scispace - formally typeset
Search or ask a question
Author

Umme Habiba

Bio: Umme Habiba is an academic researcher from University of the Sciences. The author has contributed to research in topics: Cloud computing & Cloud computing security. The author has an hindex of 5, co-authored 8 publications receiving 116 citations. Previous affiliations of Umme Habiba include National University of Science and Technology.

Papers
More filters
Proceedings ArticleDOI
01 Dec 2013
TL;DR: This paper provides an overview of different intrusions in cloud and analyzes some existing cloud based intrusion detection systems with respect to their type, positioning, detection time, detection technique, data source and attacks they can detect.
Abstract: Today, Cloud Computing is the preferred choice of every IT organization since it provides flexible and pay-per-use based services to its users However, the security and privacy is a major hurdle in its success because of its open and distributed architecture that is vulnerable to intruders Intrusion Detection System (IDS) is the most commonly used mechanism to detect attacks on cloud This paper provides an overview of different intrusions in cloud Then, we analyze some existing cloud based intrusion detection systems (IDS) with respect to their type, positioning, detection time, detection technique, data source and attacks they can detect The analysis also provides limitations of each technique to evaluate whether they fulfill the security requirements of cloud computing environment or not We emphasize the deployment of IDS that uses multiple detection methods to cope with security challenges in cloud

59 citations

Journal ArticleDOI
TL;DR: This in-depth analysis of various Cloud based IDMSs reveals that most of the systems do not offer support to all the essential features of Cloud IDMS and the ones that do, have their own certain weaknesses.
Abstract: Cloud computing systems represent one of the most complex computing systems currently in existence. Current applications of Cloud involve extensive use of distributed systems with varying degree of connectivity and usage. With a recent focus on large-scale proliferation of Cloud computing, identity management in Cloud based systems is a critical issue for the sustainability of any Cloud-based service. This area has also received considerable attention from the research community as well as the IT industry. Numerous Cloud Identity Management Systems (IDMSs) have been proposed so far; however, most of those systems are neither widely accepted nor considered highly reliable due to their constraints in terms of scope, applicability and security. In order to achieve reliability and effectiveness in IDMs for Cloud, further extensive research needs to be carried out to critically examine Cloud based IDMSs and their level of security. In this work, we have holistically analyzed Cloud IDMSs to better understand the general as well as the security aspects of this domain. From the security perspective, we present a comprehensive list of attacks that occur frequently in Cloud based IDMSs. In order to alleviate those attacks, we present a well-organized taxonomy tree covering the most desired features essential for any Cloud-based IDMSs. Additionally, we have specified various mechanisms of realization (such as access control polices, encryption, self-service) against each of the features of Cloud IDMSs. We have further used the proposed taxonomy as an assessment criterion for the evaluation of Cloud based IDMSs. Our in-depth analysis of various Cloud based IDMSs reveals that most of the systems do not offer support to all the essential features of Cloud IDMS and the ones that do, have their own certain weaknesses. None of the discussed techniques heuristically covers all the security features; moreover, they lack compliance to international standards which, understandably, undermines their credibility. Presented work will help Cloud subscribers and providers in understanding the available solutions as well as the involved risks, allowing them to make more knowledgeable decisions while selecting potential Cloud IDMSs that best suits their functional and security requirements.

48 citations

Journal ArticleDOI
TL;DR: The empirical results reveal that the overall financial market development and its sub-indices (FM-access, FM-depth, and FM-efficiency) reduce CO2 emissions in developed and emerging countries.

21 citations

Proceedings ArticleDOI
02 Dec 2013
TL;DR: This paper proposes an assessment criterion for the evaluation of Cloud based IDMSs, comprising of potential security features that are positively imminent for the assessment of CloudBased Identity Management Systems.
Abstract: Cloud computing offers many benefits to the IT industry by making available the services and resources that helps them to proliferate or decrease their organizational resources automatically on demand. On the other hand, organizations are still uncertain about the security and privacy of their sensitive information (for instance the identity credentials) in the multitenant environment of the Cloud. Many security systems have been devised for the protection of resources in Cloud environments. Identity Management Systems, in this regard, play a vital role in ensuring effective user authentication, provisioning, de-provisioning and access control decisions. Many Cloud IDMSs have been proposed until now claiming to offer flexibility, agility and robustness. However, no comparative analysis of such Cloud based IDMSs has been performed so far, as to the best of our knowledge there exists no specific criteria against which one can evaluate an IDMS on Cloud. This paper proposes an assessment criterion for the evaluation of Cloud based IDMSs, comprising of potential security features that are positively imminent for the assessment of Cloud based IDMSs. Furthermore, analysis of Cloud IDMSs is presented based on the proposed assessment criteria. Potential research directions in the area of Cloud identity management and security are also discussed.

9 citations

Book ChapterDOI
01 Jan 2015
TL;DR: This work proposes a secure identity management system for federated Cloud environments that not only ensures the secure management of identity credentials, but preserves the privacy of Cloud Service Consumers (CSC) also.
Abstract: Federated Identity Management (FIM) systems are well-known for achieving reliable and effective collaboration among various organizations. Despite numerous benefits, these systems have certain critical weaknesses such as lack of security and privacy while disseminating identity credentials (Personally Identifiable Information (PII)) across multiple federated Cloud environments. In addition to this, FIMsystems have limitations in terms of interoperability and lack compliance to international standards, since most of the systems are reliant on proprietary protocols for the exchange of identity information. In this regard, we propose a secure identity management system for federated Cloud environments that not only ensures the secure management of identity credentials, but preserves the privacy of Cloud Service Consumers (CSC) also. Furthermore, implementation of the proposed system involves state-of-the-art international standards (SCIM, SAML, REST and XACML) to ensure secure, quick and easy sharing & management of identity credentials in to, out of and around the Cloud. Further, we have performed rigorous evaluation of the proposed system using standard evaluation tools such as Scyther and JUnit. The results of our evaluation certify that the presented work ensures the desired features and level of security as expected from a secure identity management system for federated Cloud environment.

7 citations


Cited by
More filters
01 Jan 2002

9,314 citations

Journal ArticleDOI
TL;DR: This survey paper intends to bring all those methods and techniques that could be used to detect different stages of APT attacks, learning methods that need to be applied and where to make the threat detection framework smart and undecipherable for those adapting APT attackers.
Abstract: Threats that have been primarily targeting nation states and their associated entities have expanded the target zone to include the private and corporate sectors. This class of threats, well known as advanced persistent threats (APTs), are those that every nation and well-established organization fears and wants to protect itself against. While nation-sponsored APT attacks will always be marked by their sophistication, APT attacks that have become prominent in corporate sectors do not make it any less challenging for the organizations. The rate at which the attack tools and techniques are evolving is making any existing security measures inadequate. As defenders strive to secure every endpoint and every link within their networks, attackers are finding new ways to penetrate into their target systems. With each day bringing new forms of malware, having new signatures and behavior that is close to normal, a single threat detection system would not suffice. While it requires time and patience to perform APT, solutions that adapt to the changing behavior of APT attacker(s) are required. Several works have been published on detecting an APT attack at one or two of its stages, but very limited research exists in detecting APT as a whole from reconnaissance to cleanup, as such a solution demands complex correlation and fine-grained behavior analysis of users and systems within and across networks. Through this survey paper, we intend to bring all those methods and techniques that could be used to detect different stages of APT attacks, learning methods that need to be applied and where to make your threat detection framework smart and undecipherable for those adapting APT attackers. We also present different case studies of APT attacks, different monitoring methods, and mitigation methods to be employed for fine-grained control of security of a networked system. We conclude this paper with different challenges in defending against APT and opportunities for further research, ending with a note on what we learned during our writing of this paper.

200 citations

Journal ArticleDOI
TL;DR: This study contributes towards identifying a unified taxonomy for security requirements, threats, vulnerabilities and countermeasures to carry out the proposed end-to-end mapping and highlights security challenges in other related areas like trust based security models, cloud-enabled applications of Big Data, Internet of Things, Software Defined Network (SDN) and Network Function Virtualization (NFV).

152 citations

Journal ArticleDOI
TL;DR: A detailed comparative study of the existing techniques in the perspective of cloud service providers and cloud users that include identity and access management, security issues and services in the cloud environment are highlighted.

85 citations

Journal ArticleDOI
TL;DR: This survey focuses on intrusion detection systems (IDS) that leverage host-based data sources for detecting attacks on enterprise network, presenting targeted sub-surveys of HIDS research leveraging system logs, audit data, Windows Registry, file systems, and program analysis.
Abstract: This survey focuses on intrusion detection systems (IDS) that leverage host-based data sources for detecting attacks on enterprise network. The host-based IDS (HIDS) literature is organized by the input data source, presenting targeted sub-surveys of HIDS research leveraging system logs, audit data, Windows Registry, file systems, and program analysis. While system calls are generally included in audit data, several publicly available system call datasets have spawned a flurry of IDS research on this topic, which merits a separate section. To accommodate current researchers, a section giving descriptions of publicly available datasets is included, outlining their characteristics and shortcomings when used for IDS evaluation. Related surveys are organized and described. All sections are accompanied by tables concisely organizing the literature and datasets discussed. Finally, challenges, trends, and broader observations are throughout the survey and in the conclusion along with future directions of IDS research. Overall, this survey was designed to allow easy access to the diverse types of data available on a host for sensing intrusion, the progressions of research using each, and the accessible datasets for prototyping in the area.

74 citations