Skip to main content
SpringerLink
Log in

Towards Data Confidentiality and a Vulnerability Analysis Framework for Cloud Computing

  • Chapter
  • First Online:
Secure Cloud Computing

Abstract

This chapter explores two related challenges in the context of secure processing in cloud computing. The first is the concern of “loss of control” that results from outsourcing data and computation to the clouds. While loss of control has multiple manifestations, the chapter focusses on the potential loss of data privacy and confidentiality when cloud providers are untrusted. Instead of using a well studied (but still unsolved) approach of encrypting data when outsourcing it and computing on the encrypted domain, the paper advocates risk-based processing over a hybrid cloud architecture as a possible solution. Hybrid clouds are a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability. Hybrid clouds offer an opportunity to selectively outsource data and computation based on the level of sensitivity involved. The paper postulates a risk-aware approach to partitioning computation over hybrid clouds that provides an abstraction to address secure cloud data processing in a variety of system and application contexts. Solutions to the workload partitioning problem are sketched in two example settings such as partitioning database workloads and distributing map reduce task across public and private machines. The paper also explores a related challenge of developing vulnerability assessment frameworks for cloud computing environments. Preliminary work on an ontology driven framework for vulnerability assessment is described. The proposed framework addresses the challenges introduced by the complexity of running software on the cloud environment where the exact infrastructure used is not known or constrained prior to execution and applications/services could be composed to form additional services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Recent work has explored techniques such as shared scans in the context of executing queries over MapReduce frameworks [8], which can reduce costs of query workloads. We, however, do not consider such optimizations in developing our partitioning framework in this paper.

References

  1. M. Lev-Ram. Why Zynga loves the hybrid cloud. http://tech.fortune.cnn.com/2012/04/09/zynga-2/?iid=HP_LN, 2012.

  2. L. Mearian. EMC’s Tucci sees hybrid cloud becoming de facto standard. http://www.computerworld.com/s/article/9216573/EMC_s_Tucci_sees_hybrid_cloud_becoming_de_facto_standard, 2011.

  3. K. Zhang, X–y. Zhou, Y. Chen, XF. Wang, and Y. Ruan. Sedic: privacy-aware data intensive computing on hybrid clouds. In ACM Conference on Computer and Communications Security, pages 515–526, 2011.

    Google Scholar 

  4. K. Y. Oktay, V. Khadilkar, B. Hore, M. Kantarcioglu, S. Mehrotra, and B. Thuraisingham. Risk-Aware Workload Distribution in Hybrid Clouds. In IEEE CLOUD, pages 229–236, 2012.

    Google Scholar 

  5. Hybrid Cloud. The NIST Definition of Cloud Computing. National Institute of Science and Technology, Special Publication, 800-145, 2011.

    Google Scholar 

  6. M. R. Fouad, G. Lebanon, and E. Bertino. ARUBA: A Risk-Utility-Based Algorithm for Data Disclosure. In Secure Data Management, pages 32–49, 2008.

    Google Scholar 

  7. S. Trabelsi, V. Salzgeber, M. Bezzi, and G. Montagnon. Data disclosure risk evaluation. In CRiSIS, pages 35–72, 2009.

    Google Scholar 

  8. Tomasz Nykiel, Michalis Potamias, Chaitanya Mishra, George Kollios, and Nick Koudas. 2010. MRShare: sharing across multiple queries in MapReduce. Proc. VLDB Endow. 3, 1–2 (September 2010), 494–505.

    Google Scholar 

  9. Jeffrey Dean and Sanjay Ghemawat. 2008. MapReduce: simplified data processing on large clusters. Commun. ACM 51, 1 (January 2008), 107–113.

    Google Scholar 

  10. Apache Hadoop. http://hadoop.apache.org/.

  11. H. Hacigümüş, B. R. Iyer, C. Li, and S. Mehrotra. Executing SQL over encrypted data in the database-service-provider model. In SIGMOD, pages 216–227, 2002.

    Google Scholar 

  12. Kehuan Zhang, Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, and Yaoping Ruan. 2011. Sedic: privacy-aware data intensive computing on hybrid clouds. In Proceedings of the 18th ACM conference on Computer and communications security (CCS ’11). ACM, New York, NY, USA, 515–526.

    Google Scholar 

  13. Bijit Hore, Sharad Mehrotra, Hakan Hacigümüç, Managing and querying encrypted data, Handbook of Database Security, Editors: Michael Gertz and Sushil Jajodia, Pages 163–190, Publisher, Springer US 2008/1/1

    Google Scholar 

  14. Ali Bagherzandi, Bijit Hore, Sharad Mehrotra, Search over Encrypted Data, In Encyclopedia of Cryptography and Security, Springer 2011

    Google Scholar 

  15. Hakan Hacigumus, Bijit Hore, Sharad Mehrotra, Privacy of Outsourced Data In Encyclopedia of Cryptography and Security, Springer 2011

    Google Scholar 

  16. Hakan Hacigumus, Bala Iyer, Sharad Mehrotra, Providing Database as a Service, IEEE International Conference in Data Engineering, 2002

    Google Scholar 

  17. T. Erasmus. The heavy metal that poisoned the droid. Tech. rep. MWR Info Security, 2012. URL: http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/documentation/white-paper/.

  18. Aaron Steele. Ontological Vulnerability Assessment. In: Web Information Systems Engineering WISE 2008 Workshops. Ed. by Sven Hartmann, Xiaofang Zhou, and Markus Kirchberg. Vol. 5176. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2008, pp. 24–35. ISBN: 978-3-540-85199-8. URL: http://dx.doi.org/10.1007/978-3-540-85200-15.

  19. Srujan Kotikela, Krishna Kavi, and Mahadevan Gomathisankaran. Vulnerability Assessment in Cloud Computing. In: The 2012 International Conference on Security Management (SAM 2012). Ed. by Kevin Daimi and Hamid R Arabnia. WORLDCOMP 2012. July 16–19, 2012, Las Vegas, Nevada, USA: CSREA Press, 2012, pp. 67–73.

    Google Scholar 

  20. National Vulnerability Database. NIST. 2012. URL: http://nvd.nist.gov/.

  21. Metasploit Auxiliary Module and Exploit Database (DB). Metasploit.

    Google Scholar 

  22. M. Guo and J.A. Wang. An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security. In: ASEE Southest Section Conference. 2009.

    Google Scholar 

  23. Ju An Wang and Minzhe Guo. OVM: an ontology for vulnerability management. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies. CSIIRW 09. Oak Ridge, Tennessee: ACM, 2009, 34:1–34:4. ISBN: 978-1-60558-518-5. URL: http://doi.acm.org/10.1145/1558607.1558646.

  24. R. Paul, I.L. Yen, F. Bastani, J. Dong, W.T. Tsai, K. Kavi, A. Ghafoor, and J. Srivastava. An Ontology-Based Integrated Assessment Framework for High-Assurance Systems. In: Semantic Computing, 2008 IEEE International Conference on. IEEE. 2008, pp. 386–393.

    Google Scholar 

  25. Ju An Wang, Minzhe Guo, Hao Wang, Min Xia, and Linfeng Zhou. Ontology-based security assessment for software products. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies. CSIIRW 09. Oak Ridge, Tennessee: ACM, 2009, 15:1–15:4. ISBN: 978-1-60558-518-5. URL: http://doi.acm.org/10.1145/1558607.1558625.

  26. Anoop Singhal and Duminda Wijesekera. Ontologies for modeling enterprise level security metrics. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. CSIIRW 10. Oak Ridge, Tennessee: ACM, 2010, 58:1–58:3. ISBN: 978-1-4503-0017-9. URL: http://doi.acm.org/10.1145/1852666.1852731http://doi.acm.org/10.1145/1852666.1852731.

  27. Xusheng Xiao, Amit Paradkar, Suresh Thummalapenta, and Tao Xie. Automated extraction of security policies from natural-language software documents. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering. FSE 12. Cary, North Carolina: ACM, 2012, 12:1–12:11. ISBN: 978-1-4503-1614-9. URL: http://doi.acm.org/10.1145/2393596.2393608.

  28. Nora Yahia, Sahar A. Mokhtar, and AbdelWahab Ahmed. Automatic Generation of OWL Ontology from XML Data Source. In: CoRR abs/1206.0570 (2012).

    Google Scholar 

  29. I. Bedini and B. Nguyen. Automatic ontology generation: State of the art. In: PRiSM Laboratory Technical Report. University of Versailles (2007).

    Google Scholar 

  30. P. Meunier. Classes of vulnerabilities and attacks. In: Wiley Handbook of Science and Technology for Homeland Security (2008).

    Google Scholar 

  31. Timothy Vidas, Daniel Votipka, and Nicolas Christin. All your droid are belong to us: a survey of current android attacks. In: Proceedings of the 5th USENIX conference on Offensive technologies. WOOT11. San Francisco, CA: USENIX Association, 2011, pp. 10–10. URL: http://dl.acm.org/citation.cfm?id=2028052.2028062http://dl.acm.org/citation.cfm?id=2028052.2028062.

  32. A. Singhal and X. Ou. Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs. In: NIST InterAgency Report (2011).

    Google Scholar 

  33. O. Sheyner and J. Wing. Tools for generating and analyzing attack graphs. In: Formal methods for components and objects. Springer. 2004, pp. 344–371.

    Google Scholar 

  34. T. Heberlein, M. Bishop, E. Ceesay, M. Danforth, CG Senthilkumar, and T. Stallard. A Taxonomy for Comparing Attack-Graph Approaches. Tech. rep. Submitted to ARDA. Net Squared, Inc., 2004. URL: http://www.netsq.com/Documents/AttackGraphPaper.pdf.

  35. Security Content Automation Protocol. NIST. 2012. URL: http://scap.nist.gov/.

  36. Common Vulnerabilities and Exposures. MITRE. 2012. URL: http://cve.mitre.org/.

  37. Common Weakness Enumeration. MITRE. 2012. URL: http://cwe.mitre.org/.

  38. Common Platform Enumeration. MITRE. 2012. URL: http://cpe.mitre.org/.

  39. Common Vulnerability Scoring System. FIRST. 2012. URL: http://www.first.org/cvss.

  40. SPARQL Query Language for RDF. W3C. 2012. URL: http://www.w3.org/TR/rdf-sparql-query/.

  41. Sai Wu, Feng Li, Sharad Mehrotra, Beng Chin Ooi, Query Optimization for massively parallel data processing, SoCC 2011

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Irvine, CA, USA

    Kerim Y. Oktay & Sharad Mehrotra

  2. Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA

    Mahadevan Gomathisankaran

  3. Department of Computer Science, University of Texas at Dallas, Richardson, TX, USA

    Murat Kantarcioglu

  4. Computer Systems Division, National Institute of Standards and Technology, Gaithersburg, MD, USA

    Anoop Singhal

Authors
  1. Kerim Y. Oktay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahadevan Gomathisankaran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Murat Kantarcioglu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sharad Mehrotra
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Anoop Singhal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kerim Y. Oktay .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Krishna Kant

  3. University of Milan, Crema, Italy

    Pierangela Samarati

  4. Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA

    Anoop Singhal

  5. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  6. Computing and Information Science Division, Information Sciences Directorate, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Oktay, K.Y., Gomathisankaran, M., Kantarcioglu, M., Mehrotra, S., Singhal, A. (2014). Towards Data Confidentiality and a Vulnerability Analysis Framework for Cloud Computing. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-9278-8_10

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-9277-1

  • Online ISBN: 978-1-4614-9278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation