scholarly journals Trustworthy Cloud Services for IoT Security: Triple Integration of Security, Privacy and Reputation

2019 ◽  
Vol 8 (6) ◽  
pp. 3280-3283
Keyword(s):  
Cloud Service ◽  
Vital Role ◽  
Cloud Services ◽  
Assessment Model ◽  
Security Assessment ◽  
Security Metrics ◽  
Security Controls ◽  
Digital World ◽  
Cloud Network ◽  
Level Calculation

In this era of digital world, Internet of Things (IoT) plays a vital role almost in every field of engineering. Now a days, almost every system has adopted this technology due to it’s ease in access, design and development. However the technology still suffers from the issues of available resources for computing of huge amount of IoT data. In order to solve these issues, it is necessary to adopt trustworthy cloud based architecture. The trust level calculation of these cloud services is a challenging task. In this paper, we have developed a triple integrated assessment for the trust evaluation of a cloud network. This assessment has been carried out using the three major parameters i.e. security, privacy and reputation. Security assessment of the cloud service has been carried out using the security metrics like security controls deliverable. The privacy assessment is evaluated using the Privacy Impact Assessment(PIA) tool. Finally the reputation assessment of the cloud network is carried out using the reputation of it’s cloud services. Experiments are carried out on different real - world web service datasets which shows that the proposed assessment model works efficiently than all other assessment models.

scholarly journals CLOUD SECURITY PRE-ASSESSMENT MODEL FOR CLOUD SERVICE PROVIDER BASED ON ISO/IEC 27017:2015 ADDITIONAL CONTROL

2020 ◽  
Vol 2 (5) ◽  
pp. 01-17
Author(s):  
Nur Ahada Kamaruddin ◽  
Ibrahim Mohamed ◽  
Ahmad Dahari Jarno ◽  
Maslina Daud
Keyword(s):  
Cloud Computing ◽  
Service Provider ◽  
Cost Effective ◽  
Cloud Service ◽  
Cloud Security ◽  
Assessment Method ◽  
Cloud Services ◽  
Assessment Model ◽  
Cloud Service Provider ◽  
Security Controls

Cloud computing technology has succeeded in attracting the interest of both academics and industries because of its ability to provide flexible, cost-effective, and adaptable services in IT solution deployment. The services offered to Cloud Service Subscriber (CSS) are based on the concept of on-demand self-service, scalability, and rapid elasticity, which allows fast deployment of IT solutions, whilst leads to possible misconfiguration, un-patched system, etc. which, allows security threats to compromise the cloud services operations. From the viewpoint of Cloud Service Provider (CSP), incidents such as data loss and information breach, will tarnish their reputations, whilst allow them to conserve the issues internally, in which there is no transparency between CSP and CSS. In the aspects of information security, CSP is encouraged to practice cybersecurity in their cloud services by adopting ISO/IEC27017:2015 inclusive of all additional security controls as mandatory requirements. This study was conducted to identify factors that are influencing the CSP readiness level in the cybersecurity implementation of their cloud services by leveraging the developed pre-assessment model to determine the level of cloud security readiness. Approached the study is based on the combination of qualitative and quantitative assessment method in validating the proposed model through interview and prototype testing. The findings of this study had shown that factors that influence the CSP level of cloud security readiness are based on these domains; technology, organisation, policy, stakeholders, culture, knowledge, and environment. The contribution of the study as a Pre-Assessment Model for CSP which is suitable to be used as a guideline to provide a safer cloud computing environment.

System Benchmarking on Public Clouds

2015 ◽  
pp. 37-50
Author(s):  
Sanjay P. Ahuja ◽  
Thomas F. Furman ◽  
Kerwin E. Roslie ◽  
Jared T. Wheeler
Keyword(s):  
Service Providers ◽  
Cluster Formation ◽  
Cloud Service ◽  
Vital Role ◽  
Cloud Services ◽  
System Level ◽  
Public Cloud ◽  
Cloud Providers ◽  
Set Up ◽  
Levels Of Service

There are several public cloud providers that provide service across different cloud models such as IaaS, PaaS, and SaaS. End users require an objective means to assess the performance of the services being offered by the various cloud providers. Benchmarks have typically been used to evaluate the performance of various systems and can play a vital role in assessing performance of the different public cloud platforms in a vendor neutral manner. Amazon's EC2 Service is one of the leading public cloud service providers and offers many different levels of service. The research in this chapter focuses on system level benchmarks and looks into evaluating the memory, CPU, and I/O performance of two different tiers of hardware offered through Amazon's EC2. Using three distinct types of system benchmarks, the performance of the micro spot instance and the M1 small instance are measured and compared. In order to examine the performance and scalability of the hardware, the virtual machines are set up in a cluster formation ranging from two to eight nodes. The results show that the scalability of the cloud is achieved by increasing resources when applicable. This chapter also looks at the economic model and other cloud services offered by Amazon's EC2, Microsoft's Azure, and Google's App Engine.

Integrated Security Process Improvement Framework for Systems and Services

2014 ◽  
Vol 4 (1) ◽  
pp. 53-67
Author(s):  
Muthu Ramachandran
Keyword(s):  
Process Improvement ◽  
Research Area ◽  
Cloud Services ◽  
Networked Systems ◽  
Assessment Model ◽  
Maturity Model ◽  
Security Assessment ◽  
Maturity Level ◽  
External Threats ◽  
Wireless Application

Security of systems and services has been dominant research area in recent years as today's cloud services, big data and networked systems, especially when they provide wireless application access where personal and confidential data to be transmitted across the networked systems. Numerous tools and technologies are available to ensure system's security; however, external threats to computer systems and applications residents thereon, are also becoming more and more sophisticated and on the increase. Therefore, the key aim of this research is to integrate security engineering techniques and process with systems development life-cycle and process improvement frameworks. This paper presents a framework that consists of two components: 1) a security assessment model to looks at the existing security infrastructure of an organisation to determine its security maturity level; and 2) a security improvement maturity model to suggest an improvement mechanism for the organisation to progress from one maturity level to the next higher level. The intention is to provide a scheme to improve the organisation's Systems and network security with the aim that it becomes more efficient and effective than before.

Unique Fog Computing Taxonomy for Evaluating Cloud Services

2021 ◽  
pp. 985-998
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Cloud Computing ◽  
Network Model ◽  
Fog Computing ◽  
Research Work ◽  
Cloud Service ◽  
Cloud Services ◽  
Literature Research ◽  
Service Consumer ◽  
Cloud Network ◽  
Best Fit

Fog computing has the potential to resolve cloud computing issues by extending the cloud service provider's reach to the edge of the cloud network model, right up to the cloud service consumer. This enables a whole new state of applications and services which increases the security, enhances the cloud experience, and keeps the data close to the user. This chapter presents a review on the academic literature research work on fog computing, introduces a novel taxonomy to classify cloud products based on fog computing elements, and then determines the best fit fog computing product to choose for the cloud service consumer.

Integrated Security Process Improvement Framework for Systems and Services

2015 ◽  
pp. 772-787
Author(s):  
Muthu Ramachandran
Keyword(s):  
Process Improvement ◽  
Research Area ◽  
Cloud Services ◽  
Networked Systems ◽  
Assessment Model ◽  
Maturity Model ◽  
Security Assessment ◽  
Maturity Level ◽  
External Threats ◽  
Security Infrastructure

Security of systems and services has been dominant research area in recent years as today's cloud services, big data and networked systems, especially when they provide wireless application access where personal and confidential data to be transmitted across the networked systems. Numerous tools and technologies are available to ensure system's security; however, external threats to computer systems and applications residents thereon, are also becoming more and more sophisticated and on the increase. Therefore, the key aim of this research is to integrate security engineering techniques and process with systems development life-cycle and process improvement frameworks. This paper presents a framework that consists of two components: 1) a security assessment model to looks at the existing security infrastructure of an organisation to determine its security maturity level; and 2) a security improvement maturity model to suggest an improvement mechanism for the organisation to progress from one maturity level to the next higher level. The intention is to provide a scheme to improve the organisation's Systems and network security with the aim that it becomes more efficient and effective than before.

scholarly journals mCSQAM: Service Quality Assessment Model in Mobile Cloud Services Environment

2016 ◽  
Vol 2016 ◽  
pp. 1-9 ◽  
Author(s):  
Young-Rok Shin ◽  
Eui-Nam Huh
Keyword(s):  
Cloud Computing ◽  
Service Quality ◽  
Quality Assessment ◽  
Service Providers ◽  
Quality Criteria ◽  
Cloud Service ◽  
Cloud Services ◽  
Assessment Model ◽  
Mobile Cloud ◽  
Mobile Cloud Service

Cloud computing is high technology that extends existing IT capabilities and requirements. Recently, the cloud computing paradigm is towards mobile with advances of mobile network and personal devices. As concept of mobile cloud, the number of providers rapidly increases for various mobile cloud services. Despite development of cloud computing, most service providers used their own policies to deliver their services to user. In other words, quality criteria for mobile cloud service assessment are not clearly established yet. To solve the problem, there were some researches that proposed models for service quality assessment. However, they did not consider various metrics to assess service quality. Although existing research considers various metrics, they did not consider newly generated Service Level Agreement. In this paper, to solve the problem, we proposed a mobile cloud service assessment model called mCSQAM and verify our model through few case researches. To apply the mobile cloud, proposed assessment model is transformed from ISO/IEC 9126 which is an international standard for software quality assessment. mCSQAM can provide service quality assessment and determine raking of the service. Furthermore, if Cloud Service Broker includes mCSQAM, appropriate services can be recommended for service users using user and service conditions.

Unique Fog Computing Taxonomy for Evaluating Cloud Services

2019 ◽  
pp. 145-162
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Cloud Computing ◽  
Network Model ◽  
Fog Computing ◽  
Research Work ◽  
Cloud Service ◽  
Cloud Services ◽  
Literature Research ◽  
Service Consumer ◽  
Cloud Network ◽  
Best Fit

Fog computing has the potential to resolve cloud computing issues by extending the cloud service provider's reach to the edge of the cloud network model, right up to the cloud service consumer. This enables a whole new state of applications and services which increases the security, enhances the cloud experience, and keeps the data close to the user. This chapter presents a review on the academic literature research work on fog computing, introduces a novel taxonomy to classify cloud products based on fog computing elements, and then determines the best fit fog computing product to choose for the cloud service consumer.

scholarly journals Data security and risk assessment in cloud computing

2018 ◽  
Vol 17 ◽  
pp. 03028 ◽  
Author(s):  
Jing Li ◽  
Qinyuan Li
Keyword(s):  
Risk Assessment ◽  
Cloud Computing ◽  
Data Security ◽  
Service Providers ◽  
Personal Information ◽  
Cloud Service ◽  
Cloud Services ◽  
Management Framework ◽  
Security Controls ◽  
Cloud Service Providers

Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal) according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

scholarly journals Trade-offs involved in the choice of cloud service configurations when building secure, scalable, and efficient Internet-of-Things networks

2020 ◽  
Vol 16 (2) ◽  
pp. 155014772090819 ◽  
Author(s):  
Amitabh Mishra ◽  
Thomas Reichherzer ◽  
Ezhil Kalaimannan ◽  
Norman Wilde ◽  
Ruben Ramirez
Keyword(s):  
Internet Of Things ◽  
Web Service ◽  
Smart Home ◽  
Cloud Service ◽  
Cloud Services ◽  
Sensor Data ◽  
Prototype System ◽  
Plain Text ◽  
Security Controls ◽  
Trade Offs

This article focuses on results obtained from two cloud-based models that examine trade-offs between security, scalability, and efficiency of data collection for Internet-of-Things sensor networks. This work can provide insight for Internet-of-Things systems designers in choosing security controls and scalability features when working with cloud services. The results were obtained from a smart home Internet-of-Things prototype system in which data records from in-home sensors are transmitted wirelessly to an in-home hub, which forwards them to a cloud web service for storage and analysis. We consider different configurations and security controls on the wireless (in-home) and on the wired (home-to-web) sides. The configuration on the wireless side includes encrypted or plain-text transmission from the wireless sensors to the in-home hub for probing if software encryption of sensor data adds appreciable delay to the transmission time. The configuration on the wired side includes encryption or plain-text transmission, with or without authentication, with or without scalable cloud services. For each configuration, we measure end-to-end latency, transmission latency, and processing latency at the web service. Results of the experiments on the wired side showed much greater latencies and variability of latencies when using scalable cloud services.

scholarly journals An Overview of Pricing Models for Using Cloud Services with analysis on Pay-Per-Use Model

2018 ◽  
Vol 7 (3.12) ◽  
pp. 248
Author(s):  
Devesh Lowe ◽  
Bhavna Galhotra
Keyword(s):  
Dynamic Pricing ◽  
Capital Investment ◽  
Cloud Service ◽  
Software Piracy ◽  
End Users ◽  
Cloud Services ◽  
Cloud Service Provider ◽  
Authorized User ◽  
Acquisition Costs ◽  
Cloud Network

Emergence of Cloud computing in recent years has provided various options to end-users w.r.t. cloud services. Different end users have different requirements for cloud services such as IAAS, PAAS & SAAS, but these services can be availed using different pricing mechanisms such as PPU, PFR, leased based, subscription based and dynamic pricing based on factors such as initial cost, lease period, QoS, Age of resources and cost of maintenance. The authors work focusses on ‘pay-per-use’ model of cloud pricing by studying various aspects of this model and comparing the current pricing rates of leading cloud service provider. Through this paper, the authors try to analyse the pricing model used by provider by comparing similar pricing offered by competitors. Authors will also try to establish the fairness of pricing as basis for designing better model for such services. The idea of pay per use has emerged to counter the rampant software piracy, while capturing the marginal and heterogeneous users who have been often found to use pirated software, as the acquisition costs for perpetual usage are too high. The marginal usage does not justify the huge capital investment of perpetual license, thereby leading to software piracy. In this paper the authors have also discussed on the Pay per use SaaS model and how it is better than the perpetual licencing, Pay per use is primarily dependent upon certain market conditions, like higher potential for piracy, lower inconvenience costs, majority of marginal users, and strong cloud network presence. Whereas perpetual licensing is important for heavy users, a market having the above-mentioned conditions will always benefit the SaaS pay per use model. So while the developer finds advantages of increased authorized user network, lower costs of marketing, enhanced customer reliability, and lesser impact of piracy, the rewards for users are even greater as they get to use the licensed full & updated versions for a small fee, even for minor everyday usage without incurring the huge expenditure on acquisition.   

Sign in / Sign up

Export Citation Format

Share Document