In addition to that, the inherent security features of most document-based NoSQL databases lack granular access control and robust confidentiality mechanisms. There is also a distinct lack of a comprehensive solution that effectively caters to all the security requirements of a document-oriented database in cloud. In order to overcome these issues, we propose a database security-as-a-service (DB-SECaaS) system over document-oriented database hosted in cloud, which provides authentication, fine-grained authorization, and encryption of the database objects, while ensuring that access to the data is granted only to authorized users on a need-to-know basis. The paper shows that the DB-SECaaS system strongly enhances the security of documentoriented databases on cloud, and it is thus expected to facilitate the industry to reap the benefits of NoSQL without worrying over security issues. In order to certify the abovementioned security enhancements, provided by DB-SECaaS, the paper also provides a formal analysis of DB-SECaaS using the Scyther model checker. As a proof of concept, the core functionalities of the protocol, i.e., authorization, authentication, and encryption, are formally modeled in Scyther to formally verify that the proposed framework mitigates privacy and security concerns.

show abstract

Section: Focused Security Solutions For Cloud Databasesmentioning

confidence: 99%

DB-SECaaS: a cloud-based protection system for document-oriented NoSQL databases

Ghazi

Masood

Rauf

et al. 2016

EURASIP J. on Info. Security

View full text Add to dashboard Cite

show abstract

“…In [49], authors propose the use of symmetric key encryption mechanism for data security in Cloud framework. In [50], authors propose the use of Public Key Infrastructure for the Cloud framework. However, these approaches do not provide an efficient solution for key management due to its complexity.…”

Section: Encryption and Key Management Algorithmsmentioning

confidence: 99%

A survey on security issues and solutions at different layers of Cloud computing

et al. 2012

Self Cite

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Permanent AbstractCloud computing offers scalable on-demand services toconsumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existent in these protocols as well as threats introduced by newer architectures raise many securityand privacy concerns. In this paper, we survey factors affecting Cloud computing adoption, vulnerabilities,and attacks, and identify relevant solution directives to strengthen security and privacyin Cloud environment.

show abstract

“…They leverage a generative process of two types of errors (false positive and false negative) by modeling two different aspects of source quality. Authors in paper [12] show how to protect the data files of a data owner in the cloud infrastructure by a set of security protocols, which are only accessible by a valid user. To protect the outsourced information, the paper explains how to combine access control and cryptography.…”

Section: Related Workmentioning

confidence: 99%