Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Chen, Yen-Chung; * | Wu, Yu-Sung | Tzeng, Wen-Guey
Affiliations: Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan. E-mails: yenchung@cs.nctu.edu.tw, ysw@cs.nctu.edu.tw, wgtzeng@cs.nctu.edu.tw
Correspondence: [*] Corresponding author. E-mail: yenchung@cs.nctu.edu.tw.
Abstract: Cloud-based security services become popular in protection against security attacks for resource-constrained end-user devices. With abundant hardware at the cloud and strong support by security professionals, cloud-based security services can provide better protection than traditional security monitoring agents. However, security services usually involve the inspection of private system states or user behavior, which should not be disclosed to an untrusted entity, such as a cloud service provider. Maintaining end-user privacy and allowing security services to work on the cloud seem contradictory. In this paper, we present a framework for building privacy-preserving cloud-based security services. The framework consists of an architecture for building cloud-based security services and a technique, called private signature filtering, to preserve end-user privacy. The framework supports security monitoring signatures whose correspondence with end-user device queries can be established through conjunction of keywords and numeric value ranges. The framework also allows a trusted middle layer to do a part of the security monitoring computation for the end-user device to reduce the computation overhead on the end-user device. We implement two prototype systems for the cloud-based network intrusion service and the cloud-based malicious URL detection service, to verify effectiveness of our design. The experimental results show that the framework can indeed ensure end-user privacy with acceptable performance overhead in a practical cloud-based security service setting.
Keywords: Cloud computing, privacy-preserving, private signature filtering, mobile device
DOI: 10.3233/JCS-140520
Journal: Journal of Computer Security, vol. 22, no. 6, pp. 997-1024, 2014
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl