Privacy Preserving and Intrusion Detection For Securing Data In Cloud

 Abstract— The trend of using cloud environments is growing for storage and data processing needs. Cloud computing is an Internet-based computing, whereby shared resources, software, and information are provided to computers and other devices on demand. The idea is to construct a new privacy preserving access control scheme for securing data in clouds. The cloud verifies the authenticity of the user but cloud does not know user's identity. User should need to authenticate before storing the data this is also prevents replay attacks and supports creation, modification, and reading data stored in the cloud. Moreover, authentication and access control scheme is decentralized. this paper also introduce the Cloud Intrusion Detection Service (CIDS), which detect the different attack and fire the alert to other cloud user. CIDS used various component to summarize the alerts and inform about the attack fired information to the cloud administrator. CIDS architecture is scalable and elastic. CIDS approach detects the masquerade and host based attack and informs to cloud administrator to take proper action.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  J. C. Byington,et al.  Mobile agents and security , 1998, IEEE Commun. Mag..

[3]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[4]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[5]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[6]  Fabrizio Baiardi,et al.  CIDD: A Cloud Intrusion Detection Dataset for Cloud Computing and Masquerade Attacks , 2012, 2012 Ninth International Conference on Information Technology - New Generations.

[7]  Cong Wang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[8]  Wayne Jansen,et al.  NIST Special Publication 800-19 – Mobile Agent Security , 2000 .

[9]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[10]  David Kaeli,et al.  Virtual machine monitor-based lightweight intrusion detection , 2011, OPSR.

[11]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[12]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[13]  Chao-Tung Yang,et al.  A performance-based grid intrusion detection system , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[14]  Abderrahim Sekkaki,et al.  Intrusion Detection for Computational Grids , 2008, 2008 New Technologies, Mobility and Security.

[15]  W. A. Jansen,et al.  MOBILE AGENTS AND SECURITY , 1999 .

[16]  Boleslaw K. Szymanski,et al.  Sequence alignment for masquerade detection , 2008, Comput. Stat. Data Anal..

[17]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[18]  Ivan Stojmenovic,et al.  DACC: Distributed Access Control in Clouds , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[19]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[20]  Carlos Becker Westphall,et al.  A Grid-based Intrusion Detection System , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[21]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[22]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[23]  Wayne Jansen,et al.  Applying Mobile Agents to Intrusion Detection and Response , 1999 .