Privacy-preservation for sensitive data has become a challenging issue in cloud computing.Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the
exploitation of vulnerabilities in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacy preserving cloud software development approach from requirements engineering to design
New Framework to Detect and Prevent Denial of Service Attack in Cloud Computi...CSCJournals
Cloud computing paradigm as one of new concept in world of computing in general and especially in computer network, give a new facilities such as IaaS (infrastructure as service), PaaS (platform as stricter) and SaaS (software as service). All this services offered by utilization of new and old techniques such as resources sharing distributed networking, virtualization. But it still suffering from some shortages and one of the most important one is security threats. and one of the most dangers is Distributed denial-of-service (DDoS), and for overcome this threat many techniques has been proposed and most of them give more attention to one aspect either detecting or preventing or tracing the sources of attack and a few which address the attack in all its aspect. here we propose new framework to counter this attack by detect the attack using covariance matrix statistical method and determine the sources of attack using TTl Distance average and Finlay we apply a technique to eliminate attack by get benefit from the Honeypot method to block all attacks sources and transfer the legitimate traffic to another virtual machine not affected by attack.
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTINGijitcs
This paper discover the most administration security issues in Cloud Computing in term of trustworthy and gives the reader a big visualization of the concept of the Service Level Agreement in Cloud Computing and it’s some security issues. Finding a model that mostly guarantee that the data be saved secure within setting for factors which are data location, duration of keeping the data in cloud environment, trust between customer and provider, and procedure of formulating the SLA.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
New Framework to Detect and Prevent Denial of Service Attack in Cloud Computi...CSCJournals
Cloud computing paradigm as one of new concept in world of computing in general and especially in computer network, give a new facilities such as IaaS (infrastructure as service), PaaS (platform as stricter) and SaaS (software as service). All this services offered by utilization of new and old techniques such as resources sharing distributed networking, virtualization. But it still suffering from some shortages and one of the most important one is security threats. and one of the most dangers is Distributed denial-of-service (DDoS), and for overcome this threat many techniques has been proposed and most of them give more attention to one aspect either detecting or preventing or tracing the sources of attack and a few which address the attack in all its aspect. here we propose new framework to counter this attack by detect the attack using covariance matrix statistical method and determine the sources of attack using TTl Distance average and Finlay we apply a technique to eliminate attack by get benefit from the Honeypot method to block all attacks sources and transfer the legitimate traffic to another virtual machine not affected by attack.
ADMINISTRATION SECURITY ISSUES IN CLOUD COMPUTINGijitcs
This paper discover the most administration security issues in Cloud Computing in term of trustworthy and gives the reader a big visualization of the concept of the Service Level Agreement in Cloud Computing and it’s some security issues. Finding a model that mostly guarantee that the data be saved secure within setting for factors which are data location, duration of keeping the data in cloud environment, trust between customer and provider, and procedure of formulating the SLA.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...cscpconf
This research “Designing Dependable Web Services Security Architecture Solutions” addresses
the innovative idea of Web Services Security Engineering using Web Services Security
Architecture with a research motivation of Secure Service Oriented Analysis and Design. It deals
with Web Services Security Architecture for Web Services Secure application design, for
Authentication and authorization, using Model Driven Architecture (MDA) based Agile Modeled
Layered Security Architecture design, which eventually results in enhanced dependable (privacy)
management. All the above findings are validated with appropriate case studies of Web 2.0
Services, its extension to Web 2.0 Mashups Spatial Web Services and various financial
applications. In this paper we discuss about Research Methodology for Designing Dependable Agile Layered Security Architectures, with validations on Spatial Web Services Case study.
Due to diversity, heterogeneity and complexity of the existing healthcare structure, providing suitable
healthcare services is a complicated process. This work describes the conceptual design of an e-healthcare
system, which implements integration strategies and suitable technologies that will handle the
interoperability problem among its essential components. The proposed solution combines intelligent agent
technology and case based reasoning for highly distributed applications in healthcare environment.
Intelligent agents play a critical role in providing correct information for diagnostic, treatment, etc. They
work on behalf of human agents taking care of routine tasks, thus increasing speed and reliability of the
information exchanges. CBR is used to generate advices to a certain e-healthcare problems by analyzing
solutions given to previously solved problems and to build intelligent systems for disease diagnostics and
prognosis. Preliminary experimental simulation based on Agent Development Framework (JADE)
demonstrated the feasibility of this model.
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
Many aspects of cyber security are carried by automation systems and service applications. The initial steps of cyber chain mainly focus on different automation tools with almost same task objective. Automation operations are carried only after detail study on particular task pre engagement phase , the tool is going to perform, measurement of dataset handling of tool produced output. The algorithm is going to make use of after comparing the existing tools efficiency, the throughput time, output format for reusable input and mainly the resource’s consumption. In this paper we are going to study the existing methodology in application and system pen testing, automation tool’s efficiency over growing technology and their behaviour study on unintended platform assignment. Nitin | Dr. Lakshmi J. V. N "Systematic Review: Automation in Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41315.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41315/systematic-review-automation-in-cyber-security/nitin
An effective approach for tackling network security
problems is Intrusion detection systems (IDS). These kind of
systems play a key role in network security as they can detect
different types of attacks in networks, including DoS, U2R Probe
and R2L. In addition, IDS are an increasingly key part of the
system’s defense. Various approaches to IDS are now being used,
but are unfortunately relatively ineffective. Data mining techniques
and artificial intelligence play an important role in security
services. We will present a comparative study of three wellknown
intelligent algorithms in this paper. These are Radial Basis
Functions (RBF), Multilayer Perceptrons (MLP) and Support
Vector Machine (SVM).This work’s main interest is to benchmark
the performance of these3 intelligent algorithms. This is done by
using a dataset of about 9,000 connections, randomly chosen from
KDD'99’s 10% dataset. In addition, we investigate these
algorithms’ performance in terms of their attack classification
accuracy. The Simulation results are also analyzed and the
discussion is then presented. It has been observed that SVM with a
linear kernel (Linear-SVM) gives a better performance than MLP
and RBF in terms of its detection accuracy and processing speed.
A proposed Solution: Data Availability and Error Correction in Cloud ComputingCSCJournals
Cloud Computing is the hottest technology in the market these days, used to make storage of huge amounts of data and information easier for organizations. Maintaining servers to store all the information is quite expensive for individual and organizations. Cloud computing allows to store and maintain data on remote servers that are managed by Cloud Service Providers (CSP) like Yahoo and Google. This data can then be accessed through out the globe. But as more and more information of individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. In this paper we discussed security issues and requirements in the Cloud and possible solutions of some the problems. We develop an architecture model for cloud computing to solve the data availability and error correction problem.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...cscpconf
This research “Designing Dependable Web Services Security Architecture Solutions” addresses
the innovative idea of Web Services Security Engineering using Web Services Security
Architecture with a research motivation of Secure Service Oriented Analysis and Design. It deals
with Web Services Security Architecture for Web Services Secure application design, for
Authentication and authorization, using Model Driven Architecture (MDA) based Agile Modeled
Layered Security Architecture design, which eventually results in enhanced dependable (privacy)
management. All the above findings are validated with appropriate case studies of Web 2.0
Services, its extension to Web 2.0 Mashups Spatial Web Services and various financial
applications. In this paper we discuss about Research Methodology for Designing Dependable Agile Layered Security Architectures, with validations on Spatial Web Services Case study.
Due to diversity, heterogeneity and complexity of the existing healthcare structure, providing suitable
healthcare services is a complicated process. This work describes the conceptual design of an e-healthcare
system, which implements integration strategies and suitable technologies that will handle the
interoperability problem among its essential components. The proposed solution combines intelligent agent
technology and case based reasoning for highly distributed applications in healthcare environment.
Intelligent agents play a critical role in providing correct information for diagnostic, treatment, etc. They
work on behalf of human agents taking care of routine tasks, thus increasing speed and reliability of the
information exchanges. CBR is used to generate advices to a certain e-healthcare problems by analyzing
solutions given to previously solved problems and to build intelligent systems for disease diagnostics and
prognosis. Preliminary experimental simulation based on Agent Development Framework (JADE)
demonstrated the feasibility of this model.
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
Many aspects of cyber security are carried by automation systems and service applications. The initial steps of cyber chain mainly focus on different automation tools with almost same task objective. Automation operations are carried only after detail study on particular task pre engagement phase , the tool is going to perform, measurement of dataset handling of tool produced output. The algorithm is going to make use of after comparing the existing tools efficiency, the throughput time, output format for reusable input and mainly the resource’s consumption. In this paper we are going to study the existing methodology in application and system pen testing, automation tool’s efficiency over growing technology and their behaviour study on unintended platform assignment. Nitin | Dr. Lakshmi J. V. N "Systematic Review: Automation in Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41315.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41315/systematic-review-automation-in-cyber-security/nitin
An effective approach for tackling network security
problems is Intrusion detection systems (IDS). These kind of
systems play a key role in network security as they can detect
different types of attacks in networks, including DoS, U2R Probe
and R2L. In addition, IDS are an increasingly key part of the
system’s defense. Various approaches to IDS are now being used,
but are unfortunately relatively ineffective. Data mining techniques
and artificial intelligence play an important role in security
services. We will present a comparative study of three wellknown
intelligent algorithms in this paper. These are Radial Basis
Functions (RBF), Multilayer Perceptrons (MLP) and Support
Vector Machine (SVM).This work’s main interest is to benchmark
the performance of these3 intelligent algorithms. This is done by
using a dataset of about 9,000 connections, randomly chosen from
KDD'99’s 10% dataset. In addition, we investigate these
algorithms’ performance in terms of their attack classification
accuracy. The Simulation results are also analyzed and the
discussion is then presented. It has been observed that SVM with a
linear kernel (Linear-SVM) gives a better performance than MLP
and RBF in terms of its detection accuracy and processing speed.
A proposed Solution: Data Availability and Error Correction in Cloud ComputingCSCJournals
Cloud Computing is the hottest technology in the market these days, used to make storage of huge amounts of data and information easier for organizations. Maintaining servers to store all the information is quite expensive for individual and organizations. Cloud computing allows to store and maintain data on remote servers that are managed by Cloud Service Providers (CSP) like Yahoo and Google. This data can then be accessed through out the globe. But as more and more information of individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. In this paper we discussed security issues and requirements in the Cloud and possible solutions of some the problems. We develop an architecture model for cloud computing to solve the data availability and error correction problem.
A TAXONOMY FOR TOOLS, PROCESSES AND LANGUAGES IN AUTOMOTIVE SOFTWARE ENGINEERINGcsandit
Within the growing domain of software engineering in the automotive sector, the number of used tools, processes, methods and languages has increased distinctly in the past years. To be able to choose proper methods for particular development use cases, factors like the intended
use, key-features and possible limitations have to be evaluated. This requires a taxonomy that
aids the decision making. An analysis of the main existing taxonomies revealed two major deficiencies: the lack of the automotive focus and the limitation to particular engineering
method types. To face this, a graphical taxonomy is proposed based on two well-established engineering approaches and enriched with additional classification information. It provides a
self-evident and -explanatory overview and comparison technique for engineering methods in the automotive domain. The taxonomy is applied to common automotive engineering methods.The resulting diagram classifies each method and enables the reader to select appropriate solutions for given project requirements
DESIGN AND IMPLEMENTATION OF THE ADVANCED CLOUD PRIVACY THREAT MODELING IJNSA Journal
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat
modeling as a part of requirements engineering in secure software development provides a structured
approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities
in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for
privacy threat modeling in relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to specify characteristics
of a cloud privacy threat modeling methodology, different steps in the proposed methodology and
corresponding products. In addition, a case study has been implemented as a proof of concept to
demonstrate the usability of the proposed methodology. We believe that the extended methodology
facilitates the application of a privacy-preserving cloud software development approach from requirements
engineering to design.
DESIGN AND IMPLEMENTATION OF THE ADVANCED CLOUD PRIVACY THREAT MODELINGIJNSA Journal
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. In addition, a case study has been implemented as a proof of concept to demonstrate the usability of the proposed methodology. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design.
Cloud computing has changed the entire process that distributed computing used to present e.g. Grid
computing, server client computing. Cloud computing describes recent developments in many existing IT
technologies and separates application and information resources from the underlying infrastructure.
Cloud computing security is an important aspect of quality of service from cloud service providers.
Security concerns arise as soon as one begins to run applications beyond the designated firewall and move
closer towards the public domain. In violation of security in any component in the cloud can be disaster for
the organization (the customer) as well as for the provider. In this paper, we propose a cloud security
model and security framework that identifies security challenges in cloud computing.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Cloud computing technology security and trust challengesijsptm
A let of exclusive features such as high functionality and low cost have made cloud computing a valuable
technology. These remarkable features give users and companies, countless opportunities to reach their
goals spending minimum cost and time. Looking at the literature of this technology, it can be claimed that
the main concerns of the users of cloud are security issues especially trust. Unfortunately these concerns
have not been tackled yet. Therefore we decided to introduce a useful and functioned way to create more
trust among consumers to use this technology .In this paper we suggest the foundation of an international
certification institute for the service providing companies in order to increase trust and enhance likeliness
of using this new and valuable technology among people. Practicality of the technology will improve it and
will make its security better by providers.
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In the past decade, big technical advances have appeared which can bring more comfort not only in the corporate sector but at the personal level of everyday life activities. The growth and deployment of cloud computing technologies by either private or public sectors were important. Recently it became apparent to many organizations and businesses that their workloads were moved to the cloud. However, protection for cloud providers focused on Internet connectivity is a major problem, leaving it vulnerable to numerous attacks. Although cloud storage protection mechanisms are being introduced in recent years. However, cloud protection remains a major concern. This survey paper tackles this problem by recent technology that enables confidentiality conscious outsourcing of the data to public cloud storage and analysis of sensitive data. In specific, as an advancement, we explore outsourced data strategies focused on data splitting, anonymization and cryptographic methods. We then compare these approaches for operations assisted by accuracy, overheads, masked outsourced data and data processing implications. Finally, we recognize excellent solutions to these cloud security issues.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Today’s business world is using Cloud computing services to meet there mandate. Mobile. Computing includes services and deployment models. Services models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) while deployment models are Public Cloud, Private Cloud, Community Cloud and Hybrid Cloud. Cloud Computing Services are prone to threat, vulnerabilities and security issues in general. However, these services come with enormous benefits. To enhance trust in use of cloud computing services, this research proposes to design a secure third party environment for accessing cloud computing services. Secure protocols and algorithms will be developed as well as carrying out experiments to support this.
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
Cloud computing, undoubtedly, is a path to expand the limits or add powerful capabilities on-demand with
almost no investment in new framework, training new staff, or authorizing new software. Though today
everyone is talking about cloud but, organizations are still in dilemma whether it’s safe to deploy their business
on cloud. The reason behind it; is nothing but Security. No cloud service provider provides 100% security
assurance to its customers and therefore, businesses are hesitant to accept cloud and the vast benefits that come
along with it. The absence of proper security controls delimits the benefits of cloud. In this paper, a review on
different cloud service models and a survey of the different security challenges and issues while providing
services in cloud is presented .The paper focuses on the security issues specific to service delivery model (SaaS,
IaaS and PaaS) of cloud environment. This paper also explores the various security solutions currently being
applied to protect cloud from various kinds of intruders.
Similar to ADVANCED CLOUD PRIVACY THREAT MODELING (20)
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
2. 230 Computer Science & Information Technology (CS & IT)
In 2013, the Cloud Privacy Threat Modeling (CPTM) [6] methodology was proposed as a new
threat modeling methodology for cloud computing. The CPTM approach was originally designed
to support only the EU DPD, for reducing the complexity of privacy threat modeling.
Additionally, there were weaknesses in threat identification step through architectural designs in
the early stages of Software Development Life Cycle (SDLC) that demanded improvements.
This paper describes an extension of the CPTM methodology according to the principles of
Method Engineering (ME) [5]. The method that has been applied is one known as “Extension-
based”, which is used for enhancing the process of identifying privacy threats by applying meta-
models/patterns and predefined requirements. This new methodology that is being proposed
provides strong methodological support for privacy legislation and regulation in cloud computing
environments. We describe the high-level requirements for an ideal privacy threat modeling
methodology in cloud computing, and construct an extension of CPTM by applying the
requirements that were identified.
The rest of this paper is organized as follows. Section 2 provides a background to these
developments by outlining the CPTM methodology and existing related work. Section 3
describes the characteristics that are desirable in privacy threat modeling for cloud computing
environments. Section 4 describes the steps and products for the proposed new methodology.
Section 5 presents the conclusions from this research and directions for future research.
2. BACKGROUND AND RELATED WORK
The CPTM [6] methodology was proposed as a specific privacy-preservation threat modeling
methodology for cloud computing environments that process sensitive data within the EU’s
jurisdiction. The key differences between the CPTM methodology and other existing threat
modeling methodologies are that CPTM provides a lightweight methodology as it encompasses
definitions of the relevant DPD [1] requirements, and in addition that it incorporates
classification of important privacy threats, and provides countermeasures for any threats that are
identified.
For the first step in the CPTM approach, the DPD terminology is used to identify the main
entities to cloud environments that are in the process of being developed. Secondly, the CPTM
methodology describes the privacy requirements that must be implemented in the environment,
e.g., lawfulness, informed consent, purpose binding, data minimization, data accuracy,
transparency, data security, and accountability. Finally, the CPTM approach provides
countermeasures for the identified threats. Detailed description of the CPTM methodology steps
have been discussed in [6] (Sections 3, 4 and 5).
While the CPTM methodology was the first initiative for privacy threat modeling for cloud
computing environments in accordance with the EU’s DPD, it nevertheless does not support
other privacy legislation, such as that required under the HIPAA [2]. In this paper, we identify the
CPTM methodology weaknesses such as support for different privacy legislation and threat
identification process and refine the methodology by applying an Extension-based ME approach.
There has been a significant amount of research in the area of threat modeling for various
information systems with the goal of identifying a set of generic security threats [7], [8], and [9].
There are guidelines for reducing the security risks associated with cloud services, but none of
3. Computer Science & Information Technology (CS & IT) 231
these include an outline of privacy threat modeling. The Cloud Security Alliance (CSA)
guidelines [10] are not thorough enough to be referred as a privacy threat model because they are
not specific to privacy-preservation.
The European Network and Information Security Agency (ENISA) has identified a broad range
of both security risks and benefits associated with cloud computing, including the protection of
sensitive data [11]. Pearson [4] describes the key privacy challenges in cloud computing that arise
from a lack of user control, a lack of training and expertise, unauthorized secondary usage,
complexity of regulatory compliance, trans-border data flow restrictions, and litigation.
LINDDUN [12] is an approach to privacy modeling that is short for “likability, identifiability,
non-repudiation, detectability, information disclosure, content unawareness, and non-
compliance”. This approach proposes a comprehensive generic methodology for the elicitation of
privacy requirement through mapping initial data flow diagrams of application scenarios to the
corresponding threats. The Commission on Information Technology and Liberties (CNIL) has
proposed a methodology for privacy risk management [13] that may be used by information
systems that must comply with the DPD.
3. CHARACTERISTICS OF A PRIVACY THREAT MODELING
METHODOLOGY FOR CLOUD COMPUTING
This section describes the features that we believe a privacy threat model should have in order to
be used for developing privacy-preserving software in clouds in an efficient manner. Based on
the properties that are identified, we then apply the Extension-based methodology design
approach to construct an extension of the CPTM for supporting various privacy legislation in
Section 4.
3.1. Privacy Legislation Support
Methodological support for the regulatory frameworks that define privacy requirements for
processing personal or sensitive data is a key concern. Privacy legislation and regulations can
become complicated for cloud customers and software engineering teams, particularly because of
the different terminologies in use in the IT and legal fields. In addition, privacy threat modeling
methodologies are not emphasized in existing threat modeling methodologies, which causes
ambiguity for privacy threat identification.
3.2. Technical Deployment and Service Models
Cloud computing delivers computing software, platforms and infrastructures as services based on
pay-as-you-go models. Cloud service models can be deployed for on-demand storage and
computing power can be provided in the form of software-as-a-service (SaaS), platform-as-a-
service (PaaS) or infrastructure-as-a-service (IaaS) [14]. Cloud services can be delivered to
consumers using different cloud deployment models: private cloud, community cloud, public
cloud, and hybrid cloud. Table 1, outlines the five essential characteristics of cloud computing
[14].
4. 232 Computer Science & Information Technology (CS & IT)
3.3. Customer Needs
The actual needs of the cloud consumers must be taken into consideration throughout the whole
life cycle of a project. Additionally, during the course of a project, requests for changes often
arise and these may affect the design of the final system. Consequently it is important to identify
any privacy threats arising from the customer needs that result from such change requests.
Customer satisfaction can be achieved through engaging customers from the early stages of threat
modeling so that the resulting system satisfies the customer’s needs while maintaining adequate
levels of privacy.
3.4. Usability
Cloud-based tools aim at reducing IT costs and supporting faster release cycles of high quality
software. Threat modeling mechanisms for cloud environments should therefore be compatible
with the typical fast pace of software development in clouds-based projects. However producing
easy-to-use products with an appropriate balance between maintaining the required levels of
privacy while satisfying the consumer’s demands can be challenging when it comes to cloud
environments.
3.5. Traceability
Each potential threat that is identified should be documented accurately and be traceable in
conjunction with the associated privacy requirements. If threats can be traced in this manner, it
means that threat modeling activities are efficient in tracing of the original privacy requirements
that are included in the contextual information and changes over the post-requirement steps such
as design, implementation, verification and validation.
Table 1, The five essential characteristics of cloud computing [14]
Cloud Characteristic Description Application
On-demand self-service For automatically providing a
consumer with provisioning
capabilities as needed.
Server, Time, Network and
Storage
Broad network access For heterogeneous thin or thick
client platforms.
Smartphones, tablets, PCs,
wide range of locations
Resource pooling The provider’s computing
resources are pooled to serve
multiple consumers using a
multi-tenant model.
Physical and virtual resources
with dynamic provisioning
Rapid elasticity Capabilities can be elastically
provisioned and released, in some
cases automatically, to scale
rapidly outward and inward with
demand.
Adding or removing nodes,
servers, resource or instances
5. Computer Science & Information Technology (CS & IT) 233
Measured service Automated control and
optimization of a resource
through measuring or monitoring
services for various reasons,
including billing, effective use of
resources, or predictive planning.
Storage, processing, billing, ,
bandwidth, and active user
accounts
4. METHODOLOGY STEPS AND THEIR PRODUCTS
Motivated by the facts that privacy and security are two distinct topics and that no single
methodology could fit all possible software development activities, we apply ME that aims to
construct methodologies to satisfy the demands of specific organizations or projects [17]. In [5],
ME is defined as “the engineering discipline to design, construct, and adapt methods, techniques
and tools for the development of information systems”.
There are several approaches to ME [17], [15] such as a fundamentally “ad-hoc” approach where
a new method is constructed from scratch, “paradigm-based” approaches where an existing meta-
model is instantiated, abstracted or adapted to achieve the target methodology, “Extension-based”
approaches that aim to enhance an existing methodology with new concepts and features, and
“assembly-based” approaches where a methodology is constructed by assembling method
fragments within a repository.
Figure 1 represents different phases in a common SDLC. Initial security requirements are
collected and managed in the requirements engineering phase (A). This includes identifying the
quality attributes of the project and assessing the risk associated with achieving them. A design is
composed of architectural solution, attack surface analysis and the privacy threat model. Potential
privacy threats against the software that is being developed are identified and solutions are
proposed to mitigate for adversarial attacks (B). The proposed solution from the design phase is
implemented through a technical solution and deployment (C). This includes performing static
analysis on source code for software comprehension without actually executing programs. The
verification process (D) includes extensive testing, dynamic analysis on the executing programs
on virtual resources and fuzzing as a black-box testing approach to discover coding errors and
security loopholes in the cloud system. Finally, in the Validation phase the end-users participate
to assess the actual results versus their expectations, and may put forth further change requests if
needed.
Our proposed methodology identifies the privacy requirements in the Requirements Engineering
step, as shown in Figure 2. The results from the Requirements Engineering, which include
specifications for privacy regulatory compliance, are fed into the Design step, where activities
such as specifying the appropriate cloud environment, identifying privacy threats, evaluating
risks and mitigating threats are conducted. Then the produced privacy threat model would be
used in the implementation step finally it would be verified and validated in the subsequent steps.
Cloud stakeholders and participants such as cloud users, software engineering team and legal
experts will engage in the activities shown in Figure 2 to implement the threat model in context
of steps A and B in Figure 1. Cloud software architect as a member of the software engineering
team initiates a learning session to clarify the methodology steps and their products, privacy
requirements (introducing the law title that is needed to be enforced in the cloud environment),
and quality attributes such as performance, usability. The legal experts will identify the definitive
6. 234 Computer Science & Information Technology (CS & IT)
requirements that ensure the privacy of data in the platform. In the Design step, the cloud
software architect presents architecture of the developing cloud environment for various
participants. This will result in a unified terminology to be used in the privacy threat model.
Figure 1, Privacy Threat Modeling in Requirements Engineering and Design of a SDLC
Figure 2, Overview of the Extended CPTM Methodology Steps
The rest of this section outlines the implementation model of the steps represented in Figure 2.
3.1 Privacy Regulatory Compliance
Interpreting privacy regulatory frameworks can be often complex for software engineering teams.
In the privacy regulatory compliance step, learning sessions with privacy experts, end-users and
requirements engineers facilitates the elicitation of privacy requirements (PR). For example, in
the EU DPD some of the privacy requirements are: lawfulness, informed consent, purpose
binding, transparency, data minimization, data accuracy, data security, and accountability [6].
Each of the requirements that are identified will be labeled with an identifier, e.g., (PRi), name
and description to be used in later stages.
3.2 Cloud Environment Specification
To ensure that the final cloud software will comply with the relevant legal and regulatory
framework, several of the key characteristics that are affected by cloud computing services
(including virtualization, outsourcing, offshoring, and autonomic technologies) must be specified.
7. Computer Science & Information Technology (CS & IT) 235
For this purpose, the physical/logical architectures of the deployment and service model can be
developed according to the following steps
• Step A: Define the cloud actors [18] (such as Cloud Consumer, Cloud Provider, Cloud
Auditor, Cloud Broker, and Cloud Carrier). Cloud consumer is a person or organization
uses service from cloud providers in context of a business relationship. Cloud provider
makes service available to interested users. Cloud auditor conducts independent
assessment of cloud services, operations, performance and security of the deployment.
Cloud broker manages the use, performance and delivery of cloud services and
establishes relationships between cloud providers and cloud consumers. Cloud carrier
provides connectivity and transport of cloud services from cloud providers to cloud
consumers through the network.
• Step B: Describe a detailed model of the cloud deployment physical architecture where
the components will be deployed across the cloud infrastructure. This should give details
of where the components will be deployed and run, for example, the operating system
version, the database version, the virtual machine location, and where the database server
will run.
• Step C: Describe the logical architecture of the cloud services model where the major
cloud services, along with and the relationships between them that are necessary to fulfill
the project requirements, are recorded. This should include the data flow and connections
between the relevant cloud services and actors. Note that in this context, an entity is a
cloud service with a set of properties that meet a specific functional requirement.
• Step D: Describe the assets that need to be protected, the boundaries of the cloud and any
potential attackers that might endanger either the cloud environment or the assets that
have been identified as being associated with that particular cloud.
The cloud environment specification step consists of composing an architectural report including
assets that are subject to privacy protection, cloud actors, physical architecture of the deployment
model, and logical architecture of the service model.
3.3 Privacy Threat Identification
In this step, privacy threats against the PRs that were established in section 3.1 will be identified
and analyzed. To achieve this, the system designers will undertake the following steps.
• Step A: Select a privacy requirement from the PR list for threat analysis, e.g., (PR2).
• Step B: Correlate identified cloud actors (Step A from Section 3.2) with the actor roles
that are defined in the project’s privacy law. For example, correlating the Data
Controller role as a Cloud Consumer, or the Data Processor role as a Cloud Provider
in the DPD.
• Step C: Identify all the technical threats that can be launched by an adversary to privacy
and label them in the specified cloud environment. Each identified threat can be named
as a T(i,j), where i indicates that threat T that corresponds to PRi and j indicates the
8. 236 Computer Science & Information Technology (CS & IT)
actual threat number. For example, in T(2,5) 2 indicates relevance of the threat to PR2
and 5 is the actual threat number.
• Step D: Repeat the previous steps until all PRs are processed.
The threat identification step consists of composing an analysis report including a list of threats
including id, name, date, author, threat scenario for each class of the PRs.
3.4 Risk Evaluation
In this step, all actors participate to rank the threats that have been identified in Section 3.3 with
regard to their estimated level of importance and the expected severity of their effect on the
overall privacy of the cloud environment. The Importance indicates the likelihood of a particular
threat occurring and the level of the Effect indicates the likely severity of the damage if that
threat against the cloud environment were carried out.
Assume there are three identified PRs (PR1, PR2, PR3) in addition to related privacy threats
T(1,4), T(2,1) and T(3,3) from previous steps for an imaginary cloud system. In this imagined
cloud, various participants in the project such as Alice (Cloud Consumer), Bob (Cloud Provider),
Dennis (Software Architect), Tom (Lawyer) and Rosa (Cloud Carrier) evaluate the corresponding
risk of each identified threats, as illustrated in Table 2.
Table 2, Prioritization of the identified threats, L (Low), M (Moderate), H(High)
9. Computer Science & Information Technology (CS & IT) 237
This step results in composing a risk evaluation report similar to the example in Table 2. This
report prioritizes the importance and effects of the privacy threats and it will be used in the Threat
Mitigation step in Section 3.5.
3.5 Threat Mitigation
In this step, the threat modeling team propose countermeasures to the threats that were identified
in the previous step as having the highest likelihood of occurrence and the worst potential effects
on the cloud environment. Each countermeasure should clearly describe a solution that reduces
the probability of the threat occurring and that also reduces the negative effects on the cloud if the
threat was carried out.
Finally, the recommended countermeasures from this step should be documented and fed into the
implementation step to be realized through coding and for their effectiveness to be assessed by
static analysis. In the later stages of verification and validation, each such countermeasure will be
evaluated and approved by the participants.
5. CONCLUSIONS AND FUTURE WORK
In this paper we identified the requisite steps to build a privacy threat modeling methodology for
cloud computing environments using an Extension-based Method Engineering approach. For this
purpose, we extended the Cloud Privacy Threat Modeling (CPTM) methodology to incorporate
compliance with various legal and regulatory frameworks, in addition to improving the threat
identification process.
In future research, we aim to apply the proposed methodology within domain independent clouds
that process sensitive data. This will validate our methodology for providing customized privacy
threat modeling for other privacy regulations, such as HIPAA, in cloud computing environments.
ACKNOWLEDGEMENTS
This work funded by the EU FP7 project Scalable, Secure Storage and Analysis of Biobank Data
under Grant Agreement no. 317871.
REFERENCES
[1] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement of
such data, Official Journal (OJ) 1995, L 281, p. 31.
[2] Centers for Medicare and Medicaid Services, “The Health Insurance Portability and Accountability
Act of 1996 (HIPAA)”, 1996.
[3] F. Swiderski and W. Snyder, Threat Modeling, Microsoft Press, 2003.
[4] S. Pearson, “Privacy, Security and Trust in Cloud Computing”, Computer Communications and
Networks, Springer London, pp 3-42, 2013.
10. 238 Computer Science & Information Technology (CS & IT)
[5] S. Brinkkemper, "Method engineering: engineering of information systems development methods and
tools", Information and Software Technology, Vol. 38, No. 4, 1996, pp. 275-280
[6] A. Gholami, A.-S. Lind, J. Reichel, J.-E. Litton, A. Edlund, and E. Laure, “Privacy threat modeling
for emerging biobankclouds,” Procedia Computer Science, vol. 37, pp. 489 496, 2014.
[7] B. Schneier, “Threat Modeling and Risk Assessment”, View (2000), 214-229.
[8] Y. Chen, “Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems”, IEEE
Computer Society 2007, 91-92.
[9] S. Baek, J. Han, Y. Song, “Security Threat Modeling and Requirement Analysis Method Based on
Goal-Scenario”, Springer Netherlands 2012, 419-423.
[10] The Cloud Security Alliance (CSA). Security guidance for critical areas of focus in cloud computing
v3.0, (2011), https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, visited October 2013.
[11] D. Catteddu and G. Hogben, “Cloud computing. Benefits, risks and recommendations for information
security”, ENISA Report, 2009.
[12] M. Deng, W. Kim, R. Scandariato, B. Preneel and W. Joosen, “A privacy threat analysis framework:
supporting the elicitation and fulfillment of privacy requirements”, Requir. Eng., 2011, 3-32.
[13] CNIL. Methodology for Privacy Risk Management, (2012). Available at:
http://www.cnil.fr/fileadmin/documents/en/CNILManagingPrivacyRisksMethodology.pdf, visited
October 2013.
[14] NIST SP 800-145, "A NIST definition of cloud computing", [online]
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
[15] R. Rahimian and R. Ramsin, “Designing an agile methodology from mobile software development: a
hybrid method engineering approach,” in 2nd Int. Conf. on Research Challenges in Information
Science, Marrakech, pp. 337- 342, 2008.
[16] K. Kumar, R. J. Welke, "Method Engineering: a proposal for situation-specific methodology
construction", in Systems Analysis and Design: A Research Agenda, 1992.
[17] J. Ralyté, R. Deneckére, C. Rolland, "Towards a generic model for situational method engineering",
in Proc. of CAiSE'03 (LNCS 2681), 2003, pp. 95-110.
[18] R. B. Bohn, J. Messina, F. Liu, J. Tong, and J. Mao, "NIST cloud computing reference architecture,"
in 2011 IEEE World Congress on Services. IEEE Computer Society, 2011, pp. 594-596.
AUTHORS
Ali Gholami is a PhD student at the KTH Royal Institute of Technology. His research
interests include the use of data structures and algorithms to build adaptive data
management systems. Another area of his research focuses on the security concerns
associated with cloud computing. He is currently exploring strong and usable security
factors to enable researchers to process sensitive data in the cloud.
11. Computer Science & Information Technology (CS & IT) 239
Professor Erwin Laure is Director of the PDC - Center for High Performance
Computing Center at KTH, Stockholm. He is the Coordinator of the EC-funded
"EPiGRAM" and "ExaFLOW" projects as well as of the HPC Centre of Excellence for
Bio-molecular Research "BioExcel" and actively involved in major e-infrastructure
projects (EGI, PRACE, EUDAT) as well as exascale computing projects. His research
interests include programming environments, languages, compilers and runtime systems
for parallel and distributed computing, with a focus on exascale computing.