Visible to the public Biblio

Filters: Keyword is security risks  [Clear All Filters]
2021-04-09
Mir, N., Khan, M. A. U..  2020.  Copyright Protection for Online Text Information : Using Watermarking and Cryptography. 2020 3rd International Conference on Computer Applications Information Security (ICCAIS). :1—4.
Information and security are interdependent elements. Information security has evolved to be a matter of global interest and to achieve this; it requires tools, policies and assurance of technologies against any relevant security risks. Internet influx while providing a flexible means of sharing the online information economically has rapidly attracted countless writers. Text being an important constituent of online information sharing, creates a huge demand of intellectual copyright protection of text and web itself. Various visible watermarking techniques have been studied for text documents but few for web-based text. In this paper, web page watermarking and cryptography for online content copyrights protection is proposed utilizing the semantic and syntactic rules using HTML (Hypertext Markup Language) and is tested for English and Arabic languages.
2021-03-29
Kazemi, Z., Fazeli, M., Hély, D., Beroulle, V..  2020.  Hardware Security Vulnerability Assessment to Identify the Potential Risks in A Critical Embedded Application. 2020 IEEE 26th International Symposium on On-Line Testing and Robust System Design (IOLTS). :1—6.

Internet of Things (IoT) is experiencing significant growth in the safety-critical applications which have caused new security challenges. These devices are becoming targets for different types of physical attacks, which are exacerbated by their diversity and accessibility. Therefore, there is a strict necessity to support embedded software developers to identify and remediate the vulnerabilities and create resilient applications against such attacks. In this paper, we propose a hardware security vulnerability assessment based on fault injection of an embedded application. In our security assessment, we apply a fault injection attack by using our clock glitch generator on a critical medical IoT device. Furthermore, we analyze the potential risks of ignoring these attacks in this embedded application. The results will inform the embedded software developers of various security risks and the required steps to improve the security of similar MCU-based applications. Our hardware security assessment approach is easy to apply and can lead to secure embedded IoT applications against fault attacks.

2021-03-18
Baolin, X., Minhuan, Z..  2020.  A Solution of Text Based CAPTCHA without Network Flow Consumption. 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS). :395—399.

With the widespread application of distributed information processing, information processing security issues have become one of the important research topics; CAPTCHA technology is often used as the first security barrier for distributed information processing and it prevents the client malicious programs to attack the server. The experiment proves that the existing “request / response” mode of CAPTCHA has great security risks. “The text-based CAPTCHA solution without network flow consumption” proposed in this paper avoids the “request / response” mode and the verification logic of the text-based CAPTCHA is migrated to the client in this solution, which fundamentally cuts off the client's attack facing to the server during the verification of the CAPTCHA and it is a high-security text-based CAPTCHA solution without network flow consumption.

2021-03-09
Cui, L., Huang, D., Zheng, X..  2020.  Reliability Analysis of Concurrent Data based on Botnet Modeling. 2020 Fourth International Conference on Inventive Systems and Control (ICISC). :825—828.

Reliability analysis of concurrent data based on Botnet modeling is conducted in this paper. At present, the detection methods for botnets are mainly focused on two aspects. The first type requires the monitoring of high-privilege systems, which will bring certain security risks to the terminal. The second type is to identify botnets by identifying spam or spam, which is not targeted. By introducing multi-dimensional permutation entropy, the impact of permutation entropy on the permutation entropy is calculated based on the data communicated between zombies, describing the complexity of the network traffic time series, and the clustering variance method can effectively solve the difficulty of the detection. This paper is organized based on the data complex structure analysis. The experimental results show acceptable performance.

2020-12-07
Yekini, T. Akeem, Jaafar, F., Zavarsky, P..  2019.  Study of Trust at Device Level of the Internet of Things Architecture. 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE). :150–155.
In the Internet of Things architecture, devices are frequently connected to the Internet either directly or indirectly. However, many IoT devices lack built-in security features such as device level encryption, user authentication and basic firewall protection. This paper discusses security risks in the layers of general Internet of Things architecture and shows examples of potential risks at each level of the architecture. The paper also compares IoT security solutions provided by three major vendors and shows that the solutions are mutually complementary. Nevertheless, none of the examined IoT solutions provides security at the device level of the IoT architecture model. In order to address risks at the device level of the architecture, an implementation of Trusted Platform Module and Unique Device Identifier on IoT devices and gateways for encryption, authentication and device management is advocated in the paper.
2020-11-20
EVINA, P. A., AYACHI, F. LABBENE, JAIDI, F., Bouhoula, A..  2019.  Enforcing a Risk Assessment Approach in Access Control Policies Management: Analysis, Correlation Study and Model Enhancement. 2019 15th International Wireless Communications Mobile Computing Conference (IWCMC). :1866—1871.
Nowadays, the domain of Information System (IS) security is closely related to that of Risk Management (RM). As an immediate consequence, talking about and tackling the security of IS imply the implementation of a set of mechanisms that aim to reduce or eliminate the risk of IS degradations. Also, the high cadence of IS evolution requires careful consideration of corresponding measures to prevent or mitigate security risks that may cause the degradation of these systems. From this perspective, an access control service is subjected to a number of rules established to ensure the integrity and confidentiality of the handled data. During their lifecycle, the use or manipulation of Access Control Policies (ACP) is accompanied with several defects that are made intentionally or not. For many years, these defects have been the subject of numerous studies either for their detection or for the analysis of the risks incurred by IS to their recurrence and complexity. In our research works, we focus on the analysis and risk assessment of noncompliance anomalies in concrete instances of access control policies. We complete our analysis by studying and assessing the risks associated with the correlation that may exist between different anomalies. Indeed, taking into account possible correlations can make a significant contribution to the reliability of IS. Identifying correlation links between anomalies in concrete instances of ACP contributes in discovering or detecting new scenarios of alterations and attacks. Therefore, once done, this study mainly contributes in the improvement of our risk assessment model.
2020-11-16
Huyck, P..  2019.  Safe and Secure Data Fusion — Use of MILS Multicore Architecture to Reduce Cyber Threats. 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC). :1–9.
Data fusion, as a means to improve aircraft and air traffic safety, is a recent focus of some researchers and system developers. Increases in data volume and processing needs necessitate more powerful hardware and more flexible software architectures to satisfy these needs. Such improvements in processed data also mean the overall system becomes more complex and correspondingly, resulting in a potentially significantly larger cyber-attack space. Today's multicore processors are one means of satisfying the increased computational needs of data fusion-based systems. When coupled with a real-time operating system (RTOS) capable of flexible core and application scheduling, large cabinets of (power hungry) single-core processors may be avoided. The functional and assurance capabilities of such an RTOS can be critical elements in providing application isolation, constrained data flows, and restricted hardware access (including covert channel prevention) necessary to reduce the overall cyber-attack space. This paper examines fundamental considerations of a multiple independent levels of security (MILS) architecture when supported by a multicore-based real-time operating system. The paper draws upon assurance activities and functional properties associated with a previous Common Criteria evaluation assurance level (EAL) 6+ / High-Robustness Separation Kernel certification effort and contrast those with activities performed as part of a MILS multicore related project. The paper discusses key characteristics and functional capabilities necessary to achieve overall system security and safety. The paper defines architectural considerations essential for scheduling applications on a multicore processor to reduce security risks. For civil aircraft systems, the paper discusses the applicability of the security assurance and architecture configurations to system providers looking to increase their resilience to cyber threats.
2020-11-09
Farhadi, M., Haddad, H., Shahriar, H..  2019.  Compliance Checking of Open Source EHR Applications for HIPAA and ONC Security and Privacy Requirements. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:704–713.
Electronic Health Record (EHR) applications are digital versions of paper-based patient's health information. They are increasingly adopted to improved quality in healthcare, such as convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. Furthermore, Office of the National Coordinator (ONC) for Health Information Technology (HIT) certification criteria for usability of EHRs. A compliance checking approach attempts to identify whether or not an adopted EHR application meets the security and privacy criteria. There is no study in the literature to understand whether traditional static code analysis-based vulnerability discovered can assist in compliance checking of regulatory requirements of HIPAA and ONC. This paper attempts to address this issue. We identify security and privacy requirements for HIPAA technical requirements, and identify a subset of ONC criteria related to security and privacy, and then evaluate EHR applications for security vulnerabilities. Finally propose mitigation of security issues towards better compliance and to help practitioners reuse open source tools towards certification compliance.
2020-10-16
Bayaga, Anass, Ophoff, Jacques.  2019.  Determinants of E-Government Use in Developing Countries: The Influence of Privacy and Security Concerns. 2019 Conference on Next Generation Computing Applications (NextComp). :1—7.

There has been growing concern about privacy and security risks towards electronic-government (e-government) services adoption. Though there are positive results of e- government, there are still other contestable challenges that hamper success of e-government services. While many of the challenges have received considerable attention, there is still little to no firm research on others such as privacy and security risks, effects of infrastructure both in urban and rural settings. Other concerns that have received little consideration are how for instance; e-government serves as a function of perceived usefulness, ease of use, perceived benefit, as well as cultural dimensions and demographic constructs in South Africa. Guided by technology acceptance model, privacy calculus, Hofstede cultural theory and institutional logic theory, the current research sought to examine determinants of e- government use in developing countries. Anchored upon the aforementioned theories and background, the current study proposed three recommendations as potential value chain, derived from e-government service in response to citizens (end- user) support, government and community of stakeholders.

2020-09-28
Bagri, Bagri, Gupta, Gupta.  2019.  Automation Framework for Software Vulnerability Exploitability Assessment. 2019 Global Conference for Advancement in Technology (GCAT). :1–7.
Software has become an integral part of every industry and organization. Due to improvement in technology and lack of expertise in coding techniques, software vulnerabilities are increasing day-by-day in the software development sector. The time gap between the identification of the vulnerabilities and their automated exploit attack is decreasing. This gives rise to the need for detection and prevention of security risks and development of secure software. Earlier the security risk is identified and corrected the better it is. Developers needs a framework which can report the security flaws in their system and reduce the chances of exploitation of these flaws by some malicious user. Common Vector Scoring System (CVSS) is a De facto metrics system used to assess the exploitability of vulnerabilities. CVSS exploitability measures use subjective values based on the views of experts. It considers mainly two factors, Access Vector (AV) and Authentication (AU). CVSS does not specify on what basis the third-factor Access Complexity (AC) is measured, whether or not it considers software properties. Our objective is to come up with a framework that automates the process of identifying vulnerabilities using software structural properties. These properties could be attack entry points, vulnerability locations, presence of dangerous system calls, and reachability analysis. This framework has been tested on two open source softwares - Apache HTTP server and Mozilla Firefox.
2020-08-28
Mishra, Narendra, Singh, R K.  2019.  Taxonomy Analysis of Cloud Computing Vulnerabilities through Attack Vector, CVSS and Complexity Parameter. 2019 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT). 1:1—8.

The world is witnessing an exceptional expansion in the cloud enabled services which is further growing day by day due to advancement & requirement of technology. However, the identification of vulnerabilities & its exploitation in the cloud computing will always be the major challenge and concern for any cloud computing system. To understand the challenges and its consequences and further provide mitigation techniques for the vulnerabilities, the identification of cloud specific vulnerabilities needs to be examined first and after identification of vulnerabilities a detailed taxonomy must be positioned. In this paper several cloud specific identified vulnerabilities have been studied which is listed by the NVD, ENISA CSA etc accordingly a unified taxonomy for security vulnerabilities has been prepared. In this paper we proposed a comprehensive taxonomy for cloud specific vulnerabilities on the basis of several parameters like attack vector, CVSS score, complexity etc which will be further act as input for the analysis and mitigation of cloud vulnerabilities. Scheming of Taxonomy of vulnerabilities is an effective way for cloud administrators, cloud mangers, cloud consumers and other stakeholders for identifying, understanding and addressing security risks.

2020-07-20
Lekidis, Alexios, Barosan, Ion.  2019.  Model-based simulation and threat analysis of in-vehicle networks. 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS). :1–8.
Automotive systems are currently undergoing a rapid evolution through the integration of the Internet of Things (IoT) and Software Defined Networking (SDN) technologies. The main focus of this evolution is to improve the driving experience, including automated controls, intelligent navigation and safety systems. Moreover, the extremely rapid pace that such technologies are brought into the vehicles, necessitates the presence of adequate testing of new features to avoid operational errors. Apart from testing though, IoT and SDN technologies also widen the threat landscape of cyber-security risks due to the amount of connectivity interfaces that are nowadays exposed in vehicles. In this paper we present a new method, based on OMNET++, for testing new in-vehicle features and assessing security risks through network simulation. The method is demonstrated through a case-study on a Toyota Prius, whose network data are analyzed for the detection of anomalies caused from security threats or operational errors.
2020-07-10
Reshmi, T S, Daniel Madan Raja, S.  2019.  A Review on Self Destructing Data:Solution for Privacy Risks in OSNs. 2019 5th International Conference on Advanced Computing Communication Systems (ICACCS). :231—235.

Online Social Networks(OSN) plays a vital role in our day to day life. The most popular social network, Facebook alone counts currently 2.23 billion users worldwide. Online social network users are aware of the various security risks that exist in this scenario including privacy violations and they are utilizing the privacy settings provided by OSN providers to make their data safe. But most of them are unaware of the risk which exists after deletion of their data which is not really getting deleted from the OSN server. Self destruction of data is one of the prime recommended methods to achieve assured deletion of data. Numerous techniques have been developed for self destruction of data and this paper discusses and evaluates these techniques along with the various privacy risks faced by an OSN user in this web centered world.

2020-04-03
Singi, Kapil, Kaulgud, Vikrant, Bose, R.P. Jagadeesh Chandra, Podder, Sanjay.  2019.  CAG: Compliance Adherence and Governance in Software Delivery Using Blockchain. 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). :32—39.

The software development life cycle (SDLC) starts with business and functional specifications signed with a client. In addition to this, the specifications also capture policy / procedure / contractual / regulatory / legislation / standard compliances with respect to a given client industry. The SDLC must adhere to service level agreements (SLAs) while being compliant to development activities, processes, tools, frameworks, and reuse of open-source software components. In today's world, global software development happens across geographically distributed (autonomous) teams consuming extraordinary amounts of open source components drawn from a variety of disparate sources. Although this is helping organizations deal with technical and economic challenges, it is also increasing unintended risks, e.g., use of a non-complaint license software might lead to copyright issues and litigations, use of a library with vulnerabilities pose security risks etc. Mitigation of such risks and remedial measures is a challenge due to lack of visibility and transparency of activities across these distributed teams as they mostly operate in silos. We believe a unified model that non-invasively monitors and analyzes the activities of distributed teams will help a long way in building software that adhere to various compliances. In this paper, we propose a decentralized CAG - Compliance Adherence and Governance framework using blockchain technologies. Our framework (i) enables the capturing of required data points based on compliance specifications, (ii) analyzes the events for non-conformant behavior through smart contracts, (iii) provides real-time alerts, and (iv) records and maintains an immutable audit trail of various activities.

2020-02-17
Papakonstantinou, Nikolaos, Linnosmaa, Joonas, Alanen, Jarmo, Bashir, Ahmed Z., O'Halloran, Bryan, Van Bossuyt, Douglas L..  2019.  Early Hybrid Safety and Security Risk Assessment Based on Interdisciplinary Dependency Models. 2019 Annual Reliability and Maintainability Symposium (RAMS). :1–7.
Safety and security of complex critical infrastructures are very important for economic, environmental and social reasons. The complexity of these systems introduces difficulties in the identification of safety and security risks that emerge from interdisciplinary interactions and dependencies. The discovery of safety and security design weaknesses late in the design process and during system operation can lead to increased costs, additional system complexity, delays and possibly undesirable compromises to address safety and security weaknesses.
2020-02-10
Gao, Hongcan, Zhu, Jingwen, Liu, Lei, Xu, Jing, Wu, Yanfeng, Liu, Ao.  2019.  Detecting SQL Injection Attacks Using Grammar Pattern Recognition and Access Behavior Mining. 2019 IEEE International Conference on Energy Internet (ICEI). :493–498.
SQL injection attacks are a kind of the greatest security risks on Web applications. Much research has been done to detect SQL injection attacks by rule matching and syntax tree. However, due to the complexity and variety of SQL injection vulnerabilities, these approaches fail to detect unknown and variable SQL injection attacks. In this paper, we propose a model, ATTAR, to detect SQL injection attacks using grammar pattern recognition and access behavior mining. The most important idea of our model is to extract and analyze features of SQL injection attacks in Web access logs. To achieve this goal, we first extract and customize Web access log fields from Web applications. Then we design a grammar pattern recognizer and an access behavior miner to obtain the grammatical and behavioral features of SQL injection attacks, respectively. Finally, based on two feature sets, machine learning algorithms, e.g., Naive Bayesian, SVM, ID3, Random Forest, and K-means, are used to train and detect our model. We evaluated our model on these two feature sets, and the results show that the proposed model can effectively detect SQL injection attacks with lower false negative rate and false positive rate. In addition, comparing the accuracy of our model based on different algorithms, ID3 and Random Forest have a better ability to detect various kinds of SQL injection attacks.
2020-01-28
Kurniawan, Agus, Kyas, Marcel.  2019.  Securing Machine Learning Engines in IoT Applications with Attribute-Based Encryption. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :30–34.

Machine learning has been adopted widely to perform prediction and classification. Implementing machine learning increases security risks when computation process involves sensitive data on training and testing computations. We present a proposed system to protect machine learning engines in IoT environment without modifying internal machine learning architecture. Our proposed system is designed for passwordless and eliminated the third-party in executing machine learning transactions. To evaluate our a proposed system, we conduct experimental with machine learning transactions on IoT board and measure computation time each transaction. The experimental results show that our proposed system can address security issues on machine learning computation with low time consumption.

2020-01-27
Akinrolabu, Olusola, New, Steve, Martin, Andrew.  2019.  Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :81–88.

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

2019-12-17
Wang, Ziyan, Dong, Xinghua, Li, Yi, Fang, Li, Chen, Ping.  2018.  IoT Security Model and Performance Evaluation: A Blockchain Approach. 2018 International Conference on Network Infrastructure and Digital Content (IC-NIDC). :260-264.

It is a research hotspot that using blockchain technology to solve the security problems of the Internet of Things (IoT). Although many related ideas have been proposed, there are very few literatures with theoretical and data support. This paper focuses on the research of model construction and performance evaluation. First, an IoT security model is established based on blockchain and InterPlanetary File System (IPFS). In this model, many security risks of traditional IoT architectures can be avoided, and system performance is significantly improved in distributed large capacity storage, concurrency and query. Secondly, the performance of the proposed model is evaluated through the average latency and throughput, which are meaningful for further research and optimization of this direction. Analysis and test results demonstrate the effectiveness of the blockchain-based security model.

2018-11-19
Langfinger, M., Schneider, M., Stricker, D., Schotten, H. D..  2017.  Addressing Security Challenges in Industrial Augmented Reality Systems. 2017 IEEE 15th International Conference on Industrial Informatics (INDIN). :299–304.

In context of Industry 4.0 Augmented Reality (AR) is frequently mentioned as the upcoming interface technology for human-machine communication and collaboration. Many prototypes have already arisen in both the consumer market and in the industrial sector. According to numerous experts it will take only few years until AR will reach the maturity level to be deployed in productive applications. Especially for industrial usage it is required to assess security risks and challenges this new technology implicates. Thereby we focus on plant operators, Original Equipment Manufacturers (OEMs) and component vendors as stakeholders. Starting from several industrial AR use cases and the structure of contemporary AR applications, in this paper we identify security assets worthy of protection and derive the corresponding security goals. Afterwards we elaborate the threats industrial AR applications are exposed to and develop an edge computing architecture for future AR applications which encompasses various measures to reduce security risks for our stakeholders.

2018-10-26
Arya, D., Dave, M..  2017.  Security-based service broker policy for FOG computing environment. 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–6.

With the evolution of computing from using personal computers to use of online Internet of Things (IoT) services and applications, security risks have also evolved as a major concern. The use of Fog computing enhances reliability and availability of the online services due to enhanced heterogeneity and increased number of computing servers. However, security remains an open challenge. Various trust models have been proposed to measure the security strength of available service providers. We utilize the quantized security of Datacenters and propose a new security-based service broker policy(SbSBP) for Fog computing environment to allocate the optimal Datacenter(s) to serve users' requests based on users' requirements of cost, time and security. Further, considering the dynamic nature of Fog computing, the concept of dynamic reconfiguration has been added. Comparative analysis of simulation results shows the effectiveness of proposed policy to incorporate users' requirements in the decision-making process.

2018-08-23
Cheah, M., Bryans, J., Fowler, D. S., Shaikh, S. A..  2017.  Threat Intelligence for Bluetooth-Enabled Systems with Automotive Applications: An Empirical Study. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :36–43.

Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligence perspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

2018-06-11
Manishankar, S., Arjun, C. S., Kumar, P. R. A..  2017.  An authorized security middleware for managing on demand infrastructure in cloud. 2017 International Conference on Intelligent Computing and Control (I2C2). :1–5.
Recent increases in the field of infrastructure has led to the emerging of cloud computing a virtualized computing platform. This technology provides a lot of pros like rapid elasticity, ubiquitous network access and on-demand access etc. Compare to other technologies cloud computing provides many essential services. As the elasticity and scalability increases the chance for vulnerability of the system is also high. There are many known and unknown security risks and challenges present in this environment. In this research an environment is proposed which can handle security issues and deploys various security levels. The system handles the security of various infrastructure like VM and also handles the Dynamic infrastructure request control. One of the key feature of proposed approach is Dual authorization in which all account related data will be authorized by two privileged administrators of the cloud. The auto scalability feature of the cloud is be made secure for on-demand service request handling by providing an on-demand scheduler who will process the on-demand request and assign the required infrastructure. Combining these two approaches provides a secure environment for cloud users as well as handle On-demand Infrastructure request.
2018-04-02
Lin, W., Wang, K., Zhang, Z., Chen, H..  2017.  Revisiting Security Risks of Asymmetric Scalar Product Preserving Encryption and Its Variants. 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). :1116–1125.

Cloud computing has emerged as a compelling vision for managing data and delivering query answering capability over the internet. This new way of computing also poses a real risk of disclosing confidential information to the cloud. Searchable encryption addresses this issue by allowing the cloud to compute the answer to a query based on the cipher texts of data and queries. Thanks to its inner product preservation property, the asymmetric scalar-product-preserving encryption (ASPE) has been adopted and enhanced in a growing number of works toperform a variety of queries and tasks in the cloud computingsetting. However, the security property of ASPE and its enhancedschemes has not been studied carefully. In this paper, we show acomplete disclosure of ASPE and several previously unknownsecurity risks of its enhanced schemes. Meanwhile, efficientalgorithms are proposed to learn the plaintext of data and queriesencrypted by these schemes with little or no knowledge beyondthe ciphertexts. We demonstrate these risks on real data sets.

2018-03-19
Rawal, B. S., Vivek, S. S..  2017.  Secure Cloud Storage and File Sharing. 2017 IEEE International Conference on Smart Cloud (SmartCloud). :78–83.
Internet-based online cloud services provide enormous volumes of storage space, tailor made computing resources and eradicates the obligation of native machines for data maintenance as well. Cloud storage service providers claim to offer the ability of secure and elastic data-storage services that can adapt to various storage necessities. Most of the security tools have a finite rate of failure, and intrusion comes with more complex and sophisticated techniques; the security failure rates are skyrocketing. Once we upload our data into the cloud, we lose control of our data, which certainly brings new security risks toward integrity and confidentiality of our data. In this paper, we discuss a secure file sharing mechanism for the cloud with the disintegration protocol (DIP). The paper also introduces new contribution of seamless file sharing technique among different clouds without sharing an encryption key.