• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.6
• /
• pp.2050-2077
• /
• 2015

One of the major issues in emerging cloud management system needs the efficient service level agreement negotiation framework, with an optimal negotiation strategy. Most researchers focus mainly on the atomic service negotiation model, with the assistance of the Agent Controller in the broker part to reduce the total negotiation time, and communication overhead to some extent. This research focuses mainly on composite service negotiation, to further minimize both the total negotiation time and communication overhead through the pre-request optimization of broker strategy. The main objective of this research work is to introduce an Automated Dynamic Service Level Agreement Negotiation Framework (ADSLANF), which consists of an Intelligent Third-party Broker for composite service negotiation between the consumer and the service provider. A broker consists of an Intelligent Third-party Broker Agent, Agent Controller and Additional Agent Controller for managing and controlling its negotiation strategy. The Intelligent third-party broker agent manages the composite service by assigning its atomic services to multiple Agent Controllers. Using the Additional Agent Controllers, the Agent Controllers manage the concurrent negotiation with multiple service providers. In this process, the total negotiation time value is reduced partially. Further, the negotiation strategy is optimized in two stages, viz., Classified Similarity Matching (CSM) approach, and the Truncated Negotiation Group Gale Shapely Stable Matching (TNGGSSM) approach, to minimize the communication overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1259-1266
• /
• 2013

Nowadays, the databases are getting larger and larger. As the company has difficulty in managing the database, they want to outsource the database to the cloud system. In this case the database security is more important because their database is managed by the cloud service provider. Among database security techniques, the encryption method is a well-certified and established technology for protecting sensitive data. However, once encrypted, the data can no longer be easily queried. The performance of the database depends on how to encrypt the sensitive data, and on the approach for searching, and the retrieval efficiency that is implemented. In this paper we propose the new suitable mechanism to encrypt the database and lookup process on the encrypted database under control of the cloud service provider. This database encryption algorithm uses the bloom filter with the variable keyword based index. Finally, we demonstrate that the proposed algorithm should be useful for database encryption related research and application activities.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.3
• /
• pp.29-36
• /
• 2016

In cloud storages, as security of stored files and privacy of users become regarded as important concerns, secure cloud storages have been proposed, where stored files are encrypted with file owner's password and even the cloud service provider can not open the file contents. However, if the file owner forgets one's password, one can no longer access the file. To solve this problem, we propose a scheme for changing password for the secure cloud based on proxy re-encryption, which make the file owner enable to change password even when one forgets it. With the proposed scheme, only the file owner can change the password and re-encrypt the files securely because other user and even the service provider can not see the file contents.

• Korea Information Processing Society Review
• /
• v.17 no.2
• /
• pp.18-29
• /
• 2010

In this paper, we surveyed SSO based security management including the knowledge domain of the area of cloud and its relevant components. Cloud computing refers to the delivery of software and other technology services over the Internet by a service provider. SSO refers to the ability to log on to a single security system once, rather than logging on separately to multiple security systems. Existing SSO solutions in cloud computing environment suggest several methods. SSO-based security Issues illustrate these key items in cloud computing environment such as risks and security vulnerabilities of SSO. SSO supports for multiple and different domains in cloud computing environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.585-586
• /
• 2017

BASMATI 플랫폼은 모바일 사용자 및 어플리케이션을 위한 지역간 클라우드 인프라 연동을 지원하는 시스템이다. 이를 위해 BASMATI 플랫폼은 모바일 사용자를 지원하는 서버 어플리케이션을 이종 클라우드 연동 환경에서 설치하고 제어할 수 있어야 한다. BASMATI 애플리케이션 컨트롤러(Application Controller)는 Application Service Provider(ASP)가 실행하고자 한느 서버 애플리케이션의 생명주기를 관리하고 서비스수준협약(Service Level Agreement, SLA) 위반을 탐지하여 애플리케이션의 재전개(Redeployment)를 포함한 SLA 위반 처리를 수행한다. 본 논문에서는 BASMATI의 애플리케이션 제어기의 요구사항과 그 설계에 대하여 기술한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.251-265
• /
• 2013

Cloud computing provided as a service type by sharing IT resources cannot be activated unless the issue of information security is solved. The enterprise attempts to maximize the efficiency of information and communication resources by introducing cloud computing services. In comparison to the United States and Japan, however, cloud computing service in korea has not been activated because of a lack of confidence in the security. This paper suggests core evaluation criteria and added evaluation criteria which is removed the redundancy of the security controls from existing ISMS for Korean cloud computing through a comparative analysis between domestic and foreign security controls of cloud certification scheme and guidelines and information security management system. A cloud service provider certified ISMS can minimize redundant and unnecessary certification assessment work by considering added evaluation criteria.

• Journal of Korea Multimedia Society
• /
• v.21 no.8
• /
• pp.909-916
• /
• 2018

Cloud storage services have many advantages. As a result, the amount of data stored in the storage of the cloud service provider is increasing rapidly. This increase in demand forces cloud storage providers to apply deduplication technology for efficient use of storages. However, deduplication technology has inherent security and privacy concerns. Several schemes have been proposed to solve these problems, but there are still some vulnerabilities to well-known attacks on deduplication techniques. In this paper, we examine some of the existing schemes and analyze their security weaknesses.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.9
• /
• pp.2056-2063
• /
• 2015

Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.73-78
• /
• 2012

The appearance and evolution of cloud service is potentially one of the major advances in information and communication technology. However, it is necessary to identify and understand the various issues of cloud service, both from the perspectives of the providers and the consumers of it. While a lot of studies such as cloud business model, profit model and technology itself are currently taking place in cloud service considering provider's aspects, there are a few researches dealing with cloud service user's aspects. This paper presents the user behavior analysis focused on SaaS users and discusses the development strategy of SaaS service based on the results of user behavior analysis. In order to analyze the user behavior, we surveyed SaaS users divided into two groups such as present and future user groups. Eventually, we proposed the SaaS prospects, development strategy and policy issues based on user behavior analysis.