Universal privacy‐preserving platform for SecaaS services
5
Citation
17
Reference
10
Related Paper
Citation Trend
Abstract:
Summary With the rapid growth of the Security‐as‐a‐Service market, concerns about privacy in exposing customer security policies to Cloud Service Providers have become critical. To resolve these issues, several solutions have been proposed over the past few years, each for a different kind of security service. However, as the number of security services outsourced into a cloud continues to grow, the need for a unified solution has become significant. This article introduces and presents a universal privacy‐preserving platform for SecaaS services that is based on a hybrid cloud architecture for maintaining the confidentiality of the customer's security policy. It is shown that this platform can be applied to all security services whose security policies can be represented in the form of a decision tree. This includes the vast majority of existing cloud‐based security services. With the small number of computationally‐expensive operations performed in a private cloud, the solution also does not require the implementation of a performant security engine on the customer's premises, allowing full advantage to be taken of private cloud offloading. It is also shown that the platform achieves better performance results than other existing solutions of this type. These findings were confirmed by experimental results.Keywords:
Security through obscurity
Cite
Security Testing
Security through obscurity
Security convergence
Cite
Citations (10)
Security Policy
Security Testing
Security through obscurity
Security convergence
Application security
Security engineering
Information security standards
Cite
Citations (1)
In today's information society, the information security is more and more regarded. It is mainly divided into five parts: physical security, network security, host security, application security and data security. Among them, the host security is in the first floor of the whole information system. However, the host security depended on operating system (OS) security necessarily. It is obvious that the OS security is the essential precondition and foundation of the whole computer information system security. In this article, firstly, it discussed the importance of the OS security; secondly, it further introduced the OS security mechanism, security demand, security policy and security model; finally, it discussed the host vulnerability evaluation, and put forward the function that a testing all-around host evaluation tool ought to carry out.
Security through obscurity
Security Testing
Security convergence
Vulnerability
Information security management
Cite
Citations (6)
Security through obscurity
Security convergence
Information security management
Logical security
Security Testing
Cite
Citations (0)
Cloud computing now becomes the strategic development orientation of global information industry. The security problem of cloud computing is the primary obstacle hindering its further growth. This article analyzes the security object of cloud computing according to its service model and technical characteristics. With focus on security of infrastructure services,security of platform services,security of application software services,terminal security protection,security management and legal regulations,this article systematically discusses the existing security risks and security requirements of general cloud computing architecture. Finally this article gives suggestions on how to build cloud security system.
Security convergence
Security through obscurity
Cite
Citations (0)
이기종 보안 제품들을 통합관리하기 위한 통합보안관리시스템은 보안관리를 위한 불필요한 보안정책의 중복을 피하고 보안 제품들을 효율적으로 상호운용하기 위해 제안된 보안관리 구조이다. 본 논문에서는 보안 제품들에 대한 다양한 보안정책 관리 구조들을 통합된 형태로 보안적으로 무결한 보안정책을 설정할 수 있는 보안정책 일반화 관리 구조를 제안한다. 보안정책 일반화의 목적은 네트워크 상에서 존재하는 모든 보안 시스템들에 대한 보안관리의 효율성, 편의성 보장과 보안성 향상에 있으며, 이질적인 보안 정책제어 구조를 수용할 수 있도록 하는 것이다. 보안정책 일반화 과정은 관리자의 보안목표와 보안요구사항 설정, 각 보안제품과 보안 에이전트들에 의해 수집된 정보들에 대한 분석을 통하여 보안상태를 확인하며, 위험요소에 대한 보안정책 적용 방법들을 보안목표와 보안요구사항, 보안정책목록 정보를 기준으로 적절성을 판별하는 일련의 과정으로 정의할 수 있다. 보안정책 설정과정의 일반화는 이기종 보안정책에 대한 통합관리가 가능하게 하며, 보안 정책간의 충돌 및 중복 설정과 같은 일관성 문제를 해결함으로써 보안정책의 무결성을 보장하고, 네트워크 상에서 존재하는 보안제품의 제어에 편의성을 제공한다. Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we propose the model of generalized security policies. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. In the generalization process of security policies. we first diagnose the security status of monitored networks by analyzing security goals, requirements, and security-related information that security agents collect. Next, we decide the security mechanisms and objects for security policies, and then evaluate the properness of them on the basis of security goals, requirements and a policy list. With the generalization process, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.
Security convergence
Security management
Security through obscurity
Security Testing
Security Policy
Security engineering
Cite
Citations (2)
Security has become the key issue in the development of large-scale information system. Piling security products and security technologies simply rather than functional integration and making full use of these products and technologies will cause resource wasting, and not meet the needs for flexible and diverse security requirements. This paper proposes a security architecture design based on SOA. Firstly, security devices and technologies are decomposed into basic security components which form the basic security service layer. Secondly, various extended security components that make up the extended security service layer are realized based on functional combination and process control. Then security services are provided through these two levels for upper security applications. At last, this paper gives the core architecture design of the security service core for dealing with the scalability bottlenecks in distributed system. The design solves effectively the security of large-scale information system.
Security Testing
Security through obscurity
Security convergence
Cite
Citations (2)
At present on one side the computer networks have been popularized and developed,and on the other side the networks security have been the problem of society and nation. The major part of security information consists carpophore security,operations security,information security and security personnel. It has to make the security laws and regulations,the security manage-mentystems,the security technologies for a push to the computer security.The collection has formed a security matrix.The matrix will assure to complete the missions of the computer security nets.
Security through obscurity
Security Testing
Security convergence
Logical security
Concrete security
Cite
Citations (0)
Service-oriented Architectures (SOA) provide a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. Increased connectivity entails significant higher security risks. To face these risks, a broad range of specifications e.g. WS-Security and WS-Trust has emerged to ensure security in SOA. These specifications are supported by all major Web Service Frameworks and enforced by security modules provided by these frameworks to apply security to ingoing and outgoing messages. In general, a security module is configured declaratively using a security policy e.g. WS-SecurityPolicy that expresses security goals and related configurations. To support a broad range of use cases, these security policy languages offer a variety of settings and options.However, the complexity of security policy languages leads to an error-prone and tedious creation of security policies. To simplify and support the generation of Web Services, we present an architecture for a security advisor in this paper. This security advisor facilitates the configuration of security modules for service-based systems based on a pattern-driven approach that enables the transformation from general security goals to concrete security configurations. Therefore, we will introduce a security pattern system which is used to resolve concrete protocols and security mechanisms at a technical level.
Security through obscurity
Security convergence
Security Testing
Security Policy
Security engineering
Cite
Citations (12)