Running head: SESSION HIJACKING & CLOUD COMPUTING 1
SESSION HIJACKING & CLOUD COMPUTING 20
Preventing Session Hijacking in Cloud Computing
Sasha Melanie
Personal Research Paper
20th October 2015
Abstract
The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing.
TABLE OF CONTENTS
Abstract 2
CHAPTER ONE 5
1.0 INTRODUCTION 5
1.1 Motivation for the study 6
1.2 Premises of the study 7
1.3 Problem Statement 7
1.4 Technical objectives of the study 7
CHAPTER TWO 9
2.0 RELATED WORK 9
2.1 Issues with Cloud Computing 9
2.2 ANALYSIS OF SESSION HIJACKING 9
2.2.1 Cookies: 10
2.2.2 TCP session capturing 10
2.3 PREVENTING SESSION HIJACKING 11
2.3.2 Information encryption programming 11
2.3.3 Virus Detection Applications 12
2.3.4 Digitized Signature 12
2.3.5 Computerized Authentication 13
2.3.6 Firewalls 14
2.3.7 Surf Anonymously 14
CHAPTER THREE 16
3.0 RESEARCH METHODOLOGY AND DESIGN 16
3.1 Introduction 16
3.2 Research Design 16
3.3 Data Collection Instruments 16
3.4 Methods of data Analysis and expected results 17
3.5 Time tables 17
3.6 Conclusion 18
REFERENCES 19
CHAPTER ONE1.0 INTRODUCTION
Enthusiasm towards Cloud processing arrangements is fast developing. Therefore, they have as of now been embraced in diverse situations, for example, person to person communication, business applications, and substance conveyance systems. Distributed computing is the start of a system based figuring over the web that is thought to be the component of two new registering models, the Client-Cloud processing, and the Terminal-Cloud figuring that would make entire eras of users and business (Mell & Grance, 2011). It is additionally the start of another Internet-based administration economy, for example, the Internet-driven, Web-based, on interest, Cloud applications and figuring economy. Bursztein et al., gives a more organized definition, who characterize a Cloud as a " parallel and disseminated framework comprising of an accumulation of interconnected and virtualized PCs that are progressively provisioned and exhibi.
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
Running head SESSION HIJACKING & CLOUD COMPUTING .docx
1. Running head: SESSION HIJACKING & CLOUD COMPUTING
1
SESSION HIJACKING & CLOUD COMPUTING
20
Preventing Session Hijacking in Cloud Computing
Sasha Melanie
Personal Research Paper
20th October 2015
Abstract
The idea of Cloud processing is turning out to be a well-known
concept every passing day particularly in the field of computing
and information technology. It refers to both applications that
are conveyed as administrations over the Internet and also as
resources (software and hardware) in the data centres. With this
kind of advancement, the cloud computing technology raises
many security concerns. There are several vulnerabilities that
come along with cloud computing that may be exploited by
attackers through security threats such as session hijacking.
This paper gives an overview of the cloud as well as session
2. hijacking highlighting the key vulnerability areas that every
organization need to put into consideration before any
implementation of cloud computing. The paper gives the basis
for further research that would help curb the challenge of
session hijacking in cloud computing.
TABLE OF CONTENTS
Abstract 2
CHAPTER ONE 5
1.0 INTRODUCTION 5
1.1 Motivation for the study 6
1.2 Premises of the study 7
1.3 Problem Statement 7
1.4 Technical objectives of the study 7
CHAPTER TWO 9
2.0 RELATED WORK 9
2.1 Issues with Cloud Computing 9
2.2 ANALYSIS OF SESSION HIJACKING 9
2.2.1 Cookies: 10
2.2.2 TCP session capturing 10
2.3 PREVENTING SESSION HIJACKING 11
2.3.2 Information encryption programming 11
2.3.3 Virus Detection Applications 12
2.3.4 Digitized Signature 12
2.3.5 Computerized Authentication 13
2.3.6 Firewalls 14
2.3.7 Surf Anonymously 14
CHAPTER THREE 16
3. 3.0 RESEARCH METHODOLOGY AND DESIGN 16
3.1 Introduction 16
3.2 Research Design 16
3.3 Data Collection Instruments 16
3.4 Methods of data Analysis and expected results 17
3.5 Time tables17
3.6 Conclusion 18
REFERENCES 19
CHAPTER ONE1.0 INTRODUCTION
Enthusiasm towards Cloud processing arrangements is fast
developing. Therefore, they have as of now been embraced in
diverse situations, for example, person to person
communication, business applications, and substance
conveyance systems. Distributed computing is the start of a
system based figuring over the web that is thought to be the
component of two new registering models, the Client-Cloud
processing, and the Terminal-Cloud figuring that would make
entire eras of users and business (Mell & Grance, 2011). It is
additionally the start of another Internet-based administration
economy, for example, the Internet-driven, Web-based, on
interest, Cloud applications and figuring economy. Bursztein et
al., gives a more organized definition, who characterize a Cloud
as a " parallel and disseminated framework comprising of an
accumulation of interconnected and virtualized PCs that are
progressively provisioned and exhibited as one or more bound
together registering assets in light of administration level
assertion". One of the key components describing Cloud
4. figuring is the capacity of conveying both base and
programming as administrations.
There are several security threats that come along with cloud
computing such as session hijacking. The term Session
hijacking stand for the misuse of quickly running session. Now
and then it frequently alludes as a session key, it is utilized to
pick up the unapproved increase to a framework or adventure
administrations in the PC. At the point when an enchantment
treat that is utilized to verify the client to the server is stolen
and utilized for the unapproved handbag is alluded as session
seizing. By and large it applies to the web designers, as HTTP
cookies are utilized to keep up the session on a website can be
effectively stolen by an aggressor or the assailant can use by
obtaining entrance to the PC where he can locate the shared
cookies (Dacosta et al., 2012).1.1 Motivation for the study
Distributed computing has based on industry improvements
leveraging so as to the date from the 1980s outsourced
framework administrations, facilitated applications and
programming as an administration (Mell & Grance, 2011). In all
parts, the systems utilized are not unique. In total, it is
something altogether different. The distinctions give both
advantages and issues to the association coordinating with the
cloud. The expansion of versatility and pay-as-you-go to this
accumulation of advances makes distributed computing
convincing to Chief Information Officers (CIO’s) in
organizations of all sizes.
Cloud combination presents interesting difficulties to
occurrence handlers and additionally to those in charge of
getting ready and arranging the agreement for cloud
administrations. The difficulties are further entangled when
there is a predominant observation that the cloud coordination is
"inside the security Edge, or the association has been expressed
in composed that an assertion required the supplier to be
protected, this must be adequate (ComPUtING, 2011).
This kind of intuition may be innocent at the same time,
shockingly, it is not uncommon. The cloud supplier may have a
5. lot of implicit securities or they may not. Whether they do or
not, episode taking care of Incident Handling (IH) groups will
in the long run face occurrences identified with the joining,
requiring getting ready for taking care of occurrences in this
new environment (Dinh et al., 2013).
The effects of cloud mix warrant a watchful examination by an
association before execution. A presentation of a troublesome
innovation, for example, distributed computing can make both
definition and documentation of administrations, approaches,
and techniques hazy in a given domain. Therefore, there is the
need for any organization to understand clearly cloud computing
and everything it entails to have a secure implementation that is
free from attacks. 1.2 Premises of the study
This study gives an overview of cloud computing and discuss
what security on Cloud computing means. It also discusses what
session hijacking is and the ways in which it can be mitigated
and eliminated. Furthermore, the study makes it easy for the
reader to understand what the benefits and vulnerabilities of
moving toward Cloud computing are. It is additionally surely
known that comprehensive danger and security control is not
prescribed by all Cloud figuring usage. The level of control
ought to dependably rely on upon former assessment. Be that as
it may, there are still part of open examination territories on
enhancing Cloud processing security, some of those are;
Forensics and confirmation gathering components, asset
segregation instruments and interoperability between cloud
suppliers.1.3 Problem Statement
Distributed computing is the rising innovation that empower
clients to get to their assets on-interest premise. These assets
can be got to through the web. It is accentuation on the pay per
use idea. Numerous organizations have begun moving towards
cloud advancement and give administrations to the vast volume
of clients. It offers clients with moment accessibility,
adaptability and sharing of assets. In any case, there are
bunches of obstacles and obstructions in the reception of cloud
are security and protection issues. At the point when the
6. ventures or people store their information on to the cloud, it
must be shielded from unapproved clients/programmers getting
to their information. It represents a noteworthy security
challenge regarding the information since the capacity area of
information is not known not. So keeping the information
sheltered and securing the information protection is one of the
key testing exploration meets expectations in distributed
computing 1.4 Technical objectives of the study
The research objectives of the study are:
i. To evaluate the concept of cloud computing the security
issues associated with it.
ii. To find out what session hijacking in cloud computing
means
iii. To evaluate how session hijacking attack happens
iv. To examine detection and the prevention techniques of
session hijacking attack
CHAPTER TWO2.0 RELATED WORK2.1 Issues with Cloud
Computing
Currently, cloud computing presents a genuine worry with
information being concentrated outside the control of
organizations. Touchy information will now be under the
control of an outsider, and as indicated by a few specialists this
is a consistent issue and some vibe that this is most likely going
7. to be the end of secret records administration (Zissis & Lekkas,
2012). With regards to the divulgence arrangements, a few
individuals don't know where to take a stand and intentionally
or unconsciously impart key data and to information out on the
outside space that worry turns out to be considerably more
basic. With everything open through the web, business will be
reliant on the system and the administration supplier's base.
Business will stop if the system/web is down. As showed by
Zissis & Lekkas, right now in the IT world when there is the
need to investigate an issue, one point of preference to support
us is that the application logs and the database are inside of the
premises of the undertaking. With the movement of the cloud,
this perspective will be lost and in this way uncommon bolster
or contract tying needs will arrive between the administration
supplier and the business for e-disclosure. With business
delicate inward information being kept up by the merchant the
reliance on the seller's one of a kind Application Program
Interface (API) and exclusive interfaces could make a
conceivable lock-in with the merchant. On the off chance that
under some situation the business is disappointed with the
merchant, moving to another seller implies information should
be reformatted and changed over which can be tedious and
costly (Feng et al., 2011).2.2 ANALYSIS OF SESSION
HIJACKING
The most widely used method of following a client login state is
using cookies. The procedure is very basic, go to a page and
enter the login id and secret key. In the event that the data gave
the right, the following reaction is like a treat that interestingly
distinguishes a specific client. So as to check the login
qualifications, cookies checked for every page of the site, and it
confirms your creativity by being in place until you sign out
(Bharti et al., 2013).2.2.1 Cookies:
At the point when the client runs a machine, the machine stores
a little content record that is called as cookies. Cookies are
plain content; they don't contain any executable codes. A site
page or disjoin teaches a specific program to store the data and
8. sent it back at whatever point there is a solicitation taking into
account certain tenets. Lion's share of locales recognizes the
clients by these treats. A client login state is finished by
utilizing cookies. The procedure is very straightforward, go to a
page and enter the login id and secret word. In the event that the
data gave the right, the following reaction is like a cookie that
exceptionally recognizes a specific client. With a particular
final objective to find out the login capabilities, cookies are
checked for every page of the site, and it confirms your
creativity by being in place until you sign out (Bursztein et al.,
2012).2.2.2 TCP session capturing
In the TCP session capturing, the assailant assumes control over
the TCP session between the two PCs. As the vast majority of
the verification is done at the beginning of the session, this
permits the programmer to increase over the machines. One of
the regular techniques utilized is source-steered of IP parcels. It
is by and large centre in the centre sort of assault, where a
programmer a point B catches the discussion between the A and
C by urging the bundles to go through the assailant’s computer
(Oti & Hayfron, 2014).
Despite the fact that the source directing is killed, the aggressor
can utilize a technique called visually impaired capturing,
where the assailant tries to figure the reaction between the two
machines. On the off chance that he is fruitful, then the
programmer sends an order yet he can never see the reaction yet
however a typical summon is similar to the secret word, which
permits to access from some other spot in the system Subashini
& Kavitha, (2011). One of the reasons for such an assault is to
bring about the disavowal of administration assault toward one
side point with the goal that it won't react. This assault can
drive the machine to crash, or it can constrain the system
association for overwhelming bundle misfortune.2.3
PREVENTING SESSION HIJACKING2.3.2 Information
encryption programming
The Internet as said before keeps running on intermediary
servers and through host servers. The intermediary servers serve
9. as the centre for application benefits that permit an assortment
of conventions, for example, Telnet, SMTP, FTP, and HTTP and
so forth to exchange data (Oti & Hayfron, 2014). Host servers
then again utilize these administrations, however, are not
associated specifically with different servers. In case, there is
any intermediary server application, the customer associated
with the intermediary server that starts the association with the
outer server. Sometimes relying upon the sort of intermediary
server utilized, the inner customers can perform redirection
without the client being mindful of it. The intermediary server
then starts the association through determined organization.
This keeps the clients from being assaulted by outside servers
as intermediary servers require validation before access is
conceded. The entrance control list convention must be
overhauled before the client or framework is permitted to have
entry to the system. More advanced intermediary servers called
Application Layer Gateways, or ALGs can further improve
security by designing and blocking subsections of conventions.
For instance, an ALG for FTP can permit "get" order and forbid
"put" summon so that the clients can't put any records on the
remote server. This kind of shifting of charges is successful
when contrasted with the host servers that just has the ability of
the completely permit server to communicate with different
servers/clients or thoroughly deny the administration (Bharti et
al., 2013).2.3.3 Virus Detection Applications
Now and again one peruses of vindictive bugs and infections
like Melissa and Love Bug that keep running in email script and
focus on the clients by entering their frameworks and wreck
programs and so forth. A reason bugs and infections effortlessly
get to clients' framework is because of the way that these
objective Microsoft items, for example, Internet Explorer and
Outlook Express The most well-known interface among buyer
IE is helpless against assaults as well as being focused by
culprits. The viewpoint, for instance, is a powerless instrument
as it naturally opens email as read when a client taps on another
email. Thus, the infection is activated notwithstanding when the
10. client endeavors to erase the spontaneous email by tapping on it
(Broad, 2013). Broad additionally asserts that "The shots of a
PC infection getting to your framework may be under 1% or
more prominent than 10% relying upon where you surf, who
sends you email connections, and so forth., yet in the end an
infection will draw near to you- - if not really pulverize
information and consequently deny you of hours of diligent
work." For this reason, there is more explanation behind taking
prudent measures for infection assaults.
To detect and mitigate threats, Broad prescribes clients to
introduce an in number programming that is hostile enough to
prevent infections. Moreover, the client additionally has the
decision of utilizing Netscape as an interface and Eudora for
email perusing. These items, however, may not bolster the
greater part of the administrations that Microsoft brings to the
table yet they keep infections from assaulting the entire
framework. Eudora, for instance, is a sheltered email program
and can be utilized to control spontaneous messages also.2.3.4
Digitized Signature
The critical part of the computerized correspondence is that the
Internet does not offer secure transmission. Online email
sessions particularly are being hacked, and messages read o a
general premise. Programmers can sniff open sessions and get
passwords in content structure; they may hack into corporate
records through checking apparatuses for producing passwords
secured email accounts and so on. To neutralize these occasions
of security rupture, advanced marks have been made through
Public Key Infrastructure or PKI (Wedman et al., 2013). The
PKI is essentially an advanced information transmission device
for secure Internet communication. The PKI depends on
encryption involving keys to ensure the computerized data. The
trustworthiness and classification of the computerized data are
guaranteed as it is just available for the planned collector. The
sender has an open key that can use to encode a message; the
message is then sent to the collector. The collector as a private
key that he can use to unscramble the data. The PKI is affirmed,
11. issued and oversaw by neighbourhood accreditation power. Like
this just the sender, recipient, and the confirmation power can
have admittance to the data being sent. Today there are different
sorts of PKI and oversaw by a large group of confirmation
houses. As per Wedman (2013), in spite of the positive side of
PKI, the innovation is not without pitfalls of its own. One is
that the PKI accreditation is not a proof that data won't be
gotten to by outside clients. Rather it only ensures that the
organization that issues the PKI will secure the keys issued to
the clients. A large group of PKI organizations, for example,
RSA Security, Entrust, and Verisign have ended up and declare
themselves as advanced affirmation powers though this has not
been recognized by the administration or any official substance
(Broad, 2013). Therefore, there are some enterprises that don't
completely hold onto PKI as they realize that the freeware form
of the apparatuses are accessible to everybody, and it is hard to
prevent assailants from formulating approaches to go into the
accreditation center point and get to keys information.2.3.5
Computerized Authentication
Computerized authentications are a standout amongst the most
utilized security strategies. They are given by outside
accreditation power that checks the candidate's character and
creates authentication for lawful exchanges. The authentications
guarantee that the electronic message, for example, charge card
data and other individual points of interest are not altered amid
transmission on the Internet. The computerized marks depend
on encryption calculation for scrambling and unscrambling of
the same. The two most normal security conventions in
computerized accreditation are SSL (secure attachments layer)
by Netscape and SET (secure electronic exchange) by Visa
International. These have been created to guarantee that charge
card clients' security when they are exchanging on the web. The
SET uses computerized declarations to recognize the purchaser,
server and shipper bank. In such manner the SET
representative's open key cryptography to secure the messages
(Valacich & Schneider, 2014)2.3.6 Firewalls
12. Firewalls essentially work on multilevel security by first raising
a boundary between the system that is the private system and
the Internet. The firewall then screens the activity with
particular attributes and permit it to go through entryways to the
client machine. At the point when an advanced movement does
not agree to the firewall criteria, then the data can't go through
the passages in this manner avoiding unapproved activity, for
example, infections and bugs from going into the PC. The most
imperative piece of building a firewall is setting criteria for
parcels to have an entry or denied at the portals. Contingent
upon the way of the activity system managers can set up the
sorts firewalls (Broad, 2013)2.3.7 Surf Anonymously
As indicated by Wedman et al., (2013) clients can maintain a
strategic distance from assailants by surfing secretly. Surfers
tend to client either IE or Netscape for their skimming reason.
These programs not just are most regularly utilized they are
additionally powerless against online aggressors. For instance,
they may give out data that are put away as Cookies or get to be
held up in the machine's store. Individual data, for example,
passwords, information shared, mailing records or Mastercard
data, and so on stays open to the aggressors the length of the
client is online and not logged out of the site. Correspondingly,
sites dispatch mystery projects to publicize or keep an eye on
client exercises called Fries that get to be stopped into the
program. These are intended to peruse keystrokes and logged
for publicizing utilization.
13. CHAPTER THREE3.0 RESEARCH METHODOLOGY AND
DESIGN3.1 Introduction
This part depicts the examination technique that was utilized in
doing the study; it also contains the target population, and the
sampling design, test of reliability and validity, data collection
procedures and data analysis.3.2 Research Design
According to Takhar & Ghorbani, (2015), a research design is a
master plan/framework or blueprint specifying the strategies
and techniques for gathering and investigating the required data.
The study will receive illustrative exploration outline. This kind
of exploration configuration reports things the way they are and
endeavours to depict such things as could reasonably be
expected conduct, mentalities, qualities, and attributes. This
exploration design will also be suitable because it will be
concerned with describing the characteristics of particular
individual or group of individuals. The study will be aimed at
describing the state of affairs as it is and, therefore, consider
the descriptive research design to be the most appropriate for
this study. As asserted by Takhar & Ghorbani, (2015), a
descriptive study tries to discover answers to who, what, when,
where, and sometimes how questions.3.3 Data Collection
Instruments
The research will focus on data sources such as institution
library, online educational libraries, peer-reviewed articles
books and journals also available online. The justification for
the use of online sources is that they are economical to use in
terms of time and money. They also permit a greater depth of
response.3.4 Methods of data Analysis and expected results
Data collected from all the sources will be edited and coded for
analysis. It will be analyzed quantitatively and qualitatively.
Quantitative information will be investigated through the
utilization of elucidating measurements .charts, tables, and
14. percentages for data representation. The qualitative information
will be dissected through substance investigation. It is normal
that the data collected from the different sources will be
analyzed and interpreted making it easily understood by the
reader. The outcomes of this analysis are expected to teach the
reader on cloud computing and session hijacking as well as the
best ways of ensuring security in cloud computing.3.5 Time
tables
DESCRIPTION
START DATE
DURATION (days)
END DATE
Research topics of interest
01-Dec-14
90
01-Mar-15
Develop research questions and aims
04-Mar-15
8
11-Mar
Reading on literature review
13-Mar-15
22
03-Apr-15
Write up proposal
05-Apr-15
29
03-May-15
Submit research proposal
05-May-15
22
26-May-15
Continue lit review and data collection
15-Jun-15
36
20-Jul-15
15. Analyse collected data from lit review
27-Jul-15
8
03-Aug-15
Write up lit review, methodology, and analysis
10-Aug-15
18
27-Aug-15
Write up conclusion, introduction and discussion
31-Aug-15
8
07-Jul-15
Send sample pages to supervisor
14-Sep-15
11
24-Sep-15
Write up the reflection and action plan paper
28-Sep-15
8
05-Oct-15
Proof read of dissertation and binding
12-Oct-15
8
19-Oct-15
Hand in dissertation
20-Oct-15
1
20-Oct-15
3.6 Conclusion
Distributed computing can be seen as a subset of framework
processing as they have the same advances and keep up the key
ideas of the newly disseminated figuring worldview. It can offer
practicality, conveying moment IT system base to new clients in
any possible division. Rather than spending significant
measures of cash and time building up a fresh out of the plastic
new system, clients can 'module' to a current cloud framework
16. and be up and running immediately. Also, Cloud figuring offers
the possibility to retrieve topographical hindrances to convey
processing energy to groups that beforehand did not have
practical access. For instance, through satellite broadband
associations, remote third world areas can as of now get
entrance to first world centralized computers. Everything they
need is to be outfitted with ease essential portable PC
equipment.
This innovation offers colossal open doors and is prone to
change profoundly the way individuals utilize the Internet in the
coming years. By adding to a general reception system, or
essentially simply perceiving the significance of the more
extensive variables specified above, clients and associations can
lessen the potential dangers, for example, session capturing and
guarantee they get the most extreme conceivable advantage
from their adventure into the cloud. The study above has
unmistakably explained the powerlessness issue of session
capturing and the routes in which people and association can
work day and night to execute productive yet secure
appropriated processing advances. Nonetheless, it ought to be
noticed that distributed computing is a constantly advancing
idea, and more research should be done on methods for
improving the security prerequisites for its foundation and
additional methods for conquering the security risk of session
capturing REFERENCES
Bursztein, E., Soman, C., Boneh, D., & Mitchell, J. C. (2012,
April). Sessionjuggler: secure web login from an untrusted
terminal using session hijacking. In Proceedings of the 21st
international conference on World Wide Web (pp. 321-330).
ACM.
Bharti, A. K., Goyal, M., & Chaudhary, M. (2013). A Review
on Detection of Session Hijacking and Ip Spoofing.
International Journal of Advanced Research in Computer
Science, 4(9).
Broad, J. (2013). Risk Management Framework: A Lab-Based
Approach to Securing Information Systems. Newnes.
17. ComPUtING, C. (2011). Cloud computing privacy concerns on
our doorstep. Communications of the ACM, 54(1).
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey
of mobile cloud computing: architecture, applications, and
approaches. Wireless communications and mobile computing,
13(18), 1587-1611.
Dacosta, I., Chakradeo, S., Ahamad, M., & Traynor, P. (2012).
One-time cookies: Preventing session hijacking attacks with
stateless authentication tokens. ACM Transactions on Internet
Technology (TOIT), 12(1), 1.
Feng, D. G., Zhang, M., Zhang, Y., & Xu, Z. (2011). Study on
cloud computing security. Journal of software, 22(1), 71-83.
http://searchmidmarketsecurity.techtarget.com/tip/Defending-
against-Firesheep-How-to-prevent-a-session-hijacking-attack.
Mell, P., & Grance, T. (2011). The NIST definition of cloud
computing.
Oti, S. B., & Hayfron-Acquah, J. B. (2014). Practical Security
Approaches against Border Gateway Protocol (BGP) Session
Hijacking Attacks between Autonomous Systems. Journal of
Computer and Communications, 2014.
Subashini, S., & Kavitha, V. (2011). A survey on security issues
in service delivery models of cloud computing. Journal of
network and computer applications, 34(1), 1-11.
Takhar-Lail, A., & Ghorbani, A. (2015). Market Research
Methodologies: Multi-Method and Qualitative.
Wedman, S., Tetmeyer, A., & Saiedian, H. (2013). An analytical
study of web application session management mechanisms and
HTTP session hijacking attacks. Information Security Journal:
A Global Perspective, 22(2), 55-67.
Valacich, J., & Schneider, C. (2014). Information Systems
Today: Managing in the Digital World with MyITLab. Policy
Statement.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing
security issues. Future Generation computer systems, 28(3),
583-592.