Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The
global computing infrastructure is rapidly moving towards cloud based architecture. While it is important
to take advantages of could based computing by means of deploying it in diversified sectors, the security
aspects in a cloud based computing environment remains at the core of interest. Cloud based services and
service providers are being evolved which has resulted in a new business trend based on cloud technology.
With the introduction of numerous cloud based services and geographically dispersed cloud service
providers, sensitive information of different entities are normally stored in remote servers and locations
with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing
those information are compromised. If security is not robust and consistent, the flexibility and advantages
that cloud computing has to offer will have little credibility. This paper presents a review on the cloud
computing concepts as well as security issues inherent within the context of cloud computing and cloud
infrastructure.
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
Regardless of the few advantages of relocating endeavor basic resources for the Cloud, there are challenges particularly identified with security and protection. It is imperative that Cloud Users comprehend their security and protection needs, in light of their particular setting and select cloud show best fit to help these requirements. The writing gives works that attention on talking about security and protection issues for cloud frameworks yet such works don't give a nitty gritty methodological way to deal with evoke security and security necessities neither one of the to choose cloud arrangement models in view of fulfillment of these prerequisites by Cloud Service Providers. This work propels the present best in class towards this bearing. Specifically, we consider necessities designing ideas to inspire and dissect security and protection prerequisites and their related instruments utilizing an applied structure and an orderly procedure. The work presents confirmation as proof for fulfilling the security and protection necessities as far as culmination and reportable of security occurrence through review. This enables point of view cloud clients to characterize their confirmation prerequisites with the goal that proper cloud models can be chosen for a given setting. To exhibit our work, we display comes about because of a genuine contextual analysis in view of the Greek National Gazette.
Comparison of data security in grid and cloud computingeSAT Journals
Abstract In the current era, Grid computing and cloud computing are the main fields in the research work. This thesis define which are the main security issues to be considered in cloud computing and grid computing, and how some of these security issues are solved. Comparative study shows the grid security is tighter than the cloud. It also shows cloud computing is less secure and faced security problems. This research work is based on main security problems in cloud computing such as authentication, authorization, access control and security infrastructure (SLA). Cloud infrastructure is based on service level agreement; simply cloud providers provide different services to cloud’s users and organizations with an agreement known SLA. So the security and privacy of user’s data is the main problem, because unauthorized person can’t access the data of cloud user. Hacking and data leakage are the common threats in cloud computing. As the security due to hackers increase over internet and the cloud computing is totally on internet. At this time, cloud computing demand the tight password protection and strong authentication and authorization procedure. For an increased level of security, privacy and password protection, we provide a new strong authentication model named “Two factor authentications using graphical password with pass point scheme”. This authentication model includes the login procedure, access control that is based on service level agreement (SLA) in cloud computing. Index Terms: Cloud computing, Authentication, login, Recognition, Recall, Pass point, security, Cloud Provider, Service level Agreement, Two Factor Authentication
Security and Privacy Issues of Fog Computing: A SurveyHarshitParkar6677
Abstract. Fog computing is a promising computing paradigm that ex-
tends cloud computing to the edge of networks. Similar to cloud comput-
ing but with distinct characteristics, fog computing faces new security
and privacy challenges besides those inherited from cloud computing. In
this paper, we have surveyed these challenges and corresponding solu-
tions in a brief manner.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A Security Model for Virtual Infrastructure in the CloudEditor IJCATR
Accordin to easily manage cloud computing, flexibility and powerful resources on space, provide great potential for
improving cost efficiency. Cloud computin capabilities through the efficient use of shared hardware resources increases. Properties
mentioned above, incentive agencies and other users of their programs and sevices in this space with a series with a series of threats
and risks are also met.
This ensures higher accuracy virtualization and cloud infrastrure components of the virtual machines is. In this regard, particularly for
initial design thesis developed a new model called cloud protectionsystem, it is suggested and shown that the proposed model, can
increase supply security in the cloud. And packets received by sources and do not be discarded. How to test this architecture, in terms
of effectiveness and efficiency in the fight against offensive attacks mentioned above, partly expressed and tools for simulating and
measuring the efficiency of the system may be useful, recommended.
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...IJERA Editor
Cloud Computing creates a dynamic resource sharing platform. Using cloud technologies such as virtualization, data can be provided to the active users who are at high need to utilize the resources provided within the cloud. As this data (or service) is stored (or offered) outside the data owner's boundaries, they are skeptical for utilizing cloud technology in order to store or utilize their data or service. There are many issues for these active clients (companies or individuals) to be petrified at the thought of using cloud computing paradigm. Some of the main issues that make the clients not to choose cloud computing may be determined because of three important security aspects such as confidentiality, integrity, and availability. This research focused on the security models that relate confidentiality issues. A literature Review is performed for analyzing the existing confidentiality frameworks and security models in the area of grid computing, cluster computing and virtualization. A new theoretical framework is then designed to overcome confidentiality issues thereby improving the client‟sgeneric understanding of cloud computing services. The resulting framework when implemented in real world would motivate clients to transform their businesses on to cloud.
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
Regardless of the few advantages of relocating endeavor basic resources for the Cloud, there are challenges particularly identified with security and protection. It is imperative that Cloud Users comprehend their security and protection needs, in light of their particular setting and select cloud show best fit to help these requirements. The writing gives works that attention on talking about security and protection issues for cloud frameworks yet such works don't give a nitty gritty methodological way to deal with evoke security and security necessities neither one of the to choose cloud arrangement models in view of fulfillment of these prerequisites by Cloud Service Providers. This work propels the present best in class towards this bearing. Specifically, we consider necessities designing ideas to inspire and dissect security and protection prerequisites and their related instruments utilizing an applied structure and an orderly procedure. The work presents confirmation as proof for fulfilling the security and protection necessities as far as culmination and reportable of security occurrence through review. This enables point of view cloud clients to characterize their confirmation prerequisites with the goal that proper cloud models can be chosen for a given setting. To exhibit our work, we display comes about because of a genuine contextual analysis in view of the Greek National Gazette.
Comparison of data security in grid and cloud computingeSAT Journals
Abstract In the current era, Grid computing and cloud computing are the main fields in the research work. This thesis define which are the main security issues to be considered in cloud computing and grid computing, and how some of these security issues are solved. Comparative study shows the grid security is tighter than the cloud. It also shows cloud computing is less secure and faced security problems. This research work is based on main security problems in cloud computing such as authentication, authorization, access control and security infrastructure (SLA). Cloud infrastructure is based on service level agreement; simply cloud providers provide different services to cloud’s users and organizations with an agreement known SLA. So the security and privacy of user’s data is the main problem, because unauthorized person can’t access the data of cloud user. Hacking and data leakage are the common threats in cloud computing. As the security due to hackers increase over internet and the cloud computing is totally on internet. At this time, cloud computing demand the tight password protection and strong authentication and authorization procedure. For an increased level of security, privacy and password protection, we provide a new strong authentication model named “Two factor authentications using graphical password with pass point scheme”. This authentication model includes the login procedure, access control that is based on service level agreement (SLA) in cloud computing. Index Terms: Cloud computing, Authentication, login, Recognition, Recall, Pass point, security, Cloud Provider, Service level Agreement, Two Factor Authentication
Security and Privacy Issues of Fog Computing: A SurveyHarshitParkar6677
Abstract. Fog computing is a promising computing paradigm that ex-
tends cloud computing to the edge of networks. Similar to cloud comput-
ing but with distinct characteristics, fog computing faces new security
and privacy challenges besides those inherited from cloud computing. In
this paper, we have surveyed these challenges and corresponding solu-
tions in a brief manner.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A Security Model for Virtual Infrastructure in the CloudEditor IJCATR
Accordin to easily manage cloud computing, flexibility and powerful resources on space, provide great potential for
improving cost efficiency. Cloud computin capabilities through the efficient use of shared hardware resources increases. Properties
mentioned above, incentive agencies and other users of their programs and sevices in this space with a series with a series of threats
and risks are also met.
This ensures higher accuracy virtualization and cloud infrastrure components of the virtual machines is. In this regard, particularly for
initial design thesis developed a new model called cloud protectionsystem, it is suggested and shown that the proposed model, can
increase supply security in the cloud. And packets received by sources and do not be discarded. How to test this architecture, in terms
of effectiveness and efficiency in the fight against offensive attacks mentioned above, partly expressed and tools for simulating and
measuring the efficiency of the system may be useful, recommended.
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...IJERA Editor
Cloud Computing creates a dynamic resource sharing platform. Using cloud technologies such as virtualization, data can be provided to the active users who are at high need to utilize the resources provided within the cloud. As this data (or service) is stored (or offered) outside the data owner's boundaries, they are skeptical for utilizing cloud technology in order to store or utilize their data or service. There are many issues for these active clients (companies or individuals) to be petrified at the thought of using cloud computing paradigm. Some of the main issues that make the clients not to choose cloud computing may be determined because of three important security aspects such as confidentiality, integrity, and availability. This research focused on the security models that relate confidentiality issues. A literature Review is performed for analyzing the existing confidentiality frameworks and security models in the area of grid computing, cluster computing and virtualization. A new theoretical framework is then designed to overcome confidentiality issues thereby improving the client‟sgeneric understanding of cloud computing services. The resulting framework when implemented in real world would motivate clients to transform their businesses on to cloud.
Cloud computing has changed the entire process that distributed computing used to present e.g. Grid
computing, server client computing. Cloud computing describes recent developments in many existing IT
technologies and separates application and information resources from the underlying infrastructure.
Cloud computing security is an important aspect of quality of service from cloud service providers.
Security concerns arise as soon as one begins to run applications beyond the designated firewall and move
closer towards the public domain. In violation of security in any component in the cloud can be disaster for
the organization (the customer) as well as for the provider. In this paper, we propose a cloud security
model and security framework that identifies security challenges in cloud computing.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
Cloud Computing is the most emerging trend in Information Technology now days. It is attracting the organizations due to its advantages of scalability, throughput, easy and cheap access and on demand up and down grading of SaaS, PaaS and IaaS. Besides all the salient features of cloud environment, there are the big challenges of privacy and security. In this paper, a review of different security issues like trust, confidentiality, authenticity, encryption, key management and resource sharing are presented along with the efforts made on how to overcome these issues.
Migration of Virtual Machine to improve the Security in Cloud Computing IJECEIAES
Cloud services help individuals and organization to use data that are managed by third parties or another person at remote locations. With the increase in the development of cloud computing environment, the security has become the major concern that has been raised more consistently in order to move data and applications to the cloud as individuals do not trust the third party cloud computing providers with their private and most sensitive data and information. This paper presents, the migration of virtual machine to improve the security in cloud computing. Virtual machine (VM) is an emulation of a particular computer system. In cloud computing, virtual machine migration is a useful tool for migrating operating system instances across multiple physical machines. It is used to load balancing, fault management, low-level system maintenance and reduce energy consumption. Virtual machine (VM) migration is a powerful management technique that gives data center operators the ability to adapt the placement of VMs in order to better satisfy performance objectives, improve resource utilization and communication locality, achieve fault tolerance, reduce energy consumption, and facilitate system maintenance activities. In the migration based security approach, proposed the placement of VMs can make enormous difference in terms of security levels. On the bases of survivability analysis of VMs and Discrete Time Markov Chain (DTMC) analysis, we design an algorithm that generates a secure placement arrangement that the guest VMs can moves before succeeds the attack.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Security and Privacy Enhancing Multicloud Architectureijsrd.com
In recent years use of Cloud computing in different mode like cloud storage, cloud hosting, cloud servers are increased in industries and other organizations as per requirements. The Security challenges are still among the biggest obstacles when considering the adoption of cloud services. For this a lot of research has been done. With these, security issues, the cloud paradigm comes with a new set of unique features, which open the path toward novel security approaches, techniques, and architectures.
The paradigm called “Cloud computing” acts as a mechanism for attaining the resources of shared technology and infrastructure cost-effectively. The on-demand services are accomplished to execute the various operations across the network. Regularly, the last client doesn't know about the area of open physical assets and devices. Developing, using, and dealing with their applications 'on the cloud', which includes virtualization of assets that keeps and guides itself are led by arranged activities to clients. Calculation experience the new methodology of cloud computing which perhaps keeps the world and can set up all the human necessities. At the end of the day, cloud computing is the ensuing normal step in the development of on-request data innovation administrations and items. The Cloud is an allegory for the Internet and is an idea for the secured confused foundation; it likewise relies upon drawing network graphs on a computer. In this work, thorough investigations of distributed computing security and protection concerns are given. The work distinguishes both the identified and unidentified attacks, vulnerabilities in the cloud, security attacks and also the solutions to control these threats and attacks. Moreover, the restrictions of the present solutions and offers various perceptions of security viewpoints are distinguished and explored. At long last, a cloud security system is given in which the different lines of protection and the reliance levels among them are identified.
A Study on Cloud and Fog Computing Security Issues and SolutionsAM Publications
Cloud computing is the significant part of the data world. The security level in cloud is undefined. Fog computing is the new buzz word added to the technical world. And the term Fog was coined by CISCO. The need for Fog computing is security and gets the data more closely to the end-user. Fog Computing is not going to replace the Cloud computing, it will be acting as the intermediate layer for securing the data which is stored inside the cloud. The principal idea of this paper is to provide data safety measures to the Cloud storage through Fog Computing. Fog Computing will be playing the vital role for the future technology. The Internet of Things (IoT) will be using the Fog computing to implement the smart World concept. So, in the future we have to handle huge amount of data and we need to provide the security for the Data. This study gives the security solutions available for the different issues.
Review of Business Information Systems – Fourth Quarter 2013 V.docxmichael591
Review of Business Information Systems – Fourth Quarter 2013 Volume 17, Number 4
2013 The Clute Institute Copyright by author(s) Creative Commons License CC-BY 159
Dimensions Of Security Threats In Cloud
Computing: A Case Study
Mathew Nicho, University of Dubai, UAE
Mahmoud Hendy, University of Dubai, UAE
ABSTRACT
Even though cloud computing, as a model, is not new, organizations are increasingly
implementing it because of its large-scale computation and data storage, flexible scalability,
relative reliability, and cost economy of services. However, despite its rapid adoption in some
sectors and domains, it is evident from research and statistics, that security-related threats are the
most noticeable barrier to its widespread adoption. To investigate the reasons behind these
threats, the authors used available literature to identify and aggregate information about IS
security threats in cloud computing. Based on this information, the authors explored the
dimensions of the nature of threat by interviewing a cloud computing practitioner in an
organization that uses both the private and public cloud deployment models. From these findings,
the authors found that IS security threats in cloud computing must be defined at different levels;
namely, at the business and technical level, as well as from a generic and cloud-specific threat
perspective. Based on their findings, the authors developed the Cloud Computing Threat Matrix
(CCTM) which provides a two-dimensional definition of threat that enables cloud users to fully
comprehend the concerns so that they can make relevant decisions while availing cloud computing
services.
Keywords: Cloud Computing; Security; Cloud Security Issues Taxonomy; Threat Matrix
INTRODUCTION
ecause a cloud is a collection of inter-connected and virtualized computers (Buyya et al., 2008), the
main enabling technology for cloud computing is virtualization. The basic concept of cloud is based
on the premise that instead of having selected information systems (IS) resources, such as software
and data stored locally on a user’s or organization’s computer systems, these resources can be stored on Internet
servers, called “clouds,” and accessed anytime, anywhere as a paid service on the Internet. Cloud computing has the
potential to bring significant benefits to small- and medium-sized businesses by reducing the costs of investment in
information communication technology (ICT) infrastructure because it enables the use of services, such as
computation, software, data access, and storage by end-users, without the need to know the physical location and
configuration of the system that delivers the services (Mujinga & Chipangura, 2011). However, it has been stated
that organizations adopt cloud computing projects and systems cautiously while maximizing benefits and
minimizing risks (Lawler, Joseph, & Howell-Barber, 2012). Cloud computing is expected to play .
Cloud computing is a distributed computing system that offers managed, scalable and secured and high available computation resources and software as a service. Mobile computing is the combination of the heterogeneous domains like Mobile computing, Cloud computing & wireless networks.This paper mainly discusses the literature review on Cloud and the Mobile cloud computing. Here in this paper we analyse existing security challenges and issues involved in the cloud computing and Mobile cloud environment. This paper identifies key issues, which are believed to have long-term significance in cloud computing & mobile cloud security and privacy, based on documented problems and exhibited weaknesses.
Cloud computing security through symmetric cipher modelijcsit
Cloud computing can be defined as an application and services which runs on distributed network using
virtualized and it is accessed through internet protocols and networking. Cloud computing resources and
virtual and limitless and information’s of the physical systems on which software running are abstracted
from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized
resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or
control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the
users the concept is to incorporate technologies which have the common theme of reliance on the internet
Software and data are stored on the servers whereas cloud computing services are provided through
applications online which can be accessed from web browsers. Lack of security and access control is the
major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple
virtual machine in cloud can access insecure information flows as service provider; therefore to implement
the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud
computing security through symmetric cipher model. This article proposes symmetric cipher model in
order to implement cloud computing security so that data can accessed and stored securely.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
Cloud computing has changed the entire process that distributed computing used to present e.g. Grid
computing, server client computing. Cloud computing describes recent developments in many existing IT
technologies and separates application and information resources from the underlying infrastructure.
Cloud computing security is an important aspect of quality of service from cloud service providers.
Security concerns arise as soon as one begins to run applications beyond the designated firewall and move
closer towards the public domain. In violation of security in any component in the cloud can be disaster for
the organization (the customer) as well as for the provider. In this paper, we propose a cloud security
model and security framework that identifies security challenges in cloud computing.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
Cloud Computing is the most emerging trend in Information Technology now days. It is attracting the organizations due to its advantages of scalability, throughput, easy and cheap access and on demand up and down grading of SaaS, PaaS and IaaS. Besides all the salient features of cloud environment, there are the big challenges of privacy and security. In this paper, a review of different security issues like trust, confidentiality, authenticity, encryption, key management and resource sharing are presented along with the efforts made on how to overcome these issues.
Migration of Virtual Machine to improve the Security in Cloud Computing IJECEIAES
Cloud services help individuals and organization to use data that are managed by third parties or another person at remote locations. With the increase in the development of cloud computing environment, the security has become the major concern that has been raised more consistently in order to move data and applications to the cloud as individuals do not trust the third party cloud computing providers with their private and most sensitive data and information. This paper presents, the migration of virtual machine to improve the security in cloud computing. Virtual machine (VM) is an emulation of a particular computer system. In cloud computing, virtual machine migration is a useful tool for migrating operating system instances across multiple physical machines. It is used to load balancing, fault management, low-level system maintenance and reduce energy consumption. Virtual machine (VM) migration is a powerful management technique that gives data center operators the ability to adapt the placement of VMs in order to better satisfy performance objectives, improve resource utilization and communication locality, achieve fault tolerance, reduce energy consumption, and facilitate system maintenance activities. In the migration based security approach, proposed the placement of VMs can make enormous difference in terms of security levels. On the bases of survivability analysis of VMs and Discrete Time Markov Chain (DTMC) analysis, we design an algorithm that generates a secure placement arrangement that the guest VMs can moves before succeeds the attack.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Security and Privacy Enhancing Multicloud Architectureijsrd.com
In recent years use of Cloud computing in different mode like cloud storage, cloud hosting, cloud servers are increased in industries and other organizations as per requirements. The Security challenges are still among the biggest obstacles when considering the adoption of cloud services. For this a lot of research has been done. With these, security issues, the cloud paradigm comes with a new set of unique features, which open the path toward novel security approaches, techniques, and architectures.
The paradigm called “Cloud computing” acts as a mechanism for attaining the resources of shared technology and infrastructure cost-effectively. The on-demand services are accomplished to execute the various operations across the network. Regularly, the last client doesn't know about the area of open physical assets and devices. Developing, using, and dealing with their applications 'on the cloud', which includes virtualization of assets that keeps and guides itself are led by arranged activities to clients. Calculation experience the new methodology of cloud computing which perhaps keeps the world and can set up all the human necessities. At the end of the day, cloud computing is the ensuing normal step in the development of on-request data innovation administrations and items. The Cloud is an allegory for the Internet and is an idea for the secured confused foundation; it likewise relies upon drawing network graphs on a computer. In this work, thorough investigations of distributed computing security and protection concerns are given. The work distinguishes both the identified and unidentified attacks, vulnerabilities in the cloud, security attacks and also the solutions to control these threats and attacks. Moreover, the restrictions of the present solutions and offers various perceptions of security viewpoints are distinguished and explored. At long last, a cloud security system is given in which the different lines of protection and the reliance levels among them are identified.
A Study on Cloud and Fog Computing Security Issues and SolutionsAM Publications
Cloud computing is the significant part of the data world. The security level in cloud is undefined. Fog computing is the new buzz word added to the technical world. And the term Fog was coined by CISCO. The need for Fog computing is security and gets the data more closely to the end-user. Fog Computing is not going to replace the Cloud computing, it will be acting as the intermediate layer for securing the data which is stored inside the cloud. The principal idea of this paper is to provide data safety measures to the Cloud storage through Fog Computing. Fog Computing will be playing the vital role for the future technology. The Internet of Things (IoT) will be using the Fog computing to implement the smart World concept. So, in the future we have to handle huge amount of data and we need to provide the security for the Data. This study gives the security solutions available for the different issues.
Review of Business Information Systems – Fourth Quarter 2013 V.docxmichael591
Review of Business Information Systems – Fourth Quarter 2013 Volume 17, Number 4
2013 The Clute Institute Copyright by author(s) Creative Commons License CC-BY 159
Dimensions Of Security Threats In Cloud
Computing: A Case Study
Mathew Nicho, University of Dubai, UAE
Mahmoud Hendy, University of Dubai, UAE
ABSTRACT
Even though cloud computing, as a model, is not new, organizations are increasingly
implementing it because of its large-scale computation and data storage, flexible scalability,
relative reliability, and cost economy of services. However, despite its rapid adoption in some
sectors and domains, it is evident from research and statistics, that security-related threats are the
most noticeable barrier to its widespread adoption. To investigate the reasons behind these
threats, the authors used available literature to identify and aggregate information about IS
security threats in cloud computing. Based on this information, the authors explored the
dimensions of the nature of threat by interviewing a cloud computing practitioner in an
organization that uses both the private and public cloud deployment models. From these findings,
the authors found that IS security threats in cloud computing must be defined at different levels;
namely, at the business and technical level, as well as from a generic and cloud-specific threat
perspective. Based on their findings, the authors developed the Cloud Computing Threat Matrix
(CCTM) which provides a two-dimensional definition of threat that enables cloud users to fully
comprehend the concerns so that they can make relevant decisions while availing cloud computing
services.
Keywords: Cloud Computing; Security; Cloud Security Issues Taxonomy; Threat Matrix
INTRODUCTION
ecause a cloud is a collection of inter-connected and virtualized computers (Buyya et al., 2008), the
main enabling technology for cloud computing is virtualization. The basic concept of cloud is based
on the premise that instead of having selected information systems (IS) resources, such as software
and data stored locally on a user’s or organization’s computer systems, these resources can be stored on Internet
servers, called “clouds,” and accessed anytime, anywhere as a paid service on the Internet. Cloud computing has the
potential to bring significant benefits to small- and medium-sized businesses by reducing the costs of investment in
information communication technology (ICT) infrastructure because it enables the use of services, such as
computation, software, data access, and storage by end-users, without the need to know the physical location and
configuration of the system that delivers the services (Mujinga & Chipangura, 2011). However, it has been stated
that organizations adopt cloud computing projects and systems cautiously while maximizing benefits and
minimizing risks (Lawler, Joseph, & Howell-Barber, 2012). Cloud computing is expected to play .
Cloud computing is a distributed computing system that offers managed, scalable and secured and high available computation resources and software as a service. Mobile computing is the combination of the heterogeneous domains like Mobile computing, Cloud computing & wireless networks.This paper mainly discusses the literature review on Cloud and the Mobile cloud computing. Here in this paper we analyse existing security challenges and issues involved in the cloud computing and Mobile cloud environment. This paper identifies key issues, which are believed to have long-term significance in cloud computing & mobile cloud security and privacy, based on documented problems and exhibited weaknesses.
Cloud computing security through symmetric cipher modelijcsit
Cloud computing can be defined as an application and services which runs on distributed network using
virtualized and it is accessed through internet protocols and networking. Cloud computing resources and
virtual and limitless and information’s of the physical systems on which software running are abstracted
from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized
resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or
control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the
users the concept is to incorporate technologies which have the common theme of reliance on the internet
Software and data are stored on the servers whereas cloud computing services are provided through
applications online which can be accessed from web browsers. Lack of security and access control is the
major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple
virtual machine in cloud can access insecure information flows as service provider; therefore to implement
the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud
computing security through symmetric cipher model. This article proposes symmetric cipher model in
order to implement cloud computing security so that data can accessed and stored securely.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
A survey on data security in cloud computing issues and mitigation techniqueseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
It auditing to assure a secure cloud computingingenioustech
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Single Sign-on Authentication Model for Cloud Computing using KerberosDeepak Bagga
ABSTRACT
In today’s organizations need for several new resources and storage requirements for terabytes of data is generated every day. Cloud computing provides solution for this in a cost effective and efficient manner. Cloud computing provides on demand resources as services to clients. Cloud is highly scalable and flexible. Although it is benefiting the clients in several ways but as data is stored remotely it has many security loopholes like attacks, data lose, other security and authentication issues. In this paper we are proposing an authentication model for cloud computing based on the Kerberos protocol to provide single sign-on and to prevent against DDOS attacks. This model can benefit by filtering against unauthorized access and to reduce the burden, computation and memory usage of cloud against authentication checks for each client. It acts as a third party between cloud servers and clients to allow secure access to cloud services. In this paper we will see some of the related work for cloud security issues and attacks. Then in next section we will discuss the proposed architecture, its working and sequential process of message transmission. Next we will see how it can prevent against DDOS attacks, some benefits and how it provides single sign-on.
SECURE DATA TRANSMISSION OVER CLOUD USING MOBILE TECHNOLOGYijsrd.com
Mobile Cloud Computing (MCC) which consists of mobile and cloud computing, is one of the major breakthrough in industry and it has been improving in the IT industries since 2009. The MCC is still at the beginning stage of improvement or development, it is very important to grasp core knowledge of the technology in order to point us to the next-gen research. MCC has been involved to be a succeeding development for mobile technology. To overcome obstacles related to the performance MCC compiles the cloud computing into the mobile environment and security were observed in mobile computing. These outputs a short account on the background of MCC: starting from mobile computing to cloud computing and then followed with a discussion on recent research work. In this paper proposes mobile cloud computing security using one time password and whatsapp mechanism.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Cloud computing and security issues in the
1. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
CLOUD COMPUTING AND SECURITY ISSUES IN THE
CLOUD
Monjur Ahmed1 and Mohammad Ashraf Hossain2
1
Senior Lecturer, Daffodil Institute of IT, Dhaka, Bangladesh.
2
Freelance IT Consultant, Dhaka, Bangladesh.
ABSTRACT
Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The
global computing infrastructure is rapidly moving towards cloud based architecture. While it is important
to take advantages of could based computing by means of deploying it in diversified sectors, the security
aspects in a cloud based computing environment remains at the core of interest. Cloud based services and
service providers are being evolved which has resulted in a new business trend based on cloud technology.
With the introduction of numerous cloud based services and geographically dispersed cloud service
providers, sensitive information of different entities are normally stored in remote servers and locations
with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing
those information are compromised. If security is not robust and consistent, the flexibility and advantages
that cloud computing has to offer will have little credibility. This paper presents a review on the cloud
computing concepts as well as security issues inherent within the context of cloud computing and cloud
infrastructure.
KEYWORDS
Cloud computing, cloud service, cloud security, computer network, distributed computing, security.
1. INTRODUCTION
Recent developments in the field of could computing have immensely changed the way of
computing as well as the concept of computing resources. In a cloud based computing
infrastructure, the resources are normally in someone else's premise or network and accessed
remotely by the cloud users (Petre, 2012; Ogigau-Neamtiu, 2012; Singh & jangwal, 2012).
Processing is done remotely implying the fact that the data and other elements from a person need
to be transmitted to the cloud infrastructure or server for processing; and the output is returned
upon completion of required processing. In some cases, it might be required or at least possible
for a person to store data on remote cloud servers. These gives the following three sensitive states
or scenarios that are of particular concern within the operational context of cloud computing:
•
•
•
The transmission of personal sensitive data to the cloud server,
The transmission of data from the cloud server to clients' computers and
The storage of clients’ personal data in cloud servers which are remote server not
owned by the clients.
All the above three states of cloud computing are severely prone to security breach that makes the
research and investigation within the security aspects of cloud computing practice an imperative
one. There have been a number of different blends that are being used in cloud computing realm,
but the core concept remain same – the infrastructure, or roughly speaking, the resources remain
DOI : 10.5121/ijnsa.2014.6103
25
2. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
somewhere else with someone else's ownership and the users 'rent' it for the time they use the
infrastructure (Bisong & Rahman, 2011; Rashmi, Sahoo & Mehfuz, 2013; Qaisar & Khawaja,
2012). In some cases, stored sensitive data at remote cloud servers are also to be counted.
Security has been at the core of safe computing practices. When it is possible for any unwanted
party to 'sneak' on any private computers by means of different ways of 'hacking'; the provision of
widening the scope to access someone's personal data by means of cloud computing eventually
raises further security concerns. Cloud computing cannot eliminate this widened scope due to its
nature and approach. As a result, security has always been an issue with cloud computing
practices. Robustness of security and a secured computing infrastructure is not a one-off effort, it
is rather ongoing – this makes it essential to analyse and realize the state-of-the-art of the cloud
computing security as a mandatory practice. Cloud is mainly categorized as private cloud,
community cloud, public cloud and hybrid cloud (Ogigau-Neamtiu, 2012; Singh & jangwal,
2012; Rashmi et al., 2013; Qaisar & Khawaja, 2012; Kuyoro, Ibikunle & Awodele, 2011; Suresh
& Prasad, 2012; Youssef, 2012) - the discussion in this paper assumes only one category of cloud
exists which is public cloud; as this assumption will well satisfy all the characteristics of any
other type of cloud. Due to its diversified potentiality, the approach to cloud computing is being
thought to be as the 5th utility to join the league of existing utilities water, electricity, gas and
telephony (Buyya, Yeo, Venugopal, Broberg & Brandic, 2009) rather than being just another
service.
The study presented in this paper is organized with a view to discuss and indentify the approach
to cloud computing as well as the security issues and concerns that must be taken into account in
the deployment towards a cloud based computing infrastructure. Discussion on the technological
concepts and approaches to cloud computing including the architectural illustration has been
taken into consideration within the context of discussion in this paper. Security issues inherent in
cloud computing approach have been discussed afterwards. The exploration in the technological
and security concerns of cloud computing has led to the concluding realization on the overall
aspects of cloud computing. The approaches to counter security issues inherent in cloud
computing are numerous with diversified facets and applications which has been kept out of
scope. A discussion on the authentication of cloud computing has been addressed as it forms the
holistic basis to embed integrity in the context of cloud computing security.
2. CLOUD COMPUTING INFRASTRUCTURE
The term cloud computing is rather a concept which is a generalized meaning evolved from
distributed and grid computing. Cloud computing is described as the offspring of distributed and
grid computing by some authors (Che, Duan, Zhang & Fan, 2011).The straightforward meaning
of cloud computing refers to the features and scenarios where total computing could be done by
using someone else’s network where ownership of hardware and soft resources are of external
parties. In general practice, the dispersive nature of the resources that are considered to be the
‘cloud’ to the users are essentially in the form of distributed computing; though this is not
apparent or by its definition of cloud computing, do not essentially have to be apparent to the
users.
In recent years, the cloud has evolved in two broad perspectives – to rent the infrastructure in
cloud, or to rent any specific service in the cloud. Where the former one deals with the hardware
and software usage on the cloud, the later one is confined only with the 'soft' products or services
from the cloud service and infrastructure providers. The computing world has been introduced
with a number of terminologies like SaaS (Software as a Service), PaaS (Platform as a Service)
and IaaS (Infrastructure as a Service) with the evolution of cloud computing. As discussed earlier,
the term ‘cloud computing’ is rather a concept, so are the terminologies to define different blends
of cloud computing. At its core essence, cloud computing is nothing but a specialized form of grid
26
3. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
and distributed computing which varies in terms of infrastructure, services, deployment and
geographic dispersion (Hashizume et al. 2013; Westphall et al., 2011; Hamlen, Kantarcioglu,
Khan, & Thuraisingham, 2010). In a pervasive meaning within the context of computer networks,
infrastructure could be thought of as the hardware as well as their alignment where platform is the
operating system which acts as the platform for the software (Singh & jangwal, 2012; Lee, 2012).
Thus the concept of cloud based services is hierarchically built from bottom to top in the order of
IaaS, PaaS and SaaS. This is merely the level of abstraction that defines the extent to which an
end-user could 'borrow' the resources ranging from infrastructure to software – the core concern
of security and the fashion of computing are not affected by this level of abstraction. As a result,
security is to be considered within any form of cloud computing (Bisong & Rahman, 2011)
regardless of flavour, hierarchy and level of abstraction. Virtualization is an inevitable technology
that is highly coupled with the concept of cloud computing (Buyya et al., 2009; Ogigau-Neamtiu,
2012; Hashizume et al. 2013; Kim, 2009; Mosher, 2011; Atayero & Feyisetan, 2011; Zissis &
Lekkas, 2012) – it is the virtualization technology that complements cloud services specially in
the form of PaaS and SaaS where one physical infrastructure contains services or platforms to
deliver a number of cloud users simultaneously. This leads to the addition of total security aspects
of virtualization technology on top of the existing security concerns and issues of cloud
computing.
Figure 1 illustrates a typical cloud based scenario that includes the cloud service provider and the
cloud users in a cloud computing architecture.
Figure 1: A Typical Cloud Architecture
The illustration of cloud architecture in figure 1 is a simplest one where few complex
characteristics of cloud computing (e.g. redundancy, server replication, and geographic dispersion
of the cloud providers’ network) are not shown – the purpose of the illustration is to establish the
arrangement that makes the concept of cloud computing a tangible one. The network architecture
27
4. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
is self explanatory with the identification of cloud users when considered in-line with the
discussion of the cloud computing concept presented earlier. One notable part from the
architecture is that, while the cloud users are clearly identified and named accordingly due to their
remote location and means of remote access to the cloud servers, the admin users who are
administering the cloud servers are not cloud users in any form with respect to the cloud service
provider’s network in the scenario. It is arguable whether the LAN users in figure 1 are cloud
users or not. Such room for argument could exist due to the phrase ‘cloud computing’ being a
concept rather than a technical terminology. If the definition of cloud computing is taken to have
essential arrangements of being the servers located remotely that are accessed through public
infrastructure (or through cloud), then the LAN users in figure 1 may not be considered as the
cloud users in the context. With respect to distributed and grid computing as the mother
technology that define the infrastructural approach to achieve cloud computing, the LAN users in
the scenario are essentially the cloud users when they use the cloud services offered by the
servers; the LAN users in this perspective are essentially using resources that are ‘borrowed’ from
the servers on an on-demand basis.
Figure 2 illustrates the hierarchical arrangement based on which a cloud is perceived in the form
of IaaS, PaaS and SaaS from any cloud end-user’s viewpoint.
Figure 2: Cloud Service Hierarchy
As depicted in figure 2, the technical details, arrangements and management of the cloud service
providers’ network is transparent to the cloud user. From the end of the cloud user, the service
from the provider comes in the form of SaaS, PaaS or IaaS where the cloud user has no intention
or worry about what goes on in the internal arrangement of the cloud service providers’ network.
Any disruption of any form for whatever is the reason, deem to the cloud users either as service
unavailability or quality deterioration – its affect and ways to counter this disruption is a critical
part for the cloud infrastructure. Security issues might play a stimulating role as a driving factor
for any aforementioned disruption.
28
5. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
3. AUTHENTICATION IN CLOUD
Security is the most prioritized aspect for any form of computing, making it an obvious
expectation that security issues are crucial for cloud environment as well. As the cloud computing
approach could be associated with having users’ sensitive data stored both at clients’ end as well
as in cloud servers, identity management and authentication are very crucial in cloud computing
(Kim & Hong, 2012; Emam, 2013; Han, Susilo & Mu, 2013; Yassin, Jin, Ibrahim, Qiang & Zou,
2012). Verification of eligible users’ credentials and protecting such credentials are part of main
security issues in the cloud - violation in these areas could lead to undetected security breach
(Kumar, 2012) at least to some extent for some period. A possible authentication scenario for a
cloud infrastructure is illustrated in figure 3.
Figure 3: Authentication in the Cloud
The illustration presented in figure 3 conveys that the authentication for the cloud users can be
done either by the cloud service provider or the service provider can outsource the identity
management and authentication service to third party specialists (Gonzalez, Miers, Redigolo,
Simplicio, Carvalho, Naslund & Pourzandi, 2012; Sharma & Mittal, 2013). In the later case, the
cloud service provider is required to have collaboration with the third party authentication
specialist – the collaboration between the cloud service provider and the third party authentication
specialist during the authentication process of cloud users is done essentially through cloud. This
feature adds performance overheads and security issues to the cloud context as the message
passing between third party authentication management authority and the cloud service provider
as part of collaboration might essentially be done through cloud infrastructure. As discussed
earlier, the total authentication process and how they are carried out - regardless of the
involvement of third party authentication specialists – is transparent to the cloud users. The
29
6. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
illustration on the authentication scenario presented above is a fairly simple one – if
geographically dispersed servers are deployed by the cloud service providers then the total
authentication process might be far more complex in terms of security, underlying algorithm as
well as performance level. Whatever is the level of complexity, the introduction of third party
authentication and identity management specialist into any cloud architecture should have only
one goal; and the goal is to strengthen the robustness of security in the concerned area which the
cloud service provider itself is not capable of to deploy or offer.
4. SECURITY ISSUES IN CLOUD
Cloud computing comes with numerous possibilities and challenges simultaneously. Of the
challenges, security is considered to be a critical barrier for cloud computing in its path to success
(Khorshed, Ali & Wasimi, 2012). The security challenges for cloud computing approach are
somewhat dynamic and vast. Data location is a crucial factor in cloud computing security
(Teneyuca, 2011). Location transparency is one of the prominent flexibilities for cloud
computing, which is a security threat at the same time – without knowing the specific location of
data storage, the provision of data protection act for some region might be severely affected and
violated. Cloud users’ personal data security is thus a crucial concern in a cloud computing
environment (Joint, Baker & Eccles, 2009; Ismail, 2011; King & Raja, 2012). In terms of
customers’ personal or business data security, the strategic policies of the cloud providers are of
highest significance (Joint & Baker, 2011) as the technical security solely is not adequate to
address the problem. Trust is another problem which raises security concerns to use cloud service
(Ryan & Falvy, 2012) for the reason that it is directly related to the credibility and authenticity of
the cloud service providers. Trust establishment might become the key to establish a successful
cloud computing environment. The provision of trust model is essential in cloud computing as
this is a common interest area for all stakeholders for any given cloud computing scenario. Trust
in cloud might be dependent on a number of factors among which some are automation
management, human factors, processes and policies (Abbadi & Martin, 2011). Trust in cloud is
not a technical security issue, but it is the most influential soft factor that is driven by security
issues inherent in cloud computing to a great extent. All kinds of attacks that are applicable to a
computer network and the data in transit equally applies to cloud based services – some threats in
this category are man-in-the-middle attack, phishing, eavesdropping, sniffing and other similar
attacks. DDoS (Distributed Denial of Service) attack is one common yet major attack for cloud
computing infrastructure (Dou, Chen & Chen, 2013). The well known DDoS attack can be a
potential problem for cloud computing, though not with any exception of having no option to
mitigate this. The security of virtual machine will define the integrity and level of security of a
cloud environment to greater extent (Rakhmi, Sahoo & Mehfuz, 2013; Agarwal & Agarwal,
2011). Accounting & authentication as well as using encryption falls within the practice of safe
computing - they can be well considered as part of security concerns for cloud computing (Lee,
2012; Ogigau-Neamtiu, 2012; Singh & Jangwal, 2012). However, it is important to distinguish
between risk and security concerns in this regard. For example, vendor lock-in might be
considered as one of the possible risks in cloud based services which do not essentially have to be
related to security aspects. On the contrary, using specific type of operating system (e.g. opensource vs. proprietary) might pose security threat and concerns which, of course, is a security risk.
Other examples of business risks of cloud computing could be licensing issues, service
unavailability, provider's business discontinuity that do not fall within the security concerns from
a technical viewpoint. Thus, in cloud computing context, a security concern is always some type
of risk but any risk cannot be blindly judged to be a security concern. Allocation of
responsibilities among the parties involved in a cloud computing infrastructure might result in
experiencing inconsistency which might eventually lead to a situation with security
vulnerabilities. Like any other network scenario, the provision of insider-attack remains as a valid
threat for cloud computing (Ogigau-Neamtiu, 2012). Any security tools or other kinds of software
30
7. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
used in a cloud environment might have security loopholes which in turn would pose security
risks to the cloud infrastructure itself. The problem with third party APIs as well as spammers are
threats to the cloud environment (Bisong & Rahman, 2011; Singh & Jangwal, 2012).
As cloud computing normally means using public networks and subsequently putting the
transmitting data exposed to the world, cyber attacks in any form are anticipated for cloud
computing. The existing contemporary cloud based services have been found to suffer from
vulnerability issues with the existence of possible security loopholes that could be exploited by an
attacker. Security and privacy both are concerns in cloud computing due to the nature of such
computing approach (Bisong & Rahman, 2011). The approach by which cloud computing is done
has made it prone to both information security and network security issues (Rakhmi, Sahoo &
Mehfuz, 2013; Qaisar & Khawaja, 2012). Third party relationship might emerge as a risk for
cloud environment along with other security threats inherent in infrastructural and virtual machine
aspects (Hashizume et al., 2013). Factors like software bugs, social engineering, human errors
make the security for cloud a dynamically challenging one (Kim, 2009). Intrusion detection is the
most important role in seamless network monitoring to reduce security risks. If the contemporary
IDSs (Intrusion detection Systems) are inefficient, the resultant consequence might be undetected
security breach for cloud environment (Westphall et al., 2011).
The facets from which the security threat might be introduced into a cloud environment are
numerous ranging from database, virtual servers, and network to operating systems, load
balancing, memory management and concurrency control (Hamlen et al., 2010). Data segregation
and session hijacking are two potential and unavoidable security threats for cloud users. One of
the challenges for cloud computing is in its level of abstraction as well as dynamism in scalability
which results in poorly defined security or infrastructural boundary. Privacy and its underlying
concept might significantly vary in different regions and thus it may lead to security breach for
cloud services in specific contexts and scenarios (Chen & Zhao, 2012). Data loss and various
botnets can come into action to breach security of cloud servers. Besides, multi-tenancy model is
also an aspect that needs to be given attention (Kuyoro et al., 2011; Ogigau-Neamtiu, 2012) when
it comes to security. Security in the data-centres of cloud providers are also within the interests of
security issues, as a single physical server would hold many clients' data (Okuhara, Shiozaki &
Suzuki, 2010) making it a common shared platform in terms of physical server or operating
system. The storage security at the cloud service providers data centres are also directly linked
with the security of the cloud services (Mircea, 2012). All the traditional security risks are thus
applicable with added degree of potency in a cloud infrastructure which makes the ongoing
success of cloud computing a quite challenging one. Confidentiality, availability and integrity are
the generalized categories into which the security concerns of a cloud environment falls. Threats
for a cloud infrastructure are applicable both to data and infrastructure (Agarwal & Agarwal,
2011).
Different modes of data transfer and communication means (e.g. satellite communication) might
need to take into account. Huge amount of data transfer is a common anticipation in a cloud
environment, the communication technology used along with the security concerns of the adapted
communication technology also becomes a security concern for the cloud computing approach.
The broadcast nature of some communication technology is a core concern in this regard (Celesti,
Fazio, Villari & Puliafito, 2012). Cloud environment is associated with both physical and virtual
resources and they pose different level of security issues – having no sophisticated authentication
mechanism to fully address the security threats is an existing problem for cloud computing. It has
mainly resulted in the situations where grid computing has been taken as an embedded part of
cloud computing (Casola, Cuomo, Rak & Villano, 2013). As the virtualized resources are highly
coupled with a cloud infrastructure, intrusion related security concerns are of utmost priority as
part of security issues. Arbitrary intermittent intrusion needs to be monitored in the operational
context of a cloud computing infrastructure where the severity of possibility for a virtual machine
31
8. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
to be compromised is to be taken into account (Arshad, Townsend & Xu, 2013). Some authors
have argued that using Internet technologies is not a must for cloud computing (Khorshed et al.,
2012) - but the cost efficiency and globalization trends will enforce and motivate almost all the
businesses to admit Internet and associated technologies to be the ultimate means towards cloud
computing approach. As a result, total Internet related security concerns are anticipated to be
automatically added on top of the cloud-specific security issues. Bringing portability is one of the
means to make cloud services flexible. The portability of cloud services would also be associated
with security concerns. Cloud portability enables the cloud users to switch among different cloud
service providers without being affected with the necessity to change the ways to accomplish
tasks in different ways. It is a clear provision on bargaining power for the cloud users; but at the
same time, the security issues with cloud portability are to be counted. Cloud portability might
bring severe degree of API based security threats (Petcu, Macariu, Panica & Craciun, 2013).
The wide transition to mobile computing practices in recent years has made it imperative to
include mobile computing and its associated technologies as an essential part of cloud computing.
Resource scarcity as well as other constraints of mobile computing is barriers to cloud computing.
The demand of huge data processing is a problem for mobile end-user devices which has been
further complemented by the security concerns of mobile cloud computing. For mobile cloud
computing, the device level limitations has inspired researchers to suggest the inclusion of
another level of cloud termed as ‘mobile cloud’ to aid the processing of the specific computing
and processing for mobile computing devices (Fernando, Loke & Rahayu, 2013). The earlier
explained broadcast nature of satellite communication and related security issues are equally
applicable to the mobile cloud computing due to its being wireless communication. Besides, the
addition of mobile cloud into the perspective would add another cloud with all its security issues
for a service provider having both mobile cloud and conventional cloud. The addition of mobile
cloud in the scenario would boost performance, but it would also add another layer of security
issue not only to the mobile cloud users, but also to the total infrastructure of the cloud service
provider. The hierarchical arrangement of cloud computing facilitates different level of
extensibility for the cloud users with varying degree of associated security issues (Che et al.,
2011). Security issues for cloud computing are described by some authors as an obvious one due
to its nature. In a business model, the risks for the consumers are related to and dependent on the
relevant approaches and policies of the cloud service providers the consumers are dealing with.
Using cloud products or services may lead to security concerns for the consumers if they are not
well aware with the type and particulars of the products or services they are to procure or to use in
a cloud environment; this is also related to the cloud providers’ identity and reliability. One of the
inherent problems in this context is that, the consumers might normally not be able to identify or
foresee all the risks involved in the specific cloud transaction they are dealing with or involved in
(Svantesson & Clarke, 2010).
5. CONCLUSIONS
Cloud computing has enormous prospects, but the security threats embedded in cloud computing
approach are directly proportional to its offered advantages. Cloud computing is a great
opportunity and lucrative option both to the businesses and the attackers – either parties can have
their own advantages from cloud computing. The vast possibilities of cloud computing cannot be
ignored solely for the security issues reason – the ongoing investigation and research for robust,
consistent and integrated security models for cloud computing could be the only path of
motivation. The security issues could severely affect could infrastructures. Security itself is
conceptualized in cloud computing infrastructure as a distinct layer (Dukaric & Juric, 2013).
Security for cloud computing environment is a non-compromising requirement. Cloud computing
is inevitable to become the ideal (and possibly the ultimate) approach to business computing
though the security barriers along with other issues need to be resolved for cloud computing to
32
9. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
make it more viable (Marston, Li, Bandyopadhyay, Zhang & Ghalsasi, 2011) . Yet, given its total
advantages and dynamism and provided it is deployed within an integrated and secured
infrastructural framework, cloud computing can offer virtual ownership and access to 'super
computers' without procuring them physically. Perhaps this is what inspired coining the term SCC
(Scientific Cloud Computing). Research effort has been contributed to develop faster yet secured
SCC tools (Jorissen, Villa & Rehr, 2012) which will greatly influence the pace of research and
motivation in various fields together with clouding computing itself. The social implications of
cloud computing approaches might emerge with severe impact if robust security models for cloud
computing do not exist. The security issues for cloud computing are not related to the technical
and direct security breach only; a number of social inconsistency might also be resulted even
without any ‘hard’ security breach having taken place. The distributed and dispersive processing,
transmission and storage features are behind reason. One such example is the obtaining of digital
evidences. The evolution of cloud computing might significantly affect the collection and
retention of digital evidence (Mason & George, 2011). The vastness and potentiality of cloud
computing cannot be overlooked, subsequently robust security models for cloud computing
scenarios is the most prioritized factor for a successful cloud based infrastructure development
and deployment. With the goal of secured exploitation of a Service Oriented Architecture, the
security aspects and issues of cloud computing are inherent not only with the elements that from
the cloud infrastructure but also with all associated services as well as the ways computing is
done both at the users’ and the cloud service providers’ ends. The security issues in cloud
computing are somewhat sensitive and crucial on the basis of sociological and technological
viewpoints – the technological inconsistency that results in security breach in cloud computing
might lead to significant sociological impacts. As a result, when dealing with cloud computing
and its security issues, technical as well as epistemological factors are equally important to take
into consideration. Based on the fact that the impact of cloud computing can include both the
technical and social settings, the research on cloud computing and its related concerns are not
related only with computing aspects. Service oriented architecture and other characteristics of
cloud computing suggests that the concept of cloud computing would require to analyze the
practicality in line with social, business, technical and legal perspectives – all these facets will
incorporate security issues either in technical or strategic form. Regardless of the nature of
security issues, it can be undoubtedly concluded that the severe adverse effects as a consequence
of security breaches in cloud computing, the deployment of any form of cloud computing should
deal with the security concerns corresponding to those of the safety critical systems.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
Abbadi, I.M. and Martin, A. (2011). Trust in the Cloud. Information Security Technical Report, 16,
108-114. doi:10.1016/j.istr.2011.08.006
Agarwal, A. and Agarwal, A. (2011). The Security Risks Associated with Cloud Computing.
International Journal of Computer Applications in Engineering Sciences, 1 (Special Issue on CNS),
257-259.
Arshad, J, Townsend, P. and Xu, J. (2013).A novel intrusion severity analysis approach for Clouds.
Future Generation Computer Systems, 29, 416–428. doi:10.1016/j.future.2011.08.009
Atayero, A.A. and Feyisetan, O. (2011). Security Issues in Cloud Computing: The Potentials of
Homomorphic Encryption. Journal of Emerging Trends in Computing and Information Sciences,
2(10), 546-552.
Bisong, A. and Rahman, S.S.M. (2011). An Overview of the Security Concerns in Enterprise Cloud
Computing. International Journal of Network Security & Its Applications, 3(1), 30-45.
doi:10.5121/ijnsa.2011.3103
Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J. and Brandic, I. (2009). Cloud computing and
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future
Generation Computer Systems, 25, 599–616.
33
10. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
Casola, V., Cuomo, A., Rak, M. and Villano, U. (2013). The CloudGrid approach: Security analysis
and performance evaluation. Future Generation Computer Systems, 29, 387–401.
doi:10.1016/j.future.2011.08.008
Celesti, A., Fazio, M., Villari, M. and Puliafito, A. (2012). Virtual machine provisioning through
satellite communications in federated Cloud environments. Future Generation Computer Systems, 28,
85–93. doi:10.1016/j.future.2011.05.021
Che, J. Duan, Y, Zhang, T. and Fan, J. ().Study on the security models and strategies of cloud
computing. Procedia Engineering, 23, 586 – 593. doi:10.1016/j.proeng.2011.11.2551
Chen, D. and Zhao, H. (2012). Data Security and Privacy Protection Issues in Cloud Computing.
International Conference on Computer Science and Electronics Engineering, 647-651. doi:
10.1109/ICCSEE.2012.193
Dou, W., Chen, Q. and Chen, J. (2013). A confidence-based filtering method for DDoS attack defense
in
cloud
environment.
Future
Generation
Computer
Systems,
29,
1838–1850.
doi:10.1016/j.future.2012.12.011
Dukaric, R. and Juric, M.B. (2013). Towards a unified taxonomy and architecture of cloud
frameworks. Future Generation Computer Systems, 29, 1196–1210. doi:10.1016/j.future.2012.09.006
Emam, A.H.M. (2013). Additional Authentication and Authorization using Registered Email-ID for
Cloud Computing. International Journal of Soft Computing and Engineering, 3(2), 110-113.
Fernando, N., Loke, S.W. and Rahayu, W. (2013). Mobile cloud computing: A survey. Future
Generation Computer Systems, 29, 84–106. doi:10.1016/j.future.2012.05.023
Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Naslund, M. and Pourzandi, M.
(2012). A quantitative analysis of current security concerns and solutions for cloud computing.
Journal of Cloud Computing, 1(11), 1-18.
Hamlen, K., Kantarcioglu, M., Khan, L. and Thuraisingham, V. (2010). Security Issues for Cloud
Computing. International Journal of Information Security and Privacy, 4(2), 39-51. doi:
10.4018/jisp.2010040103
Han, J., Susilo, W. and Mu, Y. (2013). Identity-based data storage in cloud computing. Future
Generation Computer Systems, 29, 673–681. doi:10.1016/j.future.2012.07.010
Hashizume et al. (2013). An analysis of security issues for cloud computing. Journal of Internet
Services and Applications, 4(5), 1-13.
Ismail, N. (2011).Cursing the Cloud (or) Controlling the Cloud? Computer Law & Security Review,
27, 250 – 257. doi:10.1016/j.clsr.2011.03.005
Joint, A. and Baker, E. (2011). Knowing the past to understand the present 1 e issues in the
contracting for cloud based services. Computer Law & Security Review, 27, 407 - 415.
doi:10.1016/j.clsr.2011.05.002
Joint, A., Baker, E. and Eccles, E. (2009). Hey, you, get off of that cloud? Computer Law & Security
Review, 25, 270–274. doi:10.1016/j.clsr.2009.03.001
Jorissen, K., Villa, F.D. and Rehr, J.J. (2012). A high performance scientific cloud computing
environment for materials simulations. Computer Physics Communications, 183, 1911–1919.
doi:10.1016/j.cpc.2012.04.010
Khorshed, T.M., Ali, A.B.M.S. and Wasimi, S.A. (2012). A survey on gaps, threat remediation
challenges and some thoughts for proactive attack detection in cloud computing. Future Generation
Computer Systems, 28, 833–851. doi:10.1016/j.future.2012.01.006
Kim, J. and Hong, S. (2012). A Consolidated Authentication Model in Cloud Computing
Environments. International Journal of Multimedia and Ubiquitous Engineering, 7(3), 151-160.
Kim, W. (2009). Cloud Computing: Today and Tomorrow. Journal of Object technology, 8(1), 65-72.
King, N.J. and Raja, V.T. (2012).Protecting the privacy and security of sensitive customer data in the
cloud. Computer Law and Security Reviews, 28, 308-319.
Kumar, A. (2012). World of Cloud Computing & Security. International Journal of Cloud Computing
and Services Science, 1(2), 53-58.
Kuyoro, S.O., Ibikunle, F. and Awodele, O. (2011). Cloud Computing Security Issues and
Challenges. International Journal of Computer Networks, 3(5), 247-255.
Lee, K. (2012). Security Threats in Cloud Computing Environments. International Journal of Security
and Its Application, 6(4), 25-32.
Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J. and Ghalsasi, A. (2011).Cloud computing — The
business perspective. Decision Support Systems, 51, 176–189. doi:10.1016/j.dss.2010.12.006
Mason, S. and George, E. (2011). Digital evidence and ‘cloud’ computing. Computer Law & Security
Review, 27, 524-528. doi:10.1016/j.clsr.2011.07.005
34
11. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
[32] Mircea, M. (2012). Addressing Data Security in the Cloud. World Academy of Science, Engineering
and Technology, 66, 539-546.
[33] Mosher, R, (2011). Cloud Computing Risks. ISSA Journal, July Issue, 34-38.
[34] Ogigau-Neamtiu, F. (2012). Cloud Computing Security Issues. Journal of Defense Resource
Management, 3(2), 141-148.
[35] Okuhara, M., Shiozaki, T. and Suzuki, T. (2010). Security Architectures for Cloud Computing.
FUJITSU Science Technology Journal, 46(4), 397–402.
[36] Petcu, D., Macariu, G., Panica, S. and Crăciun, C. (2013). Portable Cloud applications—From theory
to practice. Future Generation Computer Systems, 29, 1417–1430. doi:10.1016/j.future.2012.01.009
[37] Petre, R. (2012). Data mining in Cloud Computing. Database Systems Journal, 3(3), 67-71.
[38] Qaisar, S. and Khawaja, K.F. (2012). Cloud Computing: Network/Security Threats and
Countermeasures. Interdisciplinary Journal of Contemporary Research in Business, 3(9), 1323-1329.
[39] Rashmi, Sahoo, G. and Mehfuz, S. (2013). Securing Software as a Service Model of Cloud
Computing: Issues and Solutions. International Journal on Cloud Computing: Services and
Architecture, 3(4), 1-11. Doi: 10.5121/ijccsa.2013.3401
[40] Ryan, P. and Falvey, S. (2012). Trust in the clouds. Computer Law and Security Reviews, 28, 513521. http://dx.doi.org/10.1016/j.clsr.2012.07.002
[41] Sharma, S. And Mittal, U. (2013). Comparative Analysis of Various Authentication Techniques in
Cloud Computing. International Journal of Innovative Research in Science, Engineering and
Technology, 2(4), 994-998.
[42] Singh, S. and Jangwal, T. (2012). Cost breakdown of Public Cloud Computing and Private Cloud
Computing and Security Issues. International Journal of Computer Science & Information
Technology, 4(2), 17-31.
[43] Svantesson, D. And Clarke, R. (2010). Privacy and consumer risks in cloud computing. Computer
Law & Security Review, 26, 391-397. doi:10.1016/j.clsr.2010.05.005
[44] Suresh, K.S. and Prasad, K.V. (2012). Security Issues and Security Algorithms in Cloud Computing.
International Journal of Advanced Research in Computer Science and Software Engineering, 2(10),
110-114.
[45] Teneyuca, D. (2011). Internet cloud security: The illusion of inclusion. Information Security
Technical Report, 16, 102-107. doi:10.1016/j.istr.2011.08.005
[46] Westphall, C.B., Westphall, C.M., Koch, F.L., Rolim, C.O., Vieira, K.M., Schulter, A., Chaves, S.A.,
Werner, J., Mendes, R.S., Brinhosa, R.B., Geronimo, G.A. and Freitas, R.R. (2011). Management and
Security for Grid, Cloud and Cognitive Networks. Revista de Sistemas de Informação da FSMA, 8, 821.
[47] Yassin, A.A., Jin, H., Ibrahim, A., Qiang, W. and Zou, D. (2012). Efficient Password-based Two
Factors Authentication in Cloud Computing. International Journal of Security and Its Applications,
6(2), 143-148.
[48] Youssef, A.E. (2012). Exploring Cloud Computing Services and Applications. Journal of Emerging
Trends in Computing and Information Sciences, 3(6), 838-847.
[49] Zissis, D and Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation
Computer Systems, 28, 583–592. doi:10.1016/j.future.2010.12.006
Authors
Monjur Ahmed achieved MSc in Electronics and Communications Engineering from
University of Greenwich, United Kingdom, MS in Telecommunications from University
of Information Technology & Sciences, Bangladesh, and BSc (Hons) in Computing and
Information Systems from London Metropolitan University, United Kingdom. He
currently serves as Senior Lecturer at Daffodil Institute of IT, Bangladesh. Ahmed’s
research interests are within communication network performance and cloud computing
with a specific focus on security aspects of cloud computing. Epistemological analysis in Information
Engineering is also part of his research interests.
35
12. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.1, January 2014
Mohammad Ashraf Hossain achieved BSc (Hons) in Computing and Information
Systems from London Metropolitan University, United Kingdom. He works as freelance
IT consultant on cloud based services. His expertise falls within the tools for both private
and public cloud. The cloud based tools that he works with are Microsoft Office 365
(SharePoint, Exchange, Lync), Windows Azure 2, Hyper-V and System center.
Hossain’s research interest is in the area of could based services. He has an interest to
study on how the identity management in the cloud based computing approach can be achieved in a
secured and integrated way.
36