Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Online randomization strategies to obfuscate user behavioral patterns
Tapiador J., Hernandez-Castro J., Peris-Lopez P. Journal of Network and Systems Management20 (4):561-578,2012.Type:Article
Date Reviewed: Jan 23 2013

For both corporate and individual users, cloud computing is becoming the de facto computing platform. Applications reside in the cloud. Data is stored in the cloud. Everything is in the cloud. Accompanying this are the security and privacy problems faced by all cloud users. How do we know that our data is secure in the cloud? Many of these concerns can be solved by encrypting the data before storing it in the cloud.

However, there is one thing that cannot be encrypted: the sequence of actions or commands executed by cloud users when accessing cloud applications or data. Though it is unclear whether knowing these traces could result in harm to cloud users, it is still undesirable, to say the least, that your actions in the cloud might be monitored and recorded for later use.

This paper studies this problem and proposes online action randomization algorithms to mitigate it. Basically, the algorithms insert pseudo and random actions into the traces to make them unintelligible. The authors propose several algorithms and analyze their performance.

The actions studied in this paper are assumed to all be the same. In reality, each action has different attributes. Actions could also have, for example, sequential relations, timing relations, and position relations. These relations make the insertion of phony actions more difficult, and make the detection of these false actions easier for bad guys.

Reviewer:  R. S. Chang Review #: CR140861 (1304-0307)
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (C.2.0 ... )
 
 
Cloud Computing (C.2.4 ... )
 
 
Random Number Generation (G.3 ... )
 
 
Distributed Systems (C.2.4 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy