The Experts below are selected from a list of 14859 Experts worldwide ranked by ideXlab platform
Bamiah, Mervat Adib - One of the best experts on this subject based on the ideXlab platform.
-
Trusted cloud computing framework in critical industrial application
2015Co-Authors: Bamiah, Mervat AdibAbstract:Cloud computing facilitates instant online unlimited access to data and computing resources, ubiquitously and pervasively through its various service delivery and deployment models. Despite the significant advantages of cloud computing, still there are concerns regarding Security, Privacy and Trust (SPT) that resulted from consumers’ loss of control over their confidential data since they outsource it to cloud with no knowledge of storage location or who is accessing and maintaining it. This raises the risks of insider and outsider threats besides the data breach and misuse. A Trusted Cloud Computing Framework (TCCF) is designed to overcome these SPT concerns. TCCF proposes the use of Trusted Computing Group (TCG) technologies including, Trusted Platform Module (TPM), Virtual Trusted Platform Module (VTPM), Self-Encrypting Drives (SEDs), Trusted Network Connect (TNC) and Trusted Software Stack (TSS) to initiate a Trusted cloud computing platform. In addition, a Multi-Factor Authentication Single Sign on Role Base Access Control (MFA-SSO-RBAC) prototype was developed using a strict security controls. Furthermore, an additional context for cloud Service Level Agreement (SLA) was proposed to support the framework and to ensure the trustworthiness of the cloud computing services to be adopted in critical information industries specifically healthcare sector. TCCF was evaluated by developing a prototype, comprehensive comparison with previous work, compliance with standards and a survey from cloud computing, healthcare and IT security experts. Feedbacks of experts were satisfactory and they agreed with 94% on the overall security techniques used to secure the TCCF three layers. The evaluation proves that TCCF assists in optimizing the trust on cloud computing to be adopted in healthcare sector for best practices
-
Trusted cloud computing framework for healthcare sector
'Science Publications', 2014Co-Authors: Bamiah, Mervat Adib, Brohi, Sarfraz Nawaz, Chuprat Suriayati, Ab. Manan, Jamalul LailAbstract:Cloud computing is rapidly evolving due to its efficient characteristics such as cost-effectiveness, availability and elasticity. Healthcare organizations and consumers lose control when they outsource their sensitive data and computing resources to a third party Cloud Service Provider (CSP), which may raise security and privacy concerns related to data loss and misuse appealing threats. Lack of consumers' knowledge about their data storage location may lead to violating rules and regulations of Health Insurance Portability and Accountability Act (HIPAA) that can cost them huge penalty. Fear of data breach by internal or external hackers may decrease consumers' trust in adopting cloud computing and benefiting from its promising features. We designed a HealthcareTrusted Cloud Computing (HTCC) framework that maintains security, privacy and considers HIPAA regulations. HTCC framework deploys Trusted Computing Group (TCG) technologies such as Trusted Platform Module (TPM), Trusted Software Stack (TSS), virtual Trusted Platform Module (vTPM), Trusted Network Connect (TNC) and Self Encrypting Drives (SEDs). We emphasize on using strong multi-factor authentication access control mechanisms and strict security controls, as well as encryption for data at storage, in-transit and while process. We contributed in customizing a cloud Service Level Agreement (SLA) by considering healthcare requirements. HTCC was evaluated by comparing with previous researchers' work and conducting survey from experts. Results were satisfactory and showed acceptance of the framework. We aim that our proposed framework will assist in optimizing trust on cloud computing to be adopted in healthcare sector
Guojun Wang - One of the best experts on this subject based on the ideXlab platform.
-
cssp the consortium blockchain model for improving the trustworthiness of Network software services
Ubiquitous Computing, 2017Co-Authors: Lei Zhou, Guojun Wang, Tongshuai Cui, Xiaofei XingAbstract:UnTrusted Computing in cloud is the main obstacle to promote cloud computing services, even users get an initial Trusted execution environment, the events of dynamic software deployment are easy to cause a risk of compromised system. TTP and ACS are the common strategies to reach an agreement of valid application list and operations, however, extra entity should be added into the origin Network and the reliability of system rely on the trust operation of third party.,,,, ,,,, Consider this Network computing model, the directly remote controlled security strategy is lacking for terminal users, while the security of user computing applications are controlled by its resources owner like cloud manager which might be not Trusted in whole time. In this paper, we address this problem and propose a consortium blockchain based cleanroom security service protocol (CSSP), to track the deployment and usage of the user's software in a secure and tamper-resistant measure, to prevent running of error or illegal software in user computing environment. Unlike the traditional methods, CSSP is a two side protocol: service provider and user computing node, which reduce the redundant safety hazards nodes and its invalidation problem. Consortium Blockchain is an effectively method to reduce the energy consumption and keep the software service protocol between the manager and the user in safety state. The security analysis and evaluation shows that the approach has major potential in Trusted Network computing system and provide a higher secure level environment for users.
-
understanding graph based trust evaluation in online social Networks methodologies and challenges
ACM Computing Surveys, 2016Co-Authors: Wenjun Jiang, Guojun Wang, Zakirul Alam BhuiyanAbstract:Online Social Networks (OSNs) are becoming a popular method of meeting people and keeping in touch with friends. OSNs resort to trust evaluation models and algorithms to improve service quality and enhance user experiences. Much research has been done to evaluate trust and predict the trustworthiness of a target, usually from the view of a source. Graph-based approaches make up a major portion of the existing works, in which the trust value is calculated through a Trusted graph (or Trusted Network, web of trust, or multiple trust chains). In this article, we focus on graph-based trust evaluation models in OSNs, particularly in the computer science literature. We first summarize the features of OSNs and the properties of trust. Then we comparatively review two categories of graph-simplification-based and graph-analogy-based approaches and discuss their individual problems and challenges. We also analyze the common challenges of all graph-based models. To provide an integrated view of trust evaluation, we conduct a brief review of its pre- and postprocesses (i.e., the preparation and validation of trust models, including information collection, performance evaluation, and related applications). Finally, we identify some open challenges that all trust models are facing.
Xiaofei Xing - One of the best experts on this subject based on the ideXlab platform.
-
cssp the consortium blockchain model for improving the trustworthiness of Network software services
Ubiquitous Computing, 2017Co-Authors: Lei Zhou, Guojun Wang, Tongshuai Cui, Xiaofei XingAbstract:UnTrusted Computing in cloud is the main obstacle to promote cloud computing services, even users get an initial Trusted execution environment, the events of dynamic software deployment are easy to cause a risk of compromised system. TTP and ACS are the common strategies to reach an agreement of valid application list and operations, however, extra entity should be added into the origin Network and the reliability of system rely on the trust operation of third party.,,,, ,,,, Consider this Network computing model, the directly remote controlled security strategy is lacking for terminal users, while the security of user computing applications are controlled by its resources owner like cloud manager which might be not Trusted in whole time. In this paper, we address this problem and propose a consortium blockchain based cleanroom security service protocol (CSSP), to track the deployment and usage of the user's software in a secure and tamper-resistant measure, to prevent running of error or illegal software in user computing environment. Unlike the traditional methods, CSSP is a two side protocol: service provider and user computing node, which reduce the redundant safety hazards nodes and its invalidation problem. Consortium Blockchain is an effectively method to reduce the energy consumption and keep the software service protocol between the manager and the user in safety state. The security analysis and evaluation shows that the approach has major potential in Trusted Network computing system and provide a higher secure level environment for users.
Zakirul Alam Bhuiyan - One of the best experts on this subject based on the ideXlab platform.
-
understanding graph based trust evaluation in online social Networks methodologies and challenges
ACM Computing Surveys, 2016Co-Authors: Wenjun Jiang, Guojun Wang, Zakirul Alam BhuiyanAbstract:Online Social Networks (OSNs) are becoming a popular method of meeting people and keeping in touch with friends. OSNs resort to trust evaluation models and algorithms to improve service quality and enhance user experiences. Much research has been done to evaluate trust and predict the trustworthiness of a target, usually from the view of a source. Graph-based approaches make up a major portion of the existing works, in which the trust value is calculated through a Trusted graph (or Trusted Network, web of trust, or multiple trust chains). In this article, we focus on graph-based trust evaluation models in OSNs, particularly in the computer science literature. We first summarize the features of OSNs and the properties of trust. Then we comparatively review two categories of graph-simplification-based and graph-analogy-based approaches and discuss their individual problems and challenges. We also analyze the common challenges of all graph-based models. To provide an integrated view of trust evaluation, we conduct a brief review of its pre- and postprocesses (i.e., the preparation and validation of trust models, including information collection, performance evaluation, and related applications). Finally, we identify some open challenges that all trust models are facing.
Wanlei Zhou - One of the best experts on this subject based on the ideXlab platform.
-
generating regular expression signatures for Network traffic classification in Trusted Network management
Journal of Network and Computer Applications, 2012Co-Authors: Yu Wang, Yang Xiang, Wanlei ZhouAbstract:Network traffic classification is a critical foundation for Trusted Network management and security systems. Matching application signatures in traffic payload is widely considered to be the most reliable classifying method. However, deriving accurate and efficient signatures for various applications is not a trivial task, for which current practice is mostly manual thus error-prone and of low efficiency. In this paper, we tackle the problem of automatic signature generation. In particular, we focus on generating regular expression signatures with a certain subset of standard syntax rules, which are of sufficient expressive power and compatible with most practical systems. We propose a novel approach that takes as input a labeled training data set and produces a set of signatures for matching the application classes presented in the data. The approach involves four procedures: pre-processing to extract application session payload, tokenization to find common substrings and incorporate position constraints, multiple sequence alignment to find common subsequences, and signature construction to transform the results into regular expressions. A real life full payload traffic trace is used to evaluate the proposed system, and signatures for a range of applications are automatically derived. The results indicate that the signatures are of high quality, and exhibit low false negatives and false positives.
