Enhanced Data Security in Metadata-Governed Cloud IOT Using Optimized Provenance and Access Control Through MARShield, ThreshGuard and SentinelScheduler

Manual data storage methods on various mobile devices, IoT devices, and traditional computing platforms still lack sufficient security governance due to the absence of a unified security framework. Unlike application controlled environments, manual storage locations such as file systems, removable media, and IoT devices are highly susceptible to unauthorized access, misuse, and exfiltration. To address this problem, the paper proposes a security framework for manual storage systems using metadata, and the proposed framework includes three different algorithms, namely MARShield, ThreshGuard, and SentinelScheduler. These three algorithms operate together to ensure security for manual storage systems. MARShield is used for enforcing immutable metadata, multi-access rights based on tokens, and persistent source tracking by cryptographically securing provenance logs. ThreshGuard, on the other hand, enables the use of adaptive threshold-based misuse regulation and bottleneck-controlled serialized execution. SentinelScheduler optimizes the use of cryptography by incorporating trust-based application profiling and idle-time scheduling for heavy security operations. The proposed methodology is evaluated using a hybrid approach combining real-world datasets (CIC-IoT2023, TON-IoT, Bot-IoT and ISCX VPN non-VPN) and dataset-driven synthetic access pattern generation. Real datasets are used to model realistic IoT traffic behaviors, while additional synthetic scenarios are introduced to evaluate adaptability against evolving and previously unseen attack patterns. Network level features from these datasets are systematically transformed into storage-level access behaviors to evaluate metadata-driven access control. The experimental results indicate improved detection accuracy (94.6%), reduced false positive rate (4.3%), improved misuse control efficiency (92%) and scalability (94%). The proposed methodology for securing manual storage domains is scalable, adaptive, and portable, extending the security of applications and their associated domains.