We had the pleasure of picking brains of Dr. Victor Chang from Xi’an Jiaotong-Liverpool University, Suzhou, China, a keynote speaker at SPNCE 2016, The First EAI International Conference on Security and Privacy in New Computing Environments, currently going on in Guangzhou, China. The topic of security of cloud computing is a rich one and we are thrilled to have received a hollistic perspective from Dr. Chang. Enjoy!
Could you summarize the scope of your current work and what you are coming to share with everyone at SPNCE 2016?
My keynote is to discuss the journey that lead to the development of Cloud Computing Adoption Framework (CCAF), a security service and solution suitable for business clouds. CCAF multi-layered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This keynote presents the vision, related works, industrial requirements and views on security framework.
Core technologies can be explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multi-layered security. In penetration testing, CCAF multi-layered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 hours of continuous attack. Detection and blocking took < 0.012 second/trojan or virus. A full CCAF multi-layered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multi-layered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use to know how long recovery should be complete.
The mechanism of blending of CCAF multi-layered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multi-layered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud. There are also two case studies presented in this keynote to audience a view that CCAF has strong support of use cases. I am very delighted to share my experience delivering CCAF security with everyone at SPNCE 2016.
What do you see as the biggest future challenges for digital security and privacy?
First, the biggest future challenge include, how to manage millions of data stored and processed in the cloud, as well as payment transactions for goods and services all over the world and to keep them safe and well-protected in real time. With an increasing volume, velocity, variety and veracity involved in data security, the complexity and interdependency will require more effort, planning, system design, system implementation and tests to validate the improved security solutions.
Second, privacy to maintain our activities as safe and anonymous remains huge since what we do online can reveal information to a certain extent. All services should double check the users’ identities and verification with security questions or security token numbers, so that users can feel safe and trusted with services without revealing anything sensitive to outsiders. All services should detect any phishing sites and techniques and then inactive them immediately.
Third, hacking techniques and virus development have been ongoing and tends to be steps ahead of security solutions. Current security solutions should also have techniques to enhance anti-hacking and attacks. All the new security products, services and solutions should always undergo series of tests to demonstrate full robustness against different types of attacks and this ethical hacking techniques should always be regularly updated.
What would you say are the main trends in this area currently?
There are currently several main trends. The first area is fusion between Internet of Things (IoT) and Big Data, and increased security requirements for integrated services. All security solutions and technologies, regardless of identity management, firewall, encryption and intrusion detection and prevention, will need to improve their overall level of security measures, sensitivity and robustness.
The second area is the improvement in any anti-hacking techniques that have been tied with intelligent algorithms to detect hacking patterns, and also the ability to concurrently update signature databases, network security databases containing zombie and suspected IPs, tracing sources of origins that spread viruses and launch attacks.
The third area is the smart phone security blending location privacy, identity management, biometric security, anti-phishing attacks and building up a reliable online surveillance network. So when any “abnormal” activities or transactions have taken place, the online surveillance network can detect and retrieve all the information, which can be checked by the trust third-party payment companies, banks, mobile service providers and police.
Finally, it will be the combination of the above three areas so that zillions of pieces of data and millions of zettabytes of data can be safe and protected.
Your keynote is centred around security of cloud and big data solutions. Do you think that businesses and organizations will ever start migrating to cloud en masse? The security concerns are still huge at the moment.
Definitely. There are many services hosted in the Cloud and all the data have been saved, archived and stored at different parts of the Cloud. The use of smart phones that connect to apps and services make the user experience seamless from selection of goods/services to payment, from the delivery of services to the experience of using those services happened on weekly and daily basis for customers, users and decision-makers. The mass collection of data, apart from understanding the implications of analysis and prediction of customer interests, the requirements to meet security challenges always become higher and need stringent rules, guidelines and tests to enhance robustness and validity of security solutions. The presented CCAF service provide business cloud and big data solutions for academia and industry with valid use cases.
Innovative methods, techniques and services will be implemented and blended together with biometrics security, location privacy, identity management, encryption, access control and network security to enhance overall security. Although there is a long road ahead, some services are making breakthrough. This includes Alipay, a secure third party payment vendor. Each day billions of transactions happen in China and security can be jointly managed by each user’s fingerprints authentication (based on minimum collection of the same finger prints for 20 times), password authentication, encryption, user verification and the follow up of PCI-DSS information security standards. The challenge in the near future is to closely monitor zillions of transaction records and data of goods/services in and out of the Cloud on the daily basis and a mechanism to provide a non-hacking but safe platform to order, deliver, use, and innovate services.