Data Security and Privacy Protection Issues in Cloud Computing
23 Mar 2012-Vol. 1, pp 647-651
TL;DR: This paper provides a concise but all-round analysis on data security and privacy protection issues associated with cloud computing across all stages of data life cycle and describes future research work about dataSecurity and privacy Protection issues in cloud.
Abstract: It is well-known that cloud computing has many potential advantages and many enterprise applications and data are migrating to public or hybrid cloud. But regarding some business-critical applications, the organizations, especially large enterprises, still wouldn't move them to cloud. The market size the cloud computing shared is still far behind the one expected. From the consumers' perspective, cloud computing security concerns, especially data security and privacy protection issues, remain the primary inhibitor for adoption of cloud computing services. This paper provides a concise but all-round analysis on data security and privacy protection issues associated with cloud computing across all stages of data life cycle. Then this paper discusses some current solutions. Finally, this paper describes future research work about data security and privacy protection issues in cloud.
Citations
More filters
TL;DR: The security issues that arise due to the very nature of cloud computing are detailed and the recent solutions presented in the literature to counter the security issues are presented.
694 citations
TL;DR: This review introduces future innovations and a research agenda for cloud computing supporting the transformation of the volume, velocity, variety and veracity into values of Big Data for local to global digital earth science and applications.
Abstract: Big Data has emerged in the past few years as a new paradigm providing abundant data and opportunities to improve and/or enable research and decision-support applications with unprecedented value for digital earth applications including business, sciences and engineering. At the same time, Big Data presents challenges for digital earth to store, transport, process, mine and serve the data. Cloud computing provides fundamental support to address the challenges with shared computing resources including computing, storage, networking and analytical software; the application of these resources has fostered impressive Big Data advancements. This paper surveys the two frontiers – Big Data and cloud computing – and reviews the advantages and consequences of utilizing cloud computing to tackling Big Data in the digital earth and relevant science domains. From the aspects of a general introduction, sources, challenges, technology status and research opportunities, the following observations are offered: (i...
545 citations
TL;DR: This paper surveys the works on cloud security issues, making a comprehensive review of the literature on the subject and proposes a taxonomy for their classification, addressing several key topics, namely vulnerabilities, threats, and attacks.
Abstract: In the last few years, the appealing features of cloud computing have been fueling the integration of cloud environments in the industry, which has been consequently motivating the research on related technologies by both the industry and the academia. The possibility of paying-as-you-go mixed with an on-demand elastic operation is changing the enterprise computing model, shifting on-premises infrastructures to off-premises data centers, accessed over the Internet and managed by cloud hosting providers. Regardless of its advantages, the transition to this computing paradigm raises security concerns, which are the subject of several studies. Besides of the issues derived from Web technologies and the Internet, clouds introduce new issues that should be cleared out first in order to further allow the number of cloud deployments to increase. This paper surveys the works on cloud security issues, making a comprehensive review of the literature on the subject. It addresses several key topics, namely vulnerabilities, threats, and attacks, proposing a taxonomy for their classification. It also contains a thorough review of the main concepts concerning the security state of cloud environments and discusses several open research topics.
423 citations
Cites background from "Data Security and Privacy Protectio..."
...However, deficient implementation of data destruction policies at the end of a lifecycle, may result in data loss [34] and data disclosure [44], because hard disks might be discarded without being completely wiped [17] or might not be wrecked at all because other tenants might still be using them [100,211]....
[...]
TL;DR: This survey presents a comprehensive overview of the security issues for different factors affecting cloud computing, and encompasses the requirements for better security management and suggests 3-tier security architecture.
340 citations
TL;DR: In this paper, a joint device scheduling and resource allocation policy is proposed to maximize the model accuracy within a given total training time budget for latency constrained wireless FL, where a lower bound on the reciprocal of the training performance loss is derived.
Abstract: In federated learning (FL), devices contribute to the global training by uploading their local model updates via wireless channels. Due to limited computation and communication resources, device scheduling is crucial to the convergence rate of FL. In this paper, we propose a joint device scheduling and resource allocation policy to maximize the model accuracy within a given total training time budget for latency constrained wireless FL. A lower bound on the reciprocal of the training performance loss, in terms of the number of training rounds and the number of scheduled devices per round, is derived. Based on the bound, the accuracy maximization problem is solved by decoupling it into two sub-problems. First, given the scheduled devices, the optimal bandwidth allocation suggests allocating more bandwidth to the devices with worse channel conditions or weaker computation capabilities. Then, a greedy device scheduling algorithm is introduced, which selects the device consuming the least updating time obtained by the optimal bandwidth allocation in each step, until the lower bound begins to increase, meaning that scheduling more devices will degrade the model accuracy. Experiments show that the proposed policy outperforms state-of-the-art scheduling policies under extensive settings of data distributions and cell radius.
228 citations
References
More filters
28 Sep 2011
TL;DR: This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Abstract: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
15,145 citations
"Data Security and Privacy Protectio..." refers background in this paper
...The adoption of cloud computing may lead to gains in efficiency and effectiveness in developing and deployment and save the cost in purchasing and maintaining the infrastructure....
[...]
TL;DR: A survey of the different security risks that pose a threat to the cloud is presented and a new model targeting at improving features of an existing model must not risk or threaten other important features of the current model.
2,511 citations
"Data Security and Privacy Protectio..." refers methods in this paper
...Kavitha made an investigation of cloud computing security issues from the cloud computing service delivery models (SPI model) and give a detailed analysis and assessment method description for each security issue [8]....
[...]
13 Jul 2009
TL;DR: Wang et al. as discussed by the authors proposed an effective and flexible distributed scheme with two salient features, opposing to its predecessors, by utilizing the homomorphic token with distributed verification of erasure-coded data, achieving the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server(s).
Abstract: Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, Cloud Computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server(s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.
799 citations
13 Nov 2009
TL;DR: In this article, the authors propose a theoretical framework for the design of PORs and demonstrate practical encoding even for files F whose size exceeds that of client main memory, and also propose a new variant on the Juels-Kaliski protocol and describe a prototype implementation.
Abstract: A proof of retrievability (POR) is a compact proof by a file system (prover) to a client (verifier) that a target file F is intact, in the sense that the client can fully recover it. As PORs incur lower communication complexity than transmission of F itself, they are an attractive building block for high-assurance remote storage systems.In this paper, we propose a theoretical framework for the design of PORs. Our framework improves the previously proposed POR constructions of Juels-Kaliski and Shacham-Waters, and also sheds light on the conceptual limitations of previous theoretical models for PORs. It supports a fully Byzantine adversarial model, carrying only the restriction---fundamental to all PORs---that the adversary's error rate be bounded when the client seeks to extract F. We propose a new variant on the Juels-Kaliski protocol and describe a prototype implementation. We demonstrate practical encoding even for files F whose size exceeds that of client main memory.
570 citations
28 Apr 2010
TL;DR: Airavat is a novel integration of mandatory access control and differential privacy, a MapReduce-based system which provides strong security and privacy guarantees for distributed computations on sensitive data.
Abstract: We present Airavat, a MapReduce-based system which provides strong security and privacy guarantees for distributed computations on sensitive data Airavat is a novel integration of mandatory access control and differential privacy Data providers control the security policy for their sensitive data, including a mathematical bound on potential privacy violations Users without security expertise can perform computations on the data, but Airavat confines these computations, preventing information leakage beyond the data provider's policyOur prototype implementation demonstrates the flexibility of Airavat on several case studies The prototype is efficient, with run times on Amazon's cloud computing infrastructure within 32% of a MapReduce system with no security
498 citations
"Data Security and Privacy Protectio..." refers methods in this paper
...Roy I and Ramadan HE applied decentralized information flow control (DIFC) and differential privacy protection technology into data generation and calculation stages in cloud and put forth a privacy protection system called airavat [13]....
[...]