Classification of Critical Cloud Computing Security Issues for Banking Organizations : A Cloud Delphi Study

Abdelrafe Elzamly,Burairah Hussin,Abd Samad Hasan Basari 보안공학연구지원센터 2016 International Journal of Grid and Distributed Comp Vol.9 No.8

The aim of this study is to classify critical security issues in cloud banking organizations, according to the cloud service models (CSM), and the cloud deployment models (CDM). We classified and ranked the critical cloud security issues for banking organizations based on secondary and primary data. In this regard the cloud Delphi study is modified into three phases like identifying, analysis, and evaluating security issues. In this study, the samples of 40 panelists were selected from inside and outside Malaysian banking organizations based on their experienced in the banking environment to set the insight of the cloud issues. The study starts with a list of cloud security issues based on secondary data and interview. In addition, we illustrated the level of risk for all the cloud security issues in banking organizations as small, medium, and large risk. We also indicated that the highest risk of “Trusted cloud” in 3rd party (providers) and policies security issues and the highest risk of “Availability and Mobility” in application and program (software) security, etc. The study has been conducted on groups of cloud IT managers and cloud banking developers. As a future work, we will control and mitigate the critical security issues by using artificial intelligence techniques (ANN). A successful classification of critical cloud security issues will greatly improve the probability of cloud banking success rate.

The Establishment of Security Strategies for Introducing Cloud Computing

( Young Bae Yoon ),( Junseok Oh ),( Bong Gyou Lee ) 한국인터넷정보학회 2013 KSII Transactions on Internet and Information Syst Vol.7 No.4

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

클라우드 서비스 보안성 향상을 위한 CVE 개선 방안 연구

김태경,정성민 (사)디지털산업정보학회 2023 디지털산업정보학회논문지 Vol.19 No.2

The rise in popularity of cloud services has brought about a heightened concern for security in the field of cloud computing. As a response, governments have implemented CSAP(Cloud Security Assurance Program) to ensure the security of these services. However, despite such measures, the emergence of various security vulnerabilities persists, resulting in incidents related to cloud security breaches. To address this, the utilization of Common Vulnerabilities and Exposures (CVE) has been proposed as a means to facilitate the sharing of vulnerability information across different domains. Nevertheless, the unique characteristics of cloud services present challenges in assigning CVE IDs to the diverse range of vulnerabilities within the cloud environment. In this study, we analyzed how CVE can be effectively employed to enhance cloud security. The assignment of a CVE ID is contingent upon the fulfillment of three rules in the Counting Decision and five rules in the Inclusion Decision. Notably, the third rule in the Inclusion Decision, INC3, clashes with the nature of cloud services, resulting in obstacles in assigning CVE IDs to various cloud vulnerabilities. To tackle this issue, we suggest the appointment of designated individuals who would be responsible for overseeing specific areas of cloud services, thereby enabling the issuance of CVE IDs. This proposed approach aims to overcome the challenges associated with the unique characteristics of cloud services and ensure the seamless sharing of vulnerability information. Information sharing regarding vulnerabilities is crucial in the field of security, and by incorporating cloud vulnerabilities into the CVE system, this method can contribute to enhancing the security of cloud services.

A Review of Cloud Computing Security Issues

Manpreet Kaur,Hardeep Singh 보안공학연구지원센터 2015 International Journal of Grid and Distributed Comp Vol.8 No.5

Cloud Computing is an emerging paradigm which has become today’s hottest research area due to its ability to reduce the costs associated with computing. In today’s era, it is most interesting and enticing technology which is offering the services to its users on demand over the internet. Since Cloud computing stores the data and its disseminated resources in the environment, security has become the main obstacle which is hampering the deployment of cloud environments. There are number of users used cloud to store their personal data, so that data storage security is required on the storage media. The major concern of cloud environment is security during upload the data on cloud server. Data storage at cloud server attracted incredible amount of consideration or spotlight from different communities. For outsourcing the data there is a need of third party. The importance of third party is to prevent and control unauthorized access to data store to the cloud. This research paper discusses the security issues of cloud storage.

Improvement Framework of Korean Certification System for Cloud Service Focus on Security

Hangoo Jeon,Young-Gi Min,Kwang-Kyu Seo 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.2

For the purpose of effectively utilizing & managing ICT resources and reducing costs, various companies are using cloud service as their core technological strategy. In spite of such effort, cloud service security, information protection and performance are being considered as areas that need to be considered when implementing cloud service. In Korea, cloud service certification system is being used to ensure user reliability for cloud service and high-quality cloud services are being certified by considering their quality, security and ongoing service capability. Since current certification system is being utilized focusing on management system, however, it lacks the consideration on technical aspects. Accordingly, this study aims to examine information assurance systems such as ISO 20071 and ISMS to propose a framework for enhancing the cloud service certification system of Korea by focusing on security. The findings of this study are expected to help in increasing the use of cloud service by improving user reliability through the increased utilization of cloud service certification system of Korea.

The Research of Data Security Mechanism Based on Cloud Computing

Changyou Guo,Xuefeng Zheng 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.3

With the wide use of cloud computing services, users require higher and higher security. So the safety of cloud computing is the first consideration of users to choose. In the development of cloud computing, the application proportion of virtualization gradually increase, the scope and depth of the safety gradually expand. The related concepts of cloud computing and development situation are introduced in this paper. Not only the key technologies of cloud computing security are analyzed, but also a cloud security framework is put forward combined with the current security problems needed to resolve in cloud computing. We analyze and compare the present research results of security model and mechanism in the cloud. At last, we propose a security mechanism based on cloud computing.

Securing Mobile Cloud Environment with Unified Reliable Encryption Algorithm, Security Key and Authentication

Buchanagandi Enock Nyamajeje,Huiqun Yu 보안공학연구지원센터 2015 International Journal of Grid and Distributed Comp Vol.8 No.5

Building applications on on-demand infrastructures instead of building applications on fixed and rigid infrastructures was provided by cloud computing providers. By simply positing into the cloud, it gains fast access to business applications or infrastructure resources with reduced Capital Expenditures (CAPEX). Dramatic increase in amount of information’s are placed into the cloud by individuals and industries, security issues are vital concern in mobile computing (MCC) and impends fast deployment of applications on the cloud. This work discus the different security issues that arises about how safe the mobile cloud computing environment is and provides a unified reliable security mechanism. There are two different types of the cloud users are: On-demand and Optimistic. On-demand is a non-preemptible for flexible leases given a user accessing to the resources within an interactive time of making the request and makes the resources available for an agreed-upon period of time, user can deploy any virtual machine (VM) compatible with the system. Optimistic is preemptible and pre-set contract gives a user access to resources at an indeterminate time and make resources available to the user for an insufficient amount of time. After that, this resources are initially (pre)-defined for the user by the cloud admin, that is the user cannot provide his or her own virtual machine (VM) based on defined access control for security.

An Efficient Public Auditing Scheme for Multi-Cloud Storage

Jae Jung Kim,Seng Phil Hong 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.12

In cloud computing, cloud users can upload their data to cloud storage server in order to save local storage and access their data from anywhere. However, cloud storage service also brings serious security issues. Cloud users should be convinced of the correctness of their data stored remotely in the cloud. Thus, a reliable auditing scheme is desired to help cloud users check the integrity of their remote data. In this paper, we first propose an efficient cloud auditing scheme for multi-cloud storage systems, which can also preserve the privacy. Then, we extend our auditing scheme to support dynamic auditing and batch auditing for both multiple cloud users and multiple cloud service providers (CSPs), which makes the scheme more practical and efficient. Security analysis shows that our auditing scheme is provably secure. Our experiments indicate that our solution is efficient and significantly relieves the computation burden of both third party auditor (TPA) and CSP.

SECURITY THREATS AND ATTACKS IN CLOUD

Mohammed, Asma,Al khathami, Jamilah,Alhakami, Wajdi International Journal of Computer ScienceNetwork S 2021 International journal of computer science and netw Vol.21 No.1

The amount of information and data in the digital era is increasing tremendously. Continuous online connectivity is generating a massive amount of data that needs to store in computers and be made available as and when required. Cloud computing technology plays a pivotal role in this league. Cloud computing is a term that refers to computer systems, resources and online services that aim to protect and manage data in an effective, more efficient and easy way. Cloud computing is an important standard for maintaining the integrity and security of sensitive data and information for organizations and individuals. Cloud security is one of the most important challenges that the security of the entire cloud system depends on. Thus, the present study reviews the security challenges that exist in cloud computing, including attacks that negatively affect cloud resources. The study also addresses the most serious threats that affect cloud security. We also reviewed several studies, specifically those from 2017-20, that cited effective mechanisms to protect authentication, availability and connection security in the cloud. The present analysis aims to provide solutions to the problems and causes of cloud computing security system violations, which can be used now and developed in the future.

Cloud Security and Privacy: SAAS, PAAS, and IAAS

Bokhari Nabil,Jose Javier Martinez Herraiz International Journal of Computer ScienceNetwork S 2024 International journal of computer science and netw Vol.24 No.3

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.