الفهرس 
OverviewOnly 14 pages are availabe for public view
 |  | from | 205 |  |  |
| | | from | 205 | | |
Abstract
Cloud computing is an emerging paradigm that delivers a large pool of
virtual, on-demand and dynamically scalable resources to users via Internet
technologies, following the notion of pay-as-you-go. Examples of these
resources include computational power, storage capabilities, hardware
platforms and applications. The key advantages of cloud computing are
immense flexibility and monetary savings through minimization of
infrastructure and software investments as well as management and
maintenance costs. Besides popular cloud infrastructure and platform
providers, such as Amazon, Google, and Microsoft, there are many cloud
storage providers which offer more accessible and user friendly data storage
services to cloud customers. Examples of these services include Dropbox,
SkyDrive, Box.net, Zoho, Ubuntu One or Apple iCloud.
Along with the widespread interest on cloud computing, however,
there are still concerns that hinder the proliferation and the adoption of cloud
services. One of the main concerns is data security in cloud storage
environments. Numerous research problems belonging to the cloud storage
security have been studied intensively before. However, addressing the three
dimensions of outsourced data security (i.e., confidentiality, integrity and
availability) as a cloud service is still a challenge in cloud storage. As there
is always a tradeoff between maintaining security and obtaining efficiency,
it is difficult but nevertheless essential to explore how to efficiently address
security challenges over dynamic cloud data.
iii
The thesis first addresses the security requirements for cloud storage
as identified from the literature, given the difficulty that data are no longer
locally possessed by data owners. Then it aims to design an integrated
Security-as-a-Service model for data storage in the cloud that provides
authentication, access control, auditing and data management services. We
propose a new keystroke authentication system for verifying the identity of
cloud users. The proposed keystroke authentication system removes
redundant or irrelevant features from the large scale keystroke dynamics by
combining different feature selection methods and different fusion rules
which, in turn, achieve higher authentication accuracy and performance.
Moreover, it eliminates the tradeoff between the authentication accuracy and
the elapsed time of the verification process by clustering the user profile
templates in the keystroke dataset.
Then, a dynamic access control system is proposed to ensure data
confidentiality in cloud computing. The proposed access control system
supports automatic user role assignments so that it relieves the data owner
from the online and computational burdens of user role assignment
processes, especially for large scale systems with a huge number of users
and continuously changing user role policies. Additionally, the proposed
access control system tackles the key escrow and key management problems
in a decentralized cloud environment by defining roles in a hierarchy and
supporting key delegation.
Finally, a public auditing system is proposed to delegate the integrity
verification of outsourced data in the cloud storage to a third party auditor.
The proposed auditing system is privacy preserving so that keeps the data
confidential/invisible to the auditor during the auditing process. Moreover, a data management system is proposed to support data dynamics for replicated
and single-copy data files with variable sized blocks on the cloud storage.
So, the proposed system supports updates with a size that is not restricted by
the size of file blocks. It thereby offers extra flexibility and scalability
compared to existing systems. To address the efficiency problem in
verifying variable-size updates for cloud storage with multiple replicas, the
proposed system incorporates a new authenticated data structure, namely
Modified Rank based Authenticated Skip List (MRASL). The proposed
MRASL supports verification of all dynamic data replicas at once. It thereby
reduces the computation and communication costs. Moreover, the proposed
auditing system supports efficient data recovery to repair the corrupted data
in the case of single copy data files. Additionally, the proposed auditing
system supports batch auditing where multiple auditing tasks with different
data files can be performed simultaneously. Extensive experiments and
performance analysis demonstrate the effectiveness and efficiency of the
proposed model.