This document identifies and categorizes various vulnerabilities and threats in cloud computing. It discusses 8 categories of threats: abuse of resources, insecure interfaces, technology sharing issues, data leakages, service hijacking, malicious insiders, data separation, and unknown risks. For each threat, it provides details on how attackers can exploit vulnerabilities as well as recommendations for cloud service providers to mitigate risks, such as implementing strong access controls, encryption, monitoring, and auditing. The conclusion states that while cloud computing is widely adopted, organizations must still be aware of security issues and work to address them.
— in distributed computing environment, Mobile agents
are mobile autonomous processes which operate on behalf of
users (e.g., the Internet). These applications include a specialized
search of a middleware services such as an active mail system,
large free-text database, electronic malls for shopping, and
updated networking devices. Mobile agent systems use less
network bandwidth, increase asynchrony among clients and
servers, dynamically update server interfaces and introduce
concurrency. Due to software components, security of mobile
agent is essential in any mobile agent based application. Security
services such as Confidentiality, Integrity, Authentication,
Authorization and Non-Repudiation are discussed and combat
with by the researchers. This work is proposing a new technique
for access control area of security for the mobile agents and it
will be implemented using an example of shopping cart data
sharing for multiple levels.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
— in distributed computing environment, Mobile agents
are mobile autonomous processes which operate on behalf of
users (e.g., the Internet). These applications include a specialized
search of a middleware services such as an active mail system,
large free-text database, electronic malls for shopping, and
updated networking devices. Mobile agent systems use less
network bandwidth, increase asynchrony among clients and
servers, dynamically update server interfaces and introduce
concurrency. Due to software components, security of mobile
agent is essential in any mobile agent based application. Security
services such as Confidentiality, Integrity, Authentication,
Authorization and Non-Repudiation are discussed and combat
with by the researchers. This work is proposing a new technique
for access control area of security for the mobile agents and it
will be implemented using an example of shopping cart data
sharing for multiple levels.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking “secrecy†and “quality†of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
Security has been identified as the major concern for the agent paradigm for two reasons. First, foreign code that executes on a site shares that site's services and resources with local processes and other agents. Services can include electronic commerce utilities. Resources include the file system, the GUI and the network server, as well as memory and CPU. It is difficult for a site to ensure that no agent can steal information or corrupt another agent or shared resource. The second security problem is that the agent itself can be circumvented by a malicious site which may steal or corrupt agent data or simply destroy the agent. To solve this problems we build a mini–password manager using a code in language Java. Then we incorporate the mini–password manager into the simple web server to authenticate users that would like to download documents and resources. The goal of this paper is to accentuate the positive aspects that agents bring to Internet security.
Cloud has major security challenges which can be a nightmare for any organization or clients. This paper published in IEEE discusses the cloud implementation security challenges with greater details. It is really a good reference for cloud security and privacy researchers.
Protect customer's personal information eng 191018sang yoo
Let's take a look at the mcloudoc-based personal information protection function!
First of all, by unifying the personal information management points, all information managed sporadically on a personal PC is easily managed, reducing the management cost!
In addition, it is possible to control the personal information document because the authority to handle the document can be granted depending on the role of the employee who manages the personal information document.
Even personal information hidden in centralized documents can be detected, and the work history of users using personal information documents can also be tracked, which can also be used to leak malicious documents.
Now, how about realizing the protection of personal information documents with mcloudoc?
Start with mcloudoc!
A Darktrace Proof of Value is a 30-day free trial.
In 95% of organizations, Darktrace finds genuine cyber-threats that others have missed, from insider threat to IoT hacks, malware and misconfigurations to data leakage and unusual behaviors.
During a 30-day trial, our quick to install software will discover what’s lurking inside your organization.
There is no commitment and you'll benefit from a dedicated account team with three tailor made reports by our expert Cyber Technologists.
This 30-day trial has a value of between $10,000 and $20,000.
Study of Optical Property of Gel Grown Mercuric Iodate CrystalsIOSR Journals
Mercuric Iodate Crystals were grown by a simple gel technique using diffusion method. The optimum growth conditions were established for the growth of these crystals by changing various parameters such as pH of the gel solution, gel concentration, gel setting time, concentrations of reactants etc. The grown Mercuric Iodate crystals were spherical in shape. These crystals were opaque. The crystals were characterized using UV-VIS Specrophotometrry.
m - projective curvature tensor on a Lorentzian para – Sasakian manifoldsIOSR Journals
In this paper we studied m-projectively flat, m-projectively conservative, 𝜑-m-projectively flat LP-Sasakian manifold. It has also been proved that quasi m- projectively flat LP-Sasakian manifold is locally isometric to the unit sphere 𝑆𝑛(1) if and only if 𝑀𝑛 is m-projectively flat.
Development Of Public Administration Program Development System in Rural Serv...IOSR Journals
This study aims to, knowing what aspects can be developed to increase the service capacity of village government, knowing the role of village and community in carrying out the functions and enhanced customer service and public administration, the factors that affect the improvement of rural public administration system to improve service capacity of village government, get a picture of the service capacity building and development of public administration system at the level of village government. The target to be achieved is to increase public administration system in the country so as to improve the capacity of government services to the rural community.From the study of theory, analysis and discussion on the findings of the field, it was found that the embodiment of the village administration, particularly on the object of research is still not optimal. Not optimal realization of the village administration, mainly reflected in: Still unclear performance standards that can be measured to determine the quality of the resulting output.
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...IOSR Journals
Purpose –Thepurpose of this paper is to evaluate the impact of the corporate governance regulationsimplementation and firm size onthe earning management for food and beverages companies in Indonesian Stock Exchange. Design/methodology/approach –The multiple regression is utilized to test this relationship at 95% confidence.Corporate governance was proxied by board of director, audit quality, and board independence. Firm size was represented by natural logarithm of total assets. Earning management was measured by Jones model withdiscretionary accruals. Findings – Using data from the year 2005 annual reports of 51 food and beverages listed companies,including the composite index, the results showed that twoof the corporate governance variables, namely board of director and audit quality, as well as firm size are statistically significant in explaining earning management measured bydiscretionary accruals. Research limitations/implications – The regulations on corporate governance were implementedin 2005, but not all of food and beverages listed companies implemented the regulations in 2005. Practical implications – An implication of this finding is that regulatory efforts initiated after the1997 financial crisis to enhance corporate transparency and accountability did not appear to result on better corporate performance. Originality/value – This is one of the few studies which investigates the impact of regulatory actionson corporate governance on earning management immediately after its implementation.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking “secrecy†and “quality†of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
Security has been identified as the major concern for the agent paradigm for two reasons. First, foreign code that executes on a site shares that site's services and resources with local processes and other agents. Services can include electronic commerce utilities. Resources include the file system, the GUI and the network server, as well as memory and CPU. It is difficult for a site to ensure that no agent can steal information or corrupt another agent or shared resource. The second security problem is that the agent itself can be circumvented by a malicious site which may steal or corrupt agent data or simply destroy the agent. To solve this problems we build a mini–password manager using a code in language Java. Then we incorporate the mini–password manager into the simple web server to authenticate users that would like to download documents and resources. The goal of this paper is to accentuate the positive aspects that agents bring to Internet security.
Cloud has major security challenges which can be a nightmare for any organization or clients. This paper published in IEEE discusses the cloud implementation security challenges with greater details. It is really a good reference for cloud security and privacy researchers.
Protect customer's personal information eng 191018sang yoo
Let's take a look at the mcloudoc-based personal information protection function!
First of all, by unifying the personal information management points, all information managed sporadically on a personal PC is easily managed, reducing the management cost!
In addition, it is possible to control the personal information document because the authority to handle the document can be granted depending on the role of the employee who manages the personal information document.
Even personal information hidden in centralized documents can be detected, and the work history of users using personal information documents can also be tracked, which can also be used to leak malicious documents.
Now, how about realizing the protection of personal information documents with mcloudoc?
Start with mcloudoc!
A Darktrace Proof of Value is a 30-day free trial.
In 95% of organizations, Darktrace finds genuine cyber-threats that others have missed, from insider threat to IoT hacks, malware and misconfigurations to data leakage and unusual behaviors.
During a 30-day trial, our quick to install software will discover what’s lurking inside your organization.
There is no commitment and you'll benefit from a dedicated account team with three tailor made reports by our expert Cyber Technologists.
This 30-day trial has a value of between $10,000 and $20,000.
Study of Optical Property of Gel Grown Mercuric Iodate CrystalsIOSR Journals
Mercuric Iodate Crystals were grown by a simple gel technique using diffusion method. The optimum growth conditions were established for the growth of these crystals by changing various parameters such as pH of the gel solution, gel concentration, gel setting time, concentrations of reactants etc. The grown Mercuric Iodate crystals were spherical in shape. These crystals were opaque. The crystals were characterized using UV-VIS Specrophotometrry.
m - projective curvature tensor on a Lorentzian para – Sasakian manifoldsIOSR Journals
In this paper we studied m-projectively flat, m-projectively conservative, 𝜑-m-projectively flat LP-Sasakian manifold. It has also been proved that quasi m- projectively flat LP-Sasakian manifold is locally isometric to the unit sphere 𝑆𝑛(1) if and only if 𝑀𝑛 is m-projectively flat.
Development Of Public Administration Program Development System in Rural Serv...IOSR Journals
This study aims to, knowing what aspects can be developed to increase the service capacity of village government, knowing the role of village and community in carrying out the functions and enhanced customer service and public administration, the factors that affect the improvement of rural public administration system to improve service capacity of village government, get a picture of the service capacity building and development of public administration system at the level of village government. The target to be achieved is to increase public administration system in the country so as to improve the capacity of government services to the rural community.From the study of theory, analysis and discussion on the findings of the field, it was found that the embodiment of the village administration, particularly on the object of research is still not optimal. Not optimal realization of the village administration, mainly reflected in: Still unclear performance standards that can be measured to determine the quality of the resulting output.
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...IOSR Journals
Purpose –Thepurpose of this paper is to evaluate the impact of the corporate governance regulationsimplementation and firm size onthe earning management for food and beverages companies in Indonesian Stock Exchange. Design/methodology/approach –The multiple regression is utilized to test this relationship at 95% confidence.Corporate governance was proxied by board of director, audit quality, and board independence. Firm size was represented by natural logarithm of total assets. Earning management was measured by Jones model withdiscretionary accruals. Findings – Using data from the year 2005 annual reports of 51 food and beverages listed companies,including the composite index, the results showed that twoof the corporate governance variables, namely board of director and audit quality, as well as firm size are statistically significant in explaining earning management measured bydiscretionary accruals. Research limitations/implications – The regulations on corporate governance were implementedin 2005, but not all of food and beverages listed companies implemented the regulations in 2005. Practical implications – An implication of this finding is that regulatory efforts initiated after the1997 financial crisis to enhance corporate transparency and accountability did not appear to result on better corporate performance. Originality/value – This is one of the few studies which investigates the impact of regulatory actionson corporate governance on earning management immediately after its implementation.
Fluorescence technique involves the optical detection and spectral analysis of light emitted by a substance undergoing a transition from an excited electronic state to a lower electronic state. The aim of this study is to assess the -amino levulinic acid (-ALA) uptake. Based on image processing technique, Matlab was used to analyze the fluorescence images resulted from activation of (-ALA) and follow its uptake along one week. Analyzing the RGB colours pixel profile from obtained results showed different profiles for malignant tissues, normal tissues, treated just after PDT and finally at one week post PDT. The treated tissues fluorescence profile showed changes from closer to malignant tissue profile till been closed to normal one.
Non- Newtonian behavior of blood in very narrow vesselsIOSR Journals
The purpose of the study is to get some qualitative and quantitative insight into the problem of flow in vessels under consideration where the concentration of lubrication film of plasma is present between each red cells and tube wall. This film is potentially important in region to mass transfer and to hydraulic resistance, as well as to the relative resistance times of red cells and plasma in the vessels network.
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
Technical solutions, introduced by policies and implantations are essential requirements of an
information security program. Advanced technologies such as intrusion detection and prevention system (IDPS)
and analysis tools have become prominent in the network environment while they involve with organizations to
enhance the security of their information assets. Scanning and analyzing tools to pinpoint vulnerabilities, holes
in security components, unsecured aspects of the network and deploying of IDPS technology are highlighted.
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...IOSR Journals
Certain Surgical Clinical Conditions Manifests To Variable Extents With High
Prevalence In Hilly Regions. The Discrete Analysis Of Different Aetio-Pathogenesis Factors & Resultant Patho-
Physiological Changes Exhibit Comparative Co-Relation To Clinical Manifestations, ManageMent GuideLines &
OverAll Result OutCome ParaMetres.
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...IOSR Journals
Abstract: The computer networks have evolved themselves into an altogether new generation with Mobile Ad-Hoc networks. The Mobile Ad-Hoc Networks are increasingly becoming more sophisticated and complex in terms of topology, routing and security[1][2][3]The new age MANETs incorporate routing of heavier traffic classes like audio, video and multimedia. It has become important to study the performance characteristics of the multimedia traffic class in MANETS [10] that includes packet loss rate and throughput. In this paper we will discuss these performance parameter throughput under different scenarios like varying Bandwidth, channel error rate, delay and fragment size. Keywords: MANET, Packet loss rate, Throughput, Bandwidth, Fragment size
Influence of chimney effect on the radon effective dose of the lung simulated...IOSR Journals
One of the well-known radon prone areas of the world is Ramsar in Iran, which is surrounded by the
Alborz Mountain in its southern part and Caspian Sea on the north. The annual effective dose in the district of
Talesh-Mahalleh is higher than the annual dose limits for radiation workers. In this study, the indoor radon
level and effective dose of the lung were estimated using a Prassi portable radon gas survey meter in a model
house containing top soil samples from different parts of Ramsar. For the extremely hot samples, the effective
dose of the lung in winter season was 27.75±2.55mSv, when the windows and exhaust part of chimney were
closed. However, when the chimney was turned on and the exhaust part of chimney was open, the effective dose
of the lung was reduced to 1.27±0.23mSv. Also the seasonal radon effective doses of the lung with other samples
were reduced to low values. The results suggest by using chimney effect and chimney heaters a significant
lessening of the radon seasonal effective dose in dwellings of Ramsar can be achieved.
Ecological consequences of The Acid rainIOSR Journals
Acid rain affects each and every components of ecosystem. Acid rain also damages man-made materials and structures Acid rain is one of the most serious environmental problems emerged due to air pollution Sulphur dioxide (SO2) and oxides of nitrogen and ozone to some extent are the primary causes of acid rain. These pollutants originate from human activities such as combustion of burnable waste, fossil fuels in thermal power plants and automobiles. These constituents interact with reactants present in the atmosphere and result into acid deposition Due to the interaction of these acids with other constituents of the atmosphere, protons are released causing increase in the soil acidity, lowering of soil pH mobilizes and leaches away nutrient cations and increases availability of toxic heavy metals. Such changes in the soil chemical characteristics reduce the soil fertility, which ultimately causes the negative impact on growth and productivity of forest trees and crop plants. Acid rain has also been reported in India. A rainfall of pH 3.5 was reported in Mumbai. The air pollution levels are steadily rising in the metropolitan cities like Kolkata, Delhi, Mumbai. Acid rain problem in Bihar, West Bengal, Orissa and southern coastal India has been predicted to lead to infertile soil. Acid rain makes the water bodies acidic. The amphibians are also affected by acidification of water bodies .At low pH, many species of amphibians including frogs, toads and salamander are particularly sensitive. Indirect effect of acid rain on human health involves toxic heavy metals because these are liberated from soil when soil gets acidified. The most common heavy metals are Al, Cd, Zn, Pb, Hg, Mn and Fe. These mobilized contaminants are dissolved in soil and water make their way to groundwater that is drunk by humans and contaminate the food (Fish, meat, and vegetables) eaten by humans .These heavy metals get accumulated in the body and resulted into various health problems like dry coughs, asthma, headache, eye, nose and throat irritations. Acid rain problem has been tackled to some extent in the developed world by reducing the emission of the gases causing acid rain.
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review ArticleIOSR Journals
First of all I give my love to all the students who reside in ‘Chemistry Phobia zone’. In this short article I shall try to share my simple thinking that I achieved during my last 16 years of journey in the route of Chemical Education. Before starting my journey it was a big encounter for me to change the conventional methods and makes chemistry easier and interesting to such student who belongs to Chemistry Paranoia Zone. I believe that students are just like flowers and it is our duty to nourish them properly as a gardener. In my infinitely small area of knowledge, I just try to innovate fourteen (14) teaching methodologies by including thirty four (34) completely new formulae in the chemistry world which were followed by different eminent writers in their books since last 90-95 years namely Sir G.Wilkinson, Prof. F. Albert Cotton, Prof. I.L.Finar, Prof. R.T. Morrison, Prof. R.N. Boyd, Prof. Solomons and Prof. Fryhle, Prof. J.G. Smith etc..
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...IOSR Journals
The objective of the present investigation was to study the protective role of High dietary protein on arsenic induced hepatotoxicity model in adult male albino rats. Hepatotoxicity in rats was caused by arsenic tri oxide at a dose of 3mg- /ml/kg body weight. Hepamerz, a drug used as standard hepatoprotective agent, was administered orally as standard hepatoprotective agent for 14 consecutive days prior to arsenic treatment at a dose of 10mg- /ml/kg body weight. This drug has many side effects. These side effects have prompted the scientific world for the search of alternative natural remedies of liver damage. The High dietary protein was administered orally to rats along with arsenic. The biochemical parameters were investigated. The results indicated that biochemical changes produced by arsenic were restored to almost normal by High protein diet. The High protein diet produced hepatoprotective effect through the modulation of antioxidant - mediated mechanism by altering serum glutamate oxaloacetate transaminase (SGOT), serum glutamate pyruvate transaminase (SGPT), alkaline phosphatase (ALP), superoxide dismutase (SOD) and catalase (CAT) activities and reduced glutathione (GSH) and lipid peroxidation (LPO) levels - against arsenic induced hepatotoxicity model in rats.
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
Abstract: Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment.
Keywords: Mist, Insider data stealing, Bait information, Lure Files, Validating user
9 Things You Need to Know Before Moving to the Cloudkairostech
Cloud computing has emerged and paved its way forward at an unprecedented pace. It has managed to simultaneously transform business and government giving rise to new security challenges. The emergence of the cloud service model provides business supporting technology with an increased efficiency than ever before. The paradigm shift from server to service has revolutionized the way IT departments think, design, and provide computing solutions and applications. Yet, these revolutions have given birth to new security challenges – the full impact of which is yet to be determined.
Seven Deadly Threats and Vulnerabilities in Cloud ComputingMervat Bamiah
Cloud computing has been developed to reduce IT
expenses and to provide agile IT services to individual users as
well as organizations. It moves computing and data away from
desktop and portable PCs into large data centers. This
technology gives the opportunity for more innovation in
lightweight smart devices and it forms an innovative method of
performing business. Cloud computing depends on the internet
as a medium for users to access the required services at any time
on pay-per-use pattern. However this technology is still in its
initial stages of development, as it suffers from threats and
vulnerabilities that prevent the users from trusting it. Various
malicious activities from illegal users have threatened this
technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result
into damaging or illegal access of critical and confidential data of
users. This research paper describes the characteristics (threats,
vulnerabilities) associated with a stormy cloud.
Security for Effective Data Storage in Multi CloudsEditor IJCATR
Cloud Computing is a technology that uses the internet and central remote servers to maintain data and
applications. Cloud computing allows consumers and businesses to use applications without installation and access their personal
files at any computer with internet access. This technology allows for much more efficient computing by centralizing data
storage, processing and bandwidth. The use of cloud computing has increased rapidly in many organizations. Cloud computing
provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor
in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers
may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of
service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in
other words, “interclouds” or “cloud-of clouds” has emerged recently. This paper surveys recent research related to single and
multi-cloud security and addresses possible solutions. It is found that the research into the use of multicloud providers to maintain
security has received less attention from the research community than has the use of single clouds. This work aims to promote the
use of multi-clouds due to its ability to reduce security risks that affect the cloud computing user.
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
Excellent Manner of Using Secure way of data storage in cloud computingEditor IJMTER
The major challenging issue in Cloud computing is Security. Providing Security is big issue
towards protecting data from third person as well as in Internet. This mainly deals the Security how it is
provided. Various type of services are there to protect our data and Various Services are available in Cloud
Computing to Utilize effective manner as Software as a Service (SaaS), Platform as a Service (PaaS),
Hardware as a Service (HaaS). Cloud computing is the use of computing resources (hardware and
software) that are delivered as a service over Internet network. Cloud Computing moves the Application
software and databases to the large data centres, where the administration of the data and services may not
be fully trustworthy that is in third party here the party has to get certified and authorized. Since Cloud
Computing share distributed resources via network in the open environment thus it makes new security
risks towards the correctness of the data in cloud. I propose in this paper flexibility of data storage
mechanism in the distributed environment by using the homomorphism token generation. In the proposed
system, users need to allow auditing the cloud storage with lightweight communication. While using
Encryption and Decryption methods it is very burden for a single processor. Than the processing
Capabilities can we utilize from Cloud Computing.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
AbstractCloud computing technology has become the new fron.docxSALU18
Abstract
Cloud computing technology has become the new frontier in the computing world. The technology has massively impacted individuals and business across the world. However, the technology is faced with certain challenges. This paper provides an in-depth analysis of the security challenges associated with cloud computing, including the respective threats and vulnerabilities. Additionally, the paper addresses the benefits, solutions, and recommendations of cloud computing technology.
Cloud Computing SecurityIntroduction
Over the last half of the century, the Information and Technology field has greatly evolved. Technology is very important to the different sectors of current society. Information, communication and technology (ICT) devices are dependent on one another and when one is disrupted, the rest may also be affected. In previous years, ICT experts have expressed their concern over the protection of ICT systems and cyber-attacks which have prompted them to consider the establishment of policies for the prevention of serious cybercrimes. They expect that in the years to come, these threats to ICT systems will increase significantly and affect several organizations. Cyber security is defined as the act of providing protection to ICT systems and what is contained in them. The term is broad and ambiguous; it tends to contradict the basic nature or scope of its meaning. In some occasions, it is integrated with other concepts such as privacy, the sharing of data and information, accumulation of intelligence and surveillance. Nevertheless, cyber security can be a very vital tool in the protection of privacy and the prevention of unauthorized access and sharing of information. For instance, cyber security facilitates a secured sharing of information amongst different systems within an organization. The focus of this paper is on the theme of vulnerability analysis. It will examine recent Insecurity controls among organizations and in the ICT sector.
Cloud computing technology has sparked a lot of debate in recent years. Proponents have expressed optimism with the technology, proclaiming it as the next frontier of the internet. However, critics believe the technology is short-lived because it is founded on old technologies. Cloud computing is an information technology phenomenon where computer services are provided over the internet. Additionally, cloud computing provides a number of IT solutions for businesses and therefore, significantly improves the quality of services. Cloud computing technology can be deployed in four main models: public, private, hybrid and community models. Conversely, the technology is recognized in different models that include Software as a service (SaaS), platform as a service (PaaS) and Infrastructure as a service (IaaS). SaaS, in particular, is a cloud computing model where applications are hosted remotely by a provider and accessed via the internet on a subscription basis. This paper will identify the sec.
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
Cloud computing enables users to utilize the services of computing resources. Now days computing resources in mobile applications are being delivered with cloud computing. As there is a growing need for new mobile applications, usage of cloud computing can not be overlooked. Cloud service providers offers the services for the data request in a remote server. Virtualization aspect of cloud computing in mobile applications felicitates better utilization of resources. The industry needs to address the foremost security risk in the underlying technology. The cloud computing environment in mobile applications aggravated with various security problems. This paper addresses challenges in securing data in cloud for mobile Cloud computing and few mechanisms to overcome.
Cloud Application Security Best Practices To follow.pdfTechugo
Cloud application security is the practice of protecting cloud-based applications and data from unauthorized access, theft, or loss. It involves implementing various security measures such as encryption, access controls, firewalls, and monitoring to ensure that cloud applications are secure from threats.
Cloud Application Security Best Practices To follow.pdfTechugo
Around 75% of modern workloads are now in the cloud. Millions of workers use cloud computing daily to communicate, code, and manage customer relations. Cloud computing is cost-effective, flexible, and convenient. However, cloud computing can pose security risks.
Data is now an essential resource available to Enterprises. It's no wonder that there are many criminals trying to stop Enterprise companies by stealing and damaging the data.
Data security is about protecting information from being accessed by unauthorized users, data corruption with malicious intent , and theft of data. It is possible to ask why security companies speak about protecting their network, applications, and the endpoints, and less about data. The reason is because data has a significant relationship to data as well as applications and systems. If applications and systems aren't protected from the bad guys Data security isn't feasible.
"Data has become the latest Oil This phrase describes the relationship between applications and data. Data is just like oil in its unprocessed form is not beneficial unless it's refined to be used. Software processes data and display it to users in an simple to consume fashion.
SASE's function for Data Security
Please go through the the Decoding SASE blog to learn more about SASE.
SASE plays a crucial role in securing applications that are part of the distributed workforces and distributed deployments in the cloud, On-Prem and public edges. The following sections will highlight the main security issues and the way SASE can address them.
Enterprises design and implement many applications to serve various business needs. Each application may not need access to all Enterprise data. In addition, all users of applications do not need access to all information in the application. Because of this "Least Access Privilege" and "Identity Based access Controls" constitute the keys in securing data.
Applications aren't as simple anymore. Software developers use a myriad of components, including in-house built as well as purchased and open source. This makes the software more complicated and susceptible to attack. Attackers are likely to use the threat information base and attempt to exploit the weaknesses to gain access to applications, and eventually access to the data. Therefore, securing against threat vulnerabilities is crucial for the security of data.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Essentials of Automations: Optimizing FME Workflows with Parameters
A017130104
1. IOSR Journal of Computer Engineering (IOSR-JCE)
e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. III (Jan – Feb. 2015), PP 01-04
www.iosrjournals.org
DOI: 10.9790/0661-17130104 www.iosrjournals.org 1 | Page
Identified Vulnerabilitis And Threats In Cloud Computing
Mr.Amol R.Yadav
Lecturer, Department of Computer Engineering,
Shree Santkrupa Institute of Engineering & Technology(Polytechnic), Ghogaon, Karad-India
Abstract: Nowadays Cloud computing becomes a popular research subject. Almost all types of organizations
adopting cloud computing technology. Organizations use the Cloud as (SaaS, PaaS, and IaaS) and deployment
models (Private, Public, Hybrid, and Community. As cloud services are more efficient to the service providers
and clients but some issues in case of security Is important, which we have to take in to account. These types of
issues may be faced by service providers as well as clients. In this paper we will revise some cloud security
threats.
Keywords: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS),
Application presentation Interfaces (APIs).
I. Introduction
The number and types of cloud computing service providers increases over the world. They offer the
services as an applications, platforms as well as infrastructures in the illusion of unlimited networking resources
to the users. But the issues related to the security and effectiveness of cloud services is important from the view
of service providers as well as service users. The responsibility goes both the ways, however: the provider must
ensure that their infrastructure is secure and that their clients’ data and applications are protected while the user
must take measures to fortify their application and use strong passwords and authentication measures. In this
document we try to assist the organizations to manage and control the calculated risks about the valuable data of
client organizations. In addition this threat research document will be essential for implementing the security
policies. The rise and rise of mobile usage and the Cloud have seen third party attackers change their
approaches. Cloud services, social media websites and smartphone operating system devices have all become
new targets, while traditional user data and website denial of service hacks remain popular. We categorized the
analysis of threats in this document. When an organization elects to store data or host applications on the public
cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially
business sensitive and confidential data is at risk from insider attacks. According to a recent Cloud Security
Alliance Report, insider attacks are the third biggest threat in cloud computing. Therefore, Cloud Service
providers must ensure that thorough background checks are conducted for employees who have physical access
to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity.
In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than
one customer's data on the same server. As a result there is a chance that one user's private data can be viewed
by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should
ensure proper data isolation and logical storage segregation.
II. Categories of Threats
Fig-1. Categories of Threats
2. Identified Vulnerabilitis And Threats In Cloud Computing
DOI: 10.9790/0661-17130104 www.iosrjournals.org 2 | Page
A. Abuse of Resources
Almost cloud service providers offer their services with frictionless and easy registration process. So
anyone can get access with only credit card. Some providers offers free trial period also. By misusing this
information the spammers, malicious code authors, and other criminals have been able to conduct their activities
with relative impunity. PaaS providers usually face such type of attacks. Also the possibility is that hackers can
attack the PaaS providers also by tracking the confidential information like password and usernames.
For controlling the abuse of PaaS providers can controls operating systems, servers, and network
infrastructure needed to run the SaaS application. The provider also controls what social media tools to
download to the developer's mobile device. The provider sets the user, resource, data requests, and social media
threshold levels. Also for access providers has to control logging capabilities by setting proper authorization.
Also SaaS provider manages access controls by limiting the number of authorized users who can concurrently
access the application as set forth in a user threshold policy. The provider limits the number of users who can
use social media tools as set forth in a social media threshold policy. The provider controls operating systems,
servers, and network infrastructure needed to run the SaaS application. The provider also controls what social
media tools to download to the mobile device or to use with the device.
B. Insecure Interfaces
Cloud service providers use varieties of software interfaces and APIs that customers use to manage and interact
with cloud service. The security and availability of general cloud services is dependent upon the security of
these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces
must be designed to protect against both accidental and malicious attempts to circumvent policy. Since the APIs
are accessible from anywhere on the Internet, malicious attackers can use them to compromise the
confidentiality and integrity of the enterprise customers. An attacker gaining a token used by a customer to
access the service through service API can use the same token to manipulate the customer’s data. Therefore it’s
imperative that cloud services provide a secure API, rendering such attacks worthless. Attackers over the past
three years have begun to actively target the digital keys used to secure the Internet infrastructure.
C. Techology Shearing Issues
Working of cloud computing is actually based on shearing of resources. Almost providers present their
services in scalable way of shearing infrastructure which is not generally developed for working under multi-
tenant architecture. To remove these types of obstacles a virtualization hypervisor mediates access between
guest operating systems and the physical compute resources. On the highest layer, there are various attacks on
the SaaS where an attacker is able to get access to the data of another application running in the same virtual
machine. The same is true for the lowest layers, where hypervisors can be exploited from virtual machines to
gain access to all VMs on the same server (example of such an attack is Red/Blue Pill). All layers of shared
technology can be attacked to gain unauthorized access to data, like: CPU, RAM, hypervisors, applications, etc.
To enforce these type of problems service venders has to implement security best practices for
installation/configuration, Monitor environment for unauthorized changes/activity, Enforce service level
agreements for patching and vulnerability remediation, Conduct vulnerability scanning and configuration audits.
D. Data Leakages
Stored data on cloud may loss due to various reasons like hardware failure, drive failure, service vender
accidently delete the data, attacker can alter the data, natural phenomenon, etc. Therefore better way to protect
the data is to take backup of data time to time. Backup of data solves the problem of data loss. Unlinking the
data may cause complexity to identify and recombining the data. These types of occurrences common in almost
cloud systems. The confidentiality of data is maintained by venders by providing the encryption method. If there
will be loss of any encryption key then there will be chances of data leakages. The threat of data compromise
increases in the cloud, due to the number of and interactions between risks and challenges which are either
unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud
environment. For recovering these types of threats the venders has to implement strong API access control,
provide strong encryption algorithms and keys, analyzing the data protection all stages, and also implement
strong backup alternative options.
E. Service Hijacking
This type of attacks occurs mostly on trial and error basis. The service is hacked by attempting the
credentials and password provided by the venders to the service users for using the service for maintaining the
confidentiality of valuable data. But attacker may attack this data by observing the sessions of users. These types
of attacks are not new in market. There is possibility of users to provide the common or easy passwords for
maintaining the privacy, but if an attacker gains access to user’s credentials, they can eavesdrop on user’s
3. Identified Vulnerabilitis And Threats In Cloud Computing
DOI: 10.9790/0661-17130104 www.iosrjournals.org 3 | Page
activities and transactions, manipulate data, return falsified information, and redirect user’s clients to
illegitimate sites. User’s account or service instances may become a new base for the attacker. From here, they
may leverage the power of user’s reputation to launch subsequent attacks. To prevent from such threats the
venders has to prohibit the sharing of account credentials between users and services, use strong authentication
techniques for maintaining the security, implement the methods for detecting the unauthorized access to the
services in cloud. It is responsibility of cloud venders to explain the terms and policies of securities to the
service users.
F. Malicious Insiders
The threat of a malicious insider is well-known to most organizations. This threat is amplified for
consumers of cloud services by the convergence of IT services and customers under a single management
domain, combined with a general lack of transparency into provider process and procedure. For example, a
provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these
employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or
no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an
attractive opportunity for an adversary ranging from the hobbyist hacker, to organized crime, to corporate
espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary
to harvest confidential data or gain complete control over the cloud services with little or no risk of detection.
Some observable insider activities are clearly harmful to the organization—for instance, an insider deleting
critical applications from the organization’s servers. However, not all insider activity is so blatantly malicious.
A clever insider seeking to avoid detection will attempt to use authorized access to the target information
systems, and do so in a manner unlikely to raise suspicion. In reviewing the literature, we find many novel
proposals for detection of specific insider-related activity, but few that compares the proposed insider behavior
to similar non-malicious behaviors, or even acknowledge the necessity of doing so. Few publicly available data
sets exist that characterize normal user behavior in relation to indicators of insider threats, much less indicators
related to cloud-based insiders. Researchers addressing the challenge of collecting and analyzing normal user
behavior should be careful to include attributes useful for cloud-based research as well. Researchers should
consider correlating access requests across multiple disparate systems, exploring how often and how much data
users transfer from the organization to cloud-based systems (e.g., web-based mail), and how often cloud-based
administrative tools are used. Collecting and sharing such information will greatly enhance the ability of other
researchers to propose and validate indicators of malicious cloud-related insider behavior. For remediation I
suggests to the venders to enforce strict supply chain management and conduct a comprehensive supplier
assessment, Specify human resource requirements as part of legal contracts, require transparency into overall
information security and management practices, as well as compliance reporting.
G. Data Separation
Every cloud-based service shares resources, namely space on the provider’s servers and other parts of
the provider’s infrastructure. Hypervisor software is used to create virtual containers on the provider’s hardware
for each of its customers. But CSA notes that “attacks have surfaced in recent years that target the shared
technology inside Cloud Computing environments.” So, investigate the compartmentalization techniques, such
as data encryption, the provider uses to prevent access into your virtual container by other customers. Although
you should address these security issues with the cloud provider before you entrust your data to its servers and
applications, they shouldn’t be a deal breaker. Cloud computing offers small businesses too many benefits to
dismiss out of hand. After all, you already met many of these security challenges the first time you connected
your network to the Internet.
H. Unknown Risks
One of the tenets of Cloud Computing is the reduction of hardware and software ownership and
maintenance to allow companies to focus on their core business strengths. This has clear financial and
operational benefits, which must be weighed carefully against the contradictory security concerns complicated
by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the
security ramifications. Versions of software, code updates, security practices, vulnerability profiles,
intrusion attempts, and security design, are all important factors for estimating your company’s security posture.
Information about who is sharing your infrastructure may be pertinent, in addition to network intrusion logs,
redirection attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can result
in unknown exposures. It may also impair the in-depth analysis required highly controlled or regulated
operational areas.
4. Identified Vulnerabilitis And Threats In Cloud Computing
DOI: 10.9790/0661-17130104 www.iosrjournals.org 4 | Page
III. Conclusion
At this stage as cloud computing is an important aspect in day to day life in networking world but side
by side the threatening issues have to take in account and have to find an efficient way to overcome these issues.
References
[1]. Top threats to cloud computing V1.0,cloud security alliance,2010
[2]. K. Thejaswi, I. Sheeba, C. Bhuvana, P. Lavanya , Insight Of Cloud-Specific Culpabilities, Risks, Threats.
[3]. Adam Swidler, seven security threats in cloud,2010.
[4]. Shaikh, F.B., Haider, S. Dept. of Comput. & Technol., SZABIST, Islamabad, Pakistan (IOSRJEN)ISBN- 978-1-4577-0884-