This document summarizes a systematic mapping study of publications related to security, trust, and privacy in cloud computing. The study categorized publications based on topic (e.g. privacy issues), contribution (e.g. models), and type of research (e.g. evaluation research). The results showed the most publications were on privacy issues and challenges, with frameworks and techniques also common topics. Shortcomings in cloud security, trust, and privacy research areas were identified to motivate further work. In under 3 sentences, this summary provides the objective, methodology, and high-level findings of the systematic mapping study described in the document.
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
ABSTRACT : Currently, cloud-based application is so very famous, but preserving the confidentiality of the user’s data is a huge task to accomplish. Keeping this need in mind, here a solution is proposed which will preserve the data confidentiality & integrity in cloud environment. For providing data confidentiality we will use AES algorithms, by virtue of which the secret data will be converted to cipher text and it becomes very difficult for the user to get the meaningful plain text. Here the basic emphasis is also on the data integrity so that the user’s data can’t be duplicated or copied.Keywords:Data Confidentiality, Data Integrity, AES algorithm
This document discusses the risks, countermeasures, costs and benefits of cloud computing. It identifies key risks like cyberattacks, lack of data location control, complex trust boundaries that make investigations difficult, and privacy issues. It recommends solutions like well-defined policies, service level agreements, continuous risk assessments, encryption, and guidance from NIST. While cloud computing offers cost savings and flexibility, users are ultimately responsible for security and must approach cloud adoption with care given its immature nature and risks.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.
A Data Sharing Protocol to Minimize Security and Privacy Risks in Cloud Storageijtsrd
Data contribution in the cloud is a procedure so as to allow users to expediently right of entry information in excess of the cloud. The information holder outsources their data in the cloud due to cost lessening and the huge amenities provided by cloud services. Information holder is not able to manage over their information, since cloud examination contributor is a third party contributor. The main disaster with data partaking in the cloud is the seclusion and safety measures issues. Different techniques are obtainable to sustain user seclusion and protected data sharing. This paper focal point on different schemes to contract by means of protected data partaking such as information contribution with forward security, protected information partaking for energetic groups, quality based information partaking, encrypted data sharing and mutual influence Based Privacy Preserving verification set of rules for right to use manage of outsourced information. S. Nandhini Devi | Mr. S. Rajarajan "A Data Sharing Protocol to Minimize Security and Privacy Risks in Cloud Storage" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29345.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/29345/a-data-sharing-protocol-to-minimize-security-and-privacy-risks-in-cloud-storage/s-nandhini-devi
Abstract: Cloud computing model are obtaining ubiquitous authorization due to the heterogeneous convenience they provide. Although, the
security & privacy problems are the main considerable encumbrance holding back the universal adoption of this new emerging technology.
Various researches are concentrated on enhancing the security on Software as well as Hardware levels on the cloud. But these interpretations do
not mainly furnish the complete security way and therefore the data security compute (measure) are still kept under the access control of service
provider. Trusted Computing is another research concept. In actuality, these furnish a set of tools controlled by the third party technologies to
secure the Virtual Machines from the cloud computing providers. These approaches provides the tools to its consumers to assess and monitor the
aspects of security their data, they don’t allocate the cloud consumers with high control capability. While as the new emerging DCS approach
aims to provide the security of data owners of their data. But the DCS approach concept is elucidate in many ways and there is not a
standardized framework of cloud computing environment model for applying this approach.
Secure Data Sharing In an Untrusted CloudIJERA Editor
Cloud computing is a huge area which basically provides many services on the basis of pay as you go. One of the fundamental services provided by cloud is data storage. Cloud provides cost efficiency and an efficient solution for sharing resource among cloud users. A secure and efficient data sharing scheme for groups in cloud is not an easy task. On one hand customers are not ready to share their identity but on other hand want to enjoy the cost efficiency provided by the cloud. It needs to provide identity privacy, multiple owner and dynamic data sharing without getting effected by the number of cloud users revoked. In this paper, any member of a group can completely enjoy the data storing and sharing services by the cloud. A secure data sharing scheme for dynamic cloud users is proposed in this paper. For which it uses group signature and dynamic broadcast encryption techniques such that any user in a group can share the information in a secured manner. Additionally the permission option is proposed for the security reasons. This means the file access permissions are generated by the admin and given to the user using Role Based Access Control (RBA) algorithm. The file access permissions are read, write and delete. In this, owner can provide files with options and accepts the users using that option. The revocation of cloud user is a function generated by the Admin for security purpose. The encryption computational cost and storage overhead is not dependent on the number of users revoked. We analyze the security by proofs and produce the cloud efficiency report using cloudsim.
This is a common fact nowadays to use the external third party resources for data storage and sharing among
multiple personnel of the same organization or different organizations. Such external resources are collectively
known as Cloud Computing resources. Cloud Computing resources save time, cost and efforts required to
manage the huge data of organizations. Due to the rapid growth of using cloud services in many organizations
or individuals, there are many concerns resulted. The major concerns are data sharing, security and efficiency.
Since from last 15 years, there are number of solutions and researches were conducted and applied. Data
sharing both single user and multi-user in Cloud Computing, and hence it is required that data sharing is
strongly secured, number of recent cryptography base methods such as Identity Based Encryption or Attributed
Based Encryption are designed for secure data sharing among multiple users. All the recent methods have some
limitations and advantages. This paper addresses the current research problems of data security and privacy
preserving in cloud servers. The study was presented over different methods of cloud data security and their
comparative analysis first. At we discussed the research limitations of those methods.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
ABSTRACT : Currently, cloud-based application is so very famous, but preserving the confidentiality of the user’s data is a huge task to accomplish. Keeping this need in mind, here a solution is proposed which will preserve the data confidentiality & integrity in cloud environment. For providing data confidentiality we will use AES algorithms, by virtue of which the secret data will be converted to cipher text and it becomes very difficult for the user to get the meaningful plain text. Here the basic emphasis is also on the data integrity so that the user’s data can’t be duplicated or copied.Keywords:Data Confidentiality, Data Integrity, AES algorithm
This document discusses the risks, countermeasures, costs and benefits of cloud computing. It identifies key risks like cyberattacks, lack of data location control, complex trust boundaries that make investigations difficult, and privacy issues. It recommends solutions like well-defined policies, service level agreements, continuous risk assessments, encryption, and guidance from NIST. While cloud computing offers cost savings and flexibility, users are ultimately responsible for security and must approach cloud adoption with care given its immature nature and risks.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.
A Data Sharing Protocol to Minimize Security and Privacy Risks in Cloud Storageijtsrd
Data contribution in the cloud is a procedure so as to allow users to expediently right of entry information in excess of the cloud. The information holder outsources their data in the cloud due to cost lessening and the huge amenities provided by cloud services. Information holder is not able to manage over their information, since cloud examination contributor is a third party contributor. The main disaster with data partaking in the cloud is the seclusion and safety measures issues. Different techniques are obtainable to sustain user seclusion and protected data sharing. This paper focal point on different schemes to contract by means of protected data partaking such as information contribution with forward security, protected information partaking for energetic groups, quality based information partaking, encrypted data sharing and mutual influence Based Privacy Preserving verification set of rules for right to use manage of outsourced information. S. Nandhini Devi | Mr. S. Rajarajan "A Data Sharing Protocol to Minimize Security and Privacy Risks in Cloud Storage" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29345.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/29345/a-data-sharing-protocol-to-minimize-security-and-privacy-risks-in-cloud-storage/s-nandhini-devi
Abstract: Cloud computing model are obtaining ubiquitous authorization due to the heterogeneous convenience they provide. Although, the
security & privacy problems are the main considerable encumbrance holding back the universal adoption of this new emerging technology.
Various researches are concentrated on enhancing the security on Software as well as Hardware levels on the cloud. But these interpretations do
not mainly furnish the complete security way and therefore the data security compute (measure) are still kept under the access control of service
provider. Trusted Computing is another research concept. In actuality, these furnish a set of tools controlled by the third party technologies to
secure the Virtual Machines from the cloud computing providers. These approaches provides the tools to its consumers to assess and monitor the
aspects of security their data, they don’t allocate the cloud consumers with high control capability. While as the new emerging DCS approach
aims to provide the security of data owners of their data. But the DCS approach concept is elucidate in many ways and there is not a
standardized framework of cloud computing environment model for applying this approach.
Secure Data Sharing In an Untrusted CloudIJERA Editor
Cloud computing is a huge area which basically provides many services on the basis of pay as you go. One of the fundamental services provided by cloud is data storage. Cloud provides cost efficiency and an efficient solution for sharing resource among cloud users. A secure and efficient data sharing scheme for groups in cloud is not an easy task. On one hand customers are not ready to share their identity but on other hand want to enjoy the cost efficiency provided by the cloud. It needs to provide identity privacy, multiple owner and dynamic data sharing without getting effected by the number of cloud users revoked. In this paper, any member of a group can completely enjoy the data storing and sharing services by the cloud. A secure data sharing scheme for dynamic cloud users is proposed in this paper. For which it uses group signature and dynamic broadcast encryption techniques such that any user in a group can share the information in a secured manner. Additionally the permission option is proposed for the security reasons. This means the file access permissions are generated by the admin and given to the user using Role Based Access Control (RBA) algorithm. The file access permissions are read, write and delete. In this, owner can provide files with options and accepts the users using that option. The revocation of cloud user is a function generated by the Admin for security purpose. The encryption computational cost and storage overhead is not dependent on the number of users revoked. We analyze the security by proofs and produce the cloud efficiency report using cloudsim.
This is a common fact nowadays to use the external third party resources for data storage and sharing among
multiple personnel of the same organization or different organizations. Such external resources are collectively
known as Cloud Computing resources. Cloud Computing resources save time, cost and efforts required to
manage the huge data of organizations. Due to the rapid growth of using cloud services in many organizations
or individuals, there are many concerns resulted. The major concerns are data sharing, security and efficiency.
Since from last 15 years, there are number of solutions and researches were conducted and applied. Data
sharing both single user and multi-user in Cloud Computing, and hence it is required that data sharing is
strongly secured, number of recent cryptography base methods such as Identity Based Encryption or Attributed
Based Encryption are designed for secure data sharing among multiple users. All the recent methods have some
limitations and advantages. This paper addresses the current research problems of data security and privacy
preserving in cloud servers. The study was presented over different methods of cloud data security and their
comparative analysis first. At we discussed the research limitations of those methods.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The document proposes a decentralized access control and anonymous authentication scheme for secure data storage in clouds. The scheme allows users to store and modify data in the cloud while remaining anonymous. Only authorized users with valid attributes can access the stored data. The scheme is decentralized, with multiple key distribution centers managing user attributes and keys. It also addresses user revocation and is resilient to replay attacks from revoked users.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
This document proposes a novel framework for dependable cloud computing. It discusses security risks associated with cloud computing including vulnerabilities, accessibility issues, authentication, data tampering and privacy concerns. The framework aims to address these issues by involving all stakeholders to securely store and transfer encrypted data between private clouds and cloud service providers. An encryption system was designed using Java programming to encrypt and decrypt data in transit to test the dependability of stored and transferred data from the cloud. The goal is to improve security techniques and build trust in cloud computing by preventing and detecting security flaws.
A Security Model for Virtual Infrastructure in the CloudEditor IJCATR
1) The document proposes a new security model called the cloud protection system for virtual infrastructure in cloud computing.
2) The model aims to increase security in the cloud by more accurately monitoring virtual machines and cloud infrastructure components to detect threats like denial of service attacks.
3) The key components of the proposed model include monitoring core cloud components and middleware, detecting any unauthorized changes, and prioritizing packet processing to avoid dropping important packets during denial of service attacks.
The document summarizes various technologies used for cloud computing security. It discusses three main methods: data splitting, data anonymization, and cryptographic techniques.
Data splitting involves separating confidential data into fragments that are stored in different locations. Data anonymization irreversibly hides data to protect sensitive information while still allowing analysis. Cryptographic techniques like encryption can be used to encrypt data before outsourcing, but limit cloud capabilities unless advanced encryption methods are used.
The document compares the advantages and disadvantages of each method for security, overhead, functionality, and key criteria. It provides an overview of approaches for maintaining data security in cloud computing.
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
This document discusses encryption techniques for securing data in cloud computing environments. It begins with an introduction to cloud deployment models (public, private, hybrid, community) and service models (IaaS, PaaS, SaaS). It then addresses security concerns with cloud computing including data theft, incomplete data uploads, and lack of notification about infrastructure changes. The document proposes encrypting data before uploading it to cloud servers using algorithms like AES to protect data even if stolen. It reviews older encryption techniques like the Caesar cipher and argues stronger algorithms are needed for cloud security.
This is a common fact nowadays to use the external third party resources for data storage and
sharing among multiple personnel of the same organization or different organizations. Such external
resources are collectively known as Cloud Computing resources. Cloud Computing resources save
time, cost and efforts required to manage the huge data of organizations. Due to the rapid growth of
using cloud services in many organizations or individuals, there are many concerns resulted. The
major concerns are data sharing, security and efficiency. Since from last 15 years, there are number
of solutions and researches were conducted and applied. Data sharing both single user and multi-user
in Cloud Computing, and hence it is required that data sharing is strongly secured, number of recent
cryptography base methods such as Identity Based Encryption or Attributed Based Encryption are
designed for secure data sharing among multiple users. All the recent methods have some limitations
and advantages. This paper addresses the current research problems of data security and privacy
preserving in cloud servers. The study was presented over different methods of cloud data security
and their comparative analysis first. At we discussed the research limitations of those methods.
The document proposes a framework to improve security for digital libraries in cloud environments. It discusses security issues when storing data in clouds, including confidentiality, integrity, and availability. The proposed model aims to provide multi-level security for information in clouds and resistance against various attacks. It covers threats like unauthorized access, session hijacking, denial of service attacks, and cross-site scripting. The goal is to present a solution to prevent security threats and hackers on digital library systems using cloud computing.
This document discusses security and privacy issues related to cloud computing. It begins by defining cloud computing and describing the four broad categories of cloud services: IaaS, PaaS, DSaaS, and SaaS. It then discusses general security issues faced by both cloud service providers and consumers. Specific issues are organized by governance domain, operational domain, and computer network domain for providers, and by governance, architecture, identity and access management, and availability for consumers. The document also summarizes security challenges related to each type of cloud service and issues regarding virtualization and legal concerns in cloud computing.
Anonymous Key Based Secure File Encryption in CloudIRJET Journal
This document proposes a new system for secure file encryption and sharing in the cloud. It aims to address security issues with sharing data in social media. The key aspects of the proposed system are:
1. It creates separate databases for individual users and a local server to securely store user keys for encryption/decryption.
2. Files are encrypted using triple DES before being stored in the cloud to prevent unauthorized access.
3. A user can share files with others by providing encryption keys through the local server.
4. When a file is shared, a temporary server decrypts and re-encrypts the file with the recipient's key for added security.
The system aims to improve data security when
IRJET- A Data Sharing Protocol to Minimize Security and Privacy Risks in Clou...IRJET Journal
This document discusses a data sharing protocol to minimize security and privacy risks in cloud storage using steganography techniques. It proposes a method that limits trust in a third party/server by delegating some operational loads to the third party while still ensuring data confidentiality. The method uses a layer encryption approach where the data owner performs lower layer encryption and the third party performs top layer encryption. This keeps control over operations with the data owner and helps maintain confidentiality. Steganography is also discussed as a technique to hide secret data within a cover image or file to provide security for data transmission and sharing over the internet.
Encryption based multi user manner secured data sharing and storing in cloudprjpublications
This summary provides the key details from the document in 3 sentences:
The document proposes a secure multi-owner data sharing scheme for dynamic groups in cloud computing. The scheme allows any user in a group to securely store and share data files with others through the untrusted cloud. It uses techniques like group signature and dynamic broadcast encryption to provide anonymous access control while enabling the group manager to trace real identities when needed, and allows efficient user revocation and participation of new users.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
https://jst.org.in/index.html
Our Journals has a act as vehicles for the dissemination of knowledge, making research findings accessible to a wide audience. This accessibility is vital for the progress of education, as it allows students, educators, and professionals to stay informed about the latest developments in their respective fields.
Despite the severe and great inherited profits of Mobile Cloud Computing (MCC) in healthcare, its boom is being hindered with the aid of using privateers and protection challenges. Such problems require the utmost urgent interest to realize their complete scale and green usage. There is a want for stable health information geographically. To completely make use of the fitness services, it's far important to install vicinity the demanded protection practices for the prevention of protection breaches and vulnerabilities. Hence, this research is deliberated directly to offer requirement-orientated fitness statistics protection the use of the Modular Encryption Standard (MES) primarily established totally at the layered modeling of the safety measures. The overall performance evaluation shows that the proposed paintings excel, in comparison to different usually used algorithms towards the fitness information security on the MCC surroundings in phrases of higher overall performance and auxiliary qualitative protection ensuring measures.
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Cloud computing technology security and trust challengesijsptm
A let of exclusive features such as high functionality and low cost have made cloud computing a valuable
technology. These remarkable features give users and companies, countless opportunities to reach their
goals spending minimum cost and time. Looking at the literature of this technology, it can be claimed that
the main concerns of the users of cloud are security issues especially trust. Unfortunately these concerns
have not been tackled yet. Therefore we decided to introduce a useful and functioned way to create more
trust among consumers to use this technology .In this paper we suggest the foundation of an international
certification institute for the service providing companies in order to increase trust and enhance likeliness
of using this new and valuable technology among people. Practicality of the technology will improve it and
will make its security better by providers.
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...AJASTJournal
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined
The document proposes a decentralized access control and anonymous authentication scheme for secure data storage in clouds. The scheme allows users to store and modify data in the cloud while remaining anonymous. Only authorized users with valid attributes can access the stored data. The scheme is decentralized, with multiple key distribution centers managing user attributes and keys. It also addresses user revocation and is resilient to replay attacks from revoked users.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
This document proposes a novel framework for dependable cloud computing. It discusses security risks associated with cloud computing including vulnerabilities, accessibility issues, authentication, data tampering and privacy concerns. The framework aims to address these issues by involving all stakeholders to securely store and transfer encrypted data between private clouds and cloud service providers. An encryption system was designed using Java programming to encrypt and decrypt data in transit to test the dependability of stored and transferred data from the cloud. The goal is to improve security techniques and build trust in cloud computing by preventing and detecting security flaws.
A Security Model for Virtual Infrastructure in the CloudEditor IJCATR
1) The document proposes a new security model called the cloud protection system for virtual infrastructure in cloud computing.
2) The model aims to increase security in the cloud by more accurately monitoring virtual machines and cloud infrastructure components to detect threats like denial of service attacks.
3) The key components of the proposed model include monitoring core cloud components and middleware, detecting any unauthorized changes, and prioritizing packet processing to avoid dropping important packets during denial of service attacks.
The document summarizes various technologies used for cloud computing security. It discusses three main methods: data splitting, data anonymization, and cryptographic techniques.
Data splitting involves separating confidential data into fragments that are stored in different locations. Data anonymization irreversibly hides data to protect sensitive information while still allowing analysis. Cryptographic techniques like encryption can be used to encrypt data before outsourcing, but limit cloud capabilities unless advanced encryption methods are used.
The document compares the advantages and disadvantages of each method for security, overhead, functionality, and key criteria. It provides an overview of approaches for maintaining data security in cloud computing.
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
This document discusses encryption techniques for securing data in cloud computing environments. It begins with an introduction to cloud deployment models (public, private, hybrid, community) and service models (IaaS, PaaS, SaaS). It then addresses security concerns with cloud computing including data theft, incomplete data uploads, and lack of notification about infrastructure changes. The document proposes encrypting data before uploading it to cloud servers using algorithms like AES to protect data even if stolen. It reviews older encryption techniques like the Caesar cipher and argues stronger algorithms are needed for cloud security.
This is a common fact nowadays to use the external third party resources for data storage and
sharing among multiple personnel of the same organization or different organizations. Such external
resources are collectively known as Cloud Computing resources. Cloud Computing resources save
time, cost and efforts required to manage the huge data of organizations. Due to the rapid growth of
using cloud services in many organizations or individuals, there are many concerns resulted. The
major concerns are data sharing, security and efficiency. Since from last 15 years, there are number
of solutions and researches were conducted and applied. Data sharing both single user and multi-user
in Cloud Computing, and hence it is required that data sharing is strongly secured, number of recent
cryptography base methods such as Identity Based Encryption or Attributed Based Encryption are
designed for secure data sharing among multiple users. All the recent methods have some limitations
and advantages. This paper addresses the current research problems of data security and privacy
preserving in cloud servers. The study was presented over different methods of cloud data security
and their comparative analysis first. At we discussed the research limitations of those methods.
The document proposes a framework to improve security for digital libraries in cloud environments. It discusses security issues when storing data in clouds, including confidentiality, integrity, and availability. The proposed model aims to provide multi-level security for information in clouds and resistance against various attacks. It covers threats like unauthorized access, session hijacking, denial of service attacks, and cross-site scripting. The goal is to present a solution to prevent security threats and hackers on digital library systems using cloud computing.
This document discusses security and privacy issues related to cloud computing. It begins by defining cloud computing and describing the four broad categories of cloud services: IaaS, PaaS, DSaaS, and SaaS. It then discusses general security issues faced by both cloud service providers and consumers. Specific issues are organized by governance domain, operational domain, and computer network domain for providers, and by governance, architecture, identity and access management, and availability for consumers. The document also summarizes security challenges related to each type of cloud service and issues regarding virtualization and legal concerns in cloud computing.
Anonymous Key Based Secure File Encryption in CloudIRJET Journal
This document proposes a new system for secure file encryption and sharing in the cloud. It aims to address security issues with sharing data in social media. The key aspects of the proposed system are:
1. It creates separate databases for individual users and a local server to securely store user keys for encryption/decryption.
2. Files are encrypted using triple DES before being stored in the cloud to prevent unauthorized access.
3. A user can share files with others by providing encryption keys through the local server.
4. When a file is shared, a temporary server decrypts and re-encrypts the file with the recipient's key for added security.
The system aims to improve data security when
IRJET- A Data Sharing Protocol to Minimize Security and Privacy Risks in Clou...IRJET Journal
This document discusses a data sharing protocol to minimize security and privacy risks in cloud storage using steganography techniques. It proposes a method that limits trust in a third party/server by delegating some operational loads to the third party while still ensuring data confidentiality. The method uses a layer encryption approach where the data owner performs lower layer encryption and the third party performs top layer encryption. This keeps control over operations with the data owner and helps maintain confidentiality. Steganography is also discussed as a technique to hide secret data within a cover image or file to provide security for data transmission and sharing over the internet.
Encryption based multi user manner secured data sharing and storing in cloudprjpublications
This summary provides the key details from the document in 3 sentences:
The document proposes a secure multi-owner data sharing scheme for dynamic groups in cloud computing. The scheme allows any user in a group to securely store and share data files with others through the untrusted cloud. It uses techniques like group signature and dynamic broadcast encryption to provide anonymous access control while enabling the group manager to trace real identities when needed, and allows efficient user revocation and participation of new users.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
https://jst.org.in/index.html
Our Journals has a act as vehicles for the dissemination of knowledge, making research findings accessible to a wide audience. This accessibility is vital for the progress of education, as it allows students, educators, and professionals to stay informed about the latest developments in their respective fields.
Despite the severe and great inherited profits of Mobile Cloud Computing (MCC) in healthcare, its boom is being hindered with the aid of using privateers and protection challenges. Such problems require the utmost urgent interest to realize their complete scale and green usage. There is a want for stable health information geographically. To completely make use of the fitness services, it's far important to install vicinity the demanded protection practices for the prevention of protection breaches and vulnerabilities. Hence, this research is deliberated directly to offer requirement-orientated fitness statistics protection the use of the Modular Encryption Standard (MES) primarily established totally at the layered modeling of the safety measures. The overall performance evaluation shows that the proposed paintings excel, in comparison to different usually used algorithms towards the fitness information security on the MCC surroundings in phrases of higher overall performance and auxiliary qualitative protection ensuring measures.
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Cloud computing technology security and trust challengesijsptm
A let of exclusive features such as high functionality and low cost have made cloud computing a valuable
technology. These remarkable features give users and companies, countless opportunities to reach their
goals spending minimum cost and time. Looking at the literature of this technology, it can be claimed that
the main concerns of the users of cloud are security issues especially trust. Unfortunately these concerns
have not been tackled yet. Therefore we decided to introduce a useful and functioned way to create more
trust among consumers to use this technology .In this paper we suggest the foundation of an international
certification institute for the service providing companies in order to increase trust and enhance likeliness
of using this new and valuable technology among people. Practicality of the technology will improve it and
will make its security better by providers.
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...AJASTJournal
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined.
Information Sciences 305 (2015) 357–383Contents lists availa.docxvickeryr87
Information Sciences 305 (2015) 357–383
Contents lists available at ScienceDirect
Information Sciences
journal homepage: www.elsevier .com/locate / ins
Security in cloud computing: Opportunities and challenges
http://dx.doi.org/10.1016/j.ins.2015.01.025
0020-0255/� 2015 Elsevier Inc. All rights reserved.
⇑ Corresponding author.
E-mail addresses: [email protected] (M. Ali), [email protected] (S.U. Khan), [email protected] (A.V. Vasilakos).
Mazhar Ali a,c,⇑, Samee U. Khan a, Athanasios V. Vasilakos b
a North Dakota State University, USA
b Kuwait University, Kuwait
c COMSATS Institute of Information Technology, Abbottabad, Pakistan
a r t i c l e i n f o
Article history:
Received 5 September 2014
Received in revised form 28 January 2015
Accepted 29 January 2015
Available online 7 February 2015
Keywords:
Cloud computing
Multi-tenancy
Security
Virtualization
Web services
a b s t r a c t
The cloud computing exhibits, remarkable potential to provide cost effective, easy to man-
age, elastic, and powerful resources on the fly, over the Internet. The cloud computing,
upsurges the capabilities of the hardware resources by optimal and shared utilization.
The above mentioned features encourage the organizations and individual users to shift
their applications and services to the cloud. Even the critical infrastructure, for example,
power generation and distribution plants are being migrated to the cloud computing
paradigm. However, the services provided by third-party cloud service providers entail
additional security threats. The migration of user’s assets (data, applications, etc.) outside
the administrative control in a shared environment where numerous users are collocated
escalates the security concerns. This survey details the security issues that arise due to the
very nature of cloud computing. Moreover, the survey presents the recent solutions pre-
sented in the literature to counter the security issues. Furthermore, a brief view of security
vulnerabilities in the mobile cloud computing are also highlighted. In the end, the discus-
sion on the open issues and future research directions is also presented.
� 2015 Elsevier Inc. All rights reserved.
1. Introduction
Since its inception, the cloud computing paradigm has gained the widespread popularity in the industry and academia
[88]. The economical, scalable, expedient, ubiquitous, and on-demand access to shared resources are some of the character-
istics of the cloud that have resulted in shifting the business processes to the cloud [25,2]. The cloud computing attracts the
attention of research community due to its potential to provide tremendous benefits to the industry and the community
[9,88]. The resources are provided to the users and released based on demands from the pool of shared resources [4]. The
on-demand resource provisioning ensures the optimal resource allocation and is also cost effective [78]. The consumers
(individuals and business organizations) no longer need to invest he.
Information Sciences 305 (2015) 357–383Contents lists availa.docxannettsparrow
Information Sciences 305 (2015) 357–383
Contents lists available at ScienceDirect
Information Sciences
journal homepage: www.elsevier .com/locate / ins
Security in cloud computing: Opportunities and challenges
http://dx.doi.org/10.1016/j.ins.2015.01.025
0020-0255/� 2015 Elsevier Inc. All rights reserved.
⇑ Corresponding author.
E-mail addresses: [email protected] (M. Ali), [email protected] (S.U. Khan), [email protected] (A.V. Vasilakos).
Mazhar Ali a,c,⇑, Samee U. Khan a, Athanasios V. Vasilakos b
a North Dakota State University, USA
b Kuwait University, Kuwait
c COMSATS Institute of Information Technology, Abbottabad, Pakistan
a r t i c l e i n f o
Article history:
Received 5 September 2014
Received in revised form 28 January 2015
Accepted 29 January 2015
Available online 7 February 2015
Keywords:
Cloud computing
Multi-tenancy
Security
Virtualization
Web services
a b s t r a c t
The cloud computing exhibits, remarkable potential to provide cost effective, easy to man-
age, elastic, and powerful resources on the fly, over the Internet. The cloud computing,
upsurges the capabilities of the hardware resources by optimal and shared utilization.
The above mentioned features encourage the organizations and individual users to shift
their applications and services to the cloud. Even the critical infrastructure, for example,
power generation and distribution plants are being migrated to the cloud computing
paradigm. However, the services provided by third-party cloud service providers entail
additional security threats. The migration of user’s assets (data, applications, etc.) outside
the administrative control in a shared environment where numerous users are collocated
escalates the security concerns. This survey details the security issues that arise due to the
very nature of cloud computing. Moreover, the survey presents the recent solutions pre-
sented in the literature to counter the security issues. Furthermore, a brief view of security
vulnerabilities in the mobile cloud computing are also highlighted. In the end, the discus-
sion on the open issues and future research directions is also presented.
� 2015 Elsevier Inc. All rights reserved.
1. Introduction
Since its inception, the cloud computing paradigm has gained the widespread popularity in the industry and academia
[88]. The economical, scalable, expedient, ubiquitous, and on-demand access to shared resources are some of the character-
istics of the cloud that have resulted in shifting the business processes to the cloud [25,2]. The cloud computing attracts the
attention of research community due to its potential to provide tremendous benefits to the industry and the community
[9,88]. The resources are provided to the users and released based on demands from the pool of shared resources [4]. The
on-demand resource provisioning ensures the optimal resource allocation and is also cost effective [78]. The consumers
(individuals and business organizations) no longer need to invest he.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
Cloud Computing is the most emerging trend in Information Technology now days. It is attracting the organizations due to its advantages of scalability, throughput, easy and cheap access and on demand up and down grading of SaaS, PaaS and IaaS. Besides all the salient features of cloud environment, there are the big challenges of privacy and security. In this paper, a review of different security issues like trust, confidentiality, authenticity, encryption, key management and resource sharing are presented along with the efforts made on how to overcome these issues.
In looking at the legitimate ramifications of protection and cloud registering, it is imperative to see a portion of the foundation. Right now, will look at a portion of the specialized foundation of the present innovations before examining distributed computing and its focal points and disservices in more detail. We will likewise present some lawful issues that emerge in the cloud setting and quickly audit different calls for activity that have sounded with regard to the cloud, for example, calls for revising enactment, proposing enactment, or calling for gauges or expanded straightforwardness.
Security and Privacy of Big Data in Mobile DevicesIOSRjournaljce
Presently, the volume of data generated via mobile devices is at an exponential rate due to the rapid advancement in internet-enabled mobile devices, which makes it complex to ensure the privacy and security of this data. Cloud-based server is currently considered one of the most reliable solutions to address these issues. Nevertheless, the increasing uncertainties of storing useful and sensitive big data in a public cloud have suppressed the exploration of this option. In our paper, we meticulously reviewed the drawbacks in the current adopted solutions for security and privacy of big data within mobile devices. As the utilization of mobile platforms is increasingly generating large data, the current traditional methods of cryptography will not be able to efficiently ensure the security and privacy of this big data. Therefore, this paper will propose the utilization of Federated Identity Management that is Openstack cloud-based as an effective solution that can ensure the privacy and security of big data within mobile device ecosystem.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
This document discusses effective modular order preserving encryption on cloud using multivariate hypergeometric distribution (MHGD). It begins with an abstract that describes how order preserving encryption allows efficient range queries on encrypted data. It then provides background on cloud computing security concerns and discusses existing approaches to searchable encryption, including probabilistic encryption, deterministic encryption, homomorphic encryption, and order preserving encryption. The key proposed approach is to improve the security of existing modular order preserving encryption approaches by utilizing MHGD.
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
This document provides an overview of cloud computing security issues. It discusses the security concerns associated with different cloud deployment models (public, private, community, hybrid) and service models (SaaS, PaaS, IaaS). For each model, it identifies key security risks such as multi-tenancy issues, access control, virtualization exploits, identity management challenges, and lack of data redundancy. The document serves as a survey of prominent security risks in cloud computing and how these risks manifest depending on the deployment architecture and services provided.
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with
almost no investment in new framework, training new staff, or authorizing new software. Though today
everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business
on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security
assurance to its customers and therefore, businesses are hesitant to accept cloud and the vast benefits that come
along with it. The absence of proper security controls delimits the benefits of cloud. In this paper, a review on
different cloud service models and a survey of the different security challenges and issues while providing
services in cloud is presented .The paper focuses on the security issues specific to service delivery model (SaaS,
IaaS and PaaS) of cloud environment. This paper also explores the various security solutions currently being
applied to protect cloud from various kinds of intruders.
Similar to A systematic mapping study of security, trust and privacy in clouds (20)
Square transposition: an approach to the transposition process in block cipherjournalBEEI
The transposition process is needed in cryptography to create a diffusion effect on data encryption standard (DES) and advanced encryption standard (AES) algorithms as standard information security algorithms by the National Institute of Standards and Technology. The problem with DES and AES algorithms is that their transposition index values form patterns and do not form random values. This condition will certainly make it easier for a cryptanalyst to look for a relationship between ciphertexts because some processes are predictable. This research designs a transposition algorithm called square transposition. Each process uses square 8 × 8 as a place to insert and retrieve 64-bits. The determination of the pairing of the input scheme and the retrieval scheme that have unequal flow is an important factor in producing a good transposition. The square transposition can generate random and non-pattern indices so that transposition can be done better than DES and AES.
Hyper-parameter optimization of convolutional neural network based on particl...journalBEEI
The document proposes using a particle swarm optimization (PSO) algorithm to optimize the hyperparameters of a convolutional neural network (CNN) for image classification. The PSO algorithm is used to find optimal values for CNN hyperparameters like the number and size of convolutional filters. In experiments on the MNIST handwritten digit dataset, the optimized CNN achieved a testing error rate of 0.87%, which is competitive with state-of-the-art models. The proposed approach finds optimized CNN architectures automatically without requiring manual design or encoding strategies during training.
Supervised machine learning based liver disease prediction approach with LASS...journalBEEI
In this contemporary era, the uses of machine learning techniques are increasing rapidly in the field of medical science for detecting various diseases such as liver disease (LD). Around the globe, a large number of people die because of this deadly disease. By diagnosing the disease in a primary stage, early treatment can be helpful to cure the patient. In this research paper, a method is proposed to diagnose the LD using supervised machine learning classification algorithms, namely logistic regression, decision tree, random forest, AdaBoost, KNN, linear discriminant analysis, gradient boosting and support vector machine (SVM). We also deployed a least absolute shrinkage and selection operator (LASSO) feature selection technique on our taken dataset to suggest the most highly correlated attributes of LD. The predictions with 10 fold cross-validation (CV) made by the algorithms are tested in terms of accuracy, sensitivity, precision and f1-score values to forecast the disease. It is observed that the decision tree algorithm has the best performance score where accuracy, precision, sensitivity and f1-score values are 94.295%, 92%, 99% and 96% respectively with the inclusion of LASSO. Furthermore, a comparison with recent studies is shown to prove the significance of the proposed system.
A secure and energy saving protocol for wireless sensor networksjournalBEEI
The research domain for wireless sensor networks (WSN) has been extensively conducted due to innovative technologies and research directions that have come up addressing the usability of WSN under various schemes. This domain permits dependable tracking of a diversity of environments for both military and civil applications. The key management mechanism is a primary protocol for keeping the privacy and confidentiality of the data transmitted among different sensor nodes in WSNs. Since node's size is small; they are intrinsically limited by inadequate resources such as battery life-time and memory capacity. The proposed secure and energy saving protocol (SESP) for wireless sensor networks) has a significant impact on the overall network life-time and energy dissipation. To encrypt sent messsages, the SESP uses the public-key cryptography’s concept. It depends on sensor nodes' identities (IDs) to prevent the messages repeated; making security goals- authentication, confidentiality, integrity, availability, and freshness to be achieved. Finally, simulation results show that the proposed approach produced better energy consumption and network life-time compared to LEACH protocol; sensors are dead after 900 rounds in the proposed SESP protocol. While, in the low-energy adaptive clustering hierarchy (LEACH) scheme, the sensors are dead after 750 rounds.
Plant leaf identification system using convolutional neural networkjournalBEEI
This paper proposes a leaf identification system using convolutional neural network (CNN). This proposed system can identify five types of local Malaysia leaf which were acacia, papaya, cherry, mango and rambutan. By using CNN from deep learning, the network is trained from the database that acquired from leaf images captured by mobile phone for image classification. ResNet-50 was the architecture has been used for neural networks image classification and training the network for leaf identification. The recognition of photographs leaves requested several numbers of steps, starting with image pre-processing, feature extraction, plant identification, matching and testing, and finally extracting the results achieved in MATLAB. Testing sets of the system consists of 3 types of images which were white background, and noise added and random background images. Finally, interfaces for the leaf identification system have developed as the end software product using MATLAB app designer. As a result, the accuracy achieved for each training sets on five leaf classes are recorded above 98%, thus recognition process was successfully implemented.
Customized moodle-based learning management system for socially disadvantaged...journalBEEI
This study aims to develop Moodle-based LMS with customized learning content and modified user interface to facilitate pedagogical processes during covid-19 pandemic and investigate how teachers of socially disadvantaged schools perceived usability and technology acceptance. Co-design process was conducted with two activities: 1) need assessment phase using an online survey and interview session with the teachers and 2) the development phase of the LMS. The system was evaluated by 30 teachers from socially disadvantaged schools for relevance to their distance learning activities. We employed computer software usability questionnaire (CSUQ) to measure perceived usability and the technology acceptance model (TAM) with insertion of 3 original variables (i.e., perceived usefulness, perceived ease of use, and intention to use) and 5 external variables (i.e., attitude toward the system, perceived interaction, self-efficacy, user interface design, and course design). The average CSUQ rating exceeded 5.0 of 7 point-scale, indicated that teachers agreed that the information quality, interaction quality, and user interface quality were clear and easy to understand. TAM results concluded that the LMS design was judged to be usable, interactive, and well-developed. Teachers reported an effective user interface that allows effective teaching operations and lead to the system adoption in immediate time.
Understanding the role of individual learner in adaptive and personalized e-l...journalBEEI
Dynamic learning environment has emerged as a powerful platform in a modern e-learning system. The learning situation that constantly changing has forced the learning platform to adapt and personalize its learning resources for students. Evidence suggested that adaptation and personalization of e-learning systems (APLS) can be achieved by utilizing learner modeling, domain modeling, and instructional modeling. In the literature of APLS, questions have been raised about the role of individual characteristics that are relevant for adaptation. With several options, a new problem has been raised where the attributes of students in APLS often overlap and are not related between studies. Therefore, this study proposed a list of learner model attributes in dynamic learning to support adaptation and personalization. The study was conducted by exploring concepts from the literature selected based on the best criteria. Then, we described the results of important concepts in student modeling and provided definitions and examples of data values that researchers have used. Besides, we also discussed the implementation of the selected learner model in providing adaptation in dynamic learning.
Prototype mobile contactless transaction system in traditional markets to sup...journalBEEI
1) Researchers developed a prototype contactless transaction system using QR codes and digital payments to support physical distancing during the COVID-19 pandemic in traditional markets.
2) The system allows sellers and buyers in traditional markets to conduct fast, secure transactions via smartphones without direct cash exchange. Buyers scan sellers' QR codes to view product details and make e-wallet payments.
3) Testing showed the system's functions worked properly and users found it easy to use and useful for supporting contactless transactions and digital transformation of traditional markets. However, further development is needed to increase trust in digital payments for users unfamiliar with the technology.
Wireless HART stack using multiprocessor technique with laxity algorithmjournalBEEI
The use of a real-time operating system is required for the demarcation of industrial wireless sensor network (IWSN) stacks (RTOS). In the industrial world, a vast number of sensors are utilised to gather various types of data. The data gathered by the sensors cannot be prioritised ahead of time. Because all of the information is equally essential. As a result, a protocol stack is employed to guarantee that data is acquired and processed fairly. In IWSN, the protocol stack is implemented using RTOS. The data collected from IWSN sensor nodes is processed using non-preemptive scheduling and the protocol stack, and then sent in parallel to the IWSN's central controller. The real-time operating system (RTOS) is a process that occurs between hardware and software. Packets must be sent at a certain time. It's possible that some packets may collide during transmission. We're going to undertake this project to get around this collision. As a prototype, this project is divided into two parts. The first uses RTOS and the LPC2148 as a master node, while the second serves as a standard data collection node to which sensors are attached. Any controller may be used in the second part, depending on the situation. Wireless HART allows two nodes to communicate with each other.
Implementation of double-layer loaded on octagon microstrip yagi antennajournalBEEI
This document describes the implementation of a double-layer structure on an octagon microstrip yagi antenna (OMYA) to improve its performance at 5.8 GHz. The double-layer consists of two double positive (DPS) substrates placed above the OMYA. Simulation and experimental results show that the double-layer configuration increases the gain of the OMYA by 2.5 dB compared to without the double-layer. The measured bandwidth of the OMYA with double-layer is 14.6%, indicating the double-layer can increase both the gain and bandwidth of the OMYA.
The calculation of the field of an antenna located near the human headjournalBEEI
In this work, a numerical calculation was carried out in one of the universal programs for automatic electro-dynamic design. The calculation is aimed at obtaining numerical values for specific absorbed power (SAR). It is the SAR value that can be used to determine the effect of the antenna of a wireless device on biological objects; the dipole parameters will be selected for GSM1800. Investigation of the influence of distance to a cell phone on radiation shows that absorbed in the head of a person the effect of electromagnetic radiation on the brain decreases by three times this is a very important result the SAR value has decreased by almost three times it is acceptable results.
Exact secure outage probability performance of uplinkdownlink multiple access...journalBEEI
In this paper, we study uplink-downlink non-orthogonal multiple access (NOMA) systems by considering the secure performance at the physical layer. In the considered system model, the base station acts a relay to allow two users at the left side communicate with two users at the right side. By considering imperfect channel state information (CSI), the secure performance need be studied since an eavesdropper wants to overhear signals processed at the downlink. To provide secure performance metric, we derive exact expressions of secrecy outage probability (SOP) and and evaluating the impacts of main parameters on SOP metric. The important finding is that we can achieve the higher secrecy performance at high signal to noise ratio (SNR). Moreover, the numerical results demonstrate that the SOP tends to a constant at high SNR. Finally, our results show that the power allocation factors, target rates are main factors affecting to the secrecy performance of considered uplink-downlink NOMA systems.
Design of a dual-band antenna for energy harvesting applicationjournalBEEI
This report presents an investigation on how to improve the current dual-band antenna to enhance the better result of the antenna parameters for energy harvesting application. Besides that, to develop a new design and validate the antenna frequencies that will operate at 2.4 GHz and 5.4 GHz. At 5.4 GHz, more data can be transmitted compare to 2.4 GHz. However, 2.4 GHz has long distance of radiation, so it can be used when far away from the antenna module compare to 5 GHz that has short distance in radiation. The development of this project includes the scope of designing and testing of antenna using computer simulation technology (CST) 2018 software and vector network analyzer (VNA) equipment. In the process of designing, fundamental parameters of antenna are being measured and validated, in purpose to identify the better antenna performance.
Transforming data-centric eXtensible markup language into relational database...journalBEEI
eXtensible markup language (XML) appeared internationally as the format for data representation over the web. Yet, most organizations are still utilising relational databases as their database solutions. As such, it is crucial to provide seamless integration via effective transformation between these database infrastructures. In this paper, we propose XML-REG to bridge these two technologies based on node-based and path-based approaches. The node-based approach is good to annotate each positional node uniquely, while the path-based approach provides summarised path information to join the nodes. On top of that, a new range labelling is also proposed to annotate nodes uniquely by ensuring the structural relationships are maintained between nodes. If a new node is to be added to the document, re-labelling is not required as the new label will be assigned to the node via the new proposed labelling scheme. Experimental evaluations indicated that the performance of XML-REG exceeded XMap, XRecursive, XAncestor and Mini-XML concerning storing time, query retrieval time and scalability. This research produces a core framework for XML to relational databases (RDB) mapping, which could be adopted in various industries.
Key performance requirement of future next wireless networks (6G)journalBEEI
The document provides an overview of the key performance indicators (KPIs) for 6G wireless networks compared to 5G networks. Some of the major KPIs discussed for 6G include: achieving data rates of up to 1 Tbps and individual user data rates up to 100 Gbps; reducing latency below 10 milliseconds; supporting up to 10 million connected devices per square kilometer; improving spectral efficiency by up to 100 times through technologies like terahertz communications and smart surfaces; and achieving an energy efficiency of 1 pico-joule per bit transmitted through techniques like wireless power transmission and energy harvesting. The document outlines how 6G aims to integrate terrestrial, aerial and maritime communications into a single network to provide ubiquitous connectivity with higher
Noise resistance territorial intensity-based optical flow using inverse confi...journalBEEI
This paper presents the use of the inverse confidential technique on bilateral function with the territorial intensity-based optical flow to prove the effectiveness in noise resistance environment. In general, the image’s motion vector is coded by the technique called optical flow where the sequences of the image are used to determine the motion vector. But, the accuracy rate of the motion vector is reduced when the source of image sequences is interfered by noises. This work proved that the inverse confidential technique on bilateral function can increase the percentage of accuracy in the motion vector determination by the territorial intensity-based optical flow under the noisy environment. We performed the testing with several kinds of non-Gaussian noises at several patterns of standard image sequences by analyzing the result of the motion vector in a form of the error vector magnitude (EVM) and compared it with several noise resistance techniques in territorial intensity-based optical flow method.
Modeling climate phenomenon with software grids analysis and display system i...journalBEEI
This study aims to model climate change based on rainfall, air temperature, pressure, humidity and wind with grADS software and create a global warming module. This research uses 3D model, define, design, and develop. The results of the modeling of the five climate elements consist of the annual average temperature in Indonesia in 2009-2015 which is between 29oC to 30.1oC, the horizontal distribution of the annual average pressure in Indonesia in 2009-2018 is between 800 mBar to 1000 mBar, the horizontal distribution the average annual humidity in Indonesia in 2009 and 2011 ranged between 27-57, in 2012-2015, 2017 and 2018 it ranged between 30-60, during the East Monsoon, the wind circulation moved from northern Indonesia to the southern region Indonesia. During the west monsoon, the wind circulation moves from the southern part of Indonesia to the northern part of Indonesia. The global warming module for SMA/MA produced is feasible to use, this is in accordance with the value given by the validate of 69 which is in the appropriate category and the response of teachers and students through a 91% questionnaire.
An approach of re-organizing input dataset to enhance the quality of emotion ...journalBEEI
The purpose of this paper is to propose an approach of re-organizing input data to recognize emotion based on short signal segments and increase the quality of emotional recognition using physiological signals. MIT's long physiological signal set was divided into two new datasets, with shorter and overlapped segments. Three different classification methods (support vector machine, random forest, and multilayer perceptron) were implemented to identify eight emotional states based on statistical features of each segment in these two datasets. By re-organizing the input dataset, the quality of recognition results was enhanced. The random forest shows the best classification result among three implemented classification methods, with an accuracy of 97.72% for eight emotional states, on the overlapped dataset. This approach shows that, by re-organizing the input dataset, the high accuracy of recognition results can be achieved without the use of EEG and ECG signals.
Parking detection system using background subtraction and HSV color segmentationjournalBEEI
Manual system vehicle parking makes finding vacant parking lots difficult, so it has to check directly to the vacant space. If many people do parking, then the time needed for it is very much or requires many people to handle it. This research develops a real-time parking system to detect parking. The system is designed using the HSV color segmentation method in determining the background image. In addition, the detection process uses the background subtraction method. Applying these two methods requires image preprocessing using several methods such as grayscaling, blurring (low-pass filter). In addition, it is followed by a thresholding and filtering process to get the best image in the detection process. In the process, there is a determination of the ROI to determine the focus area of the object identified as empty parking. The parking detection process produces the best average accuracy of 95.76%. The minimum threshold value of 255 pixels is 0.4. This value is the best value from 33 test data in several criteria, such as the time of capture, composition and color of the vehicle, the shape of the shadow of the object’s environment, and the intensity of light. This parking detection system can be implemented in real-time to determine the position of an empty place.
Quality of service performances of video and voice transmission in universal ...journalBEEI
The universal mobile telecommunications system (UMTS) has distinct benefits in that it supports a wide range of quality of service (QoS) criteria that users require in order to fulfill their requirements. The transmission of video and audio in real-time applications places a high demand on the cellular network, therefore QoS is a major problem in these applications. The ability to provide QoS in the UMTS backbone network necessitates an active QoS mechanism in order to maintain the necessary level of convenience on UMTS networks. For UMTS networks, investigation models for end-to-end QoS, total transmitted and received data, packet loss, and throughput providing techniques are run and assessed and the simulation results are examined. According to the results, appropriate QoS adaption allows for specific voice and video transmission. Finally, by analyzing existing QoS parameters, the QoS performance of 4G/UMTS networks may be improved.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
HEAP SORT ILLUSTRATED WITH HEAPIFY, BUILD HEAP FOR DYNAMIC ARRAYS.
Heap sort is a comparison-based sorting technique based on Binary Heap data structure. It is similar to the selection sort where we first find the minimum element and place the minimum element at the beginning. Repeat the same process for the remaining elements.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
A systematic mapping study of security, trust and privacy in clouds
1. Bulletin of Electrical Engineering and Informatics
Vol. 10, No. 3, June 2021, pp. 1598~1610
ISSN: 2302-9285, DOI: 10.11591/eei.v10i3.1887 1598
Journal homepage: http://beei.org
A systematic mapping study of security, trust and privacy in
clouds
Isaac Odun-Ayo1
, Oladapo Alagbe2
, Jamaiah Yahaya3
1,2
Department of Computer and Information Sciences, Covenant University, Ota, Nigeria
3
Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Bangi 43600, Malaysia
Article Info ABSTRACT
Article history:
Received Nov 3, 2019
Revised Feb 6, 2020
Accepted Mar 19, 2021
Cloud computing thrives around trust and security in the relationship
between cloud providers and users of their services. The objective was the
conduct of a systematic mapping study of cloud computing security, trust and
privacy. The research was executed using three classes of facets, namely
topic, contribution, and research based on the systematic mapping process.
The result shows that privacy issues and challenges on metric had 4.76% of
the publications. On cloud trust in the domain of tool, the publications were
8.75%. The publications on design within the domain of model stood at
12.38%, and publications on privacy issues and challenges in the area of
process were 8.57%. Furthermore, there were more articles published on
privacy issues and challenges within the domain of evaluation research with
10.43%. The publications on design based on validation research made up
7.83% of the study. More papers were also published on frameworks and
techniques within the domain of solution research with 5.22% each. There
were more articles published on privacy issues and challenges with regards to
philosophical research with 4.35%. Shortcomings in the fields of security,
trust and privacy in the cloud, were identified through this study, which
should motivate further research.
Keywords:
Cloud computing
Cloud privacy
Cloud security
Cloud trust
Systematic mapping
This is an open access article under the CC BY-SA license.
Corresponding Author:
Isaac Odun-Ayo
Department of Computer and Information Sciences
Covenant University
Ota, Nigeria
Email: isaac.odun-ayo@covenantuniversity.edu.ng
1. INTRODUCTION
“A parallel and distributed set of associated and virtualized computer systems which are provisioned
progressively and introduced as multiple unified computing resources dependent on service level agreements
between cloud service providers (CSPs) and clients is known as cloud computing” [1]. Cloud security is
essential to safeguard the cloud infrastructure and protect the data and application from unauthorized access.
Cloud security is unique because of the core technology of the cloud, which is virtualization. Also,
multi-tenancy, which allows users to share resources at proximity, can lead to vulnerability. There are also
issues of trust management, despite CSPs making sure to give productive and guaranteed services on the
cloud [2].
The cloud user also expects that information kept with the CSPs will not be available to a third
party. The issue of trust between a customer and consumer is good for the cloud market place. Three essential
models of cloud offerings exist, which are, software as a serve (SaaS), platform as a service (PaaS), and
infrastructure as a service (IaaS). The SaaS is the process whereby the cloud service provider offers software
2. Bulletin of Electr Eng & Inf ISSN: 2302-9285
A systematic mapping study of security, trust and privacy in clouds… (Isaac Odun-Ayo)
1599
and database services to the user on the internet through a web browser, thereby eliminating upgrade and
license issues. The PaaS is the process of releasing the cloud infrastructure to the user to enable the
development and deployment of applications. Also, the IaaS enables the CSP to use the internet to provide
storage, network, and compute resources to the clients. The client has management of the operating system
and storage. Also, cloud computing is vast, and a wide range of aspects exist, such as management
optimization and identity management, which require extensive review. Such matters are associated with the
focus of this study either implicitly or explicitly [3], [4].
Furthermore, the cloud has four models of deployment namely private, public, community, and
hybrid clouds. Individual organizations own and host private clouds on their premises. Major CSPs own
public clouds with large data centers in several geographical locations. For the community clouds, they are
hosted and shared by institutions involved in similar activities. Hybrid clouds consist of more than one cloud
deployment type.
There are lots of publications that cover cloud security, trust and privacy. A few of such papers are
discussed subsequently. Though the concerns about security in traditional network systems are also
applicable to the cloud, cloud computing usage brings about new vectors that make attacking them possible,
and even easier to carry out [5]. There are security challenges related to resources allocation, multi-tenancy,
system monitoring and logs, and solutions to these challenges include; virtualization, security risk assessment
and developing outsourcing risk control [5]. One of the major issues that affect cloud business adoption
include privacy and data security, which results from the nature of information sources and the process of
data collection from multiple sources [6]. Solutions to privacy issues include the use of anonymity-based
methods, and privacy preservation authorization system [6].
To ensure data security, CSPs must utilize additional time and take vigorous measures, for example,
encryption of information during transmission and storage, restricting admittance to information, consistent
survey of security dangers, and the execution and implementation of the results from audits of the system [7].
Furthermore, preventing vulnerabilities from hackers and protection of customer data using appropriate laws
is essential [7]. Trust is the confidence in or reliance on another entity; it can be considered one of the most
fundamental solutions to security issues on the cloud [8]. The cloud providers can achieve certainty among
their clients by ensuring that their activities are certified as compliant to organizational requirements and
safeguards [8]. A very important aspect of life that requires security and privacy is in the area of health care.
A lot of health information have been compromised and leaked. Mobile applications in emergency health
care help maintain patient confidentiality and manage patient records including data storage. Developing a
mobile cloud computing application for emergency health care enhances the aspect of trust and privacy on
the cloud. Health care data can futher be safeguarded from leakages that comprises confidentiality [9]. Due to
the issues of multitenancy, utilization of virtual machines (VM) on the cloud has security implications. There
are many vulnerabilities in the use of cloud hypervisor, and the VMs and adversaries exploit the
vulnerabilities of cloud hypervisor, taking them over for malicious purposes [10].
Deployment of cloud capabilities provides enhanced, protected, and trusted facilities and services.
However, because of an absence of standard services, secure service level agreements, and security in the
cloud, organizations and establishments are hesitant to migrate their information or data to the cloud [11].
Also, health records are crucial in any hospital system, but they are coming under increased attacks. These
records contain private and sensitive patient information, and a breach in their confidentiality, integrity or
privacy can lead to dire consequences on both the patients, caregivers, and the medical facilities, such as
defamation, discrimination, lawsuits, and other stressful conditions [12]. If data is not stored securely in the
cloud, it can be compromised, leading to severe consequences. The use of models such as the modified RSA
public key cryptosystem can help mitigate against existing security flaws of the current security models in the
cloud environment and thereby guarantee the security of data in cloud environments [13]. These issues and
more make security, trust and privacy in the cloud an exciting area worth researching on. When writing an
article or even conducting research, the researcher has to consider a specialized domain of focus. Such
considerations involve extensive studying to ensure further understanding of the selected topic. This
extensive studying mostly deals with perusing through multiple conference proceedings, journals and books.
The need to look through computerized libraries, go to workshops, conferences, classes, and seminars, to
recognize a point of convergence of research could also exist. Additionally, researchers can gather interest in
certain areas through the observation of certain phenomena within environments. From all of these, it is
evident that the processes involved in determining a research topic can be quite burdensome.
Security, trust, and privacy have attracted some of the largest publications in cloud computing. It
may interest researchers to want to have an overview of the kinds of publications and the areas covered; a
map can be used to facilitate this. The systematic mapping process categorizes publication based on a
structure and scheme built in the area of interest and the presentation of the results as a map. The systematic
mapping process, although not as rigorous as a systematic literature review, is more coarse-grained. This
3. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1598 – 1610
1600
publication makes use of three facets, namely the topic, research, and contribution. The topic facet identifies
vital topics in the area of cloud security and privacy; the research facet deals with the classification of
research, and the contribution facet relates to issues like method. The need for more research in the areas of
security, trust and privacy in cloud services, is the primary motivator for this work. Therefore, the challenge
this study aims at addressing is the determination of the domains where a shortage of research exists, and
highlighting them for upcoming researchers. This paper seeks to carry out a systematic mapping study of
cloud computing security, privacy, and trust. The primary output of this review paper is the visual map that
contains percentages showing the degree of research done in different research domains, for example,
frameworks and models within this domain of study. Subsequent portions of this paper are arranged in the
following manner. Section 2 looks at related work. Section 3 focuses on materials and methods. Section 4
presents the results and discussion, while section 5 is the conclusion with suggestions for further research.
2. RELATED WORK
K. Petersen, S. Vakkalanka, and L. Kuzniarz [14] proposes the need to assess how researchers
attempt systematic mapping and decide the manner that the rules should be reviewed as informed by key
takeaways from systematic maps and guidelines which exist for writing systematic literature review. The
authors led a systematic mapping study of systematic maps while considering a few guidelines that govern
the acts of systematic review papers. They found that in most of the conducted studies, numerous rules were
used and consolidated. This approach prompted various methods of leading systematic mapping studies. T.
Kosar, S. Bohra, and M. Mernik [15] focuses on the description of the rules that govern a systematic mapping
study as associated with domain-specific languages (DSL). Their study focused on an upgraded
understanding of the DSL area of study, along side an emphasis on research trends and future leanings. Their
study ranges from July 2013 through October 2014, and laid emphasis on three rules for conducting a
systematic review, which are planning the review process, conducting it, and communicating its result.
I. Odun-Ayo et al., [16] led a systematic mapping study of cloud policy languages and programming
models. Their study used ideas from [11]. This mapping study gives six classes of study within the regions of
accountability and reliability, framework, paradigms, privacy, security and survey. The consequences of the
chosen studies were also implemented on the contribution facet, regarding tool, method, and model.
Likewise, the chosen studies were applied to the research facet that addressed evaluation, validation, solution,
experience and opinion research. C. R. Fernandez-Blanco et al., [17] conducted a power systems model
mapping. They achieved this by providing a power systems model overview, and determining how such
models are used by European organizations, in light of a review of their features, while identifying modelling
gaps. Two hundred twenty-eight (228) questionnaires were sent out for elicitation of information from power
experts, while eighty-two (82) surveys were responded to and used for the final mapping.
C. Griffo, J. P. A. Almeida, and G. Guizzardi [18] dealt with a systematic mapping of the legal core
ontologies literature. The research was focused on “legal theory and concepts”. Additionally, the studies
utilized in the research were grouped as a result of their contributions concerning language, tool, method, and
model. They also performed recognition of the legal theories that were used in the building process of legal
core ontologies. Focus was determined with a specific advice on the use of two ontologies, alongside an
assessment of all selected research for cogent deductions about legal and ontological research. I. Odun-Ayo
et al., [19] is a systematic mapping review of cloud computing services with a focus on virtualization,
containerization, composition, and orchestration. The classification scheme within this systematic mapping
review was also examined, and six considerations in cloud computing services were identified. These
considerations included virtualization, centralization, composition, orchestration, rationalization and
deployment. The chosen studies were then used on the contribution facet with a focus on metrics, tool,
method, and model. The chosen studies were additionally applied to the various categories of research such
as experience, evaluation of opinion, solution research and validation.
M. Alavi and D. E. Leidner [20] presents an extensive assessment of knowledge management within
an organization while focusing on the prospective part IT plays in knowledge management. Several vital
matters that related to knowledge management processes, and the role Information Technology will play in
driving and supporting these processes, were also discussed. Emphasis was also placed on the need to
promote the formation, storage, transmission and utilization of knowledge in organizations. I. Odun-Ayo et
al., [21] presents a systematic mapping study with a focus on the design and models of deployment of the
cloud. The paper presents a classification scheme that addresses design and models of deployment by
discussing design, service deployment, implementation, configuration, privacy and security. These chosen
topics were administered to the contribution facet according to metrics, tools, methods, and models. Also,
they were used for various research types concerning evaluation, experience, opinion validation and solution
research.
4. Bulletin of Electr Eng & Inf ISSN: 2302-9285
A systematic mapping study of security, trust and privacy in clouds… (Isaac Odun-Ayo)
1601
According to S. K. Boell and D. Cecez-Kecmanovic [22], in their paper addressed the usefulness of
and constraints to Information System and Social Science Systematic Literature Review. The authors believe
that the broad idea that a Systematic Literature Review provides a complete and exceptional method for
literature review is both controversial and deplorable. In their critique and approval of this position, they
resolved that care and restraint is employed in the process of systematic literature review selection, as an
important undertaking with literature and the scholarly nature of academic work could be undercut. P.
Brereton et al., [23] discussed the discoveries made from the application of the process of systematic
literature review to the domain of software engineering. This review process, and also the quantity of reviews
performed by the paper’s authors and others, were extracted and discussed. Finally, the assessment of a
number of lessons on how applicable this practice is to software engineering, was conducted.
Cloud related mobile application testing systematic mapping study was conducted in [24]. Security,
compatibility, functional and GUI testings were discussed relative to cloud-based testing. The studies
selected were then implemented on the contribution facet with a focus on metrics, tool, method, and model.
They were also implemented on various aspects such as experience, opinion evaluation, validation and
solution research. Finally, using some contribution category consideration, Testing-as-a-Service was
examined. The author of H. M. Cooper [25], in his paper, examined how research reviews have to provide
consideration to the detailed philosophy that is expected from a primary researcher. Research review was
additionally conceptualized as a scientific and logical enquiry which consists of five phases that equal those
primary researches specifically, problem formulation, collection of data, data point’s evaluation, data analysis
and their interpretations, and finally, the results presentation. Sources of variance, potential threats to validity
and every other function pertaining to each stage was discussed.
Useful insights for the execution of a literature review were provided to researchers in [26]. The
authors suggested the synthesis of trends and patterns during the preparatory stages of literature review
writing. Some of these steps include the consideration of purpose and voice before the commencement of
writing, the consideration of the reassembly of notes, and also the creation of topical outlines which trace
literature review arguments. These should provide the requirements and steps used for the development of a
detailed and concise literature review. B. Kitchenham et al., [27], an assessment of systematic literature
review impact was conducted. These impacts were the suggested software engineering methods which are
evidence-based, for the aggregation of evidence. The authors utilized manual searches of ten Journals and
four conference proceedings to conduct their assessment. Cumulatively, twenty studies were found to be
relevant, eight of which dealt with research trends, and not evaluation of technique. Furthermore, seven
systematic literature reviews dealt with estimation of cost. Out of all the systematic literature reviews that
were assessed, three scored lower than 2 out of a maximum of 4. This scoring points to an acceptable overall
quality of reviews.
I. Odun-Ayo et al., [28], a systematic mapping study of mobility and efficiency in cloud computing
utilization, which was based on concepts from [11], was conducted. This study presented five topics of study
in the areas of architecture, computation offload, efficient transmissions, allocations, collaborative mobile
cloud, and fault tolerance and data storage regarding the aspects of the research selected. The chosen aspects
were then implemented on the contribution facet with a focus on tool, method, and model. They were also
implemented on the various categories of research such as experience, evaluation, opinion, validation and
solutions research. J. Vom et al., [29] harped upon the significance of literature review to scientific enquiry.
It further emphasized the importance of thorough literature searches as significant issues that can ensure that
useful literature reviews will be discovered. The authors also stated the challenges of searching through
literature within the continuously growing and fluid context of information system. They also made
recommendations regarding how the challenges could be addressed. They suggested practical guidelines and
checklists that researchers could utilize in planning and organizing their literature searches.
The work in S. M. Rosli, M. M. Rosli, and R. Nordin [30] is a recommender system mapping study
for blood glucose levels in gestational diabetes mellitus patients. The search for primary studies focused on a
defined method, data collection, recommender system for blood glucose, blood glucose and variables
prediction models. Analysis of the blood glucose recommender system was carried out based on the topics of
machine learning, context awareness, hybrid filtering, AI, rough set theory and data mining.
The work in Y. Yan, H. Xiahong and W. Wanjun [31] is about location-based services (LBS) and
protection of privacy in mobile cloud computing (MCC). Location-based services are presently being utilized
on moving objects in the areas of transportation and safety. The paper emphasized the need to provide
location-based services, especially within cloud environments. The suggested framework can promote
confidentiality under privacy protection, especially in the cloud mobile computing environment. The work in
K. S. Gururaj and K. Thippeswamy [32] is a cloud-based secured framework for utilization in an online
voting system. The paper examined the present trend of accessing information from remote locations, which
has attendant challenges on data access, especially on the cloud. This publication introduced a technology-
5. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1598 – 1610
1602
based infrastructure that can mitigate the challenges. The proposed secure cloud-based framework that can be
used for online voting was implemented and also tested using some cryptographic algorithms.
3. RESEARCH METHOD
3.1. Review stage
Systematic mapping studies provide visual outlays of the outcomes of rigorous reviews of papers
within domains of enquiry. The specifications on systematic mapping studies from [14], [27] were used to
accomplish this study. A systematic study is a reproducible process for the extraction and interpretation of
publications that are present and are on a particular research objective [33]. Although systematic mapping
processes are not as rigorous as systematic literature reviews, however, it offers a more coarse-grained
overview [14]. Figure 1 depicts some critical steps found within general systematic mapping studies. The
first step in this process is the definition of questions that dictate the research scope. Next comes the search
for primary studies for all papers available within the domain of study. Following that is the screening of all
the papers, thereby determining those that are relevant to the study. A method of classification is then
developed through the use of essential wording processes on abstracts from relevant publications. Finally, the
data extraction process culminates in the form of a systematic map. These steps are utilized in this paper for
the development of a systematic map for cloud security, trust and privacy.
Figure 1. The systematic mapping process [14]
Abstract
Keywording
Scheme of classification
a. Articles
b. Articles classification into the schemes
c. Scheme update
Systematic map
3.2. Research questions definition
Systematic maps are meant for the provision of overviews of the quality and category of work that
has been done within a selected domain of enquiry. They may also be necessary when determining where
such work was done; challenges identified determine the type of research questions that will be used for a
study. The research questions utilized in this study include:
a. RQ 1: What aspects of security, trust and privacy in the cloud are identified, and how many publications
deal with the various aspects?
b. RQ 2: What categories of publications are made in those domains, and what evaluations and innovations
do they provide?
c. RQ3: What approaches to research do these studies utilize, and what improvements were provided?
3.3. Conduct of primary studies
Primary studies searches usually serves as the beginning of a review. This exploration for the
primary study is done through the analysis of major digital libraries in the related field. This primary search
then focuses on exploring literature that is relevant, from online repositories via search queries. Afterwards, a
backward snowballing is utilized in enhancing the search process [34]. Occasionally manual searches can
also be carried out on conference and journal materials. Publications utilized for this study were obtained
through the exploration of major scientific digital repositories. However, primary studies from books and
6. Bulletin of Electr Eng & Inf ISSN: 2302-9285
A systematic mapping study of security, trust and privacy in clouds… (Isaac Odun-Ayo)
1603
other printed sources were not utilized in this search. The primary studies process for this work was done on
five primary databases as a result of the high impact factors from the various conference and journal
publications. Table 1 contains the five major digital libraries used.
Table 1. Systematic mapping study electronic databases
Electronic databases URL
ACM http://dl.acm.org/
IEEE http://ieeexplore.ieee.org/xplore
SCIENCE DIRECT http://www.sciencedirect.com/
SPRINGER http;//www.springerlink.com/
SCOPUS https://www.scopus.com/
This study’s search query was fashioned with regards to population intervention comparisons and
their results. Exploration keywords were extracted from this study’s title structure. The query utilized is as
follows:
(TITLE (security AND trust) OR TITLE (trust AND privacy) OR TITLE (privacy AND security)
OR TITLE (privacy AND trust AND security)) AND TITLE (cloud).
The search for primary studies was conducted using the custom query above, for document
metadata. For this study on security, trust, and privacy; all the search results out of the five chosen digital
repositories relating to cloud computing and computer sciences were utilized. The criteria for selection for
our papers, as depicted by the prerequisites of the research destination and questions, led to the consideration
of 115 publications as relevant to this study, out of an introductory interest containing 1670 publications.
This period covered in this study was from 2010 through 2018.
3.4. Screening of papers for inclusion and exclusion
The objective of the selection criteria was the location and inclusion of all publications which were
necessary for the successful conduct of the study. Criteria for Inclusion and exclusion were utilized in the
elimination of all articles that did not meet the focus of the study. Also, publications that were irrelevant to
the search queries were eliminated. Some abstracts contained relevant but insufficient information, therefore,
such were excluded. This study also omitted prefaces, presentation slides, tutorials, briefs, summaries,
editorials and panel discussions. The focus of this study was security, trust and privacy; the inclusion and
exclusion criteria are as indicated in Table 2.
Table 2. Inclusion and exclusion criteria
Criteria for inclusion Criteria for exclusion
Abstract clearly discusses trust,
privacy and security.
Also, the discussion is in cloud
computing or related field.
The abstract does not fall within the
cloud computing domain.
Cloud security, trust or privacy is not
discussed by the abstract.
3.5. Abstracts keywording
Abstract keywording is a significant portion of a systematic mapping study. The keywording of
abstracts improves the composition of the scheme for classification. The systematic mapping process is used
for the development of this scheme. Keywording was critical in reducing the time used to evolve a
classification scheme. An analysis of themes, which aimed at the identification, analyses and reporting of
topics within the domain being considered, was used for the classification scheme building [35]. During the
keywording of abstracts, concepts, main contributions and the domains of focus which showed the identified
research questions, were identified from the abstracts of selected papers. A significant quantity of concepts
and methods were identified during from the chosen studies that addressed cloud security, privacy and trust.
Subsequently, keyword choice for the classification scheme preparation is enabled via this process.
According to the thematic analysis approach which was utilized in the structuring of a significant degree of
understanding of the research, a keyword combination was extracted from the various studies. The
keywording process included examining the abstracts of primary studies to extricate ideas and keyword in
line with the field of study. This also involved knowing the context of the study. After extracting the concepts
and keywords, they were gathered to give needed understanding into the various categories and contribution
7. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1598 – 1610
1604
of the articles. The process discussed above was utilized to evolve the scheme of classification for this study
and the following categories used in this study.
However, it was sometimes necessary to go beyond the abstracts of the articles thereby looking at
introductions and conclusions of such articles to guarantee the selection of reliable keywords for all attached
papers. A keyword cluster was utilized to develop the classes of this study which was eventually used for the
systematic map creation. Three facets were utilized for this paper on cloud security, trust and privacy. The
first was the topic category; these are the topic extracted in the form of concepts and keywords with the
classification process. The second was the contribution facet; these constitute the type of contribution to the
study in the form of metrics, method, model, process and tool as enunciated in [10]. The third was related to
the type of research that was carried out
3.6. Research facet with categories and description
The research facet made up the third category of this study. The classification of research approach
discussed in [36] was used for the research facet. The approach includes the following categories and
descriptions [36].
a. Validation research: the techniques utilized are distinct, though not executed yet. They are found at their
trial stages.
b. Evaluation research: The procedures have been executed and evaluated; the results as far as upsides and
downsides, are available
c. Solution proposal: The procedures involved provide uncommon solutions to problems. The applications
of their advantages are also available.
d. Philosophical papers: The techniques suggest a different method of tackling issues regarding ideas and
structures
e. Opinion papers: The techniques do not rely on existing research methodology; they merely express the
viewpoint of their authors.
f. Experience papers: These reports state the individual encounters of the authors. They indicate how
solutions were established
This research classification approach was determined to be sufficient and ideal for this study. It was
relevant to the classification scheme. Therefore, all the primary studies were examined with respect to the
various classes and depictions of the approaches to research classification. The result of these activities was
used as the research class for this investigation.
3.7. Data extraction and mapping studies
As part of the systematic mapping process, appropriate publications are arranged according to
classification schemes. This is a subset of the classification phase. This stage was utilized for data extraction
from different articles added to the study. The extraction processes determined the results of the scheme of
classification. New classes were included as a result of the process, some old ones were joined to form new
ones, and those that were determined to be irrelevant, were expunged. This process was done using a
Spreadsheet from Microsoft Excel. There was a table in the spreadsheet that contained every class within the
scheme of classification. After that, the occurrences of publication topics within the spreadsheet tables were
integrated into individual tables that contained either the topic/contribution or topic/research issues. The
focus of the analyses was the presentation of paper frequencies as a result of the outcomes from the
spreadsheet. The aim was to see the portions of security, trust and privacy in the cloud that had more
emphasis placed on. This revealed gaps or shortages in publications, creating a focus on areas requiring
further studies. Based on the result obtained on the spreadsheet tables, a systematic map was created using
the occurrences presented via a bubbles plot. This map involved an x-y scatter plot with bubbles where the
categories intersected. The coordinate values of the scatter plot had bubble sizes which corresponded to the
volume of papers within individual classes. There were two quadrants because of the three facets that were
utilized during this entire process. A visual map was provided within every category, as a result of the study’s
focus. These maps were as a result of the occurrences of various topic categories that fell under either the
contribution or research categories; as a result, simultaneous consideration of the various facets was
simplified. Also, there was an inclusion of statistics summary, thereby providing clarity. In summary, a
glimpse into the entire happenings in security, trust, and privacy in the cloud, is provided by the systematic
map.
4. RESULTS AND DISCUSSION
This systematic mapping study of cloud security, trust, and privacy focused on an analysis of themes
and classification. Sometimes it may be necessary to identify publications. Gaps were identified from the
8. Bulletin of Electr Eng & Inf ISSN: 2302-9285
A systematic mapping study of security, trust and privacy in clouds… (Isaac Odun-Ayo)
1605
analysis, by graphing using bubbles plots; this showed which aspect of the study had a shortage of
publication. Also, the study showed areas that were covered adequately with regards to papers. In this
systematic mapping study, various significant classifications were employed during the paper assessment.
This assessment was then used to identify the frequencies of the paper categories and was then used for the
map creation.
4.1. Topic and contribution facet
The contribution facet focuses on discussions within the following domains [24]:
Framework: This deals with a properly designed and itemized method that contains broad scope and
purpose, and which focuses on several research questions or domains
Model: An abstraction view of a topic and challenges, instead of a concrete and distinct approach for
solving the specific problem is provided
Tool: Concept evaluation using a particular tool is provided
Evaluation: A method for the empirical measurement of the proposed solution(s)
Metric: Frameworks for specific phenomena measurement is provided
Method: A specific objective with a restricted research question or purpose is focused on
The main category of this study, the topics category, had the following topics extracted during the
cloud computing security, trust and privacy classification scheme:
Privacy issues and challenges
Frameworks
Cloud trust
Techniques
Design
Data security
The listing of primary studies which were utilized for topics checking purposes viz-a-viz the various
categories of contributions is in Table 3. Additionally, Figure 2 is a chart of the percentage of topics in the
contribution category. The contribution category or facet showed the various types of input made to the
study’s focus. The outcome showed that documents which reviewed models regarding cloud security, trust
and privacy was 35.24% out of 105 papers within this category. Also, metric had 7.62%, tool had 19.05%,
method had 18.1%, and process had 20%. Papers that discussed model contribution were 35.24% of the
reviewed work in this facet. The distribution indicates that 10.48% of model contribution was on privacy
issues and challenges. Another 10.48% was on the framework. Models contributed 0.95% each to cloud trust
and techniques, models contributed 12.38% to the topics on design, and there was no contribution by model
to data security.
Table 3. Primary studies for topic and contribution facet
Contribution
facet
topic
Metric Tool Model Method Process
Privacy Issues
and Challenges
42, 43, 61, 62, 69 72
1, 4, 6, 77, 79, 81, 96,
98, 102, 108, 113
63
19, 21, 22,
39, 41, 82,
86, 90, 93
Frameworks 10, 46, 48, 60
25, 27, 28, 33, 38, 65,
71, 74, 87, 92, 95
2, 101, 114
Cloud Trust
9, 12, 18, 26,
30, 36, 47, 49,
52
110
53, 73, 75, 83,
104,
Techniques 5, 88 111
16, 20, 24, 50,
89, 91, 99
31, 32, 35,
84, 105, 106,
107
Design 51, 78 64, 67, 103, 109
7, 11, 23, 40, 44, 45, 55,
56, 57, 59, 70, 76, 100
85, 94, 97
Data Security 80 17, 15,
Percentage 36.52% 27.83% 19.13% 6.96% 9.57%
9. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1598 – 1610
1606
Figure 2. Percentage of topics in the contribution category
4.2. Topic and research facet
Table 4 contains the primary studies list used for the examination of the various topics against the
types of research. Figure 3 contains the chart showing the percentage of topics in the research category. The
outcome of the research category performed on cloud computing security, trust and privacy, is found on the
x-axis of the right quadrant of Figure 4. The outcome shows that papers that were based on evaluation
research were 36.52% of 115 papers in this category. Furthermore, validation research had 27.83%; solution
had 19.13%; philosophical had 6.96%; experience had 9.57%, and there were no opinions on this study.
The discussion of valuation research made up 36.52% of the publications on cloud computing
security, trust and privacy that were reviewed. The rundown indicates that 10.35% of the discussion on
evaluation research focused on privacy issues and challenges, 6.96% considered framework, 5.09% was on
cloud trust, 5.22% focused on techniques, 7.83% dealt with design and there were no papers on data security.
Figure 4 shows the aspects of the various research topics and facets that are remaining.
Figure 3. Percentage of topics in the research category
10. Bulletin of Electr Eng & Inf ISSN: 2302-9285
A systematic mapping study of security, trust and privacy in clouds… (Isaac Odun-Ayo)
1607
Figure 4. Bubble map on cloud security, trust, and privacy
Table 4. Primary studies for topic and research facet
Research Facet
Topic
Evaluation Validation Solution Philosophical Experience Opinion
Privacy Issues and
Challenges
1, 6, 19, 21,
22, 39, 93, 96,
98, 102, 108,
113
41, 42, 43, 61,
62, 63,
4, 69, 72, 77,
79, 81, 82, 86,
90
Frameworks
28, 33, 38, 46,
65, 74, 101,
114,
71
2, 25, 27, 92, 87,
95
10, 48, 60
Cloud Trust
3, 26, 73, 75,
104, 110, 112
9, 12, 18, 36,
47, 83, 115
30, 49, 53 52
Techniques
5, 32, 84, 91,
99, 106,
14, 16, 88, 89,
105, 107,
20, 24, 31, 35,
50, 111,
Design
7, 34, 40, 51,
54, 55, 58, 64,
78
11, 44, 45, 67,
76, 94, 97,103,
109
70 56, 57, 85
23, 59, 66,
100
Data Security 13, 17, 15 8, 68 29, 37, 80,
Percentage 36.52% 27.83% 19.13% 6.96% 9.57% 0.00%
4.3. Main findings
Two x-y scatter plots containing bubbles where the intersections of the topic and contribution facets
lie, are contained within the first quadrant in Figure 4. The second quadrant of Figure 4 displays a visual
representation of the topic and research facet intersection, via a two x-y scatter plot containing bubbles. As
mentioned earlier, an identification of which category had been emphasized more during the study is made
possible via the analysis.
a. From the first quadrant, it was shown that numerous publications regarding privacy issues and challenges
existed within the domain of metric with 4.76%; others on cloud trust within the domain of tool were
8.75% of the total number of publications; also, additional publications on design within the domain of
model constituted 12.38% of the publications; more articles on technics within the domain of method
made up 6.67%; and other publications on privacy issues and challenges in the area of process with
8.57%.
b. From the second quadrant of Figure 4, articles were published on privacy issues and challenges within the
domain of evaluation research with 10.43%; some publications on design concerning validation research
11. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1598 – 1610
1608
made up 7.83%; other publications on frameworks and techniques within solution research domain with
5.22% each; and more articles published on privacy issues and challenges in respect to philosophical
research.
c. On the other hand, the domain of techniques had the least number of publications for validation research
at 0.87%, and the lowest number of design in solution research was 0.87%. Also, no publications were
found on data security with respect to evaluation research; there were no publications identified on
frameworks, cloud trust, techniques and data security in terms of philosophical research. No papers were
seen on privacy issues and challenges and techniques on experience research. There were no opinions on
all aspect of the study on security, trust and privacy in clouds.
d. Furthermore, there were no publications on frameworks, cloud, trust and techniques in the area of metric.
No articles were identified regarding data security with respect to tool and model. Also, no articles were
identified for framework and data security. Finally, no papers were published on cloud trust and design in
the area of process.
The aesthetics of systematic maps makes them signifies their usefulness, and they can quickly pique
readers’ interests. This usefulness is because the systematic maps help to summarize result and offer them to
researchers by combining the categories on the systematic map. Also, it allows simultaneous views of both
sides of the map. Gaps within domains of interest are easily identified when a systematic mapping study is
combined alongside a successive systematic literature review. However, standalone systematic mapping
studies are unique in their own rights.
The systematic map is useful because researchers at all levels and practitioners in various industries
can utilize the information presented as a Launchpad for further research. Cloud Computing security, trust
and privacy related topic classes considering privacy issues and challenges, frameworks, cloud trust, and data
security were provided by this study. Furthermore, a discussion of these study classes can be reviewed based
on either tool, model, method, metric, and process, or evaluation, validation, solution, philosophical, or
opinion research. Therefore, further research is recommended on them. The primary studies list that is
provided can further guide future researchers. This study shows the inexhaustible and continuous nature of
research work.
5. CONCLUSION
Cloud computing is evolving at a dynamic rate. More resources are being made available to the
users by the cloud providers. This rate of evolution, in turn, is encouraging more individuals and organization
alike to utilize cloud resources. Such kind of interactions will require adequate security, privacy and trust on
the part of CSPs. This has informed lots of research in privacy, security and trust in the cloud. Despite the
numerous publications available, there are shortages in some areas pointed out with the use of bubble plots;
hence revealing some research gaps in this field of study. Some aspects, where inadequate emphasis had been
placed on previously, regarding cloud security, privacy and trust, were identified by this study as a result of
the classifications used within the scheme. This paper contributes to knowledge through its indication of the
various portions of the study where shortcomings were found. These identified gaps and shortcomings
indicate the need for further research. They should serve as a general signpost for topics where more research
can be conducted on, in areas of security, privacy and trust in the cloud. This study could also be further
validated, and contradictory items resolved through additional research. In conclusion, a systematic map of
cloud security, privacy and trust, which could be of immense benefits to the cloud community is created via
this study. The study should support researchers in unveiling the major shortcomings of cloud security,
privacy and trust that previous researchers have not had the opportunity of exploring. Thus, contributing to
cloud computing knowledge.
ACKNOWLEDGMENT
We acknowledge Covenant University and the Centre for Research, Innovation, and Discovery
(CUCRID) for their support and sponsorship for this study.
REFERENCES
[1] R. Buyya, C. S. Yeo, S. venugopal, J, Brobeg, and I. Brandic, “Cloud computing and emerging IT platforms:
Vision, hype and reality for delivering computing as the 5th utility,” Future generation computer system, vol. 25,
no. 6, pp. 599-616, 2009, doi: 10.1016/j.future.2008.12.001.
12. Bulletin of Electr Eng & Inf ISSN: 2302-9285
A systematic mapping study of security, trust and privacy in clouds… (Isaac Odun-Ayo)
1609
[2] Isaac Odun-Ayo and B. Ehi, “Cloud Trust Management - Issues and Developments,” in Engineering and Computer
Science: Proceedings of The World Congress on Engineering and Computer Science, San Francisco, USA, 2018,
vol. 1, pp. 369-374.
[3] I. Odun-Ayo, B. Odede, and R. Ahuja, “Cloud Management Optimization - Issues and Developments,” International
Conference on Computational Science and Its Applications. Springer, Cham, San Francisco, USA, 2018, pp. 357-
362, doi: 10.1007/978-3-319-95171-3_54.
[4] T. Abayomi-Zannu and I. Odun-Ayo, “Cloud Identity Management-A Critical Analysis,” Lecture Notes in
Engineering and Computer Science: Proceedings of the International Multi Conference of Engineers and
Computer Scientists 2019 IMECS 2019, Hong Kong, 2019, pp. 170-175.
[5] V. Jain and V. Sharma, “Survey and analyzing security challenges and privacy in cloud computing,” International
journal of computer science and information technology and security, vol. 3, no 5, pp. 316-321, 2013.
[6] Prasanna Balasooriya, Santoso Wibowo, and Marilyn Wells Mobile and wireless technology “Data security and
privacy in the cloud: Driving to the next era of technology with confidence”, 2017.
[7] J. Ayoade, “Enhancing cloud computing with security trust model,” Asia Pacific Journal of Contemporary
Education and Communication Technology (APJCECT), vol. 3, no. 1, 2017.
[8] A. Glolami and E. Laure, “Security and privacy of sensitive data in cloud computing: A survey of recent
developments,” David C. Wyldetal (Eds): NETSOM, NCS, WIMONI, CSELT, SPM-2015, pp. 131-150, 2015, doi:
10.5121/csit.2015.51611.
[9] S. A. Hameed, A. Nirabi, M. H. Habaebi, A. Haddad, “Application of mobile cloud computing in emergency health
care,” Bulletin of Electrical Engineering and Informatics (BEEI) , vol. 8, no. 3, pp. 1088-1095, 2019.
[10] N. Chandrakala and B. T. Rao, “Migration of Virtual Machine to improve the Security in Cloud Computing,”
International Journal of Electrical and Computer Engineering, vol. 8, no. 1, pp. 210-219, 2018, doi:
10.11591/ijece.v8i1.pp210-219.
[11] S. Bhatia, and J. Malhotra, “CSPCR: Cloud Security, Privacy and Compliance Readiness-A Trustworthy
Framework,” International Journal of Electrical and Computer Engineering, vol. 8, no. 5, pp. 3756-3766, 2018,
doi: 10.11591/ijece.v8i5.pp3756-3766.
[12] R. Ganiga, R. M. Pai, M. M. P. Manohara, and R. K. Sinha, “Security framework for cloud based Electronic Health
Record (EHR) system,” International Journal of Electrical and Computer Engineering, vol. 10, no. 1, pp. 455-466,
2020, doi: 10.11591/ijece.v10i1.pp455-466.
[13] Y. K. Kumar, and R. M. Shafi, “An efficient and secure data storage in cloud computing using modified RSA
public key cryptosystem”, International Journal of Electrical and Computer Engineering, vol.10, no.1, pp. 530-
537, 2020, doi: 10.11591/ijece.v10i1.pp530-537.
[14] K. Petersen, S. Vakkalanka, and L. Kuzniarz, “Guidelines for conducting systematic mapping studies in software
engineering: An update,” Information and Software Technology, vol. 64, pp. 1-18, 2015, doi:
10.1016/j.infsof.2015.03.007.
[15] T. Kosar, S. Bohra, and M. Mernik, “Protocol of a systematic mapping study for domain-specific languages,” Journal
of Information and Software Technology 21(C). pp. 77-91, 2016.
[16] I. Odun-Ayo, R. Goddy-Worlu, J. Yahaya, and V. Geteloma, “A systematic mapping study of cloud policy languages
and programming models,” Journal of King Saud University–Computer and Information Sciences, 2019, doi:
10.1016/j.jksuci.2019.05.003.
[17] C. R. Fernandez-Blanco, F. Careri, K. Kavvadias, I. H. Gonzalez, A. Zucker, and E. Peteves, “Systematic mapping
of power system models: Expert survey,” EUR 28875 EN, Publications Office of the European Union,
Luxembourg, 2019, doi:10.2760/422399, JRC109123, 2017.
[18] C. Griffo, J. P. A. Almeida, and G. Guizzardi, “A systematic mapping of the literature on legal core ontologies,” in
Brazilian Conference on Ontologies, ONTOBRAS 15, CEUR Workshop Proceedings, 1442, 2015.
[19] I. Odun-Ayo, V. Geteloma, I. Eweoya, and R. Ahuja, “Virtualization, Containerization, Composition, and
Orchestration of Cloud Computing Services,” In International Conference on Computational Science and Its
Applications, Springer, Cham, 2019, pp. 402-417.
[20] M. Alavi and D. E. Leidner, “Knowledge management and knowledge management systems: Conceptual
foundations and research issues,” MIS Quarterly, vol. 25, no. 1, pp. 107-136, 2001, doi: 10.2307/3250961.
[21] I. Odun-Ayo, R. Goddy-Worlu, V. Samuel, and V. Geteloma, “Cloud Design and Deployment Models: A
Systematic Mapping Study,” BMC Research Notes, vol. 12, no. 1, p. 436, doi: 10.1186/s13104-019-4474-y.
[22] S. K. Boell and D. Cecez-Kecmanovic, “On being ‘Systematic’ in literature reviews,” in Formulating Research
Methods for Information Systems, pp. 48-78, 2015, doi: 10.1057/9781137509888_3.
[23] P. Brereton, B. A. Kitchenham, D. Budgen, M. Turner, and M. Khalil, “Lessons from applying the systematic
literature review process within the software engineering domain,” Journal of Systems and Software, vol 80, no. 4,
pp. 571-583, 2007, doi: 10.1016/j.jss.2006.07.009.
[24] B. I. Ya’u, N. Salleh, A. Nordin, N. B. Idris, H. Abas, and A. A. Alwan, “A systematic mapping study on cloud-
based mobile application testing,” Journal of Information and Communication Technology, vol. 18, no. 4, pp. 485-
527, 2019, doi: 10.32890/jict2019.18.4.5.
[25] H. M. Cooper, “Scientific guidelines for conducting integrative research reviews,” Review of educational research,
pp. 291-302, 1982.
[26] J. L. Galvan and M. C. Galvan, “Writing literature reviews: A guide for students of the social and behavioral
sciences,” Routledge, 2017
13. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1598 – 1610
1610
[27] B. Kitchenham, O. P. Brereton, D. Budgen, M. Turner, J. Bailey, and, S. Linkman, “Systematic literature reviews
in software engineering–a systematic literature review,” Information and Software Technology, vol. 51, vol. 1, pp.
7-15, 2009, doi: 10.1016/j.infsof.2008.09.009.
[28] I. Odun-Ayo, G. W. Rowland, B. Sherrene, And G. Victor, “A Systematic Mapping Study of mobile and Efficient
use of cloud,” ICIC express letters. Part B, Applications : an international journal of research and surveys, vol. 10,
no. 9, pp. 797-804, 2019.
[29] J. Vom, Brocke, A. Simons, K. Riemer, B. Niehaves, R. Plattfaut, and A. Cleven, “Standing on the Shoulders of
Giants: Challenges and Recommendations of Literature Search,” in Information Systems Research, CAIS, vol. 37,
p. 9, 2015, doi: 10.17705/1CAIS.03709.
[30] S. M. Rosli, M. M. Rosli, and R. Nordin, “A mapping study on blood glucose recommender system for patients
with gestational diabetes mellitus,” Bulletin of Electrical Engineering and Informatics, vol. 8, no. 4, pp. 1489-1495,
2019, doi: 10.11591/eei.v8i4.1633.
[31] Y. Yan, H. Xiahong and W. Wanjun, “Location-Based Services and Privacy Protection under Mobile Cloud
Computing,” Bulletin of Electrical Engineering and Informatics, vol. 4, no. 4, pp. 345-354, 2015.
[32] K. S. Gururaj and K. Thippeswamy, “Cloud based secured framework for implementation of online voting
system,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 15, no. 1, pp. 328-335, 2019,
doi: 10.11591/ijeecs.v15.i1.pp328-335.
[33] A. B. Muhammad and M. Ali Babar, “A systematic mapping study of software architectures for cloud-based
systems,” Software system section, IT University of Copenhagen. 2014.
[34] C. Wohlin, “Guidelines for snowballing in systematic literature studies and a replication in software engineering,”
In Proceedings of the 18th international conference on evaluation and assessment in software engineering, pp. 1-
10, 2014, doi: 10.1145/2601248.2601268.
[35] V. Braun and V. Clarke, “Using thematic analysis in psychology,” Qualitative research in psychology, vol. 3, no. 2,
pp. 77-101, 2006, doi: 10.1191/1478088706qp063oa.
[36] R. Wieringa, N. Maiden, N. Mead, and C. Rolland, “Requirement engineering paper classification and evaluation
criteria: A proposal and a discussion,” Requirement engineering, vol. 11, no. 1, pp. 102-10, 2006, doi:
10.1007/s00766-005-0021-6.
BIOGRAPHIES OF AUTHORS
Isaac A. Odun-Ayo was born in Ilesha, Nigeria in 1962. He received the BS, MS and Ph.D
degrees in Computer Science from the University of Benin, Benin City, Nigeria. Between 2010
and 2013 he was a faculty and Director Information and Communication Technology at the
National Defence College, Abuja, Nigeria. He joined the faculty of Covenant University, Ota,
Nigeria as a Senior Lecturer in October 2016. He is the author of one book and more than 40
journal and conference articles in Cloud Computing. His research interests include cloud
computing, human resource management, e-governance and software engineering. Dr. Odun-
Ayo is a recipient of the National Productivity Order of Merit Award, Nigeria for his
contribution to computing. He is a member of the Nigeria Computer Society (NCS), Computer
Professionals of Nigeria (CPN), International Association of Engineers (IAENG), Institute of
Electrical and Electronics Engineers (IEEE) and Member Information Science Institute (ISI).
Oladapo A. Alagbe is a research assistant and a postgraduate student at the Department of
Computer and Information Sciences, Covenant University, with a focus on Management and
Information Systems. He received a B.Tech in Computer Science from Ladoke Akintola
University of Technology (LAUTECH), Ogbomosho. He is passionate about Mobile, Fog and
Cloud Computing, Cyber Security and how they affect organizatons
Jamaiah Yahaya is Associate Professor at Faculty of Information Science and Technology
(FTSM), The National University of Malaysia (UKM) since July 2011. Prior that she worked as
a senior lecturer in School of Computing, Northern University of Malaysia (UUM) and a system
analyst at University of Science Malaysia. Her bachelor degree was BSc in Computer Science
and Mathematics from University of Wisconsin-La Crosse, USA (1986), MSc in Information
System from University of Leeds, UK (1998), and PhD in Computer Science from The National
University of Malaysia (UKM) (2007). Her PhD thesis was the development of software
certification model, and later, she continued her PhD research as a post-doctoral fellow in UKM
(2008). Currently, she is the head of the PhD program in FTSM, UKM. Her research interests are
software quality, software development and management, and software assessment and impact.
She is an active researcher with more than 100 publications in international journals and
proceedings for the last five years.