Visible to the public Biblio

Filters: Keyword is middleware  [Clear All Filters]
2020-05-11
Tabiban, Azadeh, Majumdar, Suryadipta, Wang, Lingyu, Debbabi, Mourad.  2018.  PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds. 2018 IEEE Conference on Communications and Network Security (CNS). :1–7.
To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.
Üzüm, İbrahim, Can, Özgü.  2018.  An anomaly detection approach for enterprise file integration. 2018 6th International Symposium on Digital Forensic and Security (ISDFS). :1–4.
An information system based on real-time file integrations has an important role in today's organizations' work process management. By connecting to the network, file flow and integration between corporate systems have gained a great significance. In addition, network and security issues have emerged depending on the file structure and transfer processes. Thus, there has become a need for an effective and self-learning anomaly detection module for file transfer processes in order to provide the persistence of integration channels, accountability of transfer logs and data integrity. This paper proposes a novel anomaly detection approach that focuses on file size and integration duration of file transfers between enterprise systems. For this purpose, size and time anomalies on transferring files will be detected by a machine learning-based structure. Later, an alarm system is going to be developed in order to inform the authenticated individuals about the anomalies.
2020-04-03
Ayache, Meryeme, Khoumsi, Ahmed, Erradi, Mohammed.  2019.  Managing Security Policies within Cloud Environments Using Aspect-Oriented State Machines. 2019 International Conference on Advanced Communication Technologies and Networking (CommNet). :1—10.
Cloud Computing is the most suitable environment for the collaboration of multiple organizations via its multi-tenancy architecture. However, due to the distributed management of policies within these collaborations, they may contain several anomalies, such as conflicts and redundancies, which may lead to both safety and availability problems. On the other hand, current cloud computing solutions do not offer verification tools to manage access control policies. In this paper, we propose a cloud policy verification service (CPVS), that facilitates to users the management of there own security policies within Openstack cloud environment. Specifically, the proposed cloud service offers a policy verification approach to dynamically choose the adequate policy using Aspect-Oriented Finite State Machines (AO-FSM), where pointcuts and advices are used to adopt Domain-Specific Language (DSL) state machine artifacts. The pointcuts define states' patterns representing anomalies (e.g., conflicts) that may occur in a security policy, while the advices define the actions applied at the selected pointcuts to remove the anomalies. In order to demonstrate the efficiency of our approach, we provide time and space complexities. The approach was implemented as middleware service within Openstack cloud environment. The implementation results show that the middleware can detect and resolve different policy anomalies in an efficient manner.
2020-03-16
White, Ruffin, Caiazza, Gianluca, Jiang, Chenxu, Ou, Xinyue, Yang, Zhiyue, Cortesi, Agostino, Christensen, Henrik.  2019.  Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :57–66.

Data Distribution Service (DDS) is a realtime peer-to-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

Sandor, Hunor, Genge, Bela, Haller, Piroska, Bica, Andrei.  2019.  A Security-Enhanced Interoperability Middleware for the Internet of Things. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1–6.
This paper documents an Internet of Things (IoT) middleware specially tailored to address the security, and operational requirements expected from an effective IoT platform. In essence, the middleware exposes a diverse palette of features, including authentication, authorization, auditing, confidentiality and integrity of data. Besides these aspects, the middleware encapsulates an IoT object abstraction layer that builds a generic object model that is independent from the device type (i.e., hardware, software, vendor). Furthermore, it builds on standards and specifications to accomplish a highly resilient and scalable solution. The approach is tested on several hardware platforms. A use case scenario is presented to demonstrate its main features. The middleware represents a key component in the context of the “GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control” project.
2020-01-27
Li, Zhangtan, Cheng, Liang, Zhang, Yang.  2019.  Tracking Sensitive Information and Operations in Integrated Clinical Environment. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :192–199.
Integrated Clinical Environment (ICE) is a standardized framework for achieving device interoperability in medical cyber-physical systems. The ICE utilizes high-level supervisory apps and a low-level communication middleware to coordinate medical devices. The need to design complex ICE systems that are both safe and effective has presented numerous challenges, including interoperability, context-aware intelligence, security and privacy. In this paper, we present a data flow analysis framework for the ICE systems. The framework performs the combination of static and dynamic analysis for the sensitive data and operations in the ICE systems. Our experiments demonstrate that the data flow analysis framework can record how the medical devices transmit sensitive data and perform misuse detection by tracing the runtime context of the sensitive operations.
2020-01-21
Pahl, Marc-Oliver, Liebald, Stefan.  2019.  Information-Centric IoT Middleware Overlay: VSL. 2019 International Conference on Networked Systems (NetSys). :1–8.
The heart of the Internet of Things (IoT) is data. IoT services processes data from sensors that interface their physical surroundings, and from other software such as Internet weather databases. They produce data to control physical environments via actuators, and offer data to other services. More recently, service-centric designs for managing the IoT have been proposed. Data-centric or name-based communication architectures complement these developments very well. Especially for edge-based or site-local installations, data-centric Internet architectures can be implemented already today, as they do not require any changes at the core. We present the Virtual State Layer (VSL), a site-local data-centric architecture for the IoT. Special features of our solution are full separation of logic and data in IoT services, offering the data-centric VSL interface directly to developers, which significantly reduces the overall system complexity, explicit data modeling, a semantically-rich data item lookup, stream connections between services, and security-by-design. We evaluate our solution regarding usability, performance, scalability, resilience, energy efficiency, and security.
2020-01-20
Jamil, Syed Usman, Khan, M. Arif, Ali, Mumtaz.  2019.  Security Embedded Offloading Requirements for IoT-Fog Paradigm. 2019 IEEE Microwave Theory and Techniques in Wireless Communications (MTTW). 1:47–51.

The paper presents a conceptual framework for security embedded task offloading requirements for IoT-Fog based future communication networks. The focus of the paper is to enumerate the need of embedded security requirements in this IoT-Fog paradigm including the middleware technologies in the overall architecture. Task offloading plays a significant role in the load balancing, energy and data management, security, reducing information processing and propagation latencies. The motivation behind introducing the embedded security is to meet the challenges of future smart networks including two main reasons namely; to improve the data protection and to minimize the internet disturbance and intrusiveness. We further discuss the middleware technologies such as cloudlets, mobile edge computing, micro datacenters, self-healing infrastructures and delay tolerant networks for security provision, optimized energy consumption and to reduce the latency. The paper introduces concepts of system virtualization and parallelism in IoT-Fog based systems and highlight the security features of the system. Some research opportunities and challenges are discussed to improve secure offloading from IoT into fog.

Alhazmi, Omar H., Aloufi, Khalid S..  2019.  Fog-Based Internet of Things: A Security Scheme. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–6.

Internet of Things (IoT) stack models differ in their architecture, applications and needs. Hence, there are different approaches to apply IoT; for instance, it can be based on traditional data center or based on cloud computing. In fact, Cloud-based IoT is gaining more popularity due to its high scalability and cost effectiveness; hence, it is becoming the norm. However, Cloud is usually located far from the IoT devices and some recent research suggests using Fog-Based IoT by using a nearby light-weight middleware to bridge the gap and to provide the essential support and communication between devices, sensors, receptors and the servers. Therefore, Fog reduces centrality and provides local processing for faster analysis, especially for the time-sensitive applications. Thus, processing is done faster, giving the system flexibility for faster response time. Fog-Based Internet of Things security architecture should be suitable to the environment and provide the necessary measures to improve all security aspects with respect to the available resources and within performance constraints. In this work, we discuss some of these challenges, analyze performance of Fog based IoT and propose a security scheme based on MQTT protocol. Moreover, we present a discussion on security-performance tradeoffs.

2020-01-13
Mohamed, Nader, Al-Jaroodi, Jameela.  2019.  A Middleware Framework to Address Security Issues in Integrated Multisystem Applications. 2019 IEEE International Systems Conference (SysCon). :1–6.
Integrating multiple programmable components and subsystems developed by different manufacturers into a final system (a system of systems) can create some security concerns. While there are many efforts for developing interoperability approaches to enable smooth, reliable and safe integration among different types of components to build final systems for different applications, less attention is usually given for the security aspects of this integration. This may leave the final systems exposed and vulnerable to potential security attacks. The issues elevate further when such systems are also connected to other networks such as the Internet or systems like fog and cloud computing. This issue can be found in important industrial applications like smart medical, smart manufacturing and smart city systems. As a result, along with performance, safety and reliability; multisystem integration must also be highly secure. This paper discusses the security issues instigated by such integration. In addition, it proposes a middleware framework to address the security issues for integrated multisystem applications.
Kabiri, Peyman, Chavoshi, Mahdieh.  2019.  Destructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–6.

Nowadays, physical health of equipment controlled by Cyber-Physical Systems (CPS) is a significant concern. This paper reports a work, in which, a hardware is placed between Programmable Logic Controller (PLC) and the actuator as a solution. The proposed hardware operates in two conditions, i.e. passive and active. Operation of the proposed solution is based on the repetitive operational profile of the actuators. The normal operational profile of the actuator is fed to the protective hardware and is considered as the normal operating condition. In the normal operating condition, the middleware operates in its passive mode and simply monitors electronic signals passing between PLC and Actuator. In case of any malicious operation, the proposed hardware operates in its active mode and both slowly stops the actuator and sends an alert to SCADA server initiating execution of the actuator's emergency profile. Thus, the proposed hardware gains control over the actuator and prevents any physical damage on the operating devices. Two sample experiments are reported in which, results of implementing the proposed solution are reported and assessed. Results show that once the PLC sends incorrect data to actuator, the proposed hardware detects it as an anomaly. Therefore, it does not allow the PLC to send incorrect and unauthorized data pattern to its actuator. Significance of the paper is in introducing a solution to prevent destruction of physical devices apart from source or purpose of the encountered anomaly and apart from CPS functionality or PLC model and operation.

2019-09-04
Paiker, N., Ding, X., Curtmola, R., Borcea, C..  2018.  Context-Aware File Discovery System for Distributed Mobile-Cloud Apps. 2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom). :198–203.
Recent research has proposed middleware to enable efficient distributed apps over mobile-cloud platforms. This paper presents a Context-Aware File Discovery Service (CAFDS) that allows distributed mobile-cloud applications to find and access files of interest shared by collaborating users. CAFDS enables programmers to search for files defined by context and content features, such as location, creation time, or the presence of certain object types within an image file. CAFDS provides low-latency through a cloud-based metadata server, which uses a decision tree to locate the nearest files that satisfy the context and content features requested by applications. We implemented CAFDS in Android and Linux. Experimental results show CAFDS achieves substantially lower latency than peer-to-peer solutions that cannot leverage context information.
2019-08-05
Samaniego, M., Deters, R..  2018.  Zero-Trust Hierarchical Management in IoT. 2018 IEEE International Congress on Internet of Things (ICIOT). :88-95.

Internet of Things (IoT) is experiencing exponential scalability. This scalability introduces new challenges regarding management of IoT networks. The question that emerges is how we can trust the constrained infrastructure that shortly is expected to be formed by millions of 'things.' The answer is not to trust. This research introduces Amatista, a blockchain-based middleware for management in IoT. Amatista presents a novel zero-trust hierarchical mining process that allows validating the infrastructure and transactions at different levels of trust. This research evaluates Amatista on Edison Arduino Boards.

2019-05-20
Caminha, J., Perkusich, A., Perkusich, M..  2018.  A smart middleware to detect on-off trust attacks in the Internet of Things. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–2.

Security is a key concern in Internet of Things (IoT) designs. In a heterogeneous and complex environment, service providers and service requesters must trust each other. On-off attack is a sophisticated trust threat in which a malicious device can perform good and bad services randomly to avoid being rated as a low trust node. Some countermeasures demands prior level of trust knowing and time to classify a node behavior. In this paper, we introduce a Smart Middleware that automatically assesses the IoT resources trust, evaluating service providers attributes to protect against On-off attacks.

2019-02-14
Schuette, J., Brost, G. S..  2018.  LUCON: Data Flow Control for Message-Based IoT Systems. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :289-299.

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information - a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a real-world IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

2018-06-11
Silva, B., Sabino, A., Junior, W., Oliveira, E., Júnior, F., Dias, K..  2017.  Performance Evaluation of Cryptography on Middleware-Based Computational Offloading. 2017 VII Brazilian Symposium on Computing Systems Engineering (SBESC). :205–210.
Mobile cloud computing paradigm enables cloud servers to extend the limited hardware resources of mobile devices improving availability and reliability of the services provided. Consequently, private, financial, business and critical data pass through wireless access media exposed to malicious attacks. Mobile cloud infrastructure requires new security mechanisms, at the same time as offloading operations need to maintain the advantages of saving processing and energy of the device. Thus, this paper implements a middleware-based computational offloading with cryptographic algorithms and evaluates two mechanisms (symmetric and asymmetric), to provide the integrity and authenticity of data that a smartphone offloads to mobile cloud servers. Also, the paper discusses the factors that impact on power consumption and performance on smartphones that's run resource-intensive applications.
Van hamme, Tim, Preuveneers, Davy, Joosen, Wouter.  2017.  A Dynamic Decision Fusion Middleware for Trustworthy Context-aware IoT Applications. Proceedings of the 4th Workshop on Middleware and Applications for the Internet of Things. :1–6.

Internet of Things (IoT) devices offer new sources of contextual information, which can be leveraged by applications to make smart decisions. However, due to the decentralized and heterogeneous nature of such devices - each only having a partial view of their surroundings - there is an inherent risk of uncertain, unreliable and inconsistent observations. This is a serious concern for applications making security related decisions, such as context-aware authentication. We propose and evaluate a middleware for IoT that provides trustworthy context for a collaborative authentication use case. It abstracts a dynamic and distributed fusion scheme that extends the Chair-Varshney (CV) optimal decision fusion rule such that it can be used in a highly dynamic IoT environment. We compare performance and cost trade-offs against regular CV. Experimental evaluation demonstrates that our solution outperforms CV with 10% in a highly dynamic IoT environments, with the ability to detect and mitigate unreliable sensors.

Havet, Aurélien, Pires, Rafael, Felber, Pascal, Pasin, Marcelo, Rouvoy, Romain, Schiavoni, Valerio.  2017.  SecureStreams: A Reactive Middleware Framework for Secure Data Stream Processing. Proceedings of the 11th ACM International Conference on Distributed and Event-based Systems. :124–133.
The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in the context of large-scale clusters or multi-tenant Cloud infrastructures. This paper therefore introduces SecureStreams, a reactive middleware framework to deploy and process secure streams at scale. Its design combines the high-level reactive dataflow programming paradigm with Intel®'s low-level software guard extensions (SGX) in order to guarantee privacy and integrity of the processed data. The experimental results of SecureStreams are promising: while offering a fluent scripting language based on Lua, our middleware delivers high processing throughput, thus enabling developers to implement secure processing pipelines in just few lines of code.
Maines, C. L., Zhou, B., Tang, S., Shi, Q..  2017.  Towards a Framework for the Extension and Visualisation of Cyber Security Requirements in Modelling Languages. 2017 10th International Conference on Developments in eSystems Engineering (DeSE). :71–76.
Every so often papers are published presenting a new extension for modelling cyber security requirements in Business Process Model and Notation (BPMN). The frequent production of new extensions by experts belies the need for a richer and more usable representation of security requirements in BPMN processes. In this paper, we present our work considering an analysis of existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, there is no adequate solution for accurately specifying cyber security requirements within BPMN. In order to address this, we propose a new framework that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. The framework comprises of the three core roles necessary for the successful development of a security extension. With each of these being further subdivided into the respective components each role must complete.
Manishankar, S., Arjun, C. S., Kumar, P. R. A..  2017.  An authorized security middleware for managing on demand infrastructure in cloud. 2017 International Conference on Intelligent Computing and Control (I2C2). :1–5.
Recent increases in the field of infrastructure has led to the emerging of cloud computing a virtualized computing platform. This technology provides a lot of pros like rapid elasticity, ubiquitous network access and on-demand access etc. Compare to other technologies cloud computing provides many essential services. As the elasticity and scalability increases the chance for vulnerability of the system is also high. There are many known and unknown security risks and challenges present in this environment. In this research an environment is proposed which can handle security issues and deploys various security levels. The system handles the security of various infrastructure like VM and also handles the Dynamic infrastructure request control. One of the key feature of proposed approach is Dual authorization in which all account related data will be authorized by two privileged administrators of the cloud. The auto scalability feature of the cloud is be made secure for on-demand service request handling by providing an on-demand scheduler who will process the on-demand request and assign the required infrastructure. Combining these two approaches provides a secure environment for cloud users as well as handle On-demand Infrastructure request.
2018-03-19
Al-Aaridhi, R., Yueksektepe, A., Graffi, K..  2017.  Access Control for Secure Distributed Data Structures in Distributed Hash Tables. 2017 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN). :1–3.
Peer-To-Peer (P2P) networks open up great possibilities for intercommunication, collaborative and social projects like file sharing, communication protocols or social networks while offering advantages over the conventional Client-Server model of computing pattern. Such networks counter the problems of centralized servers such as that P2P networks can scale to millions without additional costs. In previous work, we presented Distributed Data Structure (DDS) which offers a middle-ware scheme for distributed applications. This scheme builds on top of DHT (Distributed Hash Table) based P2P overlays, and offers distributed data storage services as a middle-ware it still needs to address security issues. The main objective of this paper is to investigate possible ways to handle the security problem for DDS, and to develop a possibly reusable security architecture for access control for secure distributed data structures in P2P networks without depending on trusted third parties.
2018-02-06
Resch, S., Paulitsch, M..  2017.  Using TLA+ in the Development of a Safety-Critical Fault-Tolerant Middleware. 2017 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :146–152.

Creating and implementing fault-tolerant distributed algorithms is a challenging task in highly safety-critical industries. Using formal methods supports design and development of complex algorithms. However, formal methods are often perceived as an unjustifiable overhead. This paper presents the experience and insights when using TLA+ and PlusCal to model and develop fault-tolerant and safety-critical modules for TAS Control Platform, a platform for railway control applications up to safety integrity level (SIL) 4. We show how formal methods helped us improve the correctness of the algorithms, improved development efficiency and how part of the gap between model and implementation has been closed by translation to C code. Additionally, we describe how we gained trust in the formal model and tools by following a specific design process called property-driven design, which also implicitly addresses software quality metrics such as code coverage metrics.

2018-01-23
Su, Z., Song, C., Dai, L., Ge, F., Yang, R., Biennier, F..  2017.  A security criteria regulation middleware using security policy for Web Services on multi-Cloud tenancies. 2017 3rd International Conference on Computational Intelligence Communication Technology (CICT). :1–5.

In the multi-cloud tenancy environments, Web Service offers an standard approach for discovering and using capabilities in an environment that transcends ownership domains. This brings into concern the ownership and security related to Web Service governance. Our approach for this issue involves an ESB-integrated middleware for security criteria regulation on Clouds. It uses an attribute-based security policy model for the exhibition of assets consumers' security profiles and deducing service accessing decision. Assets represent computing power/functionality and information/data provided by entities. Experiments show the middleware to bring minor governance burdens on the hardware aspect, as well as better performance with colosum scaling property, dealing well with cumbersome policy files, which is probably the situation of complex composite service scenarios.

2018-01-10
Zhang, Y., Duan, L., Sun, C. A., Cheng, B., Chen, J..  2017.  A Cross-Layer Security Solution for Publish/Subscribe-Based IoT Services Communication Infrastructure. 2017 IEEE International Conference on Web Services (ICWS). :580–587.

The publish/subscribe paradigm can be used to build IoT service communication infrastructure owing to its loose coupling and scalability. Its features of decoupling among event producers and event consumers make IoT services collaborations more real-time and flexible, and allow indirect, anonymous and multicast IoT service interactions. However, in this environment, the IoT service cannot directly control the access to the events. This paper proposes a cross-layer security solution to address the above issues. The design principle of our security solution is to embed security policies into events as well as allow the network to route events according to publishers' policies and requirements. This solution helps to improve the system's performance, while keeping features of IoT service interactions and minimizing the event visibility at the same time. Experimental results show that our approach is effective.

2017-12-28
Shih, M. H., Chang, J. M..  2017.  Design and analysis of high performance crypt-NoSQL. 2017 IEEE Conference on Dependable and Secure Computing. :52–59.

NoSQL databases have become popular with enterprises due to their scalable and flexible storage management of big data. Nevertheless, their popularity also brings up security concerns. Most NoSQL databases lacked secure data encryption, relying on developers to implement cryptographic methods at application level or middleware layer as a wrapper around the database. While this approach protects the integrity of data, it increases the difficulty of executing queries. We were motivated to design a system that not only provides NoSQL databases with the necessary data security, but also supports the execution of query over encrypted data. Furthermore, how to exploit the distributed fashion of NoSQL databases to deliver high performance and scalability with massive client accesses is another important challenge. In this research, we introduce Crypt-NoSQL, the first prototype to support execution of query over encrypted data on NoSQL databases with high performance. Three different models of Crypt-NoSQL were proposed and performance was evaluated with Yahoo! Cloud Service Benchmark (YCSB) considering an enormous number of clients. Our experimental results show that Crypt-NoSQL can process queries over encrypted data with high performance and scalability. A guidance of establishing service level agreement (SLA) for Crypt-NoSQL as a cloud service is also proposed.