SlideShare a Scribd company logo

Cloud computing security

M
maheralgamdi

This document provides a summary of a seminar presentation on cloud computing security. It begins with the names and student IDs of three presenters and their advisor. It then includes an abstract, introduction and overview of cloud computing features, categories, deployment models, and important security issues. The objectives and research questions of the presentation are outlined. A literature review discusses past research on cloud computing security techniques like encryption algorithms and key management schemes. The document provides context and outlines for the seminar presentation on securing cloud computing.

Technology
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Seminar 1 cloud computing security Prepared and Presented by :  Student name : Maher Abdullah Al Ghamdi ID : 441147908  Student name : Ahmed Ali Al-Ghamdi ID : 441147862  Student name : Mohamed Odeh Al-Qaidi ID : 441147880 Advisor: M. Ibrahim Al-Adeni
Seminar 2 Contents Abstract ....................................................................................................................................3 Introduction ..............................................................................................................................3 Features of Cloud Model......................................................................................................5 Cloud Computing Categories ...............................................................................................6 Deployment Models of Cloud Computing ...............................................................................7 Important Security Issues in the Cloud ....................................................................................8 Objectives.................................................................................................................................9 Research Questions ................................................................................................................10 Literature Review...................................................................................................................10 Approach and Methodology...................................................................................................16 Interpretivism and Positivism.............................................................................................17 What is methodology?............................................................................................................17 Systematic Literature Review (SLR)..................................................................................17 Interviewing........................................................................................................................18 Focus Groups......................................................................................................................19 Qualitative method weaknesses..........................................................................................19 Ethical considerations.............................................................................................................19 Ensuring quality and integrity of research; ........................................................................19 Respect the confidentiality and anonymity of research respondents;.................................20 Ensuring participants will participate voluntarily; .............................................................20 Ensuring informed consent;................................................................................................20 Avoid harm to participants.................................................................................................20 Ensuring research is independent and impartial.................................................................21 Limitations & Delimitations...................................................................................................21 References ..............................................................................................................................22
Seminar 3 Abstract Cloud computing has emerged as a novel technique recently. It constitutes one of the great advancements in computing sciences. It provides a lot of services and has added a new dimension in storing data. In spite of such benefits and advantages, it is still facing a lot of security issues and this has results in some problems. Such problems have raised concerns over the security problems which have yielded big influences to the development and popularization of cloud computing. Accordingly, an urgent need for solving and addressing such issues are important. This work of research addresses cloud computing and security issues. Also, a review of past literature on the key security problems that face cloud computing is provided. This paper focuses on some IT companies in the Kingdom of Saudi Arabia that provides cloud computing services. Introduction Currently one of the key theme of many information technology discussions is cloud computing. What really preoccupies people now is cloud computing security. Usually debates tend to concentrate on all standard security advantages, disadvantages and requirements. Nevertheless the fact the most common security measures protect data from loss, unauthorized access, integrity disruption, etc., there are other necessary and important characteristics of any IT infrastructure that must implemented in a much more serious way. One of those structures is the cloud infrastructure. To begin with, it is important to define cloud computing. It is defined as "an on-demand service model for IT provision based on virtualization and distributed computing technologies. (Velev & Zlateva, 2011). It is also
Seminar 4 known that typical cloud computing providers deliver common business applications online as services which are accessed from another web service or software like a web browser, Cloud security, also known as cloud computing security, is composed of a group of policies, controls, procedures and technologies that work in an integrative manner to safeguard cloud-based systems, data, and infrastructure. These security measures are configured to protect cloud data, support regulatory compliance and protect customers' privacy as well as developing rules for authentication for individual users and devices. From authenticating access to filtering traffic, cloud security can be configured to meet the real requirements of the business. The infrastructure is a service, and its components must be readily accessible and available to the immediate needs of the application stacks it supports. Cloud computing removes the traditional application silos within the data center and provides a novel level of flexibility and scalability to the IT organization. This sense of flexibility assists with tackling challenges encountering enterprises and IT service providers that include rapidly changing IT landscapes, cost reduction pressures, and focus on time to market. Cloud users can fall under the following categories: • Individual consumers; • Individual businesses; • Start-ups; • Small and medium-size businesses; • Several benefits are provided through enterprise businesses cloud computing architectures as follows:
Seminar 5 • low cost as services are supplied on demand with pay-as-you-use billing system; • highly abstracted resources; • instant scalability and flexibility; • instantaneous provisioning; • shared resources, such as hardware, database, etc.; • programmatic management through API of Web services; • increased mobility - information is accessed from any location Features of Cloud Model The Cloud Model is made up of five key features:  On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.  Broad network access: Capabilities are accessible across the network using standard mechanisms that encourage the usage of diverse thin and thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).  Resource pooling: Using a multi-tenant approach, the provider's computing resources are pooled to serve numerous clients, with distinct physical and virtual resources dynamically assigned and reassigned based on consumer demand. The customer has no control or knowledge of the exact location of the delivered resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or
Seminar 6 datacenter). Storage, computation, memory, and network bandwidth are examples of resources.  Rapid elasticity: Capabilities can be provisioned and released flexibly, and in some circumstances automatically, to scale outward and inward in response to demand. To the consumer, provisioning capabilities frequently appear to be limitless, and they can be used in any quantity at any time.  Measured service: Cloud systems employ a metering capability (pay- per-use basis) at a level of abstraction appropriate to the type of service to automatically control and optimise resource use (e.g., storage, processing, bandwidth, and active user accounts). The use of resources can be tracked, managed, and reported, ensuring transparency for both the provider and the user of the service. Cloud Computing Categories It is important to shed light on the different cloud computing categories and how cloud development is done: • Infrastructure as Service (IaaS): This type provides virtual machines and other abstracted hardware and operating systems that may be handled through a service API (API). IaaS encompasses the entire infrastructure resource stack, from facilities to the hardware platforms that power them. It includes the ability to abstract resources as well as the ability to connect those resources physically and logically. IaaS provides a collection of APIs that enable consumers to control and interact with the infrastructure in various ways. • Platform as a Service (PaaS): Customers can use APIs to create new applications that can be implemented and operated remotely.
Seminar 7 Development tools, configuration management, and deployment platforms are among the platforms available. PaaS sits on top of IaaS and adds an extra layer of interaction with application development frameworks and functionalities like database, messaging, and queuing, allowing developers to build applications for the platform using programming languages and tools that the stack supports.  Infrastructure as a Service (IaaS): The capacity to offer processing, storage, networks, and other core computing resources to the customer, allowing the user to deploy and execute any software, such as operating systems and applications. Although the customer does not manage or control the underlying cloud infrastructure, he or she does have control over operating systems, storage, and deployed applications, as well as maybe limited control over some networking components (e.g., host firewalls). Deployment Models of Cloud Computing  Community cloud: The cloud infrastructure is reserved for a select group of customers from businesses with similar issues (e.g., mission, security requirements, policy, and compliance considerations). It could be owned, managed, and administered by one or more community organisations, a third party, or a mix of the three and it could take place on or off premises.  Public cloud: The cloud infrastructure is available to anyone who wants to use it. A company, academic, or government entity, or a combination of them, may own, manage, and run it. It is located on the cloud provider's premises.
Seminar 8  Hybrid cloud: The cloud infrastructure is made up of two or more distinct cloud infrastructures (private, community, or public) that operate independently but are linked by standardized or proprietary technology that allows data and application portability (e.g., cloud bursting for load balancing between clouds). Important Security Issues in the Cloud Despite the fact that virtualization and Cloud Computing provide a wide range of dynamic resources, security concerns are widely seen as a major issue in the Cloud, causing consumers to be hesitant to adopt the technology. The following are some of the security concerns in the Cloud: - Integrity: Integrity ensures that data stored in a system is a correct representation of the data intended and has not been tampered with by an authorized user. When any application is installed on a server, a backup process is set up to ensure that data is protected in the event of a data loss. Normally, the data will be backed up on a regular basis to any portable medium and then kept in an off-site location. - Availability: Availability assures that unauthorised activity does not render data processing resources unavailable. It is the simple concept that when a user attempts to access something, it is accessible. For mission-critical systems, this is crucial. Companies must have business continuity plans (BCPs) in place to ensure that these systems are available. - Confidentiality: Confidentiality ensures that data is not shared with anyone who isn't supposed to know. When data can be viewed or read by anyone who is not authorized to have access to it,
Seminar 9 confidentiality is lost. Confidentiality can be breached either physically or electronically. Through social engineering, physical sensitive information is lost. When clients and servers do not encrypt their communications, electronic confidentiality is lost. Objectives The main objectives of this research work are - To tackle and address the security issues which affect the performance of Cloud Computing in some Saudi companies. - To analyse the current security and vulnerabilities of cloud computing in an organisational perspective. - To identify the current security techniques utilized in cloud computing for preventative measures and to study its effectiveness - To determine areas of improvement in the integrity and security of cloud computing From the above main objectives, the following sub-objectives can be tackled, as well:  To identify the future security challenges that could emerge due to the developments in Cloud Computing.  To suggest some counter measures for the future challenges to be faced in Cloud Computing.
Seminar 10 Research Questions No Research Questions Purpose 1 What security flaws exist in today's cloud computing architecture, in particular in the Saudi companies? To identify current cloud computing vulnerabilities and security flaws. 2 What security measures are in place to prevent data breaches and unauthorised access to the cloud network? To determine the existing cloud security methods in use and evaluate their efficacy. 3 What areas of cloud computing security need to be strengthened? To identify places where cloud computing security should be improved. Literature Review A lot of research has tackled cloud computing security. Information technology has rapid changes in recent years. Cloud computing has added more promising role of IT with the addition of storage for users. Cloud computing has enabled the vendors to rent out their services at hourly rates. They also rent out the space to users on their physical systems. However, these services have several security threats for users. In a report, Cloud Security Alliance revealed that abuse, insecure interfaces, and nefarious usage were the vulnerable threats. These threats have been associated with the application program interfaces and cloud computing. Information security falls into three main objectives, such as integrity, confidentiality, and availability. Security threats to these security goals include a long-term confidentiality issue because one considers that present and past encryption schema are not secure. Information leakage vulnerability is another concern as data is outsourced. Tampering with data also poses threats to data confidentiality.
Seminar 11 Numerous security mechanisms have been proposed by different researchers. In this section we will provide the literature survey of work done in this field. According to Jan de Muijnck-Hughes (2011), Predicate Based Encryption was offered as a security solution (PBE). PBE is a type of asymmetric encryption that has its roots in Identity Based Encryption. This method combines Attribute Based Access Control (ABAC) and asymmetric encryption, allowing for the creation of a single encryptor/multi decryptor environment with a single scheme. This Predicate Based Encryption focuses on both Platform as a Service and Software as Service implementations. This proposed solution also protects cloud resident data from undesired exposure, leaking, and other breaches of confidentiality. Venkata Sravan et.al (2011) conducted a study titled "Security Techniques for Protecting Data in the Cloud". The goal of this study is to identify security concerns in Cloud computing and the suitable security solutions that may be utilized to mitigate them. A total of 43 security issues and 43 security approaches were discovered in the study. Confidentiality is the most measured attribute (31%), followed by Integrity (24%), and Availability (19%). Ali Asghary Karahroudy (2011) carried out a study titled "Security Analysis and Framework of Cloud Computing with Parity Based Partially Distributed File System was the title of a paper. This study introduced a technique called Partially Distributed File System with Parity (PDFSP), which is a modified version of the existing GFS/HDFS protocol. Client Access Machine, User Public Machine, Cloud Management Server, and File Retrieval Server are the four key components of this PDFSP. All of
Seminar 12 these components work together to ensure that the data being transferred is not intercepted. Confidentiality, Integrity, and Availability were the three components of security discussed in this study. Nabil Giweli (2013) proposed the Data Centric Security strategy, which is a solution-based approach. This technique intends to provide data security by allowing data to self-describe, defend, and protect themselves throughout their lifecycle in cloud environments. This approach places the full burden of setting and managing data privacy and security safeguards on the data owner. This proposed solution uses symmetric and asymmetric encryption techniques and is based on the Chinese Remainder Theorem (CRT). The proposed technique is shown to be very efficient in this research since it does not require complex key derivation methods and the data file do not have to be encrypted twice. On 2013, Miao Zhou outlined five strategies for ensuring data security and integrity in cloud computing. Innovative tree-based key management system, Privacy enhanced cloud data outsourcing, Privacy preserved access control for cloud computing, Privacy enhanced keyword search in clouds, and Public remote integrity check for private data are some of the techniques used. This article used a Keyword Searching Mechanism that allows for effective multi-user keyword searches while concealing personal information in search requests. To achieve flexible and fine- grained access control in the cloud, an encryption strategy for a two-tier system was presented. The proposed approach is efficient, according to the experimental results, especially when the data file is large and the integrity check is performed frequently.
Seminar 13 Sudhansu Ranjan Lenka et al. (2014) published a paper titled "Enhancing Data Security in Cloud Computing Using RSA Encryption and MD5 Algorithm". They implemented both the RSA and MD5 algorithms, as the title of the study suggests. The RSA Algorithm is utilised in this work for secure communication as well as file encryption and decryption, while the MD5 Algorithm is used for digital signatures and to protect the tables from unauthorised users. Confidentiality, Integrity, and Availability are the three (3) characteristics of security provided by the two algorithms proposed. In 2014, Aastha Mishra suggested a Key Management Scheme for Advanced Secret Sharing. The goal of this work is to provide a more reliable decentralised light weight key management technique for cloud systems that will improve data security and key management. The suggested solution preserves the security and privacy of user data by replicating key shares across many clouds utilising a secret sharing mechanism and a voting method to verify share integrity. The approach employed in this paper also provides improved security against byzantine failure, server collusion, and data alteration attacks. Cloud Data Storage Security based on Cryptographic Mechanisms was written by Nesrine Kaaniche in 2014. ID-Based Cryptography (IBC) and CloudaSec are two (2) strategies proposed by Nesrine in this study to secure data. The study proposes using ID-Based Cryptography to employ each client as a private key generator, generating his own ID-Based Cryptographic Public Elements (IBC-PE). These IBC-PE are used to generate ID-based keys and encrypt data before it is stored and shared in the cloud. There is a public key based solution for CloudaSec that
Seminar 14 promotes the separation of subscription-based key management and confidentiality-oriented asymmetric encryption policies. CloudaSec enables scalable and flexible implementation of the solution, as well as high security guarantees for outsourced data stored on cloud servers. This study examines and explains why cryptographic activities on the client side are acceptable as compared to upload operations and do not require extensive processing resources. For example, encoding an 8*105 bytes of data takes only 0.1 second, however uploading it takes 10 seconds. As a result, the encryption methods consume 1% of the Openstack upload overhead. In his work, "Data Confidentiality and Risk Management in Cloud Computing", Afnan Ullah Khan (2014) introduced a technique known as Access Control and Data Confidentiality (ACDC). The paper's goal was to create a new scheme for enforcing access control regulations in cloud computing environments. He used a medical/healthcare situation to come up with the following components: Data Owner (Medical centre), Data Consumers (patients, nurses, doctors, etc.), Infrastructure Provider, and Trusted Authority. The article uses Infrastructure as a Service as its deployment model, and the presented technique was used to achieve data secrecy and authentication. Sarojini et al. (2016) proposed the Enhanced Mutual Trusted Access Control Algorithm. (EMTACA). To avoid security difficulties in cloud computing, this strategy establishes mutual trust between cloud consumers and cloud service providers. The goal of this work is to offer a system that uses the EMTACA algorithm to ensure increased guaranteed, trusted, and reputation-based cloud services among cloud users. The
Seminar 15 results of this paper demonstrated that the three most critical aspects of data security, confidentiality, integrity, and availability, were all met. Dimitra A. Geogiou published a paper in 2017 outlining security standards for cloud computing. The goal of security policies is to safeguard people and information, establish guidelines for expected user behavior, reduce risks, and track regulatory compliance. The focus of the paper was on Software as a Service. The report provided a comprehensive assessment and analysis of previous studies on cloud computing security. Dimitra concentrated his study of current threats on the ones that aren't applicable to traditional systems. An approach for assessing distinct dangers in the cloud was developed in order to be able to identify new rules that should be implemented into the cloud policy. This research examined the security requirements of a cloud service provider using a case study of Europe's E-health system as a case study. According to Breach Level Index (BLI), a global cybersecurity analytics firm, malware insertion in a cloud environment is responsible for over 68 percent of breaches (Breach Level Index annual 2016 report). Furthermore, identity theft, account access, and data theft account for 88 percent of all hacks. According to CSonline.com (Armerding, 2017), there has been an increase in hacking schemes during the last 11 years, as well as an increase in the severity of breaches and hacking. Yahoo, JP Morgan, eBay, and Target are just a few of the top technology and financial companies that have been hacked and have had their consumers' data compromised. Yahoo is at the top of the list for 6 billion hacked client accounts, which is predicted to cost them $457 million. According to CSO (2017) a research institute concentrating on cloud computing in a poll that they have conducted their users the security and
Seminar 16 integrity of cloud computing remains the primary issue for cloud practitioners. Several frequent concerns now plague cloud computing, according to Danish (2011), include Denial of Service (DoS) attacks, flashing attacks, and session hijacking attacks. The following concerns have been identified as being highly common in cloud computing operations. Following these basic cloud difficulties, there are more serious dangers of malware injection, which can be accomplished through SQL injections, allowing attackers to exploit a security flaw and obtain unauthorized access to personal data. With cloud computing becoming a more dominant technology in every part of the IT industry, it is becoming increasingly necessary to fully comprehend its vulnerabilities in order to avoid substantial damages and losses. Approach and Methodology The most critical part of any study is the methodology because it explains how the research will be conducted. The methodology of this study had to be planned according to the requirement of the providing security solutions to cloud computing, which is the ultimate objective of the study. The methodology is based on certain historical perspectives, as other people have already been conducted research in this field. As a result of undertaking the literature review it was decided that a strong methodology had to be adopted and implemented in order to get the maximum accurate results. The study focuses on providing solutions to cloud computing security issues. Smith and Dainty (1991) define research as the study of relationships, problem solving, and the creation of a body of knowledge. The famous learning style of Kolb (1984) comprised of four main segments: concrete experience, observation, and reflection, as well as the production of abstract ideas and their testing in different scenarios. Because the purpose of this study is to examine the integrity and vulnerabilities of cloud computing, as well as the future outlook of cloud computing from an
Seminar 17 organisational standpoint, there will be several competing ideologies. For this project, the inductive approach would be the best option because it aids researchers in dealing with uncertainty by combining all contextual information into a single overall view. Interpretivism and Positivism In both qualitative and quantitative analysis, positivism will be used in this study. The positivist approach was used in the majority of scientific study completed in the recent decade (Giddings, 2006). The purpose of this study is to obtain data that are independent of the researchers' prior beliefs, experiences, and emotions (Paley, 2001; Giddings, 2006) What is methodology? Qualitative research, according to Du Plooy (2001), is a paradigm that allows the researcher to gain an "insider view on social action" (p.87). Qualitative research can make a substantial contribution to both discovery and theory development (Giles, 2000). Systematic Literature Review (SLR) One of the key research approaches for this study will be systematic literature review (SLR). The purpose of this document is to outline the present state of knowledge and information on cloud computing security issues. This is mainly to build a bridge to reflect on how existing cloud architecture security techniques work. A systematic literature review is an approach for identifying, evaluating, and interpreting all relevant research for a certain research issue or topic. Because it justly synthesizes existing work in the field of cloud computing, a systematic literature review can provide a fair evaluation on the research topic. The following are the differences between a systematic and a typical literature review: By adopting a review procedure, a sytematic literature review directly answers the identified research questions.
Seminar 18 A systematic literature review develops a search strategy that identifies and targets all relevant publications. To assess the viability of each primary study, a systematic literature review would require inclusion and exclusion criteria. The systematic literature review will be conducted in three main phases Interviewing One important method in this study will be interviewing. The purpose of interviewing is to perceive and comprehend what the interviewee says, as well as to identify the issues in depth using a holistic approach (Kvale, 1996). Interviews are vital for this project, as well as other projects, because they allow researchers to collect more sophisticated data and do further research. The purpose of the interview will be to obtain factual information, which will be followed by contextual information. We will conduct interviews with our subjects in their natural surroundings in order to deepen nuances in interviewee perspectives, and the definitions will be revised on a regular basis (Kalnis 1986 as cited in Marshall and Rossman, 1955). To avoid endangering the project's results, researchers and interviewees must suppress personal prejudice and preconceived notions when doing it. (Williams, 1993; Saunders et al, 2003) The semi-structured interview will be used as the major method of interviewing since it allows researchers to investigate any themes that they discover to be significant and to go more deeply into the participants' backgrounds. (David & Sutton 2004). According to Gray (2004), Probing should be used by academics to examine fresh themes that were not previously considered. Because of the disparity in backgrounds of both the interviewer and the participants, one disadvantage of conducting semi-structured interviews is that the interviewers may be unable to discern some themes prompted by the participants. (David & Sutton, 2004). Because there is no way to avoid it, the best line of action is to bear this in mind before going into the interview.
Seminar 19 Focus Groups This method relates to ethnography which blends both interviewing and observation (Willis, 1990). According to Lindolf & Taylor (2002), Because of the cascade effect from other qualitative approaches like individual interviews, this strategy is effective for inserting multiple perspectives into the data pool. This study will conduct focus groups with a small group size of 3-5 people in order to properly manage the group and provide each participant adequate time to contribute. Because focus group participants will come from a variety of backgrounds, the group's homogeneity cannot be ensured. The group's homogeneity is seen as a critical feature since it influences individuals' readiness to freely provide information. (Corfman, 1995). Researcher must keep this in mind when conducting the focus group. Qualitative method weaknesses Every research method has flaws, and the qualitative research approach is no exception. Stiles (1993) and Patton (2001) said that data reliability and validity are important aspects that influence the research's conclusion and quality. According to Denzin & Lincoln (1998), transferability, credibility, dependability, and conformability are four characteristics that can be used to determine the quality of research and ensure its accuracy. Ethical considerations Once this research is started, it must be done with the utmost caution in terms of ethical problems. According to Ramos (1989), researchers must be mindful of various issues, including the researcher-researcher connection and researchers' subjective interpretations of data. This study will also apply ethical propriety principles, which include guidelines for honesty, fairness, and openness of intent. Data protection, informed permission, anonymity, and confidentiality for participants are all important ethical problems to consider in this study. Ensuring quality and integrity of research; When interacting with others, researchers should maintain professional civility and fairness. The research methodologies must be used with rigor and objectivity, and no actions that are irrelevant should be included.
Seminar 20 Keep clear and accurate records of all research, and properly cite/get permission for any supporting materials. All data gathered for the study should be used with precision, accountability, and good stewardship. Respect the confidentiality and anonymity of research respondents; Data protection rules and confidentiality agreements must be respected and followed by interviewers. If a participant desires to remain anonymous while participating in this study, the researcher must follow the rules and keep the participant's personal identifying information confidential, only including information that the participant has consented to. Researchers should provide contact information to participants when obtaining consent, in case they require additional information, want to rescind a response, or even discontinue their involvement at any moment. Researchers should also make it apparent to participants how the study protects their privacy and anonymity. Ensuring participants will participate voluntarily; In order to involve any volunteers, no strenuous actions should be taken; ensure that all volunteered participants are well-informed about the research aims and process. If a participant wants to withdraw from the event, they should be respected. Ensuring informed consent; The goal of the study must be explained to the participants by the interviewers for this project. Each participant will be given a project information sheet that explains the goal of the study, and how the information contributed by participants will be disseminated and used. Interviewees should be informed about the estimated interview completion time and the study's scope, and they should be given the opportunity to decide whether or not they want to participate. This procedure must be followed both verbally and in writing. Avoid harm to participants Researchers must ensure that no feature of this project will cause embarrassment, self-des-integration, or a violation of moral or ethical norms (Leedy,1997).
Seminar 21 Any raw data collected from research participants must be kept private and only researchers should have access to it. All data must be processed and stored on computers or external devices that are password-protected. Participants' personal information must be safeguarded by legal measures. Ensuring research is independent and impartial. Another key feature of this study is to avoid the dissemination of dangerous materials, such as hacking tools or obstructive coding, in order to prevent future misuse. Limitations & Delimitations Limitations are circumstances that may affect the research method and analysis that researchers are unable to control (Leedy & Ormrod, 2013). During interviews, participants may provide socially desirable responses instead of honest ones (Waller, Hockin, & Smith, 2017). For example, recording interviews may have caused some participants to withhold information for privacy reasons. There were some other limitations beyond control in this qualitative study. The findings of this study were from the perspective of surveyed population only and not the other companies that were not part of the interview section. In addition to using a limited population size, the use of findings was narrowed to active companies offering cloud hosting services in the KSA. Delimitations The boundaries of this research included the type of study, which was focused on the strategies proposed by the companies that took part in the study. The selected companies for case studies were in the KSA with a select population size. Additionally, the population of the study included IT directors of some specific Saudi companies that offer cloud host services. Finally, participants were selected based on specific criteria such as successful experiences in developing cloud infrastructures.
Seminar 22 References  Yan, Xiaowei & Zhang, Xiaosong & Chen, Ting & Zhao, Hongtian & Li, Xiaoshan. (2012). The Research and Design of Cloud Computing Security Framework. Lecture Notes in Computer Science. 121. 757-763. 10.1007/978-3-642-25541-0_95.  Haufe, Knut & Dzombeta, Srdan & Brandis, Knud. (2014). Proposal for a Security Management in Cloud Computing for Health Care. TheScientificWorldJournal. 2014. 146970. 10.1155/2014/146970.  Muijnck-Hughes Jan de (2011) Data Protection in the Cloud, 12 Jan, 2019 [Online], Available: http://www.ru.nl/ds  Venkata S. et.al (2011) Security Techniques for Protecting Data in Cloud Computing, 12 Jan, 2019 [Online] Available: https://www.bth.se/com  Ali Asghary K. (2011) Security Analysis and Framework of Cloud Computing with Parity-Based Partially Distributed File System, 26, Jan, 2019 [Online] Available; https://www.academia.edu/27767213/security_Analysis_and_Framework_ of_cloud_computing_with_Parity_Based_Partially_Distributed_File_Syste m  Nabil Giweli (2013) Enhancing Cloud Computing Security and Privacy, 20, Jan, 2019 [Online]Available:https://www.researchdirect.westernsydney.edu.au/island ora/object/uws%3AI7310/.../view
Seminar 23  Zhou Miao (2013) Data Security and Integrity in cloud computing, Doctor of Philosophy thesis, School of Computer Science and Software Engineering, University of Wollongong. http://www.ro.uow.edu.au/thesis/3990  Sudhansu R. L. et.al Enhancing Data Security in Cloud Computing Using RSA Encryption and MD5 Algorithm, International Journal of Computer Science Trends and Technology (IJCST) – Volume 2, Issue 3, June 2014  Aastha Mishra (2014) Data Security in Cloud Computing Based on Advanced Secret Sharing Key Management System, 20 Jan, 2019 [Online] Available: https://www.ethesis.nitrkl.ac.in/5845/1/212CS2110.pdf  Nesrine Kaaniche (2014) Cloud Data Security based on Cryptographic Mechanisms, 26 Jan, 2019 [Online] Available: https://www.tel.archives- ouvertes.fr/tel-01146029/document  Afnan U.K. (2014) Data Confidentiality and Risk Management in Cloud Computing 2 Feb, 2019 [Online] Available: https://www.ethesis.whiterose.ac.uk/13677/1/Thesis_Final_Afnan _27072016_ EngD.pdf  Sarojini G. et.al (2016) Trusted and Reputed Services using Enhanced Mutual Trusted and Reputed Access Control Algorithm in Cloud, 2nd International Conference on Intelligent Computing, Communication & Convergence (ICCC-2016). www.sciencedirect.com  Dimitra A. G. (2017) Security Policies for Cloud Computing, 26 Jan, 2019 [Online] Available:
Seminar 24 https://www.dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/11007/Georgi ou_Dimitra.pdf?  Armerding, T. (2017). The 16 biggest data breaches of the 21st century. CSO Online. Retrieved 6 November 2017, from https://www.csoonline.com/article/2130877/data-breach/the-16-biggest- data-breaches-of-the-21st-century.html  Bunkar, R. K., & Rai, P. K. (2017). study on security model in cloud computing. International Journal of Advanced Research in Computer Science, 8(7)  David, M., & Sutton, C. (2004). Social Research: The Basics. London: Sage Publications.  Hub, S. (2017). Principles and policy of research integrity: Research ethics and integrity. Staff.unimelb.edu.au. Retrieved from https://staff.unimelb.edu.au/research/ethics-integrity/research- integrity/principles-and-policy  Kim P. Corfman (1995) ,"The Importance of Member Homogeneity to Focus Group Quality", in NA - Advances in Consumer Research Volume 22, eds. Frank R. Kardes and Mita Sujan, Provo, UT : Association for Consumer Research, Pages: 354-359.  Kvale, S. (1996). Interviews: An Introduction to Qualitative Research Interviewing. London:Sage Publications  Leedy, P. D. (1997). Practical Research: Planning and Design. New Jersey: Prentice Hall.  Mosco, V. (2014). To the cloud: Big data in a turbulent world. Boulder: Paradigm Publishers.  Ramos, M. C. (1989). Some ethical implications of qualitative research. Research in Nursing & Health, 12(1), 57-63. doi:10.1002/nur.4770120109  Rossman, C., & Marshall, G. B. (1999). Designing qualitative research.Thousand Oaks:Sage Publications.
Seminar 25  Smith, N. C., & Dainty, P. (1991). Management Research Handbook.London: Routledge.  Vacca, J. R., & ProQuest (Firm). (2017). Cloud computing security: Foundations and challenges. Boca Raton: CRC Press.  Williams, F. (1993). Constructing Questions for Interviews. Cambridge University Press.  Yu, C., Yang, L., Liu, Y., & Luo, X. (2014). Research on data security issues of cloud computing. Paper presented at the 114. doi:10.1049/cp.2014.1368

More Related Content

PPTX
Identity and Access Management (IAM)
Identacor
 
PPT
Cloud Computing: Hadoop
darugar
 
PPT
Security Issues of Cloud Computing
Falgun Rathod
 
PPTX
Cloud computing for education: A new dawn?
Sikder Tahsin Al-Amin
 
PPTX
CLOUD COMPUTING UNIT-1
Dr K V Subba Reddy
 
PPT
Cloud Computing Security Challenges
Yateesh Yadav
 
PPTX
What is SASE and How Can Partners Talk About it?
QOS Networks
 
DOCX
SDN-Security
Paras Hematbhai Dudhatra
 
Identity and Access Management (IAM)
Identacor
 
Cloud Computing: Hadoop
darugar
 
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud computing for education: A new dawn?
Sikder Tahsin Al-Amin
 
CLOUD COMPUTING UNIT-1
Dr K V Subba Reddy
 
Cloud Computing Security Challenges
Yateesh Yadav
 
What is SASE and How Can Partners Talk About it?
QOS Networks
 
SDN-Security
Paras Hematbhai Dudhatra
 

What's hot (20)

PPTX
Task scheduling Survey in Cloud Computing
Ramandeep Kaur
 
PDF
Cloud Security: A New Perspective
Wen-Pai Lu
 
PDF
Cloud computing
Shiva Prasad
 
PPT
Cloud computing
Syam Lal
 
PDF
Literature Review: Security on cloud computing
Suranga Nisiwasala
 
PDF
Google App Engine
Software Park Thailand
 
PPTX
cloud security ppt
Devyani Vaidya
 
PDF
Cloud Security Strategy
Capgemini
 
PDF
Evolution of Cloud Computing
NephoScale
 
PPTX
Cloud Security
AWS User Group Bengaluru
 
PPT
Cluster Computing
BOSS Webtech
 
PPTX
Cloud computing and Cloudsim
Manash Kumar Mondal
 
PPTX
Distributed Computing
Prashant Tiwari
 
PPT
Evolution of the cloud
sagaroceanic11
 
PDF
Advantages of Cloud Computing for Business
Grazitti Interactive
 
PDF
Identity and Access Management (IAM)
Jack Forbes
 
PPTX
Cloud Computing Security
Ninh Nguyen
 
PPTX
Cloud security
Niharika Varshney
 
PPTX
Ppt.1
veeresh35
 
PPT
Cloud computing
Sreehari820
 
Task scheduling Survey in Cloud Computing
Ramandeep Kaur
 
Cloud Security: A New Perspective
Wen-Pai Lu
 
Cloud computing
Shiva Prasad
 
Cloud computing
Syam Lal
 
Literature Review: Security on cloud computing
Suranga Nisiwasala
 
Google App Engine
Software Park Thailand
 
cloud security ppt
Devyani Vaidya
 
Cloud Security Strategy
Capgemini
 
Evolution of Cloud Computing
NephoScale
 
Cloud Security
AWS User Group Bengaluru
 
Cluster Computing
BOSS Webtech
 
Cloud computing and Cloudsim
Manash Kumar Mondal
 
Distributed Computing
Prashant Tiwari
 
Evolution of the cloud
sagaroceanic11
 
Advantages of Cloud Computing for Business
Grazitti Interactive
 
Identity and Access Management (IAM)
Jack Forbes
 
Cloud Computing Security
Ninh Nguyen
 
Cloud security
Niharika Varshney
 
Ppt.1
veeresh35
 
Cloud computing
Sreehari820
 
Ad

Similar to Cloud computing security (20)

PDF
Cloud Computing
Ashutosh Anshu
 
PDF
Cloud computing implementation practically using vmware
sameer sardar
 
PDF
Seminar report on cloud computing
Jagan Mohan Bishoyi
 
PDF
An Overview on Security Issues in Cloud Computing
IOSR Journals
 
PPTX
Introduction on Cloud Computing
Sanjiv Pradhan
 
PPTX
Information Storage and Management
AngelineR
 
PDF
Lec2sfhhfghhhgggggggggggggggggffvfgv.pdf
alqbliabod
 
PPTX
NSUT_Lecture1_cloud computing[1].pptx
UtkarshKumar608655
 
PDF
G0314043
iosrjournals
 
DOCX
Cloud notes 1
Prateek Soni
 
PPTX
cloud computing module 1 for seventh semester
diksha8842
 
PDF
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
PPTX
138934829-BASIC-PPT-ON-CLOUD-COMPUTING.pptx
KartikPatil75
 
PPT
Cloud Computing MODULE 1 basics of cloud computing .ppt
mithunrocky72
 
PDF
Basics of Cloud Computing
ijsrd.com
 
PPT
cloudintro-lec018.1.ppt
gunvinit931
 
PDF
A Short Appraisal on Cloud Computing
Scientific Review SR
 
PDF
Cloud Computing Overview | Torry Harris Whitepaper
Torry Harris Business Solutions
 
PDF
Cloud computing-overview
shraddhaudage
 
PPTX
Introduction to Cloud Computing
Damian T. Gordon
 
Cloud Computing
Ashutosh Anshu
 
Cloud computing implementation practically using vmware
sameer sardar
 
Seminar report on cloud computing
Jagan Mohan Bishoyi
 
An Overview on Security Issues in Cloud Computing
IOSR Journals
 
Introduction on Cloud Computing
Sanjiv Pradhan
 
Information Storage and Management
AngelineR
 
Lec2sfhhfghhhgggggggggggggggggffvfgv.pdf
alqbliabod
 
NSUT_Lecture1_cloud computing[1].pptx
UtkarshKumar608655
 
G0314043
iosrjournals
 
Cloud notes 1
Prateek Soni
 
cloud computing module 1 for seventh semester
diksha8842
 
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
138934829-BASIC-PPT-ON-CLOUD-COMPUTING.pptx
KartikPatil75
 
Cloud Computing MODULE 1 basics of cloud computing .ppt
mithunrocky72
 
Basics of Cloud Computing
ijsrd.com
 
cloudintro-lec018.1.ppt
gunvinit931
 
A Short Appraisal on Cloud Computing
Scientific Review SR
 
Cloud Computing Overview | Torry Harris Whitepaper
Torry Harris Business Solutions
 
Cloud computing-overview
shraddhaudage
 
Introduction to Cloud Computing
Damian T. Gordon
 
Ad

Recently uploaded (20)

PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
A Presentation on Artificial Intelligence
memembruh336
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Cloud computing and distributed systems.
kkkkkhan
 
Encapsulation theory and applications.pdf
gurumoop
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 

Cloud computing security

  • 1. Seminar 1 cloud computing security Prepared and Presented by :  Student name : Maher Abdullah Al Ghamdi ID : 441147908  Student name : Ahmed Ali Al-Ghamdi ID : 441147862  Student name : Mohamed Odeh Al-Qaidi ID : 441147880 Advisor: M. Ibrahim Al-Adeni
  • 2. Seminar 2 Contents Abstract ....................................................................................................................................3 Introduction ..............................................................................................................................3 Features of Cloud Model......................................................................................................5 Cloud Computing Categories ...............................................................................................6 Deployment Models of Cloud Computing ...............................................................................7 Important Security Issues in the Cloud ....................................................................................8 Objectives.................................................................................................................................9 Research Questions ................................................................................................................10 Literature Review...................................................................................................................10 Approach and Methodology...................................................................................................16 Interpretivism and Positivism.............................................................................................17 What is methodology?............................................................................................................17 Systematic Literature Review (SLR)..................................................................................17 Interviewing........................................................................................................................18 Focus Groups......................................................................................................................19 Qualitative method weaknesses..........................................................................................19 Ethical considerations.............................................................................................................19 Ensuring quality and integrity of research; ........................................................................19 Respect the confidentiality and anonymity of research respondents;.................................20 Ensuring participants will participate voluntarily; .............................................................20 Ensuring informed consent;................................................................................................20 Avoid harm to participants.................................................................................................20 Ensuring research is independent and impartial.................................................................21 Limitations & Delimitations...................................................................................................21 References ..............................................................................................................................22
  • 3. Seminar 3 Abstract Cloud computing has emerged as a novel technique recently. It constitutes one of the great advancements in computing sciences. It provides a lot of services and has added a new dimension in storing data. In spite of such benefits and advantages, it is still facing a lot of security issues and this has results in some problems. Such problems have raised concerns over the security problems which have yielded big influences to the development and popularization of cloud computing. Accordingly, an urgent need for solving and addressing such issues are important. This work of research addresses cloud computing and security issues. Also, a review of past literature on the key security problems that face cloud computing is provided. This paper focuses on some IT companies in the Kingdom of Saudi Arabia that provides cloud computing services. Introduction Currently one of the key theme of many information technology discussions is cloud computing. What really preoccupies people now is cloud computing security. Usually debates tend to concentrate on all standard security advantages, disadvantages and requirements. Nevertheless the fact the most common security measures protect data from loss, unauthorized access, integrity disruption, etc., there are other necessary and important characteristics of any IT infrastructure that must implemented in a much more serious way. One of those structures is the cloud infrastructure. To begin with, it is important to define cloud computing. It is defined as "an on-demand service model for IT provision based on virtualization and distributed computing technologies. (Velev & Zlateva, 2011). It is also
  • 4. Seminar 4 known that typical cloud computing providers deliver common business applications online as services which are accessed from another web service or software like a web browser, Cloud security, also known as cloud computing security, is composed of a group of policies, controls, procedures and technologies that work in an integrative manner to safeguard cloud-based systems, data, and infrastructure. These security measures are configured to protect cloud data, support regulatory compliance and protect customers' privacy as well as developing rules for authentication for individual users and devices. From authenticating access to filtering traffic, cloud security can be configured to meet the real requirements of the business. The infrastructure is a service, and its components must be readily accessible and available to the immediate needs of the application stacks it supports. Cloud computing removes the traditional application silos within the data center and provides a novel level of flexibility and scalability to the IT organization. This sense of flexibility assists with tackling challenges encountering enterprises and IT service providers that include rapidly changing IT landscapes, cost reduction pressures, and focus on time to market. Cloud users can fall under the following categories: • Individual consumers; • Individual businesses; • Start-ups; • Small and medium-size businesses; • Several benefits are provided through enterprise businesses cloud computing architectures as follows:
  • 5. Seminar 5 • low cost as services are supplied on demand with pay-as-you-use billing system; • highly abstracted resources; • instant scalability and flexibility; • instantaneous provisioning; • shared resources, such as hardware, database, etc.; • programmatic management through API of Web services; • increased mobility - information is accessed from any location Features of Cloud Model The Cloud Model is made up of five key features:  On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.  Broad network access: Capabilities are accessible across the network using standard mechanisms that encourage the usage of diverse thin and thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).  Resource pooling: Using a multi-tenant approach, the provider's computing resources are pooled to serve numerous clients, with distinct physical and virtual resources dynamically assigned and reassigned based on consumer demand. The customer has no control or knowledge of the exact location of the delivered resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or
  • 6. Seminar 6 datacenter). Storage, computation, memory, and network bandwidth are examples of resources.  Rapid elasticity: Capabilities can be provisioned and released flexibly, and in some circumstances automatically, to scale outward and inward in response to demand. To the consumer, provisioning capabilities frequently appear to be limitless, and they can be used in any quantity at any time.  Measured service: Cloud systems employ a metering capability (pay- per-use basis) at a level of abstraction appropriate to the type of service to automatically control and optimise resource use (e.g., storage, processing, bandwidth, and active user accounts). The use of resources can be tracked, managed, and reported, ensuring transparency for both the provider and the user of the service. Cloud Computing Categories It is important to shed light on the different cloud computing categories and how cloud development is done: • Infrastructure as Service (IaaS): This type provides virtual machines and other abstracted hardware and operating systems that may be handled through a service API (API). IaaS encompasses the entire infrastructure resource stack, from facilities to the hardware platforms that power them. It includes the ability to abstract resources as well as the ability to connect those resources physically and logically. IaaS provides a collection of APIs that enable consumers to control and interact with the infrastructure in various ways. • Platform as a Service (PaaS): Customers can use APIs to create new applications that can be implemented and operated remotely.
  • 7. Seminar 7 Development tools, configuration management, and deployment platforms are among the platforms available. PaaS sits on top of IaaS and adds an extra layer of interaction with application development frameworks and functionalities like database, messaging, and queuing, allowing developers to build applications for the platform using programming languages and tools that the stack supports.  Infrastructure as a Service (IaaS): The capacity to offer processing, storage, networks, and other core computing resources to the customer, allowing the user to deploy and execute any software, such as operating systems and applications. Although the customer does not manage or control the underlying cloud infrastructure, he or she does have control over operating systems, storage, and deployed applications, as well as maybe limited control over some networking components (e.g., host firewalls). Deployment Models of Cloud Computing  Community cloud: The cloud infrastructure is reserved for a select group of customers from businesses with similar issues (e.g., mission, security requirements, policy, and compliance considerations). It could be owned, managed, and administered by one or more community organisations, a third party, or a mix of the three and it could take place on or off premises.  Public cloud: The cloud infrastructure is available to anyone who wants to use it. A company, academic, or government entity, or a combination of them, may own, manage, and run it. It is located on the cloud provider's premises.
  • 8. Seminar 8  Hybrid cloud: The cloud infrastructure is made up of two or more distinct cloud infrastructures (private, community, or public) that operate independently but are linked by standardized or proprietary technology that allows data and application portability (e.g., cloud bursting for load balancing between clouds). Important Security Issues in the Cloud Despite the fact that virtualization and Cloud Computing provide a wide range of dynamic resources, security concerns are widely seen as a major issue in the Cloud, causing consumers to be hesitant to adopt the technology. The following are some of the security concerns in the Cloud: - Integrity: Integrity ensures that data stored in a system is a correct representation of the data intended and has not been tampered with by an authorized user. When any application is installed on a server, a backup process is set up to ensure that data is protected in the event of a data loss. Normally, the data will be backed up on a regular basis to any portable medium and then kept in an off-site location. - Availability: Availability assures that unauthorised activity does not render data processing resources unavailable. It is the simple concept that when a user attempts to access something, it is accessible. For mission-critical systems, this is crucial. Companies must have business continuity plans (BCPs) in place to ensure that these systems are available. - Confidentiality: Confidentiality ensures that data is not shared with anyone who isn't supposed to know. When data can be viewed or read by anyone who is not authorized to have access to it,
  • 9. Seminar 9 confidentiality is lost. Confidentiality can be breached either physically or electronically. Through social engineering, physical sensitive information is lost. When clients and servers do not encrypt their communications, electronic confidentiality is lost. Objectives The main objectives of this research work are - To tackle and address the security issues which affect the performance of Cloud Computing in some Saudi companies. - To analyse the current security and vulnerabilities of cloud computing in an organisational perspective. - To identify the current security techniques utilized in cloud computing for preventative measures and to study its effectiveness - To determine areas of improvement in the integrity and security of cloud computing From the above main objectives, the following sub-objectives can be tackled, as well:  To identify the future security challenges that could emerge due to the developments in Cloud Computing.  To suggest some counter measures for the future challenges to be faced in Cloud Computing.
  • 10. Seminar 10 Research Questions No Research Questions Purpose 1 What security flaws exist in today's cloud computing architecture, in particular in the Saudi companies? To identify current cloud computing vulnerabilities and security flaws. 2 What security measures are in place to prevent data breaches and unauthorised access to the cloud network? To determine the existing cloud security methods in use and evaluate their efficacy. 3 What areas of cloud computing security need to be strengthened? To identify places where cloud computing security should be improved. Literature Review A lot of research has tackled cloud computing security. Information technology has rapid changes in recent years. Cloud computing has added more promising role of IT with the addition of storage for users. Cloud computing has enabled the vendors to rent out their services at hourly rates. They also rent out the space to users on their physical systems. However, these services have several security threats for users. In a report, Cloud Security Alliance revealed that abuse, insecure interfaces, and nefarious usage were the vulnerable threats. These threats have been associated with the application program interfaces and cloud computing. Information security falls into three main objectives, such as integrity, confidentiality, and availability. Security threats to these security goals include a long-term confidentiality issue because one considers that present and past encryption schema are not secure. Information leakage vulnerability is another concern as data is outsourced. Tampering with data also poses threats to data confidentiality.
  • 11. Seminar 11 Numerous security mechanisms have been proposed by different researchers. In this section we will provide the literature survey of work done in this field. According to Jan de Muijnck-Hughes (2011), Predicate Based Encryption was offered as a security solution (PBE). PBE is a type of asymmetric encryption that has its roots in Identity Based Encryption. This method combines Attribute Based Access Control (ABAC) and asymmetric encryption, allowing for the creation of a single encryptor/multi decryptor environment with a single scheme. This Predicate Based Encryption focuses on both Platform as a Service and Software as Service implementations. This proposed solution also protects cloud resident data from undesired exposure, leaking, and other breaches of confidentiality. Venkata Sravan et.al (2011) conducted a study titled "Security Techniques for Protecting Data in the Cloud". The goal of this study is to identify security concerns in Cloud computing and the suitable security solutions that may be utilized to mitigate them. A total of 43 security issues and 43 security approaches were discovered in the study. Confidentiality is the most measured attribute (31%), followed by Integrity (24%), and Availability (19%). Ali Asghary Karahroudy (2011) carried out a study titled "Security Analysis and Framework of Cloud Computing with Parity Based Partially Distributed File System was the title of a paper. This study introduced a technique called Partially Distributed File System with Parity (PDFSP), which is a modified version of the existing GFS/HDFS protocol. Client Access Machine, User Public Machine, Cloud Management Server, and File Retrieval Server are the four key components of this PDFSP. All of
  • 12. Seminar 12 these components work together to ensure that the data being transferred is not intercepted. Confidentiality, Integrity, and Availability were the three components of security discussed in this study. Nabil Giweli (2013) proposed the Data Centric Security strategy, which is a solution-based approach. This technique intends to provide data security by allowing data to self-describe, defend, and protect themselves throughout their lifecycle in cloud environments. This approach places the full burden of setting and managing data privacy and security safeguards on the data owner. This proposed solution uses symmetric and asymmetric encryption techniques and is based on the Chinese Remainder Theorem (CRT). The proposed technique is shown to be very efficient in this research since it does not require complex key derivation methods and the data file do not have to be encrypted twice. On 2013, Miao Zhou outlined five strategies for ensuring data security and integrity in cloud computing. Innovative tree-based key management system, Privacy enhanced cloud data outsourcing, Privacy preserved access control for cloud computing, Privacy enhanced keyword search in clouds, and Public remote integrity check for private data are some of the techniques used. This article used a Keyword Searching Mechanism that allows for effective multi-user keyword searches while concealing personal information in search requests. To achieve flexible and fine- grained access control in the cloud, an encryption strategy for a two-tier system was presented. The proposed approach is efficient, according to the experimental results, especially when the data file is large and the integrity check is performed frequently.
  • 13. Seminar 13 Sudhansu Ranjan Lenka et al. (2014) published a paper titled "Enhancing Data Security in Cloud Computing Using RSA Encryption and MD5 Algorithm". They implemented both the RSA and MD5 algorithms, as the title of the study suggests. The RSA Algorithm is utilised in this work for secure communication as well as file encryption and decryption, while the MD5 Algorithm is used for digital signatures and to protect the tables from unauthorised users. Confidentiality, Integrity, and Availability are the three (3) characteristics of security provided by the two algorithms proposed. In 2014, Aastha Mishra suggested a Key Management Scheme for Advanced Secret Sharing. The goal of this work is to provide a more reliable decentralised light weight key management technique for cloud systems that will improve data security and key management. The suggested solution preserves the security and privacy of user data by replicating key shares across many clouds utilising a secret sharing mechanism and a voting method to verify share integrity. The approach employed in this paper also provides improved security against byzantine failure, server collusion, and data alteration attacks. Cloud Data Storage Security based on Cryptographic Mechanisms was written by Nesrine Kaaniche in 2014. ID-Based Cryptography (IBC) and CloudaSec are two (2) strategies proposed by Nesrine in this study to secure data. The study proposes using ID-Based Cryptography to employ each client as a private key generator, generating his own ID-Based Cryptographic Public Elements (IBC-PE). These IBC-PE are used to generate ID-based keys and encrypt data before it is stored and shared in the cloud. There is a public key based solution for CloudaSec that
  • 14. Seminar 14 promotes the separation of subscription-based key management and confidentiality-oriented asymmetric encryption policies. CloudaSec enables scalable and flexible implementation of the solution, as well as high security guarantees for outsourced data stored on cloud servers. This study examines and explains why cryptographic activities on the client side are acceptable as compared to upload operations and do not require extensive processing resources. For example, encoding an 8*105 bytes of data takes only 0.1 second, however uploading it takes 10 seconds. As a result, the encryption methods consume 1% of the Openstack upload overhead. In his work, "Data Confidentiality and Risk Management in Cloud Computing", Afnan Ullah Khan (2014) introduced a technique known as Access Control and Data Confidentiality (ACDC). The paper's goal was to create a new scheme for enforcing access control regulations in cloud computing environments. He used a medical/healthcare situation to come up with the following components: Data Owner (Medical centre), Data Consumers (patients, nurses, doctors, etc.), Infrastructure Provider, and Trusted Authority. The article uses Infrastructure as a Service as its deployment model, and the presented technique was used to achieve data secrecy and authentication. Sarojini et al. (2016) proposed the Enhanced Mutual Trusted Access Control Algorithm. (EMTACA). To avoid security difficulties in cloud computing, this strategy establishes mutual trust between cloud consumers and cloud service providers. The goal of this work is to offer a system that uses the EMTACA algorithm to ensure increased guaranteed, trusted, and reputation-based cloud services among cloud users. The
  • 15. Seminar 15 results of this paper demonstrated that the three most critical aspects of data security, confidentiality, integrity, and availability, were all met. Dimitra A. Geogiou published a paper in 2017 outlining security standards for cloud computing. The goal of security policies is to safeguard people and information, establish guidelines for expected user behavior, reduce risks, and track regulatory compliance. The focus of the paper was on Software as a Service. The report provided a comprehensive assessment and analysis of previous studies on cloud computing security. Dimitra concentrated his study of current threats on the ones that aren't applicable to traditional systems. An approach for assessing distinct dangers in the cloud was developed in order to be able to identify new rules that should be implemented into the cloud policy. This research examined the security requirements of a cloud service provider using a case study of Europe's E-health system as a case study. According to Breach Level Index (BLI), a global cybersecurity analytics firm, malware insertion in a cloud environment is responsible for over 68 percent of breaches (Breach Level Index annual 2016 report). Furthermore, identity theft, account access, and data theft account for 88 percent of all hacks. According to CSonline.com (Armerding, 2017), there has been an increase in hacking schemes during the last 11 years, as well as an increase in the severity of breaches and hacking. Yahoo, JP Morgan, eBay, and Target are just a few of the top technology and financial companies that have been hacked and have had their consumers' data compromised. Yahoo is at the top of the list for 6 billion hacked client accounts, which is predicted to cost them $457 million. According to CSO (2017) a research institute concentrating on cloud computing in a poll that they have conducted their users the security and
  • 16. Seminar 16 integrity of cloud computing remains the primary issue for cloud practitioners. Several frequent concerns now plague cloud computing, according to Danish (2011), include Denial of Service (DoS) attacks, flashing attacks, and session hijacking attacks. The following concerns have been identified as being highly common in cloud computing operations. Following these basic cloud difficulties, there are more serious dangers of malware injection, which can be accomplished through SQL injections, allowing attackers to exploit a security flaw and obtain unauthorized access to personal data. With cloud computing becoming a more dominant technology in every part of the IT industry, it is becoming increasingly necessary to fully comprehend its vulnerabilities in order to avoid substantial damages and losses. Approach and Methodology The most critical part of any study is the methodology because it explains how the research will be conducted. The methodology of this study had to be planned according to the requirement of the providing security solutions to cloud computing, which is the ultimate objective of the study. The methodology is based on certain historical perspectives, as other people have already been conducted research in this field. As a result of undertaking the literature review it was decided that a strong methodology had to be adopted and implemented in order to get the maximum accurate results. The study focuses on providing solutions to cloud computing security issues. Smith and Dainty (1991) define research as the study of relationships, problem solving, and the creation of a body of knowledge. The famous learning style of Kolb (1984) comprised of four main segments: concrete experience, observation, and reflection, as well as the production of abstract ideas and their testing in different scenarios. Because the purpose of this study is to examine the integrity and vulnerabilities of cloud computing, as well as the future outlook of cloud computing from an
  • 17. Seminar 17 organisational standpoint, there will be several competing ideologies. For this project, the inductive approach would be the best option because it aids researchers in dealing with uncertainty by combining all contextual information into a single overall view. Interpretivism and Positivism In both qualitative and quantitative analysis, positivism will be used in this study. The positivist approach was used in the majority of scientific study completed in the recent decade (Giddings, 2006). The purpose of this study is to obtain data that are independent of the researchers' prior beliefs, experiences, and emotions (Paley, 2001; Giddings, 2006) What is methodology? Qualitative research, according to Du Plooy (2001), is a paradigm that allows the researcher to gain an "insider view on social action" (p.87). Qualitative research can make a substantial contribution to both discovery and theory development (Giles, 2000). Systematic Literature Review (SLR) One of the key research approaches for this study will be systematic literature review (SLR). The purpose of this document is to outline the present state of knowledge and information on cloud computing security issues. This is mainly to build a bridge to reflect on how existing cloud architecture security techniques work. A systematic literature review is an approach for identifying, evaluating, and interpreting all relevant research for a certain research issue or topic. Because it justly synthesizes existing work in the field of cloud computing, a systematic literature review can provide a fair evaluation on the research topic. The following are the differences between a systematic and a typical literature review: By adopting a review procedure, a sytematic literature review directly answers the identified research questions.
  • 18. Seminar 18 A systematic literature review develops a search strategy that identifies and targets all relevant publications. To assess the viability of each primary study, a systematic literature review would require inclusion and exclusion criteria. The systematic literature review will be conducted in three main phases Interviewing One important method in this study will be interviewing. The purpose of interviewing is to perceive and comprehend what the interviewee says, as well as to identify the issues in depth using a holistic approach (Kvale, 1996). Interviews are vital for this project, as well as other projects, because they allow researchers to collect more sophisticated data and do further research. The purpose of the interview will be to obtain factual information, which will be followed by contextual information. We will conduct interviews with our subjects in their natural surroundings in order to deepen nuances in interviewee perspectives, and the definitions will be revised on a regular basis (Kalnis 1986 as cited in Marshall and Rossman, 1955). To avoid endangering the project's results, researchers and interviewees must suppress personal prejudice and preconceived notions when doing it. (Williams, 1993; Saunders et al, 2003) The semi-structured interview will be used as the major method of interviewing since it allows researchers to investigate any themes that they discover to be significant and to go more deeply into the participants' backgrounds. (David & Sutton 2004). According to Gray (2004), Probing should be used by academics to examine fresh themes that were not previously considered. Because of the disparity in backgrounds of both the interviewer and the participants, one disadvantage of conducting semi-structured interviews is that the interviewers may be unable to discern some themes prompted by the participants. (David & Sutton, 2004). Because there is no way to avoid it, the best line of action is to bear this in mind before going into the interview.
  • 19. Seminar 19 Focus Groups This method relates to ethnography which blends both interviewing and observation (Willis, 1990). According to Lindolf & Taylor (2002), Because of the cascade effect from other qualitative approaches like individual interviews, this strategy is effective for inserting multiple perspectives into the data pool. This study will conduct focus groups with a small group size of 3-5 people in order to properly manage the group and provide each participant adequate time to contribute. Because focus group participants will come from a variety of backgrounds, the group's homogeneity cannot be ensured. The group's homogeneity is seen as a critical feature since it influences individuals' readiness to freely provide information. (Corfman, 1995). Researcher must keep this in mind when conducting the focus group. Qualitative method weaknesses Every research method has flaws, and the qualitative research approach is no exception. Stiles (1993) and Patton (2001) said that data reliability and validity are important aspects that influence the research's conclusion and quality. According to Denzin & Lincoln (1998), transferability, credibility, dependability, and conformability are four characteristics that can be used to determine the quality of research and ensure its accuracy. Ethical considerations Once this research is started, it must be done with the utmost caution in terms of ethical problems. According to Ramos (1989), researchers must be mindful of various issues, including the researcher-researcher connection and researchers' subjective interpretations of data. This study will also apply ethical propriety principles, which include guidelines for honesty, fairness, and openness of intent. Data protection, informed permission, anonymity, and confidentiality for participants are all important ethical problems to consider in this study. Ensuring quality and integrity of research; When interacting with others, researchers should maintain professional civility and fairness. The research methodologies must be used with rigor and objectivity, and no actions that are irrelevant should be included.
  • 20. Seminar 20 Keep clear and accurate records of all research, and properly cite/get permission for any supporting materials. All data gathered for the study should be used with precision, accountability, and good stewardship. Respect the confidentiality and anonymity of research respondents; Data protection rules and confidentiality agreements must be respected and followed by interviewers. If a participant desires to remain anonymous while participating in this study, the researcher must follow the rules and keep the participant's personal identifying information confidential, only including information that the participant has consented to. Researchers should provide contact information to participants when obtaining consent, in case they require additional information, want to rescind a response, or even discontinue their involvement at any moment. Researchers should also make it apparent to participants how the study protects their privacy and anonymity. Ensuring participants will participate voluntarily; In order to involve any volunteers, no strenuous actions should be taken; ensure that all volunteered participants are well-informed about the research aims and process. If a participant wants to withdraw from the event, they should be respected. Ensuring informed consent; The goal of the study must be explained to the participants by the interviewers for this project. Each participant will be given a project information sheet that explains the goal of the study, and how the information contributed by participants will be disseminated and used. Interviewees should be informed about the estimated interview completion time and the study's scope, and they should be given the opportunity to decide whether or not they want to participate. This procedure must be followed both verbally and in writing. Avoid harm to participants Researchers must ensure that no feature of this project will cause embarrassment, self-des-integration, or a violation of moral or ethical norms (Leedy,1997).
  • 21. Seminar 21 Any raw data collected from research participants must be kept private and only researchers should have access to it. All data must be processed and stored on computers or external devices that are password-protected. Participants' personal information must be safeguarded by legal measures. Ensuring research is independent and impartial. Another key feature of this study is to avoid the dissemination of dangerous materials, such as hacking tools or obstructive coding, in order to prevent future misuse. Limitations & Delimitations Limitations are circumstances that may affect the research method and analysis that researchers are unable to control (Leedy & Ormrod, 2013). During interviews, participants may provide socially desirable responses instead of honest ones (Waller, Hockin, & Smith, 2017). For example, recording interviews may have caused some participants to withhold information for privacy reasons. There were some other limitations beyond control in this qualitative study. The findings of this study were from the perspective of surveyed population only and not the other companies that were not part of the interview section. In addition to using a limited population size, the use of findings was narrowed to active companies offering cloud hosting services in the KSA. Delimitations The boundaries of this research included the type of study, which was focused on the strategies proposed by the companies that took part in the study. The selected companies for case studies were in the KSA with a select population size. Additionally, the population of the study included IT directors of some specific Saudi companies that offer cloud host services. Finally, participants were selected based on specific criteria such as successful experiences in developing cloud infrastructures.
  • 22. Seminar 22 References  Yan, Xiaowei & Zhang, Xiaosong & Chen, Ting & Zhao, Hongtian & Li, Xiaoshan. (2012). The Research and Design of Cloud Computing Security Framework. Lecture Notes in Computer Science. 121. 757-763. 10.1007/978-3-642-25541-0_95.  Haufe, Knut & Dzombeta, Srdan & Brandis, Knud. (2014). Proposal for a Security Management in Cloud Computing for Health Care. TheScientificWorldJournal. 2014. 146970. 10.1155/2014/146970.  Muijnck-Hughes Jan de (2011) Data Protection in the Cloud, 12 Jan, 2019 [Online], Available: http://www.ru.nl/ds  Venkata S. et.al (2011) Security Techniques for Protecting Data in Cloud Computing, 12 Jan, 2019 [Online] Available: https://www.bth.se/com  Ali Asghary K. (2011) Security Analysis and Framework of Cloud Computing with Parity-Based Partially Distributed File System, 26, Jan, 2019 [Online] Available; https://www.academia.edu/27767213/security_Analysis_and_Framework_ of_cloud_computing_with_Parity_Based_Partially_Distributed_File_Syste m  Nabil Giweli (2013) Enhancing Cloud Computing Security and Privacy, 20, Jan, 2019 [Online]Available:https://www.researchdirect.westernsydney.edu.au/island ora/object/uws%3AI7310/.../view
  • 23. Seminar 23  Zhou Miao (2013) Data Security and Integrity in cloud computing, Doctor of Philosophy thesis, School of Computer Science and Software Engineering, University of Wollongong. http://www.ro.uow.edu.au/thesis/3990  Sudhansu R. L. et.al Enhancing Data Security in Cloud Computing Using RSA Encryption and MD5 Algorithm, International Journal of Computer Science Trends and Technology (IJCST) – Volume 2, Issue 3, June 2014  Aastha Mishra (2014) Data Security in Cloud Computing Based on Advanced Secret Sharing Key Management System, 20 Jan, 2019 [Online] Available: https://www.ethesis.nitrkl.ac.in/5845/1/212CS2110.pdf  Nesrine Kaaniche (2014) Cloud Data Security based on Cryptographic Mechanisms, 26 Jan, 2019 [Online] Available: https://www.tel.archives- ouvertes.fr/tel-01146029/document  Afnan U.K. (2014) Data Confidentiality and Risk Management in Cloud Computing 2 Feb, 2019 [Online] Available: https://www.ethesis.whiterose.ac.uk/13677/1/Thesis_Final_Afnan _27072016_ EngD.pdf  Sarojini G. et.al (2016) Trusted and Reputed Services using Enhanced Mutual Trusted and Reputed Access Control Algorithm in Cloud, 2nd International Conference on Intelligent Computing, Communication & Convergence (ICCC-2016). www.sciencedirect.com  Dimitra A. G. (2017) Security Policies for Cloud Computing, 26 Jan, 2019 [Online] Available:
  • 24. Seminar 24 https://www.dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/11007/Georgi ou_Dimitra.pdf?  Armerding, T. (2017). The 16 biggest data breaches of the 21st century. CSO Online. Retrieved 6 November 2017, from https://www.csoonline.com/article/2130877/data-breach/the-16-biggest- data-breaches-of-the-21st-century.html  Bunkar, R. K., & Rai, P. K. (2017). study on security model in cloud computing. International Journal of Advanced Research in Computer Science, 8(7)  David, M., & Sutton, C. (2004). Social Research: The Basics. London: Sage Publications.  Hub, S. (2017). Principles and policy of research integrity: Research ethics and integrity. Staff.unimelb.edu.au. Retrieved from https://staff.unimelb.edu.au/research/ethics-integrity/research- integrity/principles-and-policy  Kim P. Corfman (1995) ,"The Importance of Member Homogeneity to Focus Group Quality", in NA - Advances in Consumer Research Volume 22, eds. Frank R. Kardes and Mita Sujan, Provo, UT : Association for Consumer Research, Pages: 354-359.  Kvale, S. (1996). Interviews: An Introduction to Qualitative Research Interviewing. London:Sage Publications  Leedy, P. D. (1997). Practical Research: Planning and Design. New Jersey: Prentice Hall.  Mosco, V. (2014). To the cloud: Big data in a turbulent world. Boulder: Paradigm Publishers.  Ramos, M. C. (1989). Some ethical implications of qualitative research. Research in Nursing & Health, 12(1), 57-63. doi:10.1002/nur.4770120109  Rossman, C., & Marshall, G. B. (1999). Designing qualitative research.Thousand Oaks:Sage Publications.
  • 25. Seminar 25  Smith, N. C., & Dainty, P. (1991). Management Research Handbook.London: Routledge.  Vacca, J. R., & ProQuest (Firm). (2017). Cloud computing security: Foundations and challenges. Boca Raton: CRC Press.  Williams, F. (1993). Constructing Questions for Interviews. Cambridge University Press.  Yu, C., Yang, L., Liu, Y., & Luo, X. (2014). Research on data security issues of cloud computing. Paper presented at the 114. doi:10.1049/cp.2014.1368