Detalhes bibliográficos
| Ano de defesa: |
2018 |
| Autor(a) principal: |
Carvalho, Carlos André Batista de |
| Orientador(a): |
Não Informado pela instituição |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Tese
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
eng |
| Instituição de defesa: |
Não Informado pela instituição
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: |
|
| Link de acesso: |
http://www.repositorio.ufc.br/handle/riufc/48100
|
Resumo: |
A cloud storage service implements security mechanisms to protect user data. Due to the customer needs and existing threats, the secure data sharing is a key issue highlighted in the literature. Moreover, due to the loss of control over the cloud infrastructure, it is essential to design security mechanisms that focus on the trust and transparency of the cloud services. The confidentiality, integrity, freshness and write-serializability are the security properties analyzed in this research. Usually, auditing and monitoring mechanisms are used to detect violations of security properties. However, an analysis of the literature reveals attacks that are not identified by existing solutions. Although a broker has been used to enable a real-time detection, it is necessary to identify collusion attacks resulted from malicious actions of this broker. The detection of integrity violations has not been properly addressed, ignoring the violations that result from the writing transactions performed by revoked users. Similarly, the reading by revoked users implies in confidentiality violations that must also be detected. Last, the verification of write-serializability violations should be effective, identifying properly the violation’s scenarios. Therefore, a secure storage service for cloud computing, called SCUDO, is proposed in this thesis to address these issues, improving the violation detection while allowing the data sharing. The detection of violations is based on the log of the performed transactions that is signed for purposes of non-repudiation. The evaluation of SCUDO is performed based on a formal model using Colored Petri Nets (CPNs) and a prototype deployed in a cloud infrastructure. The results show that the provider cannot deny a violation and attacks are detected as soon as possible, reducing the damage of an attack. Then, the security mechanisms at SCUDO can allow the provider and the broker to ensure security properties and show evidence that they are honest. |
