Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
Cloud computing began to get both awareness and popularity in the early 2000s.
When the concept of cloud computing originally came to prominence most people did
not fully understand what role it fullled or how it helped an organization. In some
cases people still do not fully understand the concept of cloud computing. Cloud
computing can refer to business intelligence (BI), complex event processing (CEP),
service-oriented architecture (SOA), Software as a Service (SaaS), Web-oriented architecture
(WOA), and even Enterprise 2.0. With the advent and growing acceptance
of cloud-based applications like Gmail, Google Calendar, Flickr, Google Docs, and
Delicious, more and more individuals are now open to using a cloud computing environment
than ever before. As this need has continued to grow so has the support
and surrounding infrastructure needed to support it. To meet those needs companies
like Google, Microsoft, and Amazon have started growing server farms in order to
provide companies with the ability to store, process, and retrieve data while generating
income for themselves. To meet this need Google has brought on-line more
than a million servers in over 30 data centers across its global network. Microsoft
is also investing billions to grow its own cloud infrastructure. Microsoft is currently
adding an estimated 20,000 servers a month. With this amount of process, storage
and computing power coming online, the concept of cloud computing is more of a
reality than ever before. The growth of cloud computing had the net eect of businesses
migrating to a new way of managing their data infrastructure. This growth of
cloud computing capabilities has been described as driving massive centralization at
its deep center to take advantage of economies of scale in computing power, energy
consumption, cooling, and administration.
In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realizing that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. This paper discusses security issues, requirements and challenges that cloud service providers (CSP) face during cloud engineering. Recommended security standards and management models to address these are suggested for technical and business community.
Cloud here means data and encryption means to secure the data. In this ppt you can get to know about various encryption algorithms which are used to secure the data.
The aim of this paper is to make cloud service consumer aware about cloud computing fundamentals, its essential services, service models and deployment options. This also through light on security and risk management piece of CSA trusted cloud reference architecture, cloud control matrix and notorious nine threats and ENISAs top risks to cloud computing. At the end it talks about certifications and attestation part.
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Cloud computing security issues .what is cloud computing, cloud clients, disadvantages of clouds, security issues, value of data, threat model and solutions.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
Cloud computing began to get both awareness and popularity in the early 2000s.
When the concept of cloud computing originally came to prominence most people did
not fully understand what role it fullled or how it helped an organization. In some
cases people still do not fully understand the concept of cloud computing. Cloud
computing can refer to business intelligence (BI), complex event processing (CEP),
service-oriented architecture (SOA), Software as a Service (SaaS), Web-oriented architecture
(WOA), and even Enterprise 2.0. With the advent and growing acceptance
of cloud-based applications like Gmail, Google Calendar, Flickr, Google Docs, and
Delicious, more and more individuals are now open to using a cloud computing environment
than ever before. As this need has continued to grow so has the support
and surrounding infrastructure needed to support it. To meet those needs companies
like Google, Microsoft, and Amazon have started growing server farms in order to
provide companies with the ability to store, process, and retrieve data while generating
income for themselves. To meet this need Google has brought on-line more
than a million servers in over 30 data centers across its global network. Microsoft
is also investing billions to grow its own cloud infrastructure. Microsoft is currently
adding an estimated 20,000 servers a month. With this amount of process, storage
and computing power coming online, the concept of cloud computing is more of a
reality than ever before. The growth of cloud computing had the net eect of businesses
migrating to a new way of managing their data infrastructure. This growth of
cloud computing capabilities has been described as driving massive centralization at
its deep center to take advantage of economies of scale in computing power, energy
consumption, cooling, and administration.
In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realizing that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. This paper discusses security issues, requirements and challenges that cloud service providers (CSP) face during cloud engineering. Recommended security standards and management models to address these are suggested for technical and business community.
Cloud here means data and encryption means to secure the data. In this ppt you can get to know about various encryption algorithms which are used to secure the data.
The aim of this paper is to make cloud service consumer aware about cloud computing fundamentals, its essential services, service models and deployment options. This also through light on security and risk management piece of CSA trusted cloud reference architecture, cloud control matrix and notorious nine threats and ENISAs top risks to cloud computing. At the end it talks about certifications and attestation part.
This presentation will give complete information regarding security issues related to cloud computing. To learn cloud computing fill up a simple form.
http://bit.ly/aDegGN
Cloud computing security issues .what is cloud computing, cloud clients, disadvantages of clouds, security issues, value of data, threat model and solutions.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
Cloud computing has changed the entire process that distributed computing used to present e.g. Grid
computing, server client computing. Cloud computing describes recent developments in many existing IT
technologies and separates application and information resources from the underlying infrastructure.
Cloud computing security is an important aspect of quality of service from cloud service providers.
Security concerns arise as soon as one begins to run applications beyond the designated firewall and move
closer towards the public domain. In violation of security in any component in the cloud can be disaster for
the organization (the customer) as well as for the provider. In this paper, we propose a cloud security
model and security framework that identifies security challenges in cloud computing.
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
Ubiquitous computing has revolutionized interaction of humans and machines. Cloud computing has been mainly used for storing data and various computational purposes. It has changed the face of using the internet. But, as we know every technology has its pros and cons. Securing cloud environment is the most challenging issue for the researchers and developers. Main aspects which cloud security should cover are authentication, authorization, data protection etc. Establishing trust between cloud service providers (CSP) is the biggest challenge, when someone is discussing about cloud security. Trust is a critical factor which mainly depends on perception of reputation and self-assessment done by both user and CSP. The trust model can act as security strength evaluator and ranking service for cloud application and services. For establishing trust relationship between two parties, mutual trust mechanism is reliable, as it does verification from both sides. There are various trust models which mainly focuses on securing one party i.e., they validate either user or service node. In this survey paper, the study of various trust models and their various parameters are discussed.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
The Riisk and Challllenges off Clloud ComputtiingIJERA Editor
Cloud computing is a computing technology aiming to share storage, computation, and services transparently
among a massive users. Current cloud computing systems pose serious limitation to protecting the confidentiality
of user data. Since the data share and stored is presented in unencrypted forms to remote machines owned and
operated by third party service providers despite it sensitivity (example contact address, mails), the risks of
disclosing user confidential data by service providers may be quite high and the risk of attacking cloud storage
by third party is also increasing. The purpose of this study is to review researches done on this technology,
identify the security risk and explore some techniques for protecting users‟ data from attackers in the cloud.
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
Cloud computing is a new innovative model for enterprise in which information is permanently stored on the servers and also manage how and when different resources are allocate to the requested users. It provides distributed approach through which resources are allocated dynamically to the users without investing in the infrastructure or licensing the software’s on the client side. Using the cloud makes processing of information is more commodious but it also present them with new security problems about reliability.This phenomenon introduces serious problems regarding access mechanism to any information stored in the database and resources in the cloud. For the successful implementation of cloud computing it is necessary that we must know different areas where the security is needed. For this there should also governess strategy needed for secure communication between multi-clouds located in different geographical areas or in different countries. In this paper we discuss how to safely utilizing the benefit of cloud computing through the network where data security, provide authentication, integration, recovery, IP spoofing and Virtual Servers are the most captiousfields in the cloud.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
Advanced Computing: An International Journal (ACIJ) is a peer-reviewed, open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and a practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of computing.
Call for Papers - Advanced Computing An International Journal (ACIJ) (2).pdfacijjournal
Submit your Research Papers!!!
Advanced Computing: An International Journal ( ACIJ )
ISSN: 2229 -6727 [Online] ; 2229 - 726X [Print]
Webpage URL: http://airccse.org/journal/acij/acij.html
Submission URL: http://coneco2009.com/submissions/imagination/home.html
Submission Deadline : April 08, 2023
Here's where you can reach us : acijjournal@yahoo.com or acij@aircconline
Advanced Computing: An International Journal (ACIJ
)
is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advancedcomputing. The journal focuses on all technical and practical aspects of high performancecomputing, green computing, pervasive computing, cloud computing etc. The goal of this journalis to bring together researchers anda practitioners from academia and industry to focus onunderstanding advances in computing and establishing new collaborations in these areas
Submit your Research Papers!!!
Advanced Computing: An International Journal ( ACIJ )
ISSN: 2229 -6727 [Online] ; 2229 - 726X [Print]
Webpage URL: http://airccse.org/journal/acij/acij.html
Submission URL: http://coneco2009.com/submissions/imagination/home.html
Here's where you can reach us : acijjournal@yahoo.com or acij@aircconline.com
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)acijjournal
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)provides a forum for researchers who address this issue and to present their work in a peer-reviewed forum.
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)acijjournal
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)provides a forum for researchers who address this issue and to present their work in a peer-reviewed forum.
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)acijjournal
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)provides a forum for researchers who address this issue and to present their work in a peer-reviewed forum.
4thInternational Conference on Machine Learning & Applications (CMLA 2022)acijjournal
4thInternational Conference on Machine Learning & Applications (CMLA 2022)will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications. The aim of the conference is to provide a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field.
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)acijjournal
7thInternational Conference on Data Mining & Knowledge Management (DaKM 2022)provides a forum for researchers who address this issue and to present their work in a peer-reviewed forum.Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the following areas, but are not limited to these topics only.
3rdInternational Conference on Natural Language Processingand Applications (N...acijjournal
3rdInternational Conference on Natural Language Processing and Applications (NLPA 2022)will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Natural Language Computing and its applications. The Conference looks for significant contributions to all major fieldsof the Natural Language processing in theoretical and practical aspects.
4thInternational Conference on Machine Learning & Applications (CMLA 2022)acijjournal
4thInternational Conference on Machine Learning & Applications (CMLA 2022)will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications. The aim of the conference is to provide a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field.
Graduate School Cyber Portfolio: The Innovative Menu For Sustainable Developmentacijjournal
In today’s milieu, new demands and trends emerge in the field of Education giving teachers of Higher Education Institutions (HEI’s) no choice but to be innovative to cope with the fast changing technology. To be naturally innovative, a graduate school teacher needs to be technologically and pedagogically competent. One of the ways to be on this level is by creating his cyber portfolio to support students’ eportfolio for lifelong learning. Cyber portfolio is an innovative menu for teachers who seek out strategies to integrate technology in their lessons. This paper presents a straightforward preparation on how to innovate a cyber portfolio that has its practical and breakthrough solution against expensive and inflexible vended software which often saddle many universities. Additionally, this cyber portfolio is free and it addresses the 21st century skills of graduate students blended with higher order thinking skills, multiple intelligence, technology and multimedia.
Genetic Algorithms and Programming - An Evolutionary Methodologyacijjournal
Genetic programming (GP) is an automated method for creating a working computer program from a high-level problem statement of a problem. Genetic programming starts from a high-level statement of “what needs to be done” and automatically creates a computer program to solve the problem. In artificial intelligence, genetic programming (GP) is an evolutionary algorithm-based methodology inspired by biological evolution to find computer programs that perform a user defined task. It is a specialization of genetic algorithms (GA) where each individual is a computer program. It is a machine learning technique used to optimize a population of computer programs according to a fitness span determined by a program's ability to perform a given computational task. This paper presents a idea of the various principles of genetic programming which includes, relative effectiveness of mutation, crossover, breeding computer programs and fitness test in genetic programming. The literature of traditional genetic algorithms contains related studies, but through GP, it saves time by freeing the human from having to design complex algorithms. Not only designing the algorithms but creating ones that give optimal solutions than traditional counterparts in noteworthy ways.
Data Transformation Technique for Protecting Private Information in Privacy P...acijjournal
Data mining is the process of extracting patterns from data. Data mining is seen as an increasingly important tool by modern business to transform data into an informational advantage. Data
Mining can be utilized in any organization that needs to find patterns or relationships in their data. A group of techniques that find relationships that have not previously been discovered. In many situations, the extracted patterns are highly private and it should not be disclosed. In order to maintain the secrecy of data,
there is in need of several techniques and algorithms for modifying the original data in order to limit the extraction of confidential patterns. There have been two types of privacy in data mining. The first type of privacy is that the data is altered so that the mining result will preserve certain privacy. The second type of privacy is that the data is manipulated so that the mining result is not affected or minimally affected. The aim of privacy preserving data mining researchers is to develop data mining techniques that could be
applied on data bases without violating the privacy of individuals. Many techniques for privacy preserving data mining have come up over the last decade. Some of them are statistical, cryptographic, randomization methods, k-anonymity model, l-diversity and etc. In this work, we propose a new perturbative masking technique known as data transformation technique can be used for protecting the sensitive information. An
experimental result shows that the proposed technique gives the better result compared with the existing technique.
Advanced Computing: An International Journal (ACIJ) acijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
E-Maintenance: Impact Over Industrial Processes, Its Dimensions & Principlesacijjournal
During the course of the industrial 4.0 era, companies have been exponentially developed and have
digitized almost the whole business system to stick to their performance targets and to keep or to even
enlarge their market share. Maintenance function has obviously followed the trend as it’s considered one
of the most important processes in every enterprise as it impacts a group of the most critical performance
indicators such as: cost, reliability, availability, safety and productivity. E-maintenance emerged in early
2000 and now is a common term in maintenance literature representing the digitalized side of maintenance
whereby assets are monitored and controlled over the internet. According to literature, e-maintenance has
a remarkable impact on maintenance KPIs and aims at ambitious objectives like zero-downtime.
10th International Conference on Software Engineering and Applications (SEAPP...acijjournal
10th International Conference on Software Engineering and Applications (SEAPP 2021) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Software Engineering and Applications. The goal of this Conference is to bring together researchers and practitioners from academia and industry to focus on understanding Modern software engineering concepts and establishing new collaborations in these areas.
10th International conference on Parallel, Distributed Computing and Applicat...acijjournal
10th International conference on Parallel, Distributed Computing and Applications (IPDCA 2021) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Parallel, Distributed Computing. Original papers are invited on Algorithms and Applications, computer Networks, Cyber trust and security, Wireless networks and mobile Computing and Bioinformatics. The aim of the conference is to provide a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field.
DETECTION OF FORGERY AND FABRICATION IN PASSPORTS AND VISAS USING CRYPTOGRAPH...acijjournal
In this paper, we present a novel solution to detect forgery and fabrication in passports and visas using
cryptography and QR codes. The solution requires that the passport and visa issuing authorities obtain a
cryptographic key pair and publish their public key on their website. Further they are required to encrypt
the passport or visa information with their private key, encode the ciphertext in a QR code and print it on
the passport or visa they issue to the applicant.
The issuing authorities are also required to create a mobile or desktop QR code scanning app and place it
for download on their website or Google Play Store and iPhone App Store. Any individual or immigration
authority that needs to check the passport or visa for forgery and fabrication can scan its QR code, which
will decrypt the ciphertext encoded in the QR code using the public key stored in the app memory and
displays the passport or visa information on the app screen. The details on the app screen can be
compared with the actual details printed on the passport or visa. Any mismatch between the two is a clear
indication of forgery or fabrication.
Discussed the need for a universal desktop and mobile app that can be used by immigration authorities and
consulates all over the world to enable fast checking of passports and visas at ports of entry for forgery
and fabrication.
Detection of Forgery and Fabrication in Passports and Visas Using Cryptograph...acijjournal
In this paper, wepresenta novel solution to detect forgery and fabrication in passports and visas using cryptography and QR codes. The solution requires that the passport and visa issuing authorities obtain a cryptographic key pair and publish their public key on their website. Further they are required to encrypt the passport or visa information with their private key, encode the ciphertext in a QR code and print it on the passport or visa they issue to the applicant.
The issuing authorities are also required to create a mobile or desktop QR code scanning app and place it for download on their website or Google Play Store and iPhone App Store. Any individual or immigration authority that needs to check the passport or visa for forgery and fabrication can scan its QR code, which will decrypt the ciphertext encoded in the QR code using the public key stored in the app memory and displays the passport or visa information on the app screen. The details on the app screen can be compared with the actual details printed on the passport or visa. Any mismatch between the two is a clear indication of forgery or fabrication.
Discussed the need for a universal desktop and mobile app that can be used by immigration authorities and consulates all over the world to enable fast checking of passports and visas at ports of entry for forgery and fabrication.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
1. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
DOI : 10.5121/acij.2013.4102 9
SECURE CLOUD ARCHITECTURE
Kashif Munir1
and Prof Dr. Sellapan Palaniappan2
1
School of Science and Engineering, Malaysia University of Science and Technology,
Selangor, Malaysia
kashifbwp@hotmail.com
2
School of Science and Engineering, Malaysia University of Science and Technology,
Selangor, Malaysia
sell@must.edu.my
ABSTRACT
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know about
the key security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
KEYWORDS
Cloud Computing; Security and Privacy; Threats, Vulnerabilities, Secure Cloud Architecture.
1. INTRODUCTION
With Cloud Computing becoming a popular term on the Information Technology (IT) market,
security and accountability has become important issues to highlight. There are a number of
security issues/concerns associated with cloud computing but these issues fall into two broad
categories: Security issues faced by cloud providers (organizations providing Software-,
Platform-, or Infrastructure-as-a-Service via the cloud) and security issues faced by their
customers.[1] In most cases, the provider must ensure that their infrastructure is secure and that
their clients’ data and applications are protected while the customer must ensure that the
provider has taken the proper security measures to protect their information.[2]
Cloud computing has emerged as a way for IT businesses to increase capabilities on the fly
without investing much in new infrastructure, training of personals or licensing new software
[3].
2. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
10
Figure 1: Cloud Computing represented as a stack of service
NIST defines Cloud computing as a “model for enabling ubiquitous, convenient, on demand
network access to a shared pool of configurable computing resources that can be rapidly
provisioned and delivered with minimal managerial effort or service provider interaction” [4]. It
follows a simple “pay as you go” model, which allows an organization to pay for only the
service they use. It eliminates the need to maintain an in-house data center by migrating
enterprise data to a remote location at the Cloud provider’s site. Minimal investment, cost
reduction, and rapid deployment are the main factors that drive industries to utilize Cloud
services and allow them to focus on core business concerns and priorities rather than dealing
with technical issues. According to [5], 91 % of the organizations in US and Europe agreed that
reduction in cost is a major reason for them to migrate to Cloud environment.
As shown in Figure. 1, Cloud services are offered in terms of Infrastructure-as-a- service (IaaS),
Platform-as-a-service (PaaS), and Software-as-a-service (SaaS). It follows a bottom-up
approach wherein at the infrastructure level; machine power is de- livered in terms of CPU
consumption to memory allocation. On top of it, lies the layer that delivers an environment in
terms of framework for application development, termed as PaaS. At the top level resides the
application layer, delivering software outsourced through the Internet, eliminating the need for
in-house maintenance of sophisticated software [6]. At the application layer, the end users can
utilize software running at a remote site by Application Service Providers (ASPs). Here,
customers need not buy and install costly software. They can pay for the usage and their
concerns for maintenance are removed.
2. RELATED WORK
In [7] the authors discussed the security issues in a cloud computing environment. They
focused on technical security issues arising from the usage of cloud services. They discussed
security threats presented in the cloud such as VM-Level attacks, isolation failure,
management interface compromise and compliance risks and their mitigation. They also
presented cloud security architecture, using which; organizations can protect themselves
against threats and attacks. According to the authors the key points for this architecture are:
single-sign on, increased availability, defense in depth approach, single management console
and Virtual Machine (VM) protection.
In [8] the authors analyzed vulnerabilities and security risks specific to cloud computing
systems. They defined four indicators for cloud-specific vulnerability including: 1) it is
3. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
11
intrinsic to or prevalent in core technology of cloud computing, 2) it has its root in one of
NIST’s essential cloud characteristics, 3) it is caused by cloud innovations making security
controls hard to implement, 4) it is prevalent in established state-of-the- art cloud offerings. The
authors were certain that additional cloud-specific vulnerabilities will be identified; others will
become less of an issue as the field of cloud computing matures. However, they believe
that using a precise definition of what constitutes vulnerability and the four indicators
they identified will provide a level of precision and clarity that the current discourse about
cloud computing security often lacks.
In [9] the author discussed some vital issues to ensure a secure cloud environment. This
included a basic view of security policies (e.g., inside threats, access control and system
portability), software security (e.g., virtualization technology, host operating system, guest
operating system and data encryption) and hardware security (e.g., backup, server location
and firewall). The author concluded that an important issue for the future of cloud security is
the use of open standards to avoid problems such as vendor lock-in and incompatibility.
Furthermore, the author believes that although there are no security standards specific to cloud
computing, conventional security concepts can be usefully applied.
La‘Quata Sumter et al. [10] says: The rise in the scope of cloud computing has brought
fear about the Internet security and the threat of security in cloud computing is continuously
increasing. Consumers of the cloud computing services have serious concerns about the
availability of their data when required. Users have server concern about the security and
access mechanism in cloud computing environment. To assure users that there information is
secure, safe not accessible to unauthorized people, they have proposed the design of a system
that will capture the movement and processing of the information kept on the cloud. They have
identified there is need of security capture device on the cloud, which will definitely ensure
users that their information is secure and safe from security threats and attacks. The
proposed implementation is based on a case study and is implemented in a small cloud
computing environment. They have claimed that there proposed security model for cloud
computing is a practical model cloud computing.
The advantage of their work is assurance of security to the end users of cloud. The limitation of
this study is there proposed framework is not feasible for large scale cloud computing
environments.
Meiko Jensen et al. [11] have shown that to improve cloud computing security, the security
capabilities of both web browsers and web service frameworks, should be strengthened. This
can best be done by integrating the latter into the former.
M. Jensen et al. [12] focus on special type of Denial of Service attacks on network based service
that relies on message flooding techniques, overloading the victims with invalid requests. They
describe some well known and some rather new attacks and discuss commonalities and
approaches for countermeasures.
Armbust M Fox et al. [13] discuss that resources should be virtualized to hide the
implementation of how they are multiplexed and shared.
Wayne [14]: In this paper benefits of cloud computing are highlighted along with the basic
security issues that are still associated with cloud services. Shaping the security of critical
systems is very important. Addressing the security issues faced by end users is extremely
mandatory, Researchers and professionals must work on the security issues associated with
cloud computing. Strong security policies must be designed to ensure data is safe and
prevented from unauthorized access, in both corporate data centers and in the cloud
4. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
12
servers. This research brings primary problems in terms of cloud security, which are alleged to
cloud computing security and privacy issues. Further the study gazes primary security and
privacy Problems. It mainly focuses public clouds that needs significant consideration and
presents required facts and figures to make organizations data security decisions. Key
security issues identified and addressed in this paper are end user trust, Insider Access,
Visibility, Risk Management, Client-Side Protection, Server-Side Protection, Access Control
and Identity management.
The strengths of their work is identification and discussion on cloud computing security
issues which educates end users about security and private risks associated with cloud
services. The weakness is that they haven‘t proposed any tool or framework to address
identifies issues.
Rituik Dubey et al. [15] define different attacks scenarios and propose counter schemes for each.
M. Okuhara et al. [16] explain how customers, despite their deep-seated concerns and
uneasiness about cloud computing, can enjoy the benefits of the cloud without worry if cloud
services providers use appropriate architectures for implementing security measures. They
also describe the security problems that surround cloud computing and outline Fujitsu’s
security architecture for solving them.
[17] takes a detailed look at cloud computing security risks and conclude that, as computing
takes a step forward to cloud computing, security should not move backward. Users should
not accept moving backward in terms of security, and computing technology and security both,
must advance together.
[18] shows that some of the cutting edge technologies for cloud security are: self-protecting
data, trusted monitors, and searchable encryption. With the integration of these technologies
into their solutions, customers will have even more trust in their cloud provider.
[19] discusses the fundamental trusted computing technologies on which latest approaches to
cloud security are based.
[20] argues that, with continued research advances in trusted computing and computation-
supporting encryption, life in the cloud can be advantageous from a business-intelligence stand
point, over the isolated alternative that is more common now a days.
[21] describes Amazon Web Services’ (AWS) physical and operational security processes for
network and infrastructure under Amazon Web Services (AWS) management. It also gives
service specific security implementations for Amazon Web Services (AWS).
3. THREAT MODEL FOR CLOUD
An abstract view of threat model for Cloud computing is shown in Figure. 2. Cloud clients are
facing two types of security threats viz; external and internal attacks.
Figure 2: Threat model for Cloud computing.
5. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
13
External network attacks in the cloud are increasing at a notable rate. Malicious user outside the
Cloud often performs DoS or DDoS attacks to affect the availability of Cloud services and
resources. Port scanning, IP spoofing, DNS poisoning, phishing are also executed to gain access
of Cloud resources. A malicious user can capture and analyze the data in the packets sent over
this network by packet sniffing. IP spoofing occurs when a malicious user impersonates a
legitimate users IP address where they could access information that they would not have
been able to access otherwise. Availability is very important. Not having access to services
when needed can be a disaster for anyone especially in the case of being denied service. This
can occur when exhaustion of the host servers causes requests from legitimate consumers to be
denied. This can cost a company large amounts of money and time if the services they depend
on to operate are not available.
Internal attacker (authorized user) can easily get access to other user’s resources without being
detected. An insider has higher privileges and knowledge (related to network, security
mechanism and resources to attack) than the external attacker. Therefore, it is easy for an insider
to penetrate an attack than external attackers.
4. VULNERABILITIES TO CLOUD COMPUTING
In Cloud, existing vulnerabilities, threats, and associated attacks raise several security
concerns. Vulnerabilities in Cloud can be defined as the loopholes in the security architecture of
Cloud, which can be exploited by an adversary via sophisticated techniques to gain access to
the network and other infrastructure resources. In this section, we discuss major Cloud
specific vulnerabilities, which pose serious threats to Cloud computing.
4.1 Session Riding and Hijacking
Session hijacking refers to use of a valid session key to gain unauthorized access for the
information or services residing on a computer system, it also refers to theft of a cookie used to
authenticate a user to a remote server and it is relevant to web application technologies
weaknesses in the web application structure at their disposal that gives the chance to hackers in
order to accomplish a wide variety of malicious activities. While session riding refers to the
hackers sending commands to a web application on behalf of the targeted user by just
sending that user an email or tricking the user into visiting a specially crafted website. Session
riding deletes user data, executes online transactions like bids or orders, sends spam to an
intranet system via internet and changes system as well as network configurations or even opens
the firewall [22]. However, the web technologies evolution and refinement also brings new
techniques that compromise sensitive data, provide access to theoretically secure networks and
pose threats to the daily operation of online businesses.
4.2 Reliability and Availability of Service
In terms of reliability and availability, cloud computing is not a perfect technology. For-
example in February 2008, Amazon's Web Service (Amazons-S3) cloud storage infrastructure
went down for several hours, causing data loss and access issues with multiple Web 2.0 services.
With more services being built on top of cloud computing infrastructures, an outage or
failure can create a domino effect by taking down large amounts of Internet based
services and applications which raise several questions such as in cases of failure, what forms of
settlement exist for stakeholders? What is the responsibility of cloud providers? What will be
appropriate procedures to overcome these issues? [23].
4.3 Insecure Cryptography
Attackers’ can decode any cryptographic mechanism or algorithm as main methods to hack
them are discovered. It’s common to find crucial flaws in cryptographic algorithm
6. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
14
implementations, which can twist strong encryption into weak encryption or sometimes no
encryption at all. For example in cloud virtualization providers uses virtualization software to
partition servers into images that are provided to the users as on-demand services [24].
Although utilization of those VMs into cloud providers' data centres provides more flexible and
efficient setup than traditional servers but they don't have enough access to generate random
numbers needed to properly encrypt data. This is one of the fundamental problems of
cryptography. How do computers produce truly random numbers that can't be guessed or
replicated? In PCs, OS typically monitors users' mouse movements and key strokes to gather
random bits of data that are collected in a so-called Entropy Pool (a set of unpredictable
numbers that encryption software automatically pulls to generate random encryption
passkeys). In servers, one that don't have access to a keyboard or mouse, random numbers are
also pulled from the unpredictable movements of the computer's hard drive. VMs that act as
physical machines but are simulated with software have fewer sources of entropy. For
example Linux-based VMs, gather random numbers only from the exact millisecond time on
their internal clocks and that is not enough to generate strong keys for encryption [25].
4.4 Data Protection and Portability
Although the cloud services are offered based on a contract among client and a provider but what
will happen when the contract is terminated and client doesn’t wants to continue anymore.
The question is, will the sensitive data of client be deleted or misused by the provider. Secondly
if the provider went out of business due to any reason, what will happen to the services and
data of the client? Will the provider handout the data of client to some other provider, if yes,
will client trust the new provider? Considering these questions we can say that data
protection and portability remains as one of main weaknesses of cloud computing.
5. THREATS TO CLOUD COMPUTING
In this section, we discuss threats relevant to the security architecture of Cloud services. We
discuss here some potential threats relevant to Cloud and their remedies based on our experience
of implementing the cloud.[26].
5.1 Changes to business model
Cloud computing changes the way in which IT services are delivered. As servers, storage and
applications are provided by off-site external service providers, organizations need to evaluate the
risks associated with the loss of control over the infrastructure. This is one of the major threats
which hinder the usage of Cloud computing services.
Mitigation: A reliable end-to-end encryption and appropriate trust management scheme can
simplify such a threat to some extent.
5.2 Abusive use of Cloud computing
Cloud computing provides several utilities including bandwidth and storage capacities. Some
vendors also give a predefined trial period to use their services. However, they do not have
sufficient control over the attackers, malicious users or spammers that can take advantages of
the trials. These can often allow an intruder to plant a malicious attack and prove to be a
platform for serious attacks. Areas of concern include password and key cracking, etc. Such
threats affect the IaaS and PaaS service models.
Mitigation: To remediate this, initial registration should be through proper validation/verification
and through stronger authentication. In addition to this, the user’s network traffic should be
monitored comprehensively.
7. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
15
5.3 Insecure interfaces and API
Cloud providers often publish a set of APIs to allow their customers to design an interface for
interacting with Cloud services. These interfaces often add a layer on top of the framework,
which in turn would increase the complexity of Cloud. Such inter- faces allow vulnerabilities (in
the existing API) to move to the Cloud environment. Improper use of such interfaces would
often pose threats such as clear-text authentication, transmission of content, improper
authorizations, etc. Such type of threat may affect the IaaS, PaaS, and SaaS service models.
Mitigation: This can be avoided by using a proper security model for Cloud provider’s interface
and ensuring strong authentication and access control mechanism with encrypted transmission.
5.4 Malicious insiders
Most of the organizations hide their policies regarding the level of access to employees and their
recruitment procedure for employees. However, using a higher level of access, an employee can
gain access to confidential data and services. Due to lack of transparency in Cloud provider’s
process and procedure, insiders often have the privilege. Insider activities are often bypassed
by a firewall or Intrusion Detection system (IDS) assuming it to be a legal activity. However, a
trusted insider may turn into an adversary. In such a situation, insiders can cause a considerable
effect on Cloud service offerings, for example, malicious insiders can access confidential data
and gain control over the Cloud services with no risk of detection. This type of threat may be
relevant to SaaS, PaaS, and IaaS.
Mitigation: To avoid this risk, more transparency is required in security and management
process including compliance reporting and breach notification.
5.5 Shared technology issues/multi-tenancy nature
In multi-tenant architecture, virtualization is used to offer shared on-demand services. The same
application is shared among different users having access to the virtual machine. However, as
highlighted earlier, vulnerabilities in a hypervisor allow a malicious user to gain access and
control of the legitimate users’ virtual machine. IaaS services are delivered using shared
resources, which may not be designed to provide strong isolation for multi-tenant architectures.
This may affect the overall architecture of Cloud by allowing one tenant to interfere in the other,
and hence affecting its normal operation. This type of threat affects IaaS.
Mitigation: Implementation of SLA for patching, strong authentication, and access control to
administrative tasks are some of the solutions to address this issue.
5.6 Data loss and leakage:
Data may be compromised in many ways. This may include data compromise, deletion, or
modification. Due to the dynamic and shared nature of the Cloud, such threat could prove to be a
major issue leading to data theft. Examples of such threats are lack of authentication,
authorization and audit control, weak encryption algorithms, weak keys, risk of association,
unreliable data center, and lack of disaster recovery. This threat can applicable to SaaS, PaaS,
and IaaS.
Mitigation: Solutions include security of API, data integrity, secure storage for used keys, data
backup, and retention policies.
5.7 Service hijacking
Service hijacking may redirect the client to an illegitimate website. User accounts and service
instances could in turn make a new base for attackers. Phishing attack, fraud, exploitation of
software vulnerabilities, reused credentials, and passwords may pose service or account
hijacking. This threat can affect IaaS, PaaS, and SaaS.
8. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
16
Mitigation: Some of the mitigation strategies to address this threat include security policies,
strong authentication, and activity monitoring.
5.8 Risk profiling
Cloud offerings make organizations less involved with ownership and maintenance of hardware
and software. This offers significant advantages. However, these makes them unaware of internal
security procedures, security compliance, hardening, patching, auditing, and logging process
and expose the organization to greater risk.
Mitigation: To avoid this Cloud provider should disclose partial infrastructure details, logs, and
data. In addition to this, there should also be a monitoring and alerting system.
5.9 Identity theft
Identity theft is a form of fraud in which someone pretends to be someone else, to access
resources or obtain credit and other benefits. The victim (of identity theft) can suffer adverse
consequences and losses and held accountable for the perpetrator’s actions. Relevant security
risks include weak password recovery workflows, phishing attacks, key loggers, etc. This affects
SaaS, PaaS, and IaaS.
Mitigation: The solution is to use strong authentication mechanisms.
6. ATTACKS ON CLOUD COMPUTING
By exploiting vulnerabilities in Cloud, an adversary can launch the following attacks.
6.1 Zombie attack
Through the Internet, an attacker tries to flood the victim by sending requests from innocent
hosts in the network. These types of hosts are called zombies. In the Cloud, the requests for
Virtual Machines (VMs) are accessible by each user through the Internet. An attacker can flood
the large number of requests via zombies. Such an attack interrupts the expected behavior of
Cloud affecting availability of Cloud services. The Cloud may be overloaded to serve a number of
requests, and hence exhausted, which can cause DoS (Denial of Service) or DDoS (distributed
denial of service) to the servers. Cloud in the presence of attacker’s flooded requests cannot serve
valid user’s requests.
Mitigation: However, better authentication and authorization and IDS/IPS can provide
protection against such an attack.
6.2 Service injection attack
Cloud system is responsible for determining and eventually instantiating a free-to- use instance
of the requested service. The address for accessing that new instance is to be communicated
back to the requesting user. An adversary tries to inject a malicious service or new virtual
machine into the Cloud system and can provide malicious service to users. Cloud malware affects
the Cloud services by changing (or blocking) Cloud functionalities. Consider a case wherein an
adversary creates his/her malicious services like SaaS, PaaS, or IaaS and adds it to the Cloud
system. If an adversary succeeds to do this, then valid requests are redirected to the malicious
services automatically.
Mitigation: To defend against this type of attack, service integrity checking module should be
implemented. Strong isolation between VMs may disable the attacker from injecting malicious
code in the neighbor’s VM.
9. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
17
6.3 Attacks on virtualization
There are mainly two types of attacks performed over virtualization: VM Escape and Rootkit in
hypervisor.
6.3.1 VM Escape
In this type of attack, an attacker’s program running in a VM breaks the isolation layer in order
to run with the hypervisor’s root privileges instead with the VM privileges. This allows an
attacker to interact directly with the hypervisor. Therefore, VM Escape from the isolation is
provided by the virtual layer. By VM Escape, an attacker gets access to the host OS and the
other VMs running on the physical machine.
6.3.2 Rootkit in Hypervisor
VM-based rootkits initiate a hypervisor compromising the existing host OS to a VM. The new
guest OS assumes that it is running as the host OS with the corresponding control over the
resources, however, in reality this host does not exist. Hypervisor also creates a covert channel
to execute unauthorized code into the system. This allows an attacker to control over any VM
running on the host machine and to manipulate the activities on the system.
Mitigation: The threat arising due to VM-Level vulnerabilities can be mitigated by
monitoring through IDS (Instruction Detection System)/IPS (Intrusion Prevention System) and
by implementing firewall.
6.4 Man-in-the Middle attack
If secure socket layer (SSL) is not properly configured, then any attacker is able to access
the data exchange between two parties. In Cloud, an attacker is able to access the data
communication among data centers.
Mitigation: Proper SSL configuration and data communication tests between authorized parties
can be useful to reduce the risk of Man-in-the-Middle attack.
6.5 Metadata spoofing attack
In this type of attack, an adversary modifies or changes the service’s Web Services Description
Language (WSDL) file where descriptions about service instances are stored. If the adversary
succeeds to interrupt service invocation code from WSDL file at delivering time, then this
attack can be possible.
Mitigation: To overcome such an attack, information about services and applications should be
kept in encrypted form. Strong authentication (and authorization) should be enforced for
accessing such critical in- formation.
6.6 Phishing attack
Phishing attacks are well known for manipulating a web link and redirecting a user to a false link
to get sensitive data. In Cloud, it may be possible that an attacker use the cloud service to host a
phishing attack site to hijack accounts and services of other users in the Cloud.
6.7 Backdoor channel attack
It is a passive attack, which allows hackers to gain remote access to the compromised system.
Using backdoor channels, hackers can be able to control victim’s resources and can make it a
zombie for attempting a DDoS attack. It can also be used to disclose the confidential data of the
victim.
Mitigation: Better authentication and isolation between VMs can provide protection against
such attacks.
10. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
18
7. SECURE CLOUD ARCHITECTURE
As Shown in figure 3, we propose cloud security architecture, which protect organization
against security threats and attacks. The key points for this architecture based on our analysis of
existing security technologies are:
7.1 Single Sign-on (SSO)
Currently, Users are having multiple accounts in various Service Providers with different
usernames accompanied by different password. Therefore the vast majority of network users
tend to use the same password wherever possible, posing inherent security risks. The
inconvenience of multiple authentications not only causes users to lose productivity, but also
imposes more administrative overhead. Enterprises today are seriously considering the use of
Single Sign On (SSO) technology [27] to address the password explosion because they
promise to cut down multiple network and application passwords to one.
To overcome this problem, it is suggested that, to streamline security management and to
implement strong authentication within the cloud, organizations should implement Single Sign-
On for cloud users. This enables user to access multiple applications and services in the
cloud computing environment through a single login, thus enabling strong authentication at the
user level.
7.2 Defence in depth Security Approach
As enterprise networking technology has evolved, so too has enterprise security. What began
simply as setting up a perimeter around the network via fairly basic security tools like firewalls
and email gateways, has evolved into adding an array of virtual private networks (VPNs), virtual
local area network (VLAN) segmentation, authentication, and intrusion detection systems
(IDS)—necessary to handle the consistently growing number of threats to the corporate network.
Virtual firewall appliances should be deployed instead of first-generation firewalls. This allows
network administrators to inspect all levels of traffic, which includes basic web browser traffic,
to peer-to-peer applications traffic and encrypted web traffic in the SSL tunnel .Intrusion
Prevention Systems (IPS) should be installed to protect networks from internal threats from
insiders.
7.3 Increase Availability
Availability is a reoccurring and a growing concern in software intensive systems. Cloud
systems services can be turned offline due to conservation, power outages or possible denial of
service invasions. Fundamentally, its role is to determine the time that the system is up and
running correctly; the length of time between failures and the length of time needed to resume
operation after a failure. Availability needs to be analyzed through the use of presence
information, forecasting usage patterns and dynamic resource scaling [28]. Access to cloud
service should be available all the time, even during maintenance. This makes critical business
data stored in the cloud to be always available to cloud users, reducing network down time,
thereby increasing business profits. This can be done by implementing high availability
technologies such as active/active clustering, dynamic server load balanced and ISP load
balancing within the network infrastructure.
7.4 Data Privacy
Cloud data privacy problem will be found at every stage of the life cycle. For the data
storage and use, Mow bray et al. [29] proposed a client-based privacy management tool that
provides a user-centric trust model to help users control their sensitive information during the
cloud storage and use.
Data loss prevention (DLP) tools can help control migration of data to the cloud and also find
sensitive data leaked to the cloud. Data loss prevention (DLP) is a strategy for making sure that
11. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
19
end users do not send sensitive or critical information outside of the corporate network. DLP
help a network administrator control what data end users can transfer.
Figure 3: Secure Cloud Architecture.
7.5 Data Integrity
As a result of large scale data communication cost, the users don’t want to download data
but verify its correctness. Therefore, users need to retrieve the little cloud data through
some kinds of agreements or knowledge’s which are the probability of analytical tools with
high confidence level to determine whether the remote data integrity. User can do the
increase and decrease of the data capacity in the cloud server with the help of CSP(cloud service
provider) in his request. This storage level must be with flexible and durability condition as far
as its entire design or structure is concerned. Thus it should be claimed extra storage space
concerning future process in data exchange.
7.6 Virtual Machine Protection
You can't just install your firewall or antivirus software on a cloud-based virtual machine.
Physical firewalls aren't designed to inspect and filter the vast amount of traffic originating from
a hypervisor running 10 virtualized servers. Because VMs can start, stop and move from
12. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
20
hypervisor to hypervisor at the click of a button, whatever protection you've chosen has to
handle these activities with ease. Plus, as the number of VMs increases in the data center, it
becomes harder to account for, manage and protect them. And if unauthorized people gain
access to the hypervisor, they can take advantage of the lack of controls and modify all the VMs
housed there.
These virtual machines are vulnerable like their physical counterparts. Hence, to adequately
protect virtual machines, t h e y should he isolated from o t h e r network segments and
deep inspection at the network level should be implemented to prevent them both from
internal and external threats. Illegal internal access should be restricted by implementing
intrusion prevention systems and unauthorized external access should be protected by using
secure remote access technologies like IPSec or SSL VPN.
8. CONCLUSION
In this research paper we have discussed the characteristics of a cloud security that contains
threats/attacks and vulnerabilities. Organizations that are implementing cloud computing by
expanding their on-premise infrastructure, should be aware of the security challenges faced by
cloud computing. To protect against the compromise of the compliance integrity and security
of their applications and data, defense in depth approach must be applied. This line of defense
includes firewall, Intrusion detection and prevention, integrity monitoring, log inspection, and
malware protection. Proactive organizations and service providers should apply this protection
on their cloud infrastructure, to achieve security so that they could take advantage of cloud
computing ahead of their competitors. In this paper, a physical cloud computing security
architecture has been presented. In future, the proposed architecture may be modified with
the advancement of security technologies used for implementing this physical cloud
security architecture. By considering the contributions from several IT industries worldwide,
it’s obvious that cloud computing will be one of the leading strategic and innovative
technologies in the near future.
REFERENCES
[1] "Swamp Computing" a.k.a. Cloud Computing". Web Security Journal. 2009-12-28. Retrieved 2010-
01-25.
[2] "Thunderclouds: Managing SOA-Cloud Risk", Philip Wik". Service Technology Magazine. 2011-10.
Retrieved 2011-21-21.
[3] What cloud computing really means. InfoWorld. http://www.infoworld.com/d/cloud-
computing/what-cloud-computing-really-means-031?page=0,0
[4] Mell P, Grance T (2011) The nist definition of cloud computing (draft).
http://csrc.nist.gov/publications/drafts/800–145/Draft-SP-800-145_cloud-definition.pdf
[5] Ponemon (2011) Security of cloud computing providers study. http://www.ca.com/~/media/Files/
IndustryResearch/security-of-cloud-computing-providers-final-april-2011.pdf
[6] Software as a service-Wikipedia. Wikipedia. http://en.wikipedia.org/wiki/Software_as_a_service
[7] A. Tripathi and A. Mishra, “Cloud computing security considerations” IEEE Int. conference on
signalprocessing, communication and computing (ICSPCC), 14-16 Sept., Xi'an, Shaanxi, China,
2011
[8] Vadym Mukhin, Artem Volokyta, “Security Risk Analysis for Cloud Computing Systems”
The 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing
Systems: Technology and Applications, Prague, Czech Republic, 15-17 September 2011
[9] Mathisen, “Security Challenges and Solutions in Cloud Computing” 5th IEEE International
Conference on Digital Ecosystems and Technologies (IEEE DEST2011) , Daejeon, Korea, 31
May -3 June 2011
[10]R. La‘Quata Sumter, ―Cloud Computing: Security Risk Classificationǁ, ACMSE 2010, Oxford, USA
13. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
21
[11]Meiko Jensen ,Jorg Sehwenk et al., “On Technical Security,Issues icloud Computing ”IEEE
International conference on cloud Computing, 2009.
[12]M.Jensen ,N.Gruschka et al., “The impact of flooding Attacks on network based
services”Proceedings of the IEEE International conference on Availiabilty,Reliability and
Security (ARES) 2008.
[13]Armbrust ,M. ,Fox, A., Griffth, R., et al “Above the clouds: A Berkeley View of Cloud Computing” ,
UCB/EECS-2009-28,EECS Department University of California Berkeley, 2009
http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf
[14]Wayne A. Jansen, ―Cloud Hooks: Security and Privacy Issues in Cloud Computingǁ, 44th Hawaii
International Conference on System Sciesnces 2011.
[15]Rituik Dubey et al., “Addressing Security issues in Cloud
Computing”http://www.contrib.andrew.cmu.edu/~rdubey/index_files/cloud%20com puting.pdf
[16]M. Okuhara et al., “Security Architecture for Cloud Computing”,
www.fujitsu.com/downloads/MAG/vol46-4/paper09.pdf
[17]“A Security Analysis of Cloud Computing” http://cloudcomputing.sys- con.com/node/1203943
[18]“Cloud Security Questions? Here are some answers”http://cloudcomputing.sys-
con.com/node/1330353
[19]Cloud Computing and Security –A Natural Match, Trusted Computing Group(TCG)
http://www.trustedcomputinggroup.org
[20]“Controlling Data in the Cloud:Outsourcing Computation without outsourcing Control
http://www.parc.com/content/attachments/ControllingDataInTheCloud- CCSW-09.pdf
[21]“Amazon Web services: Overview of Security processes “ September 2008 http://aws.amazon.com
[22]T. Schreiber, “Session Riding a Widespread Vulnerability in Today'sWeb Applications” [Online],
Available: http://www.securenet.de/papers/Session_Riding.pdf, white paper, 2004. [Accessed:
20-Jul-2011].
[23]J., Grimes, P., Jaeger, J., Lin, “Weathering the Storm: The Policy Implications of Cloud
Computing” [Online], Availablehttp://ischools.org/images/iConferences/CloudAbstract13109F
INAL.pdf , [Accessed: 19-Jul-2011].
[24]B. Grobauer, T. Walloschek, and E. Stocker, “Understanding Cloud Computing
Vulnerabilities,” Security & Privacy, IEEE, vol. 9, no. 2, pp.50-57, 2011.
[25]A., Greenberg, “Why Cloud Computing Needs More Chaos”
[Online],Available:http://www.forbes.com/2009/07/30/cloud-computing- security-technology-cio-
network-cloud-computing.html, 2009, [Accessed: 20-Jul-2011].
[26]Top 7 threats to cloud computing. HELP NET SECURITY. http://www.net-
security.org/secworld.php?id=8943
[27]Rion Dutta, ”Planning for Single SignOn”, White Paper, MIEL e- Security Pvt
[28]M. Armbrust, et al., A view of cloud computing. Commun. ACM. vol. 53 (2010), pp. 50-58
[29]Miranda Mowbray and Siani Pearson, A client-based privacy manager for cloud computing. In Proc.
Fourth International Conference on Communication System Software and Middleware (ComsWare),
Dublin, Ireland, 16-19 June 2009.
Authors
Kashif Munir receives his BSc degree in Mathematics and Physics from Islamia
University Bahawalpur in 1999. He received his MSc degree in Information
Technology from University Sains Malaysia in 2001. He also obtained another MS
degree in Software Engineering from University of Malaya, Malaysia in 2005. His
research area was in the field secure network for mobile devices, Cloud and pervasive
computing.
Mr. Kashif was the lecturer at Stamford College, Malaysia. Currently, he is Lecturer
in the Computer Science & Engineering Unit at Hafr Al-Batin Community CollegeKFUPM, Saudi
Arabia. He is doing his PhD at Malaysian University of Science and Technology, Malaysia.
14. Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013
22
Prof. Dr. Sellappan Palaniappan is currently the Acting Provost and the Dean of
School of Science and Engineering at Malaysia University of Science and
Technology (MUST). Prior to joining MUST, he was an Associate Professor at the
Faculty of Computer Science and Information Technology, University of Malaya.
He holds a PhD in Interdisciplinary Information Science from the University of
Pittsburgh and a Master in Computer Science from the University of London.
Dr. Sellappan is a recipient of several Government research grants and has published numerous journals,
conference papers and IT books. He has served as an IT Consultant for several local and international
agencies such as the Asian Development Bank, the United Nations Development Programme, the World
Bank and the Government of Malaysia. He has conducted workshops for companies. He is also an
external examiner/assessor for several public and private universities. He was a member of IEEE (USA),
Chartered Engineering Council (UK) and British Computer Society (UK), and is currently a member of
the Malaysian National Computer Confederation (MNCC).