Please use this identifier to cite or link to this item:
Title: Protection of Client Data Confidentiality and Computation Integrity in Infrastructure as a Service Based Cloud
Authors: Khan, Imran
Keywords: Computer & IT
Computer Sciences
Issue Date: 2019
Publisher: National University of Computer and Emerging Sciences Islamabad
Abstract: One of the most critical issue to the wide adoption of cloud-based services is the concern about the client data confidentiality and computation integrity. Research work [Wang et al., 2015][Vasudevan et al., 2016] in the past on cloud platforms security has predominantly focused either on protecting these platforms from malicious cloud clients or on protecting cloud clients from each others unwanted activities. The problem of protecting clients from the possible malicious acts of insiders such as cloud providers is not adequately addressed. In this dissertation, we present a practical approach to protect client data confidentiality and computation integrity from cloud insiders, such as cloud administrator, in an infrastructure-as-a-service (IaaS) based cloud environment. Our approach makes use of remote attestation[Coker et al., 2011], and a late launch based technique, called Flicker[McCune et al., 2008], to verify the integrity of the cloud platform. This technique secures the virtual machine (VM) launch operation and further allows the launched VM to perform operations on sensitive data in full isolation. We have demonstrated through a real-world scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud providers platform can be verified using digital watermarking in a secure and isolated execution environment without revealing the watermark details to the cloud administrator. We have also demonstrated using formal verification tool ProVerif that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead. In this dissertation, we have also presented a framework to rank cloud platform nodes according to the security guarantees they provide. Platform ranking helps to meet the needs of organizations with different security requirements. The framework introduces averification is indirectly perform Trusted Party (TP) for the verification of security properties of a cloud platform to the clients. The given framework is also thin client friendly as platform attestation and verification is indirectly performed through TP without the direct involvement of clients. Performance analysis shows that the cost of our presented approach is lower in order of magnitude when compared with traditional trusted computing based solutions.
Gov't Doc #: 19512
Appears in Collections:PhD Thesis of All Public / Private Sector Universities / DAIs.

Files in This Item:
File Description SizeFormat 
Imran Khan_CS_2018_FAST NU.pdf1.68 MBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.