IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...IJERA Editor
Cloud Computing creates a dynamic resource sharing platform. Using cloud technologies such as virtualization, data can be provided to the active users who are at high need to utilize the resources provided within the cloud. As this data (or service) is stored (or offered) outside the data owner's boundaries, they are skeptical for utilizing cloud technology in order to store or utilize their data or service. There are many issues for these active clients (companies or individuals) to be petrified at the thought of using cloud computing paradigm. Some of the main issues that make the clients not to choose cloud computing may be determined because of three important security aspects such as confidentiality, integrity, and availability. This research focused on the security models that relate confidentiality issues. A literature Review is performed for analyzing the existing confidentiality frameworks and security models in the area of grid computing, cluster computing and virtualization. A new theoretical framework is then designed to overcome confidentiality issues thereby improving the client‟sgeneric understanding of cloud computing services. The resulting framework when implemented in real world would motivate clients to transform their businesses on to cloud.
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
Regardless of the few advantages of relocating endeavor basic resources for the Cloud, there are challenges particularly identified with security and protection. It is imperative that Cloud Users comprehend their security and protection needs, in light of their particular setting and select cloud show best fit to help these requirements. The writing gives works that attention on talking about security and protection issues for cloud frameworks yet such works don't give a nitty gritty methodological way to deal with evoke security and security necessities neither one of the to choose cloud arrangement models in view of fulfillment of these prerequisites by Cloud Service Providers. This work propels the present best in class towards this bearing. Specifically, we consider necessities designing ideas to inspire and dissect security and protection prerequisites and their related instruments utilizing an applied structure and an orderly procedure. The work presents confirmation as proof for fulfilling the security and protection necessities as far as culmination and reportable of security occurrence through review. This enables point of view cloud clients to characterize their confirmation prerequisites with the goal that proper cloud models can be chosen for a given setting. To exhibit our work, we display comes about because of a genuine contextual analysis in view of the Greek National Gazette.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Understanding the Determinants of Security and Privacy in Cloud Computing Arc...ijtsrd
Cloud computing is an emerging model of business computing. Cloud computing is a service, which offers customers to work over the internet. It simply states that cloud computing means storing and accessing the data and programs over the internet rather than the computer's hard disk. The data can be anything such as music, files, images, documents, and many more. The user can access the data from anywhere just with the help of an internet connection. To access cloud computing, the user should register and provide with ID and password for security reasons. The speed of transfer depends on various factors such as internet speed, the capacity of the server, and many more. In this paper, we explore the understanding the determinates of security and privacy in cloud computing, Cloud Computing architecture and We also address the characteristics and applications of several popular cloud computing platforms. We identified several challenges from the cloud computing adoption perspective and we also highlighted the cloud interoperability issue that deserves substantial further research and development. However, security and privacy issues present a strong barrier for users to adapt to cloud computing systems. Yin Myo Kay Khine Thaw | Khin Myat Nwe Win "Understanding the Determinants of Security and Privacy in Cloud Computing Architecture" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26452.pdfPaper URL: https://www.ijtsrd.com/computer-science/distributed-computing/26452/understanding-the-determinants-of-security-and-privacy-in-cloud-computing-architecture/yin-myo-kay-khine-thaw
A Virtualization Model for Cloud ComputingSouvik Pal
Cloud Computing is now a very emerging field in the IT industry as well as research field. The advancement of Cloud Computing came up due to fast-growing usage of internet among the people. Cloud Computing is basically on-demand network access to a collection of physical resources which can be provisioned according to the need of cloud user under the supervision of Cloud Service provider interaction. From business prospective, the viable achievements of Cloud Computing and recent developments in Grid computing have brought the platform that has introduced virtualization technology into the era of high performance computing. Virtualization technology is widely applied to modern data center for cloud computing. Virtualization is used computer resources to imitate other computer resources or whole computers. This paper provides a Virtualization model for cloud computing that may lead to faster access and better performance. This model may help to combine self-service capabilities and ready-to-use facilities for computing resources.
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...IJERA Editor
Cloud Computing creates a dynamic resource sharing platform. Using cloud technologies such as virtualization, data can be provided to the active users who are at high need to utilize the resources provided within the cloud. As this data (or service) is stored (or offered) outside the data owner's boundaries, they are skeptical for utilizing cloud technology in order to store or utilize their data or service. There are many issues for these active clients (companies or individuals) to be petrified at the thought of using cloud computing paradigm. Some of the main issues that make the clients not to choose cloud computing may be determined because of three important security aspects such as confidentiality, integrity, and availability. This research focused on the security models that relate confidentiality issues. A literature Review is performed for analyzing the existing confidentiality frameworks and security models in the area of grid computing, cluster computing and virtualization. A new theoretical framework is then designed to overcome confidentiality issues thereby improving the client‟sgeneric understanding of cloud computing services. The resulting framework when implemented in real world would motivate clients to transform their businesses on to cloud.
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
Regardless of the few advantages of relocating endeavor basic resources for the Cloud, there are challenges particularly identified with security and protection. It is imperative that Cloud Users comprehend their security and protection needs, in light of their particular setting and select cloud show best fit to help these requirements. The writing gives works that attention on talking about security and protection issues for cloud frameworks yet such works don't give a nitty gritty methodological way to deal with evoke security and security necessities neither one of the to choose cloud arrangement models in view of fulfillment of these prerequisites by Cloud Service Providers. This work propels the present best in class towards this bearing. Specifically, we consider necessities designing ideas to inspire and dissect security and protection prerequisites and their related instruments utilizing an applied structure and an orderly procedure. The work presents confirmation as proof for fulfilling the security and protection necessities as far as culmination and reportable of security occurrence through review. This enables point of view cloud clients to characterize their confirmation prerequisites with the goal that proper cloud models can be chosen for a given setting. To exhibit our work, we display comes about because of a genuine contextual analysis in view of the Greek National Gazette.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Understanding the Determinants of Security and Privacy in Cloud Computing Arc...ijtsrd
Cloud computing is an emerging model of business computing. Cloud computing is a service, which offers customers to work over the internet. It simply states that cloud computing means storing and accessing the data and programs over the internet rather than the computer's hard disk. The data can be anything such as music, files, images, documents, and many more. The user can access the data from anywhere just with the help of an internet connection. To access cloud computing, the user should register and provide with ID and password for security reasons. The speed of transfer depends on various factors such as internet speed, the capacity of the server, and many more. In this paper, we explore the understanding the determinates of security and privacy in cloud computing, Cloud Computing architecture and We also address the characteristics and applications of several popular cloud computing platforms. We identified several challenges from the cloud computing adoption perspective and we also highlighted the cloud interoperability issue that deserves substantial further research and development. However, security and privacy issues present a strong barrier for users to adapt to cloud computing systems. Yin Myo Kay Khine Thaw | Khin Myat Nwe Win "Understanding the Determinants of Security and Privacy in Cloud Computing Architecture" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26452.pdfPaper URL: https://www.ijtsrd.com/computer-science/distributed-computing/26452/understanding-the-determinants-of-security-and-privacy-in-cloud-computing-architecture/yin-myo-kay-khine-thaw
A Virtualization Model for Cloud ComputingSouvik Pal
Cloud Computing is now a very emerging field in the IT industry as well as research field. The advancement of Cloud Computing came up due to fast-growing usage of internet among the people. Cloud Computing is basically on-demand network access to a collection of physical resources which can be provisioned according to the need of cloud user under the supervision of Cloud Service provider interaction. From business prospective, the viable achievements of Cloud Computing and recent developments in Grid computing have brought the platform that has introduced virtualization technology into the era of high performance computing. Virtualization technology is widely applied to modern data center for cloud computing. Virtualization is used computer resources to imitate other computer resources or whole computers. This paper provides a Virtualization model for cloud computing that may lead to faster access and better performance. This model may help to combine self-service capabilities and ready-to-use facilities for computing resources.
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
Cloud computing is revolutionizing many ecosystems by providing organizations with
computing resources featuring easy deployment, connectivity, configuration, automation and
scalability. This paradigm shift raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud
computing environments. This paper reviews the existing technologies and a wide array of both
earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing
research according to the cloud reference architecture orchestration, resource control, physical
resource, and cloud service management layers, in addition to reviewing the existing
developments in privacy-preserving sensitive data approaches in cloud computing such as
privacy threat modeling and privacy enhancing protocols and solutions.
The paradigm called “Cloud computing” acts as a mechanism for attaining the resources of shared technology and infrastructure cost-effectively. The on-demand services are accomplished to execute the various operations across the network. Regularly, the last client doesn't know about the area of open physical assets and devices. Developing, using, and dealing with their applications 'on the cloud', which includes virtualization of assets that keeps and guides itself are led by arranged activities to clients. Calculation experience the new methodology of cloud computing which perhaps keeps the world and can set up all the human necessities. At the end of the day, cloud computing is the ensuing normal step in the development of on-request data innovation administrations and items. The Cloud is an allegory for the Internet and is an idea for the secured confused foundation; it likewise relies upon drawing network graphs on a computer. In this work, thorough investigations of distributed computing security and protection concerns are given. The work distinguishes both the identified and unidentified attacks, vulnerabilities in the cloud, security attacks and also the solutions to control these threats and attacks. Moreover, the restrictions of the present solutions and offers various perceptions of security viewpoints are distinguished and explored. At long last, a cloud security system is given in which the different lines of protection and the reliance levels among them are identified.
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
Cloud computing is an important transition that makes change in service oriented computing
technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as
many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of
service in the form of a service level agreement. For transparent billing, each billing transaction should be
protected against forgery and false modifications. Although CSPs provide service billing records, they cannot
provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party
cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we
introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of
cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to
resolve future disputes between user and CSP. This project will produce the secure billing through monitoring
the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored
it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the
data.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
Cloud computing and security issues in theIJNSA Journal
Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The
global computing infrastructure is rapidly moving towards cloud based architecture. While it is important
to take advantages of could based computing by means of deploying it in diversified sectors, the security
aspects in a cloud based computing environment remains at the core of interest. Cloud based services and
service providers are being evolved which has resulted in a new business trend based on cloud technology.
With the introduction of numerous cloud based services and geographically dispersed cloud service
providers, sensitive information of different entities are normally stored in remote servers and locations
with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing
those information are compromised. If security is not robust and consistent, the flexibility and advantages
that cloud computing has to offer will have little credibility. This paper presents a review on the cloud
computing concepts as well as security issues inherent within the context of cloud computing and cloud
infrastructure.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Cloud computing is very useful then also its own set of cons discourage cloud users to choose them as a best option. The multitenant architecture of cloud exposed to several threats such as improper trust management at service provider site, Storage security, Shared technology vulnerabilities, data lost/leakage during transit, unauthorized access of data. This paper studied review work on cloud steganography.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
“This chapter provide an overview of introductory cloud computing topics. It begins with a brief history of cloud computing along with short descriptions of its business and technology drivers. This is followed by definitions of basic concepts and terminology, in addition to explanations of the primary benefits and challenges of cloud computing adoption.”
Smart, Secure and Efficient Data Sharing in IoTAngelo Corsaro
The value of the Internet of Things is the data and the insights derived from it to optimise and improve potentially every aspect of our modern society. As IoT extends its application from consumer to ever more demanding industrial applications, the ability to smartly, securely and efficiently share data makes the difference between success and failure.
This presentation will (1) introduce the data sharing challenges posed by a large class of IoT applications often referred as Industrial IoT (IIoT) applications, (2) highlight how the standards identified by the Industrial Internet of Things Reference Architecture, such as DDS, address the need of smart, secure and efficient data sharing, and (3) showcase how this technology is used today in several IoT systems for ensuring smart, secure and efficient data sharing.
Cloud computing is Internet based development and use of computer technology. It is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure "in the cloud" that supports them. Cloud computing is a hot topic all over the world nowadays, through which customers can access information and computer power via a web browser. As the adoption and deployment of cloud computing increase, it is critical to evaluate the performance of cloud environments. Currently, modeling and simulation technology has become a useful and powerful tool in cloud computing research community to deal with these issues. Cloud simulators are required for cloud system testing to decrease the complexity and separate quality concerns. Cloud computing means saving and accessing the data over the internet instead of local storage. In this paper, we have provided a short review on the types, models and architecture of the cloud environment.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
Cloud computing is revolutionizing many ecosystems by providing organizations with
computing resources featuring easy deployment, connectivity, configuration, automation and
scalability. This paradigm shift raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud
computing environments. This paper reviews the existing technologies and a wide array of both
earlier and state-of-the-art projects on cloud security and privacy. We categorize the existing
research according to the cloud reference architecture orchestration, resource control, physical
resource, and cloud service management layers, in addition to reviewing the existing
developments in privacy-preserving sensitive data approaches in cloud computing such as
privacy threat modeling and privacy enhancing protocols and solutions.
The paradigm called “Cloud computing” acts as a mechanism for attaining the resources of shared technology and infrastructure cost-effectively. The on-demand services are accomplished to execute the various operations across the network. Regularly, the last client doesn't know about the area of open physical assets and devices. Developing, using, and dealing with their applications 'on the cloud', which includes virtualization of assets that keeps and guides itself are led by arranged activities to clients. Calculation experience the new methodology of cloud computing which perhaps keeps the world and can set up all the human necessities. At the end of the day, cloud computing is the ensuing normal step in the development of on-request data innovation administrations and items. The Cloud is an allegory for the Internet and is an idea for the secured confused foundation; it likewise relies upon drawing network graphs on a computer. In this work, thorough investigations of distributed computing security and protection concerns are given. The work distinguishes both the identified and unidentified attacks, vulnerabilities in the cloud, security attacks and also the solutions to control these threats and attacks. Moreover, the restrictions of the present solutions and offers various perceptions of security viewpoints are distinguished and explored. At long last, a cloud security system is given in which the different lines of protection and the reliance levels among them are identified.
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
Cloud computing is an important transition that makes change in service oriented computing
technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as
many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of
service in the form of a service level agreement. For transparent billing, each billing transaction should be
protected against forgery and false modifications. Although CSPs provide service billing records, they cannot
provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party
cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we
introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of
cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to
resolve future disputes between user and CSP. This project will produce the secure billing through monitoring
the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored
it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the
data.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
Cloud computing and security issues in theIJNSA Journal
Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The
global computing infrastructure is rapidly moving towards cloud based architecture. While it is important
to take advantages of could based computing by means of deploying it in diversified sectors, the security
aspects in a cloud based computing environment remains at the core of interest. Cloud based services and
service providers are being evolved which has resulted in a new business trend based on cloud technology.
With the introduction of numerous cloud based services and geographically dispersed cloud service
providers, sensitive information of different entities are normally stored in remote servers and locations
with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing
those information are compromised. If security is not robust and consistent, the flexibility and advantages
that cloud computing has to offer will have little credibility. This paper presents a review on the cloud
computing concepts as well as security issues inherent within the context of cloud computing and cloud
infrastructure.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Cloud computing is very useful then also its own set of cons discourage cloud users to choose them as a best option. The multitenant architecture of cloud exposed to several threats such as improper trust management at service provider site, Storage security, Shared technology vulnerabilities, data lost/leakage during transit, unauthorized access of data. This paper studied review work on cloud steganography.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
“This chapter provide an overview of introductory cloud computing topics. It begins with a brief history of cloud computing along with short descriptions of its business and technology drivers. This is followed by definitions of basic concepts and terminology, in addition to explanations of the primary benefits and challenges of cloud computing adoption.”
Smart, Secure and Efficient Data Sharing in IoTAngelo Corsaro
The value of the Internet of Things is the data and the insights derived from it to optimise and improve potentially every aspect of our modern society. As IoT extends its application from consumer to ever more demanding industrial applications, the ability to smartly, securely and efficiently share data makes the difference between success and failure.
This presentation will (1) introduce the data sharing challenges posed by a large class of IoT applications often referred as Industrial IoT (IIoT) applications, (2) highlight how the standards identified by the Industrial Internet of Things Reference Architecture, such as DDS, address the need of smart, secure and efficient data sharing, and (3) showcase how this technology is used today in several IoT systems for ensuring smart, secure and efficient data sharing.
Cloud computing is Internet based development and use of computer technology. It is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure "in the cloud" that supports them. Cloud computing is a hot topic all over the world nowadays, through which customers can access information and computer power via a web browser. As the adoption and deployment of cloud computing increase, it is critical to evaluate the performance of cloud environments. Currently, modeling and simulation technology has become a useful and powerful tool in cloud computing research community to deal with these issues. Cloud simulators are required for cloud system testing to decrease the complexity and separate quality concerns. Cloud computing means saving and accessing the data over the internet instead of local storage. In this paper, we have provided a short review on the types, models and architecture of the cloud environment.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
It auditing to assure a secure cloud computingingenioustech
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
Abstract--The paper identifies the issues and the solution to overcome these problems. Cloud computing is a subscription based service where we can obtain networked storage space and computer resources. This technology has the capacity to admittance a common collection of resources on request. It is the application provided in the form of service over the internet and system hardware in the data centers that gives these services. But having many advantages for IT organizations cloud has some issues that must be consider during its deployment. The main concern is security privacy and trust. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario [4].
Keywords--Cloud, Issues, Security, Privacy, Resources, Technology.
Cloud computing has changed the entire process that distributed computing used to present e.g. Grid
computing, server client computing. Cloud computing describes recent developments in many existing IT
technologies and separates application and information resources from the underlying infrastructure.
Cloud computing security is an important aspect of quality of service from cloud service providers.
Security concerns arise as soon as one begins to run applications beyond the designated firewall and move
closer towards the public domain. In violation of security in any component in the cloud can be disaster for
the organization (the customer) as well as for the provider. In this paper, we propose a cloud security
model and security framework that identifies security challenges in cloud computing.
Cloud computing security through symmetric cipher modelijcsit
Cloud computing can be defined as an application and services which runs on distributed network using
virtualized and it is accessed through internet protocols and networking. Cloud computing resources and
virtual and limitless and information’s of the physical systems on which software running are abstracted
from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized
resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or
control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the
users the concept is to incorporate technologies which have the common theme of reliance on the internet
Software and data are stored on the servers whereas cloud computing services are provided through
applications online which can be accessed from web browsers. Lack of security and access control is the
major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple
virtual machine in cloud can access insecure information flows as service provider; therefore to implement
the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud
computing security through symmetric cipher model. This article proposes symmetric cipher model in
order to implement cloud computing security so that data can accessed and stored securely.
Cloud computing is a revolutionary way of storing and accessing data with five essential characteristics, three service models, and four deployment models. Businesses have realized the tremendous potentiality and benefits of cloud computing and have accepted the technology, but still a small amount of scepticism hovers around. In defiance of its potential characteristics, the organizations risk their sensitive data by storing it in the cloud. In this paper, we have identified various privacy and security challenges associated with the novelty of cloud computing. The security and privacy challenge listed in this paper perceives demand for implementation of sophisticated technologies to deal with them. Gopal K. Shyam | Mir Abdul Samim Ansari"Security Concerns in Cloud Computing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-5 , August 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18306.pdf http://www.ijtsrd.com/computer-science/distributed-computing/18306/security-concerns-in-cloud-computing/gopal-k-shyam
Review on Security Techniques using Cloud ComputingEditor IJCATR
Cloud Computing is the nascent technology which is based on Pay-Per-Use Model. Cloud computing is emerging as a
model of “Everything as a Service” (XaaS). Cloud Computing is computing paradigm where applications, data bandwidth and IT
services are provided over the Internet. Cloud Computing is a relatively new computing model that provides on demand business
and IT services over the Internet. The main concerns in adapting Cloud Computing is its security, different security risks that
affects the cloud environment in the area of confidentiality, Integrity and computing on data is thoroughly investigated
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Abstract Beauty of Cloud Computing is its Simplicity. A lot of visions exist for Cloud computing terminology. Here is a re-collection of facts about cloud computing. Basic approach for understanding CC technology Interview of cloud technology as well as proposal for further empirical work in modeling cloud computing technologies Index Terms: Parameters; Models; Privacy; Maintenance; Protected cloud
Enhancing Data Storage Security in Cloud Computing Through SteganographyIDES Editor
in cloud computing data storage is a significant issue
because the entire data reside over a set of interconnected
resource pools that enables the data to be accessed through
virtual machines. It moves the application software’s and
databases to the large data centers where the management of
data is actually done. As the resource pools are situated over
various corners of the world, the management of data and
services may not be fully trustworthy. So, there are various
issues that need to be addressed with respect to the
management of data, service of data, privacy of data, security
of data etc. But the privacy and security of data is highly
challenging. To ensure privacy and security of data-at-rest in
cloud computing, we have proposed an effective and a novel
approach to ensure data security in cloud computing by means
of hiding data within images following is the concept of
steganography. The main objective of this paper is to prevent
data access from cloud data storage centers by unauthorized
users. This scheme perfectly stores data at cloud data storage
centers and retrieves data from it when it is needed.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
The Riisk and Challllenges off Clloud ComputtiingIJERA Editor
Cloud computing is a computing technology aiming to share storage, computation, and services transparently
among a massive users. Current cloud computing systems pose serious limitation to protecting the confidentiality
of user data. Since the data share and stored is presented in unencrypted forms to remote machines owned and
operated by third party service providers despite it sensitivity (example contact address, mails), the risks of
disclosing user confidential data by service providers may be quite high and the risk of attacking cloud storage
by third party is also increasing. The purpose of this study is to review researches done on this technology,
identify the security risk and explore some techniques for protecting users‟ data from attackers in the cloud.
Guddu Kumar. “A Review on Data Protection of Cloud Computing Security, Benefits, Risks and Suggestions” United International Journal for Research & Technology (UIJRT) 1.2 (2019): 26-34.
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
The Management of Security in Cloud Computing
Ramgovind S, Eloff MM, Smith E
School of Computing, University of South Africa, Pretoria, South Africa
[email protected]; {eloff, smithe}@unisa.ac.za
Abstract—Cloud computing has elevated IT to newer limits
by offering the market environment data storage and capacity
with flexible scalable computing processing power to match
elastic demand and supply, whilst reducing capital expenditure.
However the opportunity cost of the successful implementation of
Cloud computing is to effectively manage the security in the
cloud applications. Security consciousness and concerns arise as
soon as one begins to run applications beyond the designated
firewall and move closer towards the public domain. The purpose
of the paper is to provide an overall security perspective of Cloud
computing with the aim to highlight the security concerns that
should be properly addressed and managed to realize the full
potential of Cloud computing. Gartner’s list on cloud security
issues, as well the findings from the International Data
Corporation enterprise panel survey based on cloud threats, will
be discussed in this paper.
Keywords- Cloud computing; Security; Public cloud, Private
cloud, Hybrid Cloud, policies, cloud transparency
I. INTRODUCTION
The success of modern day technologies highly depends on
its effectiveness of the world’s norms, its ease of use by end
users and most importantly its degree of information security
and control. Cloud computing is a new and emerging
information technology that changes the way IT architectural
solutions are put forward by means of moving towards the
theme of virtualisation: of data storage, of local networks
(infrastructure) as well as software [1-2].
In a survey undertaken by the International Data
Corporation (IDC) group between 2008 and 2009, the majority
of results point to employing Cloud computing as a low-cost
viable option to users [3]. The results also show that Cloud
computing is best suited for individuals who are seeking a
quick solution for startups, such as developers or research
projects and even e-commerce entrepreneurs. Using Cloud
computing can help in keeping one’s IT budget to a bare
minimum. It is also ideally suited for development and testing
scenarios. It is the easiest solution to test potential proof of
concepts without investing too much capital. Cloud computing
can deliver a vast array of IT capabilities in real time using
many different types of resources such as hardware, software,
virtual storage once logged onto a cloud. Cloud computing can
also be part of a broader business solution whereby prioritised
applications utilise Cloud computing functionality whilst other
critical applications maintain organisational resources as per
normal. This allows for cost saving whilst maintaining a secure
degree of control within an orgainsation.
Cloud computing can be seen as a service-oriented ...
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Search and Society: Reimagining Information Access for Radical Futures
D32035052
1. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Research on preserving User Confidentiality in Cloud Computing
– Design of a Confidentiality Framework
Chaitanya Dwivedula1, Anusha Choday1
1
M.Sc- in Software Engineering,
Blekinge Institute of Technology (BTH), Karlskrona, Sweden
I.
GROUP MEMBERS‟ PARTICIPATION the ability to store and dynamically allocate space
to the resources that occur for storage periodically
Group Member Idea Creation Report Writing [15]. Virtualization technology [6] in Cloud
Group Member 1 45 % 65% Computing paradigm renders the ability to run
Group Member 2 55 % 35% resources that dynamically scale the user's necessity
and share the resources available to support the
need [15]. Similarly, there are many other
Abstract technologies that contribute to Cloud Computing.
Cloud Computing creates a dynamic The data storage mechanisms by Resources Pooling
resource sharing platform that provides data occur in Data-Centers [8] [15] which indirectly act
analytically to the proficient users who are at like a CLOUD. On the other hand, the concept of
demand to access data present in the cloud. As „provisioning services in a timely (near on instant),
this data is stored outside the data owner's on-demand manner, to allow the scaling up and
boundaries, they are skeptical for utilizing down of resources‟ generates a virtualization
cloud technology in order to store or access mechanism which pretends to be COMPUTING
their data from those external cloud [15]. Hence, CLOUD COMPUTING deserves to be
providers who are outside their own control a collective term of several technologies that
environment. There are many issues for these interrupt effectively for dynamic
active clients (companies or individuals) to be allocation/de-allocation of resources [15]. The
petrified at the thought of using cloud generally accepted standard definition [15] of
computing paradigm. Some of the main issues Cloud Computing is published with efforts from
that make the clients swear against Cloud National Institute of Standards and Technology
Computing are generated from three (NIST). Their published1 definition is used in our
important security aspects: Research Report for analysis about Cloud
Confidentiality, Integrity, and Availability. Computing.
In this Research, we focused only on security In short, to describe NIST definition [15], we
models that relate Confidentiality issues. understood that, the 'convenient and Ubiquitous
We performed a literature Review for network access' creates a moderate effort to the
analyzing the existing confidentiality cloud clients to establish their resources on to the
frameworks and security models. We then Cloud. The 'shared pool of configurable computing
designed a new theoretical framework for resources' contribute an Instant allocation/de-
confidentiality in Cloud computing by allocation of resources that occur for on-demand
extracting this literature. We expect this data access [15] The 'rapid provisioning' provides a
Framework when implemented practically in flexible operation of cloud for the cloud
the cloud computing paradigm, may generate providers to scale the resources with
huge successful results that motivate the clients assigning and releasing resources from time to time
to transform their businesses on to Cloud. when they are required elsewhere [15].
As the technologies keep intruding
Keywords: Cloud Computing, into Cloud Computing paradigm, there is no
Confidentiality, Security, Framework. means to say cloud computing is exhaustive.
Cloud Computing key- characteristics,
II. INTRODUCTION models and implementations are more extensively
Cloud Computing evolves to be a discussed in Section-III. The discovery of cloud
consistent term with collaboration of various IT
computing generated a reported progress 2 of
technologies involved in it [15]. Resource pooling
Software Industry and its services to the
technology in Cloud Computing paradigm renders
35 | P a g e
2. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
companies worldwide; but along with it, the service models (such as SAAS; PAAS; IAAS;)
security issues kept eroding to change [2]. This which when left unsolved might cause 'lack of
resulted in The Client's View about Cloud proficient security (CIA)' [2] [7]. One of the main
Computing as that it lacks in confidentiality for reasons for Cloud Computing to be inconsistent in
moving their resources onto cloud [10]. Potential confidentiality is due to differences in Cloud
clients are now waiting for the answers about models that are getting deployed [2]. The three
how, why and by what means the security is deployment models (Public Cloud; Private Cloud;
provided to Cloud computing [2]. & Hybrid cloud;) generate a multiple framework
The Problem is distinct as the security issues occur activity that has to be satisfied with
frequently in parallel to the Cloud development. confidentiality [7].
The environment of Cloud Computing is vast This SLR has also been understood as a proven
making it more vulnerable to threats [2]. Hence, we theory when we re-reviewed the NIST definition for
decided to focus on the most eminent security a several times.
issues that significantly standardize the The definition is supported by five key cloud
Confidentiality of Cloud Computing to a better characteristics, three delivery models and four
extent. In our Systematic literature review made deployment models [15]. We understood this
before our research proposal, we analyzed that definition as of three interlinking properties of a
Confidentiality alone can specify approximately Cloud: key Characteristics of a cloud, delivery
50% of the security issues that when satisfied- models and deployment models. Our
cloud computing can emphasis to more interesting understandings on this definition are presented in
software development. the Figure-3.1.
The data behind the Cloud is technically said to be
off- premise and is never under the boundaries of
the data owners [8]. These data that are stored
in Cloud are beyond the control of data owners
which may converge with loss of confidentiality
[2]. We believe that, Most of the effective
customers condemn the use of cloud computing
because they are aware of the ethics beneath cloud
technologies that are unclear or unknown to them.
The goal of this Research is to
generate a successive framework for Cloud
Computing that can predict sufficient
Confidentiality gain in this particular Cloud
environment. Hence, this Framework will be an
extension to our understandings of Frameworks
analyzed from Systematic literature review (SLR)
that is done at the time of our research.
Our Research Questions relate this main objective Figure-3. 1: Our understandings on NIST
mentioned above and are detailed to study from definition [15]
section-IV. The study process, data collection &
analysis methods involved for this research are The key characteristics describe the operations
discussed to detail in the section-V and section-VI. performed in a cloud computing environment. The
The problems (that may generate during the key characteristics such as On-demand resource
implementation of the resulted framework), the sharing; Resource Pooling;
limitations and the sustainable arguments to our
study are brought-up to note in section-VII. Our Rapid elasticity; monitoring resource
final research results that are concerned with our allocation; Wide network access; service
research goals are presented to acknowledge our provisioning; has elaborated the Cloud technology
study in conclusions part (section VIII). in detail [15]. The Cloud service Models such as
Software-as-a-service (SAAS); Platform-as-a-
III. BACKGROUND AND MOTIVATION Service (PAAS); infrastructure-as-a-Service
The consistent approach of our previous (IAAS); are said to be general classifications of the
SLR (PRE-SLR) lead us to a clear understanding of Cloud [15]. Regardless of the service models that
security issues present in Cloud Computing. are classified, there exist 3 basic deployment
Mainly, the security issues such as Confidentiality; models of Cloud such as Public Cloud; Private
Integrity; Availability; are indefinitely implemented Cloud; and Hybrid Cloud. “Hence, the key
to reach the efforts constraining to Healthy on- characteristics of Cloud when applied (to
demand network access [2]. Thus, these efforts deployment models) provide data (or) services to
when indistinct may route to problems in Cloud its Clients.”
36 | P a g e
3. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Here, we also analyzed that Confidentiality is -„if we unite all the confidentiality issues in
issues underlie the challenges in finding answers to common, then we can easily map them onto our
questions like: framework that is going to be generated.‟
How will Cloud provisioning occur to act? We hope the companies will need a unique frame
What are Cloud security requirements? work like this and future researchers might not fail
How will Data storage occur in Cloud to be stimulated by the ideas presented by us. While
Computing? this is a diving cause for the need that encompasses
How reliable is Security architecture of the cloud computing, if we can't find the solution for
Cloud? this research, the implications of not solving this
How reliable are the Cloud Services offered? problem might be the same as explained above:
So, indirectly we understood that “gaining The confidentiality that lacks behind will generate a
knowledge fear for the clients (companies, organizations,
about Cloud technology improves half of the individuals, etc) to share/store their resources (or)
Confidentiality levels in the Clients”. Hence, these to transform their businesses on to the Cloud
above questions have worked as partial hypothesis environment.
for us.
We are focused to propose a unique framework that IV. RESEARCH DEFINITION AND
can produce a single architecture which allows PLAN
combination of required security goals; along with A. Research objective:
all the reliable policies, procedures for all Cloud The goal of this Research is “To generate
deployment models in common. So, we further a sufficient security model-framework for the
continued our research on classifying the security extent possible, which when implemented: can
issues that are analyzed from our PRE-SLR results. moderate the activities (that occur for security
With the understandings we have - upon the found threats or implicating risks) that are indeed capable
security issues, we now classified them as the of reducing Confidentiality of the Cloud and its
issues that relate to Confidentiality with one among environment.”
the three, they are: This Research objective focused our aims onto:
Classifying Security Issues in Common Specifying the security issues that
Technical issues relate to
Organizational issues Confidentiality in Cloud Computing.
Legal issues. Understanding the possible research
results of the effective security models presented by
The entire list of Security issues are the previous researchers.
generalized into these three issues in common. Proposing a more extensive security
This Complete list of Security issues obtained in model- framework that can uniquely state the
PRE-SLR is presented in Appendix-C. province of all service and deployment models in
collaboration.
Our reasoning for the above classification is as
follows: B. Research Questions:
Technical issues: All the security issues like The interpretation of the above objective is
„Shared extensively scrutinized, with the need for the
Technology Vulnerabilities‟, „network security‟ necessary knowledge that has to be obtained in
and many others collaboration with the new framework to be
that can find solutions framing security goals in generated. These following research questions 3
technical area are analyzed as Technical issues. (R.Q‟s) will guide our research:
Organizational issues: All the security issues
like R.Q.1: What are the Security issues that sufficiently
„Malicious Insiders‟, „data location transparency‟ support Confidentiality -inducible in security
and many Framework of Cloud Computing?
others that can find solutions by framing security The Question has been framed in such a way that
goals in organizational area are analyzed as all the issues found in our PRE-SLR are
Organizational issues. now to be
Legal issues: All the security issues like „policy brought out to analysis where we can know how
based or procedural based problems‟ and many the security issues collide with the security models
others can get the solutions by framing security framed. For this, we need to know how actually a
goals in this area are sorted to be legal issues. security model in Cloud Computing is exists.
The basis of this classification is just to unite all the Hence, R.Q.1.1 is framed for
security issues relevant to confidentiality in Cloud this analysis. Interpreting the solutions
Computing. The main idea besides this type of occurred for
classification R.Q.1.1 will relevance the solutions to be found for
37 | P a g e
4. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
R.Q.1. Analyzing the inconsistent results found
in the literature from other researchers.
R.Q.1.1: How are these Confidentiality issues Analyzing ideas that are firmly achieved
classified to indulge with consistent security by the others in this field of study.
operations in Cloud Computing? Applying their models more
extensively by clubbing the ideas; to generate new
framework with the current security issues that
3 These R.Q‟s are re-framed for „adequacy need‟ enhance Confidentiality in Cloud.
for this report (as commented by our professor With experiences from PRE-SLR, We now choose
{proposal evaluator}) but comply with same top journals refereed from several good
research meaning as that of research proposal publications. In our first step, the Journal
R.Q‟s framed earlier. This R.Q. is generated in Ranking is collected from an International
such a way that we can understand several Research Group4 by name: "Association of
constrains for security issues getting involved in the Information Systems (AIS)". We have only
security operations. This question needs a though selected these Top ranked Journal Publications in
analysis of security models presents in the which again through filters we were able to analyze
literature. Hence, SLR is conducted to extract the that only few occur for Cloud Computing study.
results. The task of finding a search engine had been easier
for us than finding best journal publications; as
R.Q.2: How to uniquely frame Confidentiality most of the search engines are available through
within the boundaries of all Cloud security our BTH University 'Find database' library
models/Architectures in common? portal. We only focused on the search engines that
Our entire research concept is to find a unique can especially present these Top ranked journal
framework for confidentiality in cloud publications. We then filtered our keywords again
computing and this questions serves the purpose of and again for a proficient search refinement
our scope. on „Confidentiality frameworks and
security models in Cloud Computing‟. The
C. Research Methodology: complete operation of POST-SLR in presented in
Our research is originated by the below data collection & analysis methods.
understanding Cloud Computing as a start and Data Collection method:
then conceived with an objective of what needs to The Qualitative analysis of literature amends with
be done. The R.Q.s are framed with the basic the use of SLR. However, if the distillation process
understanding from the PRE-SLR results and by of extracting literature fails, the quality might
reading several: research news articles, websites reduce its heights. Hence, opting for highly
regarding Cloud service offerings, and soon. As, qualitative journal publications, selecting effective
Our research has to provide solutions with search databases and framing the search strings for
analysis of various security models or the search operations are said to be the three main
confidentiality frameworks in Cloud Computing, aspects of SLR.
we observed that qualitative form of extracting a) Step1: Journal selection: we required papers
information is an SLR. that present studies of all forms such as Empirical
Hence, we conduct an SLR again but now with studies, Case- studies, research findings, and all
focus on extracting Security models. For clarity, other available literature; but we restricted our
the SLR that has to be performed now is named as search only to the peer-reviewed Journal articles.
POST-SLR. The difference between these two The list of Journal Publications that attracted
SLRs is as shown in Appendix-A. us in our study (on security models in Cloud
A Review methodology of this type (SLR) is Computing) are presented below. These top
helpful to generate sufficient solutions for our ranked journals are sorted with searches made for
R.Qs. In addition, our ideas with reference to the our Cloud Computing study. The original ranking
issues found in PRE-SLR will be presented for list of Top Journals as described above are sent to
qualitative elaboration in the Framework being Appendix-B inorder to make it clear.
generated.
Systematic Literature Review: (POST-SLR): Journal Articles (Scrutinized)
To gain knowledge in Security Models and MIS Quarterly (MISQ)
previous researchers' works on Security Framework Communications of the ACM (CACM)
activity in cloud computing, we choose SLR as our IEEE Transactions (various)
best means to obtain it. Some of the sufficient Journal of Computer and System Sciences (JCSS)
reasons for relying only upon SLR are as follows: Information Systems Journal (ISJ)
Database for Advances of Information Systems (DATABASE)
Analyzing the generally accepted security models in cloud environment.
Analyzing the future work that remains unfurnished in the Systems (DSS) models in
Decision Support previous security
Cloud Computing. b) Step2: Database selection:
38 | P a g e
5. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Our experience upon the search engine mattered for OR SRCTITLE("IEEE")
a while as this selection is a priority for major OR SRCTITLE("Journal of Computer and System
papers to be found. Hence, we limited our search Sciences") OR SRCTITLE("Information Systems
within databases where almost all the top ranked Journal")
Journals can be found. The analysis list of most OR SRCTITLE("DATABASE")
prominent Search databases that cover all the OR SRCTITLE("Decision Support Systems"))
ranked Journals in relation to Cloud Computing AND PUBYEAR > 2004
Findings in their search Query; are presented The search strings framed are directly inserted into
below: this formula for results in our research area. A
Search Databases (scrutinized) complete list of search strings along with the
SCOPUS Strings that even found no results are presented in
Engineering village (INSPEC; COMPENDEX;) Appendix –B in order to make it clear.
All the keywords that extracted exciting results
The search operation designed below is applied - when applied to search strings framed under this
with one of these two databases at a time; For above search formula are presented below:
example, if we can‟t find the relevantly interesting
data in „Scopus‟ then, for clarification, we Keywords (scrutinized)
followed the same search query in Cloud Computing Security and privacy
„Engineering Village‟ database. Security model Confidentiality Framework
c) Step3: Search operation: Privacy Policy(s) Grid Computing
The Search operation of finding relevant data Virtualization Security Architecture
for our search has been the basic task for our … …
research operation. We now focused on framing In the search operation made, we got 11 research
the search strings, extracting results, stimulating articles that are firmly relevant to our study. The
search results with the scope and refining the process of analyzing these articles is presented
search strings if relevant data is not found. The below.
below figure-4.2 demonstrates our search Data Analysis Method:
operation. For data analysis, consistent tracking of search
results is the ultimate task which dissolves the
barriers between knowledge gain and its
implementation. The Quality of the search results is
assessed with include/Exclude Criteria, as
described below:
d) Include Criteria:
Only Peer reviewed Articles
(available) from
Journals or Conference papers.
Articles should be written in English
language.
The article has to be published during
or after the year 2005.
Articles that found relevance
with Cloud
Computing security models in their Abstracts.
Figure-4. 1: Search Operation All the other articles that do not meet the include
As almost all the papers are published online, we criteria are said to be excluded.
have selected Online Databases over the internet In order to validate our Research Methodology, we
and did not use any library or other external have also cross-checked our SLR with two
sources for our data search. other SLRs [17] & [18] in which one is a Thesis
We developed a General Search Query baseline paper [18].
for generating our search in such a way that by
inserting keywords into this formula may give V. RESEARCH OPERATION
desired results for our Research Area. This idea is The Scope of this Research is to elaborate
originally developed from the idea behind search the unconditional use of Confidentiality framework
interface present in the research database: that can peers all the service and Deployment
„Scopus‟. The Search Query we adopted in models present in the cloud. Hence, our major tasks
“Scopus” -„Advanced search‟ interface is as below: constitute the operations contributing with the
(TITLE-ABS-KEY("SEARCH STRING") AND minimal tasks of analyzing security issues,
SRCTITLE("ACM") generating a framework that architects all the
OR SRC TITLE("MIS Quarterly") security solutions for the issues generated and soon.
39 | P a g e
6. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
To achieve our research objective, we started
with PRE-SLR for analyzing all the possible
security issues and then specifying them
to predictable general classifications
(such as Technical, organizational, legal issues) as
shown in the Section-III. As we can‟t detail each
and every Security issue in the framework and also
as we can't map all the issues directly into the
framework, we choose this way to generalize them.
We believe that most part of the R.Q.1 can be
addressed to solutions 'by analyzing security issues
found in PRE-SLR' and rest of R.Q.1 is 'to analyze
how these security issues indulge into the
framework being generated'.
For solving this remaining part of R.Q.1, again
R.Q.1.1 is framed. Now, the research analysis
(from POST-SLR) has shown the path for
implementing a new framework. The Found
Figure-5. 1: Classifications of grid computing
literatures that solved R.Q1.1 for the concept
Security [4]
of"finding Confidentiality requirements
that are classified to indulge with security As they focused on grid computing, the
operations in Cloud computing" are presented security issues resulted to solutions in their
below:
framework will lead to grid environment's security
province but as they interlinked these security
A. Literature Analysis: issues to grid Deployment models (computational
In Engineering privacy [10], the authors generated
grid; data grid; service grid;) and as the same
a three sphere models (User Sphere; Joint Sphere; security issues (like intrusion detection) can be
and Recipient Sphere;)that occur for user
found in Cloud deployment models, their
privacy concerns. they relate all the Confidentiality framework helped us in our Cloud
issues to these three spheres. We analyze these Computing-Confidentiality
models as operations that obscure privacy views. framework initiation. Their classification
They also generated some architectural
framework also presented the solutions to the
mechanisms that can also partially generate issues area-wise (system solutions, Behavioral
confidentiality in Cloud Computing
solutions, Hybrid Solutions ;). In the same way we
area. These mechanisms are as below:
focused our solutions to the Confidentiality issues
Privacy-by-policy: Based on policy generation
area-wise; they are named as: Technical solutions,
which results in Fair Information Practices (FIP). Organizational solutions, Legal solutions.
This FIP was contributed to
European Legislation privacy [10]. In 'Cloud Security Issues' article [2]; B. R.
Privacy-by-architecture: Based on anonymizing Kandukuri et al. described several Service Level
information which results in little or no personal Agreements (SLAs) for generating notion to
data detection by third parties [10]. different levels of security. According to them
Hybrid approach: Based on the combination
SLAs are documents that define relationship
of above two approaches where policies collide between two parties: the cloud Provider and the
with technical mechanisms (architecture), they
Customer (recipient). Even they have immensely
then enforce privacy enhancements [10]. guided us for our research as their concept of
These policy centric architectures have given a indulging Security Risks in the SLA has given a
start to our security framework idea being complete understanding of what needs to be done
generated. in our frame work. The simple analysis of SLA and
In [4], the authors developed security its contents are like these:
classification framework which sorted the
Definition of services
presence of our research idea for R.Q.1.1 towards Performance management
a solution. They classified the security issues for Problem management
Grid Computing environment also with Customer duties and responsibilities
decentralized data control over its architecture. The
Warranties and remedies
Figure 5.1 presents their framework:
We analyzed that these contents when applied into
action can generate answers for the partial
research
hypothesis presented above in the Background
40 | P a g e
7. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Section. We took steps forward in that means of in the open risk taxonomy [1].
approach.
As we are about to conclude our literature review
To be consciously readying about analysis, even though we are unable to completely
Encryption concepts in many literatures [5] [11] find a security framework or security model or
saying that they have generated a mechanism architecture, we felt that we are satisfied with the
for confidentiality is not trust-worthy for us. They solutions that are obtained to R.Q.1. & R.Q.1.1.
have generated some encryption key-mechanisms, This Review has shown the relevant security
encryption algorithms, Cryptography methods and threats or risks or issues that are interlinked with
soon which can be sorted like a solution for “data the security models; but for complete solution of
privacy” alone but not to entire confidentiality R.Q.1 & R.Q.1.1, we also considered a few
measures in security framework. We believe that NIST drafts that enabled the Risk analysis process
only a key generation concept might not itself or frameworks consistent with cloud environment.
provide confidentiality to the user. We can support The below are the knowledge gained concepts
this analysis, as said by S. Spiekermann et al from different drafts of NIST.
[10], the user is out of the boundaries of the
organizational sphere where these keys get In NIST Draft SP800-30 [12], Risk Assessment
generated, and so, even though the key is set Methodology Flowchart is presented where we
private to the users themselves, we can‟t find any have successively understood each and every
proof to say that these consistent key encryption concept beneath the Risk taxonomy and its control
mechanisms alone can stabilize flow. The seven steps that determine this
confidentiality requirement in Cloud sequential flow are as follows [12]:
environment. Step1: System Characterization
Step2: Threat Identification
A new concept said to be RAIN (Redundant Array Step3: Vulnerability Identification
of Independent Net-storages) [9] has been Step4: Control Analysis
analyzed from the literature. According to the Step5: Likelihood Determination
authors of this article [9], they used a divide and Step6: Impact Analysis
conquer method for the data passing through the Step7: Risk Determination
clouds. They have also presented their Step8: Control recommendations
background work of deploying 5 Cloud service Step9: Results Documentation
models. They are as shown below: With elaboration, NIST Draft SP800-37 [13] has
Separation model: separates data further presented a Risk Management Framework
storage from data processing [9]. which became the key to our Research for
Availability model: separates stored confidentiality on
data from data providers during the time of cloud. This framework is as shown in Figure-5.2
processing [9]. below.
Migration model: describes the data
migration from one storage provider to another
other storage provider [9].
Tunnel model: describes data tunneling
service between data processing service and data
storage service [9].
Cryptography model: describes data
encryption that is also not intelligible even to the
storage provider [9].
Their procedural implementation gave us an idea
for the framework that implements process
activities one- onto-one presenting itself as security
control-flow architecture.
In another paper named „understanding Cloud
Vulnerabilities‟ [1], the authors have generated a Figure-5. 2: Risk Assessment Framework (NIST
framework mitigating the Risk factors into two SP80037) [13]
kinds, “loss event frequency” and “probable loss In NIST draft SP800-125 [14], the architecture of
magnitude”, all the rest are classified into those Virtualization technologies is enabled with
two risk factors. This can be seen as of a hypervisors that have played a major role for
relevance to our security issues generalization providing security to the Cloud Computing
concept; for mapping them into the framework that environment. The security controls when operated
can give solutions to any kind of issues that occur in the hypervisors (virtual machine managers for
41 | P a g e
8. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
monitoring multiple hosts) that are placed just before above the
the frameworks, models and other security
cloud offering applications can implemen
concepts that are found in the above literature. The
Even though deployment models exist, a general framework that satisfies our R.Q.2 is contributed to
scope and control flow of the service models in effect from the FIGURE-6.1 below:
cloud computing with the views of both consumer This Framework is done in such a way that cloud
and cloud provider are presented in Draft SP800- providers and their customers have a generalized
144 [16]. This Scope in terms of control flow is view on the security operations in their cloud. The
thus also implemented by us where the cloud framework
provider‟s view and the customer‟s view on has also shown the difference between the
the framework being generated are extracted to operations
act. that are carried for stepwise flow. We used
Hence, R.Q.1 is completely fulfilled with orange, blue green and red colors for
knowledge base of security issues as shown above differentiating and clubbing several operations
with relevance to security models that are deployed carried in the cloud. All the orange boxes denote
to eradicate trouble caused by these issues. the general tasks by the cloud provider or their
customers. All the blue boxes denote the original
VI. DATA ANALYSIS AND security operational flow in the framework. Green
INTERPRETATION and red denote the organizational and technical
Even though there are many other security models issues/tasks respectively. The description of this
or frameworks, we presented only the important tasks and operations will refer back to the POST-
articles. As the knowledge for relevant data models SLR review made in Section- V. If anything is
got its place for our idea creation from among unclear, all the rest including Security concepts
these articles, hence, we concluded the literature and other keywords used in the below framework
review for analysis. Here in this section, we are clearly elaborated in Appendix-D.
present a Data Framework activity by analyzing all
Figure 6. 1: Confidentiality Framework for Cloud Computing (our research solution)
VII. DISCUSSIONS in any Cloud based company that indeed can
A. Contributions & limitations : satisfy the cloud customers. Even though just an
The framework has deployed a risk SLR can't deal with the entire problem area and
management activity for security provisioning in also as there is no proof that our research analysis
cloud environment. We are sure that results can work in the real time industry, we had no
generated by us are completely involved with all other choice as time is our major constraint rather
the levels of security issues and their solutions in than just implementing a Framework only based
all kinds of users‟ views; and hence, will provide a on SLR. This framework is limited to the general
constant baseline for drawing security architecture activities without concise on any further
clarifications on the inside elements such as
42 | P a g e
9. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
cryptography and soon. Challenges,” Journal of Network and
Computer Applications, vol. 3, no. 5,
B. General proceedings(future work): pp. 247-255, Dec. 2011.
As of now this model needs to be scrutinized. [8]. M. Armbrust, I. Stoica, M. Zaharia, A.
This model needs to be briefly elaborated Fox, R. Griffith, A. D. Joseph, R. Katz,
deriving each and every activity in the framework A. Konwinski, G. Lee, D. Patterson, and
analytically with real-time proofs. If we get a A. Rabkin, “A view of cloud
chance in thesis, then we are sure that we can get a computing,” Communications of the
clear scrutinized security model along with the ACM, vol. 53, no. 4, p. 50, Apr. 2010.
suggestions made by the professors and real time [9]. M. G. Jaatun, G. Zhao, and S. Alapnes,
industry people with the surveys and experiments “A Cryptographic Protocol for
conducted. Communication in a Redundant Array
of Independent Net-storages,” 2011, pp.
VIII. CONCLUSION 172–179.
Confidentiality for Cloud Computing [10]. S. Spiekermann and L. F. Cranor,
deals with the emerging cloud architectures that “Engineering Privacy,” IEEE
evolve with time. This continuous evolution Transactions on Software Engineering,
process might necessitate to with stand a baseline vol. 35, no. 1, pp. 67–82, Jan. 2009.
framework activity. We enabled a framework [11]. S. Yu, C. Wang, K. Ren, and W. Lou,
activity with reference to general security models “Achieving Secure, Scalable, and Fine-
and patterns. We expect this framework to be a grained Data Access Control in Cloud
consistent approach to trigger any kind of security Computing,” 2010, pp. 1–9.
mechanism in Cloud Computing. As the views on
this model are focused to analysis with both Cloud NIST Special Publication (SP) Drafts:
provider and the customer, we hope that [Online](Available:
organizations can be at ease to implement their http://csrc.nist.gov/publications/PubsDraft
operations directly on to this framework without s.html)
further discussions. [12]. S. Gary, G. Alice, and F. Alexis, “SP:
Risk Management Guide for
REFERENCES Information Technology Systems,”
[1]. B. Grobauer, T. Walloschek, and E. National Institute of Standards and
Stocker, “Understanding Cloud Technology (NIST), CSRC-SP800-30,
Computing Vulnerabilities,” IEEE July. 2002.
Security & Privacy Magazine, vol. 9, no. [13]. “SP: Guide for Applying the Risk
2, pp. 50–57, Mar. 2011. Management Framework to Federal
[2]. B. R. Kandukuri, R. Paturi. V., and Information Systems,” National
A. Rakshit, “Cloud Security Issues,” Institute of Standards and Technology
2009, pp. 517–520. (NIST), CSRC-SP 800-37(Rev-1), Feb.
[3]. C. Chapman, W. Emmerich, F. G. 2010.
Márquez, S. Clayman, and A. Galis, [14]. S. Karen, S. Murugiah and H. Paul, “SP:
“Software architecture definition for on- Guide to Security for Full Virtualization
demand cloud provisioning,” Cluster Technologies,” National Institute of
Computing, vol. 15, no. 2, pp. 79–100, Standards and Technology (NIST),
Feb. 2011. CSRC-SP 800-125, Jan. 2011.
[4]. E. Cody, R. Sharman, R. H. Rao, and [15]. M. Peter and G. Timothy, “NIST
S. Upadhyaya, “Security in grid Definition of Cloud Computing,”
computing: A review and synthesis,” National Institute of standards and
Decision Support Systems, vol. 44, no. 4, Technology (NIST), CSRC-SP 800-145,
pp. 749–764, Mar. 2008. Sept. 2011.
[5]. G. Zhao, C. Rong, J. Li, F. Zhang, and [16]. J. Wayne and G. Timothy, “SP:
Y. Tang, “Trusted Data Sharing over Guidelines on Security and Privacy in
Untrusted Cloud Storage Providers,” Public Cloud Computing,” National
2010, pp. 97–103. Institute of Standards and Technology
[6]. K. Riemer and N. Vehring, “Virtual or (NIST), CSRC-SP 800-144, Dec. 2011.
vague? a literature review exposing
conceptual differences in defining SLR model review references:
virtual organizations in IS research,” [17]. S. Jalali and C. Wohlin, „Agile practices
Electronic Markets, May 2012. in global software engineering - a
[7]. K. 'Shade O, I. Frank and A. Oludele, systematic map‟, in 2010 Fifth IEEE
“Cloud Computing Security Issues and International Conference Global
43 | P a g e
10. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Software Engineering (ICGSE 2010), this research operation performed now.
23-26 Aug. 2010, Los Alamitos, CA, A Review methodology of this type (SLR)
USA, 2010, pp. 45–54. has already been conducted in our previous
[18]. Guido Kok, “Cloud computing & assignment (asst-1). The results of that PRE-SLR
confidentiality,” M.S. thesis, Dept. obtained, have been utilized in background
Comp. Sci. Eng., University of Section-III. As shown in below Figure-A, we name
Twente., Enschede-Noord, Nederland, this SLR (made in the research operation) as
May.24.2010.[Online] (Available: 'POST-SLR' in order to differentiate from the SLR
http://purl.utwente.nl/essays/61039) that is done before our proposal (assignment-1)
(For clarity, we name this previous SLR as 'PRE-
SLR').
APPENDIX A
A. Differentiating Our Previous works from
Figure A: Figure-4. 2: Differentiating our work from the past.
APPENDIX B – SEARCH OPERATION publications that publish topics in concern to
The Journal Publication ranking with relevance to Cloud computing. We found only 7 top
“CLOUD COMPUTING” is roughly analysed for Publications that gave unique results with the rest
search in every Top ranked public ation with basic left behind with the same search result (as that of
keywords as „Cloud Computing' AND the previous publications‟ search) or no search
'Confidentiality'. The main motive behind this result at all. The Table-A shows top ranked
search is to analyse all the top ranked journal publications list and cloud findings in them.
44 | P a g e
11. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Table A: Top ranked journal publication selection from AIS-Journal ranking5 with relevance to cloud
computing.
Resulted Search Research Area Search operated
Serial TOP JOURNALS (AIS-MIS Journal Ranking Sequence)
Articles relevance through:
1. MIS Quarterly Management Information Systems (MISQ) 2681 EBSCOhost
2. Information Systems Research (ISR) 2681 EBSCOhost
3. Communications of the ACM (CACM) 168 ACM Dl library
4. Management Science (MS) 2681 EBSCOhost
5. Journal of Management Information Systems (JMIS) 2681 EBSCOhost
6. Artificial Intelligence (AI) 3(X) ScienceDirect
7. Data Sciences (DSI) -NA- ---
8. Harvard Business Review (HBR) 2681 EBSCOhost
9. IEEE Transactions (various) 7 IEEE Explore
10. AI Magazine 2(X) AI Magazine
11. European Journal of Information Systems (EJIS) -NA- ---
12. Decision Support Systems (DSS) 17 ScienceDirect
13. IEEE Software (IEEESw) 7 IEEE Explore
14. Information and Management (I&M) -NA- ---
15. ACM Transactions on Database Systems (ACMTDS) 168 ACM Dl library
16. IEEE Transactions on Software Engineering (IEEETSE) 7 IEEE Explore
17. ACM Transactions (ACMTrans) 168 ACM Dl library
18. Journal of Computer and System Sciences (JCSS) 10 ScienceDirect
19. Sloan Management review (SMR) 2681 EBSCOhost
20. Communications of AIS (CAIS) 168 ACM Dl library
IEEE Transactions on Systems, Man & Cybernetics
21. 7 IEEE Explore
(IEEETSMC)
22. ACM Computing Surveys (ACMCS) 168 ACM Dl library
23. Journal on Computing (JCOMP) 168 ACM Dl library
24. Academy of Management Journal 2681 EBSCOhost
25. International Journal of Electronic Commerce 2681 EBSCOhost
26. Journal of the AIS -NA- ---
27. IEEE Transactions on Computers (IEEETC) 7 IEEE Explore
28. Information Systems Frontiers (ISF) -NA- ---
29. Journal of Management Systems 2681 EBSCOhost
30. Organisation Science (OS) -NA- ---
31. IEEE Computer (IEEEComp) 7 IEEE Explore
WILEY online
32. Information Systems Journal (ISJ) 135
Library
33. Administrative Science Quarterly 129(X) SAGE Journals
34. Journal of Global Information Management (JGIM) -NA- ---
The Database for Advances of Information Systems
35. 1066 EBSCOhost
(DATABASE)
36. Journal of Database Management (JDM) 2681 EBSCOhost
37. Information Systems (IS) 11 ScienceDirect
… … … …
45 | P a g e
12. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
After finding these top 7 journals, the search string
NOTE: The top ranked Cloud computing formula is generated (in section IV) for finding the
publications are marked with three colours: Green, papers relevant to our research area in Cloud
Yellow and Red. The Green colour shows unique computing. We analyzed that most of the Journals
search result at the start before finding the same from IEEE and ACM publications defer in name
result in other publications. The Yellow represents but gave same results. So we sorted them just to be
the Publications which carry Cloud papers but “IEEE” and “ACM” in our search formula
show same result (-repeat-) as that of previous generated. The idea behind this is to grab as much
publications and hence neglected. The Red shows as many resu lts from all the publications of IEEE,
that the publications are unavailable (-NA-) or no ACM and all the rest of the 7 unique journals.
results found with relevance to Cloud computing The below table-B presents the search strings
topic. The (X) mark besides the search result framed that are applied into that search formula
denotes the papers found irrelevant to the cloud generated in the report.
computing research area technically.
Table B: Search strings framed and (number of) results obtained.
Search String Search Relevant Very well
Iteration [IN (Title, Abstract, Keywords)] Results and guided
available
1 “Cloud Computing” AND “Confidentiality” AND 23 12 2
(“framework” OR “model” OR “architecture”)
2 “Cloud Computing” AND “Security” AND (“model” OR 266 8 2
“Framework” OR “Architecture”)
3 “Cloud Computing” AND “Privacy policy*” 29 -Repeat- 0
4 “Cloud Computing” AND “Risk management” 15 -Repeat- 0
5 “Cloud Computing” AND “Security requirement*” 89 3 1
6 “Cloud Computing” AND “Security management” 153 -Repeat- 0
7 “Grid Computing” AND “Security” AND (“model” OR 225 1 1
“framework” OR “Architecture”)
8 “Virtualization” AND “Security” AND (“model” OR 146 2 0
“Framework” OR “Architecture”)
… … … … …
… … … … …
We started with the initial search string-Iteration1 computing (our analyzed research solution). Also,
to get initial idea on the search results. All the among these 11 finally
rest of the iterations follow the search made in extracted papers, we found that 6 papers guided us
order to find the results for “cloud computing and very well for our research conclusion. All these 11
confidentiality frameworks”. Inclusion of articles are listed as references in the research
synonyms and similar wo rds occurred for refining report. All the rest excluding these 11 articles
the searches strings framed. Singular and plurals also helped us in gaining some additional
were included in the search and hence „*‟ was knowledge and hence presented in Appendix-E.
included in the search strings above to represent
the same. As we involved synonyms, we included
OR operator in the search strings framed.
APPENDIX C –SECUIRTY ISSUES
When the above framed 8 search strings are GENERALISATION (FROM PRE-SLR)
inserted into the search formula we got 26 relevant The security issues that relate to confidentiality
and available articles. Even though, these are presented here with analysis from our
26 articles are found only through analysis on Title previous studies (PRE -SLR, Assignment-1). As
relevance and (then if needed) abstract readings, said in the research report, these issues are focused
we further made a thorough review on these papers to generalize them into 3 main categories such as
and found that only 11 support our Research area Technical, Organizational, Legal issues; as shown
firmly. We made use of these 11 articles in our in the Table –A below.
research operation and also refereed them to final
Confidentiality framework design in cloud
46 | P a g e
13. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Table C: Security issues found in PRE-SLR and our view of generalizing them to 3 main issues
Issues found from Issues can Relate to
Security Issues
PRE-SLR (references) Confidentiality as :-
Abuse and Nefarious Use of Cloud Computing [R7], [R12] Technical issue
Account, Service and Traffic Hijacking [R7], [R12] Technical issue
Authentication and authorization [R17] Technical issue
Cost and Limited availability of technical personals [R1] Organizational issue
Customer Isolation and Information Flow. [R 15] Technical issue
Cloud Integrity and Binding Issues [R10] Organizational issue
Cloud Security vulnerabilities and Security Attacks [R2], [R10] Technical issue
Cloud Governance [R16], [R18] Legal Issue
Data access and Control [R17] Technical issue
Data back-up and recovery [R2], [R14], [R20] Technical issue
Data breaches (controlling XML signatures and soon) [R17] Technical issue
Data location [R14] Organizational issue
Data protection (Loss/Leakage) [R7], [R12], [R21] Technical issue
Data provisioning (Audits, etc) [R2], [R10], [R15] Technical issue
Data segregation [R17] Technical issue
Ensuring user rights (End user Trust) [R18], [R21] Legal issue
Federation and Secure Composition [R15] Legal issue
Identity/Key management (Encryptions) [R20] Technical issue
Insecure Application Programming Interfaces (web [R7], [R12] Technical issue
application security)
Integrity for user's dynamic changes [R21] Organizational issue
Investigative support (data forensics and soon) [R2], [R16] Technical issue
legal, policy based and commercial problems [R18] Legal issue
Long-term viability (End user trust) [R2], [R16] Organizational issue
Malicious Insiders [R7], [R12], [R15] Organizational issue
Multi-Compliance Clouds [R15] Technical issue
Network security [R17], [R21] Technical issue
Non-Repudiation [R16] Organizational Issue
Privileged user access [R14] Organizational issue
Regulatory Compliance [R16] Legal issue
Reliability [R8], [R20] Organizational issue
Risk/Threat Management [R2] Technical issue
Security assurance to cloud users [R10] Organizational issue
Security Integration & Transparency. [R15] Technical issue
Shared Technology Vulnerabilities [R7], [R12] Technical issue
undefined cloud boundaries [R21] Legal issue
Unknown Risk Profile (lack of transparency) [R12] Organizational issue
Virtualization vulnerability [R2], [R17] Technical issue
APPENDIX D –KEYWORDS USED (IN THE
NOTE: The references “[R]” refer to the PRE-SLR RESEARCH REPORT)
references. These references are presented in Cloud Computing & confidentiality (As it is):
Appendix-E. Cloud computing (NIST definition)
“Cloud computing is a model for enabling
All the security issues presented above ubiquitous, convenient, on-demand network access
that are generalized into these 3 issues are only to a shared pool of configurable computing
through our understandings upon them. As we resources (e.g., networks, servers, storage,
cannot elaborate our analysis on each and every applications, and services) that can be rapidly
issue in this RM research report, the referenced provisioned and released with minimal
papers besides the issue (in the above table) can management effort or service provider interaction.
show what exactly each and every issue is. Along This cloud model is composed of five essential
with these issues in our hand, in the same way, the characteristics, three service models, and four
further issues that evolve with time or any other deployment models.” [15]
issues that are not sighted by us can also be set into
on e of these 3 issues in the future. Confidentiality (NIST definition-FIPS PUB 199)
[S15]
“Preserving authorized restrictions on information
47 | P a g e
14. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
access and disclosure, including means for The grid that offers services to its clients is said
protecting personal privacy and proprietary to be Service grid. This grid is designed with
information.” mechanisms of provisioning customer
requirements and offering services they require.
Integrity (NIST definition-FIPS PUB 199) [S15]
“Guarding against improper information Cloud deployment models
modification or destruction, and includes ensuring Private Cloud [15]
information non-repudiation and authenticity.” the services offered are monitored by the
organization itself where its services are not
Availability (NIST definition-FIPS PUB 199) [S15] shared to be monitored by outsiders for any other
“Ensuring timely and reliable access to and use purposes, i.e., the physical infrastructure (cloud)
information.” may or may not be owned by the organization and
might be on-premise or off-premise but will
Cloud service models contain a designated service provider (employees
Software as a service (SaaS) [15] or entities) for its cloud computations.
The SaaS service model is defined to services that
render software applications to the cloud Public cloud [15]
customers. Here, if needed, the Cloud provider can The cloud is provisioned to use by any source that
also operate these applications instead of customers is in need, this source can be an individual, an
like application management (updates), storage organization, or some other entity. This cloud is
backups, infrastructure and soon. generally maintained by ordinary cloud provider
and mechanisms where low-level security is
Platform as a service (PaaS) [15] provided for usage.
The PaaS service model is derived to offer
interfaces such as operational platforms to the
cloud customer. These platforms ar e helpful to the Hybrid cloud [15]
customer in order to build some new applications It is a combination of public or private or any
that are supported on cloud based technologies. other deployment cloud (such as community
Here, the operations such as network management, clouds) that is designed into single cloud
storage, and operating systems are managed by the architecture. The user may vary according to the
cloud provider itself and hence the customer can be organizational needs and hence the security may
relieved to work only for their application also vary with it.
development but not in other matters of cloud
maintenance. Cloud key characteristics
On-demand resource sharing [15]
Infrastructure as a service (IaaS) [15] The provisioning of services offered can leverage
The IaaS service model is derived from the concept a concept of 'On-demand resource sharing'. This
for reducing costs to the customer. IaaS is is automated process that enables the control
structured to provide the capabilities of cloud mechanism of reducing human efforts for enabling
provisioning, storage management and other services to the right users.
fundamental needs to the customer for making
them to use cloud technologies. Here, the customer Resource Pooling [15]
is application or file management is indirectly As delivered to our research report above from
controlled by the cloud provider. NIST, Resource pooling technology in Cloud
Computing Paradigm renders the ability to store
Grid Deployment models and dynamically allocate space to the resources to
Computational grid [4] occur for storage periodically.
The concept of separating resources for setting
them aside in order to automate the computational Rapid elasticity [15]
works that can reduce compu tational power and The rapid elasticity is derived as: provisioning
man-power is said to be Computational grid. services with capabilities to automatically scale the
exact user-demand. The resource is set to use for
Data grid [4] the demand and this service is reverted back when
The information and data are stored or retrieved to the customer is not in need of that resource.
analysis from this data grid. This data grid is
modeled in such a way that large volumes of data Wide network access [15]
are accessed from single Cloud data centre at a time The ability to control or mange large area
by several users (or companies or organizations). networks is delivered to output by this wide
network access. With this characteristic we can be
Service grid [4] access data or information or service even through
48 | P a g e
15. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
mobile devices. Organizational solutions in our research report for
our confidentiality framework.
Cloud Spheres models
User Sphere: [10] Hybrid solutions [4]
The user sphere is a technical domain name which These solutions denote the category that
seems to be encompassing a user's device. This combines all kinds of issues for sorting them
sphere has to enable a full access control to the to gain hybrid solutions. Here, trust is the
users who own it. The data is set to privacy and is fundamental for solving any kind of issue. We
accessible to entities present in external did not use this kind of solutions in our framework
boundaries only with th e data owner's but instead as trust occurs better with policies and
permissions. Additionally, user sphere models laws, we involved legal issues in our research
are trumped with respect to owner's physical framework.
privacy and hence, will wait for their
interruption to change their access setting when Some other keywords from literature
needed. RAIN (Redundant Array of Independent Net-
storages) [9]
Recipient Sphere: [10] All the deployment models are split to several
In the same way as that of user sphere above, the independent (non-colluding) storage providers
recipient sphere is a company centric sphere where that pretend to be Redundant Array of
the organization is responsible for its complete Independent Net-storages (RAIN). In authors view
access controls. As the control is within the a single chunk of data doesn't comprise
organization itself, the risk is low when Confidentiality and hence they derive that the data
compared to user sphere and so can potentially should be stored using one or several cloud storage
minimizes the risk of privacy breaches. providers.
Joint Sphere [10] Open risk taxonomy [1]
The joint sphere is also a technical domain term of Open risk taxonomy is nothing but generalizing
cloud spheres where this sphere can derive the the issues (factors contributing) into much similar
complete cloud to its privacy by setting the generalized issue categories. In this paper [1], the
controls completely within the organization and risk focus is divided mainly into two types „loss
also involving its customers with some limitations event frequency‟, „probable loss magnitude‟ with
to access them. we analyzed that this kind of model all the rest of the factors that occur for risk must be
is not impossible to see in the real world, as we falling into one of these categories.
can see social networking sites where the users has
given free of charge for using data storage, email
services and many other features but the users Hypervisors [14]
should indirectly need to know that the full Cloud Computing evaluates a Concept of
control of these services is withheld with the „provisioning services in a timely (near on
company (social networking site) itself but not instant), on-demand manner, to allow the scaling
with the user. Hence the privacy control is derived up and down of resources‟. This approach of
with the complete understandings of the making computing a utility in cloud environment
organizations and its customers involved in joint provides an Opportunity to dynamically scale the
sphere. computing resource that are shared among
customers using virtualization technology.
Classification of types of Solutions for issues found Allocating / de-allocating these resources
in grid computing efficiently, is an open challenge that is solved by
System solutions [4] Hypervisors. They allocation and de-allocation
The system based solutions approach is a concept mechanisms are automated through these
where the technical issues are to be analyzed for hypervisors. In addition, we have analyzed that at
solutions and rectifications. Issues such as present: VMware, XEN systems (using XEN
accessing grid information, auditing grid functions hypervisors), Kernel-based Virtual Machine
and soon are set to solutions here. We named (KVM); implementing their services pretend to be
them to be technical solutions in our research Hypervisors in the real-time cloud computing
report for our confidentiality framework world.
Behavioural solutions [4] Keywords that occurred in our Confidentiality
The Behavioral solutions denotes the category Framework
where solutions for issues like Immediate job (Clear and extra explanation of each and every
execution, advanced scheduling, job control are word used in our Framework)
sorted out for answers. We named them as
49 | P a g e
16. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Cloud system analysis and design come under general security limitations concept.
The system analysis and design is the initial step
where we choose the Cloud deployment model Cloud offerings
[15] and designing the tasks that work upon that The cloud offering is the final step where we
model that is chosen. choose the Cloud service model [15] and designing
the tasks that work upon that model that is chosen.
Cloud security requirements
The general security requirements like key APPENDIX E –INCLUDED STUDIES
encryptions [5] [11], data storage privacy [8], and POST-SLR EXTRA HELPFUL REFERENCES6
many other fundamental requirements should be ([S])
analyzed before implementing every cloud model. [S1]. C. Alcaraz, I. Agudo, D. Nunez, and
This helps in reducing the risk of cloud failure in
J. Lopez, “Managing Incidents in
security matters. This general loo k- up what of Smart Grids a` la Cloud,” in 2011
security requirements needed will somewhat IEEE Third International Conference on
increase the confidentiality in the cloud customers. Cloud Computing Technology and Science
(CloudCom), 2011, pp. 527 –531.
Data Location Dimension
[S2]. C. I. Dalton, D. Plaquin, W. Weidner, D.
Cloud confidentiality fails due to lack of cloud Kuhlmann, B. Balacheff, and R. Brown,
transparency to the customers. Customers are “Trusted virtual platforms,” ACM
reluctant to transform their businesses on to cloud SIGOPS Operating Systems Review, vol.
as they can‟t see where their data is located and 43, no. 1, p. 36, Jan. 2009.
hence, data location dimension distinguishes the [S3]. D. W. Chadwick and K. Fatema, “A
data location in data owner's perspective rather
privacy preserving authorisation system
than data provider's perspective [10].
for the cloud,” Journal of Computer and
System Sciences, vol. 78, no. 5, pp. 1359–
System security control structure
1373, Sep. 2012.
The original security model that is designed to [S4]. H. Takabi, J. B. D. Joshi, and G.-J. Ahn,
operations for cloud security requirements found
“Security and Privacy Challenges in
earlier is developed here in security control Cloud Computing Environments,” IEEE
structure. All the security issues are analyzed here Security & Privacy Magazine, vol. 8, no.
and further classified into 3 major chunks 6, pp. 24–31, Nov. 2010.
(technical, organizational, legal) and are sent to be [S5]. J. Li, B. Stephenson, H. R. Motahari-
solved by those different departments that are Nezhad, and S. Singhal, “GEODAC: A
responsible for solving them [4].
Data Assurance Policy Specification
and Enforcement Framework for
Access controls
Outsourced Services,” IEEE Transactions
The Cloud sphere models [10] such as recipient on Services Computing, vol. 4, no. 4, pp.
sphere, user sphere, hybrid sphere occur in access 340–354, Oct. 2011.
control criteria and will work as the same by [S6]. J. Hao and W. Cai, “Trusted Block as a
transforming their responsibilities and concepts in Service: Towards Sensitive Applications
access controls functions. These access controls on the Cloud,” in 2011 IEEE 10th
even though arose from that sphere concept, the International Conference on Trust,
main duty is to preserve confidentiality for the Security and Privacy in Computing and
data that is being processed in-and-out of the Communications (TrustCom), 2011, pp.
cloud. As soon as we set the access control to one
73 –82.
of these sphere, the cloud will adhere the [S7]. L. M. Kaufman, “Data Security in the
responsibilities of those sphere that is set and will World of Cloud Computing,” IEEE
work for the same. Security & Privacy Magazine, vol. 7, no.
4, pp. 61–64, Jul. 2009.
General security limitations [S8]. P. Angin, B. Bhargava, R. Ranchal, N.
The general security limitations occur from the
Singh, M. Linderman, L. Ben Othmane,
concept of data provisioning and security controls and L. Lilien, “An Entity-Centric
that are limited to them in NIST draft SP800-125 Approach for Privacy and Identity
[14] and NIST Draft SP800-30 [12] respectively. Management in Cloud Computing,” in
The general security limitations such as enabling 2010 29th IEEE Symposium on Reliable
encryption techniques; implementation of virtual
Distributed Systems, 2010, pp. 177 –183.
private networks; implementation of security [S9]. R. Padilha and F. Pedone, “Belisarius:
settings that suit the service level agreements [2]
BFT Storage with Confidentiality,” in
(that render to organizational standards);
2011 10th IEEE International
generating security assurance criteria and soon
50 | P a g e
17. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Symposium on Network Computing and 2011, Los Alamitos, CA, USA, 2011, pp.
Applications (NCA), 2011, pp. 9 –16. 11.
[S10]. R. K. L. Ko, P. Jagadpramana, M. [R2]. F. B. Shaikh and S. Haider, “Security
Mowbray, S. Pearson, M. Kirchberg, Q. threats in cloud computing,” in 2011 6th
Liang, and B. S. Lee, “TrustCloud: A International Conference for Internet
Framework for Accountability and Trust Technology and Secured Transactions
in Cloud Computing,” in 2011 IEEE (ICITST), 11-14 Dec. 2011, Piscataway,
World Congress on Services (SERVICES), NJ, USA, 2011, p. 214–19.
2011, pp. 584 –588. [R3]. Hao Sun and K. Aida, “A Hybrid and
[S11]. R. Seiger, S. Gross, and A. Schill, Secure Mechanism to Execute Parameter
“SecCSIE: A Secure Cloud Storage Survey Applications on Local and Public
Integrator for Enterprises,” in 2011 IEEE Cloud Resources,” in 2010 IEEE 2nd
13th Conference on Commerce and International Conference on Cloud
Enterprise Computing (CEC), 2011, pp. Computing Technology and Science
252 –255. (CloudCom 2010), 30 Nov.-3 Dec. 2010,
[S12]. S. Pearson and A. Benameur, “Privacy, Los Alamitos, CA, USA, 2010, p. 118–26.
Security and Trust Issues Arising from [R4]. Jen-Sheng Wang, Che-Hung Liu, and G.
Cloud Computing,” in 2010 IEEE T. R. Lin, “How to manage information
Second International Conference on security in cloud computing,” in 2011
Cloud Computing Technology and Science IEEE International Conference on
(CloudCom), 2010, pp. 693 –702. Systems, Man and Cybernetics, 9-12 Oct.
[S13]. U. Greveler, B. Justus, and D. Loehr, “A 2011, Piscataway, NJ, USA, 2011, p.
Privacy Preserving System for Cloud 1405–10.
Computing,” in 2011 IEEE 11th [R5]. J. C. Roberts II and W. Al-Hamdani,
International Conference on Computer “Who can you trust in the cloud? A review
and Information Technology (CIT), 2011, of security issues within cloud
pp. 648 –653. computing,” in 2011 Information Security
[S14]. X. Zhang, N. Wuwong, H. Li, and X. Curriculum Development Conference,
Zhang, "Information security risk InfoSecCD’11, September 30, 2011 -
management framework for the cloud October 1, 2011, Kennesaw, GA, United
computing environments", Proceedings - states, 2011, pp. 15–19.
10th IEEE International Conference on [R6]. K. Dahbur, B. Mohammad, and A. B.
Computer and Information Technology, Tarakji, “A survey of risks, threats and
CIT-2010, 7th IEEE International vulnerabilities in cloud computing,” in
Conference on Embedded Software and 2nd International Conference on
Systems, ICESS-2010, ScalCom-2010, pp. Intelligent Semantic Web-Services and
1328. Applications, ISWSA 2011, April 18, 2011
[S15]. "Standards for Security Categorization of - April 20, 2011, Amman, Jordan, 2011, p.
Federal Information and Information The Isra University.
Systems," National Institute of Standards [R7]. L. M. Vaquero, L. Rodero-Merino, and D.
and Technology (NIST), FIPS Pub. 199, Moran, “Locking the sky: a survey on
Feb. 2004. IaaS cloud security,” Computing, vol. 91,
no. 1, pp. 93–118, Jan. 2011.
We found 26 relevant and available papers in [R8]. L. Sumter, “Cloud computing: Security
which only 11 supported our study relating risk,” in 48th Annual Southeast Regional
Confidentiality framework. Here, some extra Conference, ACM SE’10, April 15, 2010 –
references (excluding those 11references that are April 17, 2010, Oxford, MS, United states,
presented in the research report). Those that did 2010.
not support for our Framework in any kind but [R9]. Minqi Zhou, Rong Zhang, Wei Xie,
helped us in gaining some extra knowledge are Weining Qian, and Aoying Zhou,
presented here. “Security and Privacy in Cloud
Computing: A Survey,” in 2010 Sixth
PRE-SLR (ASSIGNMENT-1 SLR) - International Conference on Semantics
REFERENCES ([R]) Knowledge and Grid (SKG 2010), 1-3
[R1]. D. Carrell, “A Strategy for Deploying Nov. 2010, Los Alamitos, CA, USA, 2010,
Secure Cloud-Based Natural Language p. 105–12.
Processing Systems for Applied Research [R10]. M. Jensen, J. Schwenk, N. Gruschka, and
Involving Clinical Text,” in 2011 44th L. L. Iacono, “On technical security issues
Hawaii International Conference on in cloud computing,” in 2009 IEEE
System Sciences (HICSS 2011), 4-7 Jan. International Conference on Cloud
51 | P a g e
18. Chaitanya Dwivedula, Anusha Choday / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 2, March -April 2013, pp.035-052
Computing (CLOUD), 21-25 Sept. 2009, Science and Engineering (ICSSE), 8-10
Piscataway, NJ, USA, 2009, p. 109–16. June 2011, Piscataway, NJ, USA, 2011, p.
[R11]. M. Townsend, “Managing a security 582–7.
program in a cloud computing [R20]. Xin Yang, Qingni Shen, Yahui Yang, and
environment,” in 2009 Information Sihan Qing, “A Way of Key Management
Security Curriculum Development Annual in Cloud Storage Based on Trusted
Conference, InfoSecCD’09, September 25, Computing,” in Network and Parallel
2009 - September 26, 2009, Kennesaw, Computing. 8th IFIP International
GA, United states, 2009, pp. 128–133. Conference, NPC 2011, 21-23 Oct. 2011,
[R12]. M. T. Khorshed, A. B. M. Shawkat Ali, Berlin, Germany, 2011, p. 135–45.
and S. A. Wasimi, “Trust issues that create [R21]. Xue Jing and Zhang Jian-jun, “A brief
threats for cyber attacks in cloud computin survey on the security model of cloud
g,” in 2011 17th IEEE International computing,” in 2010 Ninth International
Conference on Parallel and Distributed Symposium on Distributed Computing and
Systems, ICPADS 2011, December 7, Applications to Business, Engineering and
2011 – December 9, 2011, Tainan, Science (DCABES 2010), 10-12 Aug.
Taiwan, 2011, pp. 900–905. 2010, Los Alamitos, CA, USA, 2010, p.
[R13]. M. T. Khorshed, A. B. M. S. Ali, and S. 475–8.
A. Wasimi, “A survey on gaps, threat [R22]. X. Lin, “Survey on cloud based mobile
remediation challenges and some thoughts security and a new framework for
for proactive attack detection in cloud improvement,” in 2011 International
computing,” P.O. Box 211, Amsterdam, Conference on Information and
1000 AE, Netherlands, 2012, vol. 28, pp. Automation, ICIA 2011, June 6, 2011 -
833–851. June 8, 2011, Shenzhen, China, 2011, pp.
[R14]. P. Jain, D. Rane, and S. Patidar, “A survey 710–715.
and analysis of cloud model-based
security for computing secure cloud
bursting and aggregation in renal
environment,” in 2011 World Congress on
Information and Communication
Technologies (WICT), 11-14 Dec. 2011,
Piscataway, NJ, USA, 2011, p. 456–61.
[R15]. R. Glott, E. Husmann, A.-R. Sadeghi, and
M. Schunter, “Trustworthy Clouds
Underpinning the Future Internet,” in The
Future Internet, Berlin, Germany:
Springer Verlag, 2011, p. 209–21.
[R16]. S. Ramgovind, M. M. Eloff, and E. Smith,
“The management of security in Cloud
computing,” in 2010 Information Security
for South Africa (ISSA 2010), 2-4 Aug.
2010, Piscataway, NJ, USA, 2010, p. 7 pp.
[R17]. S. Subashini and V. Kavitha, “A survey on
security issues in service delivery models
of cloud computing,” Journal of Network
and Computer Applications, vol. 34, no. 1,
pp. 1–11, Jan. 2011.
[R18].S. Tabet and M. Pohlman, “Cloud
Computing: Combining Governance,
Compliance, and Trust Standards with
Declarative Rule- Based Frameworks,” in
Rule-Based Modeling and Computing on
the Semantic Web. 5th International
Symposium, RuleML 2011 - America, 3-5
Nov. 2011, Berlin, Germany, 2011, p.
230–6.
[R19]. Tsung-Hui Lu, Li-Yun Chang, and Zhe-
Jung Lee, “Integrating Security
Certification with IT Education,” in 2011
International Conference on System
52 | P a g e