Chunming Rong
Cloud Computing makes resources such as data available anywhere at anytime, by enabling IT-related capabilities to be provided as services, accessible without requiring detailed knowledge of the underlying technology. Many mature technologies are used as components in Cloud Computing, but still there are many unresolved and open problems. Security in the cloud domain is considered as one of the top challenges. Cloud and IT service providers should be responsible for the data of their customers and users. However, accountability frameworks for distributed IT services is needed but still absent; hence it is difficult for users to understand, influence and determine how their service providers honor their obligations. It is important to support users in deciding and tracking how cloud service providers use their data. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress. In any cloud service model, multiple stakeholders are involved. One service provider can be the consumer of another service. The complex stakeholder relationships require precise monitoring and accounting. Monitoring can be performed in multiple layers with different granularities. In the Infrastructure as a Service (IaaS) model, a customer has a set of virtual machine instances that are reachable by each other. Instances can be located in different geographical regions. A variety of technologies are capable of providing instances’ connectivity, including network virtualization. From the network monitoring perspective, distinguishing customers’ activities in a multi-tenant network is crucial. There are recent studies to improve architecture of the networking services for cloud platform using Software Defined Networking (SDN). Fog Computing extending the Cloud paradigm closer to the source using these newly available virtualization tools to redirect the data stream locally. Data may be processed locally within a trusted perimeter. Hence, data may be shared only after a controlled and processed in a fog before forwarding into a cloud. Raw data is often kept behind and there is less traffic burden for the core infrastructure to datacenters in the cloud.
Uras Tos, Riad Mokadem, Abdelkader Hameurlain, Tolga Ayav, Sebnem Bora
In today's world, tenants of cloud systems expect timely responses to queries that process ever-increasing sizes of data. However, most cloud providers offer their services without any performance guarantees to their tenants. In this paper we propose a data replication strategy that aims to satisfy performance guarantees for the tenant while ensuring profitability of the cloud provider. Our strategy estimates the response time of the queries, as well as the expenditures that affect the profitability of the cloud provider. The decision of whether to perform replication is determined by the fulfillment of these two criteria. Validity of the proposed strategy is provided by means of a simulation study.
Okan Alper
Amazon Web Services has been a critical turning point for technology companies and mainly startups. With the introduction of cloud services, AWS has levelled the playing field for startups by letting them start development with the same infrastructure that technology giants already have and removed the competitive advantage these giants have, hence accelerated development and scalability immensely for these smaller companies. At the same time, cloud technologies have been a big myth and it is exaggerated way more than the capabilities they provide. In this talk, we will be presenting the pitfalls and things to watch out while using these cloud services, mainly around cost, vendor lock-in issues, architecture design for cloud and technical issues some of the services have.
Erdal Çayırcı
Cloud and fog computing presents tremendous advantages: organisations of all kinds and sizes can extend their information technology capabilities dynamically while reducing capital expenditure. Therefore, it has been embraced by many users and providers quickly, and the interest in it grows increasingly. New cloud services and architectures are introduced every day, and cloud service providers (CSP) begin federating cloud services as cloud service mashups (CSM). A CSM comprises multiple cloud services of various delivery models (i.e., Iaas, PaaS or SaaS) for providing a composite service The outsourcing model of CSM presents economic and technological advantages. However, it also impacts on data governance, as risks and compliance management are delegated to third parties. The security practices of these third parties may not be visible to cloud customers (CCs), raising the question about the accountability of service providers when processing data in highly dynamic and heterogeneous environments. Accountability regards the data stewardship regime in which organisations that are entrusted with personal and business confidential data are responsible and liable for processing, sharing, storing and using the data according to contractual and legal constraints. CCs need to trust that the CSP secure the CC data, and provide the service level objectives (SLO) agreed in service level agreements (SLA). There are various models developed to analyse and assess the risks and trustworthiness of information systems and services. Both risk and trust have been extensively studied in various contexts for hundreds of years. Risk management, and specifically risk assessment for IT has also been a hot research topic for several decades. On the other hand, modelling risk and trust for cloud computing and associating it with the notion of accountability has attracted researchers only recently. We provide a short survey on these recent risk and trust modelling related work in our tutorial. Likelihood of a risk scenario is the product of threats and vulnerabilities. Cloud Security Alliance perform a survey on the threat perception of the stakeholders in the cloud computing ecosystem. The third edition of this survey is called the Treacherous Twelve. We also review this document and the previous two version of it in our tutorial.
Leyla Tekin, Serap Şahin
Data owners and organizations have extensively moved their huge datasets from traditional local data centers to the cloud in order to utilize the possibilities of the cloud computing such as greater flexibility, lower cost etc. However, this requires to be kept their sensitive data on remote untrusted servers and introduces new security and privacy challenges that needs to be handled. Therefore, data are encrypted before sending to the untrusted servers to protect the data confidentiality and we need some techniques to perform search operations on the encrypted data. According to Bösch’s definition for the searchable encryption, the fullest possible search functionality can be performed on the server side without decrypting the data, and thus, with the small possible loss of data confidentiality. In this study, secure indexes scheme defined by Goh [2004] has been implemented as a searchable encryption technique. This scheme allows encrypted search on encrypted documents. It is based on standard Bloom filters which are fast probabilistic data structures to test whether an element is a member of a set. Our aim is to measure success rates of encrypted search on encrypted documents using this scheme with Bloom filter variants such as counting Bloom filters, deletable Bloom filters etc. We will firstly focus on Bloom filters by describing the mathematical model for false positive probability and give tradeoffs between performance parameters. Then, algorithms for secure indexes scheme will be introduced and we will show how to apply secure indexes scheme for searching on encrypted documents.
Emrah Tomur, Murat Erten
Internet of Things (IoT) solutions tend to rely heavily on cloud computing. In a recent survey, 33 out of 38 of the IoT infrastructures surveyed involved the use of cloud services. This is not surprising because, in order to realize the concept of IoT efficiency, physical world of IoT needs to be mapped to virtual world of Cloud environment. Cloud based Internet of Things or Cloud of Things (CoT), has emerged as a platform to allow intelligent usage of collection of applications, information and infrastructure in a cost-effective way while connecting physical objects to the cloud. The two most sensitive security concerns in cloud based IoT are transmission of critical data and storage of critical data. There are several potential threats against CoT environments including account hijacking, session riding attack, side-channel attack and many more. Considering security issues in CoT domain is important but security implementation for CoT environment is also a major concern because of distributed nature of CoT. Some of the unavoidable challenges in implementing security solutions for CoT is as follows: Number of objects or things interconnected in CoT is huge. Public Key Infrastructure (PKI) may fail to take the burden of key management and storage. Therefore, application of traditional public key cryptosystems for this purpose may not be feasible. As interconnected devices may be power constrained, traditional cryptography algorithms with high intensive computation are not effective. PKI like centralized authority could not work properly in distributed CoT domain. Another challenge is to handle heterogeneous devices with different protocols. In this presentation, we will give a short survey of recent work on CoT security challenges and solution proposals.