An Analysis on the Terms and Conditions of the Clickwrap Agreement and the Benefits of Maintaining the Click Wrap Agreement in Cloud Computing

One of the most unique forms of contracting is apparent in cloud computing. Cloud computing, unlike other conventional methods, has adopted a different approach in the formation of binding contract that will be used for the governance of the cloud. This method is namely the clickwrap agreement. Click wrap agreement follows a take it or leave it basis in which the end users are provided with limited to no option in terms of having a say on the contract that binds them during the use of cloud services. The terms found in the contract are often cloud service provider friendly and will be less favourable to the end user. In this article, the authors examine the terms that are often found in the cloud computing agreement as well as study the benefit that is entailed in adopting this contracting method. This chapter has undertaken a qualitative study that comprises interviews of cloud service providers in Malaysia. Hence, this study is a novel approach that also provides insight in terms of the cloud service provider perspective regarding the click wrap agreement.

Cloud Provider Selection Based on Accountability and Security Using Interval Valued Fuzzy TOPSIS

Cloud computing enables on-demand access to a public resource pool. Many businesses are migrating to the cloud due to its popularity and financial benefits. As a result, finding a suitable and best Cloud Service Provider is a difficult task for all cloud users. Many ranking systems, such as ANP, AHP and TOPSIS, have been proposed in the literature .However, many of the studies concentrated on quantitative data. But qualitative attributes are equally significant in many applications where the user is more concerned with the qualitative features.The implementation of MCDM approach for the ranking and the selection of the best player in the market as per the qualitative need of the cloud users like business organization or cloud brokers is the aim of this article. An ISO approved standard SMI framework is available for the evaluation of the CSPs.The authors have considered SMI attributes like accountability and security as the criteria for evaluation of the CSPs. The MCDM approach called IVF-TOPSIS that can handle the inherent vagueness in the cloud dataset is implemented in this work

An Integrated Multi Criteria Decision Making Model for Cloud Service Provider Selection

In the present scenario, it is inevitable for organizations to use the services offered through the cloud. As there are numerous cloud service providers, the users have a vast number of choices to get the desired service. For the long term success of any organization, it is important to choose the right cloud service provider. This paper focuses on proposing a new framework to select the best cloud service provider. While selecting the best service provider, using an appropriate method for finding out the weight of each criterion is very important as it directly impacts the ranking of candidate service providers. In this work, the Full Consistency Method (FUCOM) is employed for finding the weight of each criterion and Multi-Objective Optimization by Ratio Analysis (MOORA) is proposed for ranking the service provider. The integration of FUCOM with MOORA results in computing the reliable values of criteria weight and a simpler procedure for computing the overall score of the service provider. Hence a rational decision making is possible in selecting the best cloud service provider.

Securing Cloud Virtual Machine Image using Ethereum Blockchain

Virtual Machine Image (VMI) is the building block of cloud infrastructure. It encapsulates the various applications and data deployed at the Cloud Service Provider (CSP) end. With the leading advances of cloud computing, comes the added concern of its security. Securing the Cloud infrastructure as a whole is based on the security of the underlying Virtual Machine Images (VMI). In this paper an attempt has been made to highlight the various risks faced by the CSP and Cloud Service Consumer (CSC) in the context of VMI related operations. Later, in this article a formal model of the cloud infrastructure has been proposed. Finally, the Ethereum blockchain has been incorporated to secure, track and manage all the vital operations of the VMIs. The immutable and decentralized nature of blockchain not only makes the proposed scheme more reliable but guarantees auditability of the system by maintaining the entire VMI history in the blockchain.

Middleware architecture for data consistency in multi-cloud systems

Multi-cloud middleware must perform many different resource management, control, and monitoring functions that must interoperate but may differ in implementation in each cloud service provider. A mechanism for monotonic recording model implementation for multi-cloud systems with a geo-distributed middleware architecture is proposed in the article. It is shown, the middleware modules location defines the algorithm of synchronization of start moments of adjusting intervals required to generating the global sequence numbers for customer's data recording into the databases of multi-cloud systems. Figs.: 2. Tabl.: 1. Refs.: 10 titles. Keywords: middleware architecture, geo-distributed middleware architecture, multicloud systems.

An Assessment of the Risk of Service Supplier Bankruptcies as a Cybersecurity Threat

Behind technology service suppliers lie companies that are subject to the risk of business failure due to market conditions and trading risks. Such failures could suddenly stop customers accessing services or content, with potentially devastating business and personal impacts, given the rising importance of digital economies. The risk can be illustrated by reference to cloud computing insolvencies but similar issues may affect other service providers. The insolvency of a cloud service provider would be likely to present problems of access to infrastructure, platforms, services and data and insolvency laws are not always designed to enable a managed closedown of a business, which would be needed to enable replacement services to be sourced and data recovered. This cybersecurity risk has barely been touched upon in literature, since it lies at the intersection between law and computer science, both areas requiring high levels of specialist understanding, and this chapter is part of initial attempts to identify the threats presented.

Enhanced layered fog architecture for IoT sensing and actuation as a service

The reduced service cost offered by Sensing and Actuation as a Service paradigm, particularly in Internet of Things (IoT) era, has encouraged many establishments to start without worrying about having their own infrastructure. Such a paradigm is typically managed by a centralized cloud service provider. Fog paradigm has emerged as a mini-cloud that if designed with care to assist the cloud, together will achieve better performance. This article introduces a layered fog architecture called Sensors and Actuator Layered Fog Services Delivery (SALFSD) for IoT ecosystems. The significance of SALFSD is being fault resistant; it dynamically reassigns tasks of the failed node to the nearest active node to maintain the network connection. Besides, SALFSD monitors end users pre-specified cases closer to the physical devices hired by end users to fasten generating the actuation commands. Such node may offload its monitoring responsibility to its parent node in case it is overloaded. SALFSD is evaluated using Yet Another Fog Simulator in different scenarios (numbers of users, sensors, actuators, and areas). A comparison was made for Sensing and Actuating as a Service (SAaaS) with/without layered fog, and layered fog with/without (failure reassignment, pre-specified cases in fog nodes, and offloading). The comparison was conducted in terms of computing/communication latencies and the number of missed messages for both observations and actuation commands. Results show that failure reassignment prevented losing messages and maintained network connectivity. Also, wisely selecting the monitoring fog node per end user pre-specified cases and the offloading scheme decreased actuation latency.

Secure Outsourced Attribute-Based Signatures with Perfect Anonymity in the Standard Model

Outsourced attribute-based signatures (OABS) enable users to sign messages without revealing specific identity information and are suitable for scenarios with limited computing power. Recently, Mo et al. proposed an expressive outsourced attribute-based signature scheme (Peer-to-Peer Networking and Applications, 11, 2017). In this paper, we show that Mo et al.’s scheme does not achieve any of the three security properties. Their scheme is incorrect. The adversary can collude with the malicious signing-cloud service provider (S-CSP) to forge valid signatures on any message and any attribute set. And the S-CSP could trace the access structures used to generate the signatures. Then, we treat the S-CSP as an adversary and present more accurate unforgeability and anonymity models for OABS to remedy the drawbacks of the previous ones. Finally, we propose a simple but significant improvement to fix our attacks. The improved scheme achieves correctness, unforgeability, and perfect anonymity while keeping the efficiency almost unchanged. We also prove the security of the improved scheme under the standard model.

Kernel-Based Machine Learning Models to Predict Mitigation Time During Cloud Security Attacks

Security threats are unforeseen attacks to the services provided by the cloud service provider. Depending on the type of attack, the cloud service and its associated features will be unavailable. The mitigation time is an integral part of attack recovery. This research paper explores the different parameters that will aid in predicting the mitigation time after an attack on cloud services. Further, the paper presents machine learning models that can predict the mitigation time. The paper presents the kernel-based machine learning models that can predict the average mitigation time during security attacks. The analysis of the results shows that the kernel-based models show 87% accuracy in predicting the mitigation time. Furthermore, the paper explores the performance of the kernel-based machine learning models based on the regression-based predictive models. The regression model is used as a benchmark model to analyze the performance of the machine learning-based predictive models in the prediction of mitigation time in the wake of an attack.