Towards Enhancing Security in Cloud Storage Environments

Duane Wilson, Johns Hopkins University

Although widely adopted, one of the biggest concerns with cloud computing is how to preserve the security and privacy of client data being processed and/or stored in a cloud computing environment. When it comes to cloud data protection, the methods employed can be very similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. Current research in cloud data protection primarily falls into three main categories: 1) Authentication & Access Control, 2) Encryption, and 3) Intrusion Detection. This thesis examines the various mechanisms that currently exist to protect data being stored in a public cloud computing environment. It also looks at the methods employed to detect intrusions targeting cloud data when and if data protection mechanisms fail. In response to these findings, we present three primary contributions that focus on enhancing the overall security of user data residing in a hosted environment such as the cloud. We first provide an analysis of Cloud Storage vendors that shows how data can be exposed when shared - even in the most ‘secure’ environments. Secondly, we offer Pretty Good Privacy (PGP) as a method of securing data within this environment while enhancing PGP’s Web of Trust validation mechanism using Bitcoin. Lastly, we provide a framework for protecting data exfiltration attempts in Software-as-a-Service (SaaS) Cloud Storage environments using Cyber Deception.

Speaker Biography

Duane Wilson currently possess a B.S. in Computer Science from Claflin University (Thesis: Monitoring and Analysis of Malicious Network Traffic over Uni- versity Networks), a Masters of Engineering in Com- puter Science from Cornell University (Thesis: Design of Analysis Framework for Utilizing Firewall and System Logs as Source for Computer Intrusion Information), a Masters of Science in Information Security from Johns Hopkins University (Thesis: A Discretionary Access Control Method for Preventing Data Exfiltration via Removable Devices). His pursuit and completion of this terminal degree speaks to his passion for making contributions to the Computer Science and Cyber Security Bodies of Knowledge throughout the course of his future career.

Duane has spent over 13 years working in the field of Information Security beginning at the U.S. Army Research Laboratory as a contributing Network Analyst and subsequent Security Tool Researcher/Developer. In his role role as a Sr. Cyber Security Engineer, he focused extensively on: Network Analyst Training, performing Security/Risk Assessments for High Value Infrastructure Components, Security Tool Evaluations, and providing recommendations to enhance the Computer Network De- fense capabilities within the DoD. More recently, he was involved in the development of Advanced Cyber Security processes in the areas of Digital Forensics and Malware Analysis for the Security Operations Center of the Center for Medicare and Medicaid Services (CMS). Additionally, he provided insight into a series of test plans for the Joint Information Environment, operated and managed by the Defense Information Systems Agency. This effort is motivated by the DoDs desire to consolidate disparate data centers throughout the DoD into a Single Security Architecture. Lastly, he has also had the opportunity to serve as a guest lecture at Alabama State University to discuss the topic of Cyber Criminals and develop educational curricula for the MD State Dept of Education.

Starting in November 2015, Duane has been serving as the Director of Cyber Security for Sabre Systems Inc. In this new role, Duane will be responsible for all of the business development activities relating to Cyber across the company. The company will focus on identifying opportunities for sole source work, Small Business Innovative Research initiatives, Broad Agency Announcements and internal research projects to offer to government and commercial clientele. To date, Duane has con- tributed to a 30-yr strategic plan for the Department of the Navy based on Computer Immunology, Submitted proposals on Cyber Deception, Naval Aircraft Risk/Threat Assessments, a Cryptographic Workbench solution, Bitcoin Transaction Blockchain for Privacy Identity Management, and Cyber Resiliency for Industrial Control sys- tems and applications (via Office of Naval Research). Lastly, Duane has published a number of articles in reputable venues through- out his matriculation period at Johns Hopkins University. A Discretionary Access Control Method for Preventing Data Exfiltration (DE) via Removable Devices focuses on host-level protections for thumb drives or external hard drives. In, “To Share or not to Share” in Client-Side Encrypted Clouds, Duane presents his analysis of se-cure cloud storage providers and identifies a major flaw in the design of the sharing methodologies proposed. His last publication, From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain presents an alternative method of validating PGP certificates for using in a hosted environment - such as the cloud. He is currently working on two additional publications: 1) Mitigating Data Exfiltration in Software- as-a-Service Cloud Storage Environments which leverages Cyber Deception concepts as an alternative or augment to traditional data loss and/or encryption methods of protection 2) Deceptive Identities for Cloud Sharing which discusses the possibility of using Cyber Deception to protect user information in the Cloud when information is shared.