www.globalsoftsolutions.

in

CLOUD COMPUTING:

1. CLOUD
COMPUTING
MULTICLOUDS.

SECURITY

FROM

SINGLE

TO

The use of cloud computing has increased rapidly in many organizations.

Cloud computing provides many benefits in terms of low cost and accessibility of
data. Ensuring the security of cloud computing is a major factor in the cloud
computing environment, as users often store sensitive information with cloud
storage providers but these providers may be untrusted. Dealing with "single cloud"
providers is predicted to become less popular with customers due to risks of
service availability failure and the possibility of malicious insiders in the single
cloud. A movement towards "multi-clouds", or in other words, "interclouds" or
"cloud-of-clouds" has emerged recently. This paper surveys recent research related
to single and multi-cloud security and addresses possible solutions. It is found that
the research into the use of multi-cloud providers to maintain security has received
less attention from the research community than has the use of single clouds. This
work aims to promote the use of multi-clouds due to its ability to reduce security
risks that affect the cloud computing user.

2. RELIABLE RE-ENCRYPTION IN UNRELIABLE CLOUDS.

A key approach to secure cloud computing is for the data owner to store
encrypted data in the cloud, and issue decryption keys to authorized users.
Then, when a user is revoked, the data owner will issue re-encryption
commands to the cloud to re-encrypt the data, to prevent the revoked user
from decrypting the data, and to generate new decryption keys to valid
users, so that they can continue to access the data. However, since a cloud
computing environment is comprised of many cloud servers, such commands
may not be received and executed by all of the cloud servers due to
unreliable network communications. In this paper, we solve this problem by
proposing a time-based re-encryption scheme, which enables the cloud
servers to automatically re-encrypt data based on their internal clocks. Our
solution is built on top of a new encryption scheme, attribute-based
encryption, to allow fine-grain access control, and does not require perfect
clock synchronization for correctness.

3. CLOUDTPS SCALABLE TRANSACTIONS FOR WEB

www.globalsoftsolutions.in

APPLICATIONS IN THE CLOUD.(service commuting)

NoSQL Cloud data stores provide scalability and high availability properties
for web applications, but at the same time they sacrifice data consistency.
However, many applications cannot afford any data inconsistency. CloudTPS
is a scalable transaction manager which guarantees full ACID properties for
multi-item transactions issued by Web applications, even in the presence of
server failures and network partitions. We implement this approach on top
of the two main families of scalable data layers: Bigtable and SimpleDB.
Performance evaluation on top of HBase (an open-source version of Bigtable)
in our local cluster and Amazon SimpleDB in the Amazon cloud shows that
our system scales linearly at least up to 40 nodes in our local cluster and 80
nodes in the Amazon cloud.

4. Scalable and Secure Sharing of Personal Health Records in Cloud

Computing using Attribute-based Encryption
Personal health record (PHR) is an emerging patient-centric model of health
information exchange, which is often outsourced to be stored at a third
party, such as cloud providers. However, there have been wide privacy
concerns as personal health information could be exposed to those third
party servers and to unauthorized parties. To assure the patients' control
over access to their own PHRs, it is a promising method to encrypt the PHRs
before outsourcing. Yet, issues such as risks of privacy exposure, scalability
in key management, flexible access and efficient user revocation, have
remained the most important challenges toward achieving fine-grained,
cryptographically enforced data access control. In this paper, we propose a
novel patient-centric framework and a suite of mechanisms for data access
control to PHRs stored in semi-trusted servers. To achieve fine-grained and
scalable data access control for PHRs, we leverage attribute based
encryption (ABE) techniques to encrypt each patient's PHR file. Different
from previous works in secure data outsourcing, we focus on the multiple
data owner scenario, and divide the users in the PHR system into multiple
security domains that greatly reduces the key management complexity for
owners and users. A high degree of patient privacy is guaranteed
simultaneously by exploiting multi-authority ABE. Our scheme also enables
dynamic modification of access policies or file attributes, supports efficient

www.globalsoftsolutions.in
on-demand user/attribute revocation and break-glass access under
emergency scenarios. Extensive analytical and experimental results are
presented which show the security, scalability and efficiency of our
proposed scheme.

5. Optimization of Resource Provisioning Cost in Cloud Computing

In cloud computing, cloud providers can offer cloud consumers two provisioning
plans for computing resources, namely reservation and on-demand plans. In general,
cost of utilizing computing resources provisioned by reservation plan is cheaper
than that provisioned by on-demand plan, since cloud consumer has to pay to
provider in advance. With the reservation plan, the consumer can reduce the total
resource provisioning cost. However, the best advance reservation of resources is
difficult to be achieved due to uncertainty of consumer's future demand and
providers' resource prices. To address this problem, an optimal cloud resource
provisioning (OCRP) algorithm is proposed by formulating a stochastic programming
model. The OCRP algorithm can provision computing resources for being used in
multiple provisioning stages as well as a long-term plan, e.g., four stages in a quarter
plan and twelve stages in a yearly plan. The demand and price uncertainty is
considered in OCRP. In this paper, different approaches to obtain the solution of
the OCRP algorithm are considered including deterministic equivalent formulation,
sample-average approximation, and Benders decomposition. Numerical studies are
extensively performed in which the results clearly show that with the OCRP
algorithm, cloud consumer can successfully minimize total cost of resource
provisioning in cloud computing environments.

6. HASBE: A HIERARCHICAL ATTRIBUTE-BASED EXPLANATION

FOR FLEXIBLE AND SCALABLE PERMISSION CONTROL
INCLOUD COMPUTING.
Cloud computing has emerged as one of the most influential paradigms in the IT
industry in recent years. Since this new computing technology requires users to

www.globalsoftsolutions.in
entrust their valuable data to cloud providers, there have been increasing security
and privacy concerns on outsourced data. Several schemes employing attributebased encryption (ABE) have been proposed for access control of outsourced data
in cloud computing; however, most of them suffer from inflexibility in implementing
complex access control policies. In order to realize scalable, flexible, and finegrained access control of outsourced data in cloud computing, in this paper, we
propose hierarchical attribute-set-based encryption (HASBE) by extending
ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical
structure of users. The proposed scheme not only achieves scalability due to its
hierarchical structure, but also inherits flexibility and fine-grained access control
in supporting compound attributes of ASBE. In addition, HASBE employs multiple
value assignments for access expiration time to deal with user revocation more
efficiently than existing schemes. We formally prove the security of HASBE based
on security of the ciphertext-policy attribute-based encryption (CP-ABE) scheme
by Bethencourt and analyze its performance and computational complexity. We
implement our scheme and show that it is both efficient and flexible in dealing with
access control for outsourced data in cloud computing with comprehensive
experiments.

7. A Gossip Protocol for Dynamic Resource Management in Large

Cloud Environments (Network and Service management)
We address the problem of dynamic resource management for a largescale cloud environment. Our contribution includes outlining a
distributed middleware architecture and presenting one of its key
elements: a gossip protocol that (1) ensures fair resource allocation
among sites/applications, (2) dynamically adapts the allocation to load
changes and (3) scales both in the number of physical machines and
sites/applications. We formalize the resource allocation problem as
that of dynamically maximizing the cloud utility under CPU and
memory constraints. We first present a protocol that computes an
optimal solution without considering memory constraints and prove
correctness and convergence properties. Then, we extend that
protocol to provide an efficient heuristic solution for the complete
problem, which includes minimizing the cost for adapting an
allocation. The protocol continuously executes on dynamic, local input
and does not require global synchronization, as other proposed gossip
protocols do. We evaluate the heuristic protocol through simulation
and find its performance to be well-aligned with our design goals.

www.globalsoftsolutions.in

8. DETECTING
AND
RESOLVING
ANOMALIES(Secure Computing)

FIREWALL

POLICY

The advent of emerging computing technologies such as service-oriented

architecture and cloud computing has enabled us to perform business services more
efficiently and effectively. However, we still suffer from unintended security
leakages by unauthorized actions in business services. Firewalls are the most widely
deployed security mechanism to ensure the security of private networks in most
businesses and institutions. The effectiveness of security protection provided by a
firewall mainly depends on the quality of policy configured in the firewall.
Unfortunately, designing and managing firewall policies are often error prone due to
the complex nature of firewall configurations as well as the lack of systematic
analysis mechanisms and tools. In this paper, we represent an innovative policy
anomaly management framework for firewalls, adopting a rule-based segmentation
technique to identify policy anomalies and derive effective anomaly resolutions. In
particular, we articulate a grid-based representation technique, providing an
intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept
implementation of a visualization-based firewall policy analysis tool called Firewall
Anomaly Management Environment (FAME). In addition, we demonstrate how
efficiently our approach can discover and resolve anomalies in firewall policies
through rigorous experiments.

9. Privacy-Preserving Public Auditing for Secure Cloud Storage

Using Cloud Storage, users can remotely store their data and enjoy the on-demand
high quality applications and services from a shared pool of configurable computing
resources, without the burden of local data storage and maintenance. However, the
fact that users no longer have physical possession of the outsourced data makes
the data integrity protection in Cloud Computing a formidable task, especially for
users with constrained computing resources. Moreover, users should be able to just
use the cloud storage as if it is local, without worrying about the need to verify its
integrity. Thus, enabling public auditability for cloud storage is of critical
importance so that users can resort to a third party auditor (TPA) to check the
integrity of outsourced data and be worry-free. To securely introduce an effective
TPA, the auditing process should bring in no new vulnerabilities towards user data
privacy, and introduce no additional online burden to user. In this paper, we propose
a secure cloud storage system supporting privacy-preserving public auditing. We

www.globalsoftsolutions.in
further extend our result to enable the TPA to perform audits for multiple users
simultaneously and efficiently. Extensive security and performance analysis show
the proposed schemes are provably secure and highly efficient.

10.

Privacy Mechanism for Applications in Cloud Computing

Applications stored in the cloud enable users to access and perform tasks in real
time, reducing costs in the acquisition of computer resources. Although there
are benefits, this paradigm also brings security and privacy risks to users, such
as theft of information or identity. This paper proposes a mechanism able to
provide privacy protection for users to use applications that address issues of
identity, confidentiality and user preferences.

11.
Enhancing privacy and
consumer cloud computing

dynamic

federation

in

IdM

for

Consumer cloud computing paradigm has emerged as the natural evolution and integration of
advances in several areas including distributed computing, service oriented
architecture and consumer electronics. In this complex ecosystem, security and
identity management challenges have cropped up, given their dynamism and
heterogeneity. As a direct consequence, dynamic federated identity management with
privacy improvements has arisen as an indispensable mechanism to enable the global
scalability and usability that are required for the successful implantation of Cloud
technologies. With these requirements in mind, we present an IdM architecture based
on privacy and reputation extensions compliance with the SAMLv2/ID-FF standards 1.

12.
Enabling Secure and Efficient Ranked Keyword Search over
Outsourced Cloud Data(Parallel and Distributed System.)
Cloud computing economically enables the paradigm of data service
outsourcing. However, to protect data privacy, sensitive cloud data
have to be encrypted before outsourced to the commercial public
cloud, which makes effective data utilization service a very
challenging task. Although traditional searchable encryption
techniques allow users to securely search over encrypted data
through keywords, they support only Boolean search and are not yet
sufficient to meet the effective data utilization need that is
inherently demanded by large number of users and huge amount of

www.globalsoftsolutions.in

data files in cloud. In this paper, we define and solve the problem of
secure ranked keyword search over encrypted cloud data. Ranked
search greatly enhances system usability by enabling search result
relevance ranking instead of sending undifferentiated results, and
further ensures the file retrieval accuracy. Specifically, we explore
the statistical measure approach, i.e., relevance score, from
information retrieval to build a secure searchable index, and develop a
one-to-many order-preserving mapping technique to properly protect
those sensitive score information. The resulting design is able to
facilitate efficient server-side ranking without losing keyword
privacy. Thorough analysis shows that our proposed solution enjoys
as-strong-as-possible security guarantee compared to previous
searchable encryption schemes, while correctly realizing the goal of
ranked keyword search. Extensive experimental results demonstrate
the efficiency of the proposed solution.

13.
Cooperative Provable Data Possession for Integrity
Verification in Multi-Cloud Storage (Parallel and Distribution
System)
Provable data possession (PDP) is a technique for ensuring the integrity of
data in storage outsourcing. In this paper, we address the construction
of an efficient PDP scheme for distributed cloud storage to support the
scalability of service and data migration, in which we consider the
existence of multiple cloud service providers to cooperatively store and
maintain the clients’ data. We present a cooperative PDP (CPDP)
scheme based on homomorphic verifiable response and hash index
hierarchy. We prove the security of our scheme based on multi-prover
zero-knowledge proof system, which can satisfy completeness,
knowledge soundness, and zero-knowledge properties. In addition, we
articulate performance optimization mechanisms for our scheme, and in
particular present an efficient method for selecting optimal parameter
values to minimize the computation costs of clients and storage service
providers. Our experiments show that our solution introduces lower
computation and communication overheads in comparison with noncooperative approaches.

www.globalsoftsolutions.in

14.Security Challenges for the Public Cloud

Cloud computing represents today's most exciting computing paradigm shift
in information technology. However, security and privacy are perceived as
primary obstacles to its wide adoption. Here, the authors outline several
critical security challenges and motivate further investigation of security
solutions for a trustworthy public cloud environment.

15.Cloud Computing Security: From Single to Multi-clouds

The use of cloud computing has increased rapidly in many organizations. Cloud
computing provides many benefits in terms of low cost and accessibility of data.
Ensuring the security of cloud computing is a major factor in the cloud computing
environment, as users often store sensitive information with cloud storage
providers but these providers may be untrusted. Dealing with "single cloud"
providers is predicted to become less popular with customers due to risks of
service availability failure and the possibility of malicious insiders in the single
cloud. A movement towards "multi-clouds", or in other words, "interclouds" or
"cloud-of-clouds" has emerged recently. This paper surveys recent research related
to single and multi-cloud security and addresses possible solutions. It is found that
the research into the use of multi-cloud providers to maintain security has received
less attention from the research community than has the use of single clouds. This
work aims to promote the use of multi-clouds due to its ability to reduce security
risks that affect the cloud computing user.