Search or add a thesis

Advanced Search (Beta)
Home > Protection of Client Data Confidentiality and Computation Integrity in Infrastructure As a Service Based Cloud

Protection of Client Data Confidentiality and Computation Integrity in Infrastructure As a Service Based Cloud

Thesis Info

Access Option

External Link

Author

Khan, Imran

Program

PhD

Institute

National University of Computer and Emerging Sciences

City

Islamabad

Province

Islamabad

Country

Pakistan

Thesis Completing Year

2019

Thesis Completion Status

Completed

Subject

Computer Science

Language

English

Link

http://prr.hec.gov.pk/jspui/bitstream/123456789/12702/1/Imran%20Khan_CS_2018_FAST%20NU.pdf

Added

2021-02-17 19:49:13

Modified

2024-03-24 20:25:49

ARI ID

1676727816297

Similar

One of the most critical issue to the wide adoption of cloud-based services is the concern about the client data confidentiality and computation integrity. Research work [Wang et al., 2015][Vasudevan et al., 2016] in the past on cloud platforms security has predominantly focused either on protecting these platforms from malicious cloud clients or on protecting cloud clients from each others unwanted activities. The problem of protecting clients from the possible malicious acts of insiders such as cloud providers is not adequately addressed. In this dissertation, we present a practical approach to protect client data confidentiality and computation integrity from cloud insiders, such as cloud administrator, in an infrastructure-as-a-service (IaaS) based cloud environment. Our approach makes use of remote attestation[Coker et al., 2011], and a late launch based technique, called Flicker[McCune et al., 2008], to verify the integrity of the cloud platform. This technique secures the virtual machine (VM) launch operation and further allows the launched VM to perform operations on sensitive data in full isolation. We have demonstrated through a real-world scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud providers platform can be verified using digital watermarking in a secure and isolated execution environment without revealing the watermark details to the cloud administrator. We have also demonstrated using formal verification tool ProVerif that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead. In this dissertation, we have also presented a framework to rank cloud platform nodes according to the security guarantees they provide. Platform ranking helps to meet the needs of organizations with different security requirements. The framework introduces averification is indirectly perform Trusted Party (TP) for the verification of security properties of a cloud platform to the clients. The given framework is also thin client friendly as platform attestation and verification is indirectly performed through TP without the direct involvement of clients. Performance analysis shows that the cost of our presented approach is lower in order of magnitude when compared with traditional trusted computing based solutions.

Similar News

Similar Articles

Similar Article Headings