Control Framework for Secure Cloud Computing

Read  full  paper  at:
http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52951#.VK3k-8nQrzE

Author(s) 

Harshit Srivastava¹, Sathish Alampalayam Kumar²

 

Affiliation(s)

¹Information Technology, Maharaja Agrasen Institute of Technology, New Delhi, India.
²Computer Science and Information Systems, Coastal Carolina University, Conway, USA.

ABSTRACT

Cloud computing is touted as the next big thing in the Information Technology (IT) industry, which is going to impact the businesses of any size and yet the security issue continues to pose a big threat on it. The security and privacy issues persisting in cloud computing have proved to be an obstacle for its widespread adoption. In this paper, we look at these issues from a business perspective and how they are damaging the reputation of big companies. There is a literature review on the existing issues in cloud computing and how they are being tackled by the Cloud Service Providers (CSP). We propose a governing body framework which aims at solving these issues by establishing relationship amongst the CSPs in which the data about possible threats can be generated based on the previous attacks on other CSPs. The Governing Body will be responsible for Data Center control, Policy control, legal control, user awareness, performance evaluation, solution architecture and providing motivation for the entities involved.

 

KEYWORDS

Cloud Computing, Security, Privacy, Organization, Control, Governance, Framework, Cloud Provider

Cite this paper

Srivastava, H. and Kumar, S. (2015) Control Framework for Secure Cloud Computing. Journal of Information Security, 6, 12-23. doi: 10.4236/jis.2015.61002.

 

References

[1]	Mell, P. and Grance, T. (2011) The NIST Definition of Cloud Computing. NIST Special Publication 800-145, National Institute of Standards and Technology, Gaithersburg.
[2]	Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I. and Zaharia, M. (2009) Above the Clouds: A Berkeley View of Cloud Computing. Technical Report No. UCB/ EECS-2009-28, University of California, Berkeley.
[3]	Morgan, T.P. (2014) Amazon Cloud Knocked out by Violent Storms in Virginia. http://www.theregister.co.uk/2012/06/30/amazon_cloud_storm_outage/
[4]	Mah, P. (2014) The Big Gmail Crash and the Lesson for Email Administrators. http://www.theemailadmin.com/2011/03/the-big-gmail-crash-and-the-lesson-for-email-admini- strators
[5]	Cloud Security Alliance Guide (2013). https://www.cloudsecurityalliance.org/csaguide.pdf
[6]	Symantec (2014). http://www.symantec.com/connect/blogs/data-breach-trends
[7]	Open Security Foundation Dataloss DB [Data File] (2014). http://www.symantec.com/connect/blogs/data-loss-db-breach-data-breaches-classified-source
[8]	Glisson, W.B., McDonald, A. and Welland, R. (2006) Web Engineering Security: A Practitioner’s Perspective. Proceedings of the 6th International Conference on Web Engineering, ACM, Palo Alto.
[9]	Ponemon Institute LLC (2011) The 2011 Cost of Data Breach Study: Global. Symantec.
[10]	Clemons, E.K. and Chen, Y.Y. (2011) Making the Decision to Contract for Cloud Services: Managing the Risk of an Extreme Form of IT Outsourcing. 44th Hawaii International Conference on System Sciences (HICSS), Kauai, 4-7 January 2011, 1-10, http://dx.doi.org/10.1109/HICSS.2011.292
[11]	Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R. and Molina, J. (2009) Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. Proceedings of the 2009 ACM Workshop on Cloud Computing Security, Chicago, 13 November 2009, 85-90.
[12]	Subashini, S. and Kavitha, V.A. (2011) Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications, 34, 1-11. http://dx.doi.org/10.1016/j.jnca.2010.07.006
[13]	Cohen, M. (2012) Forecasting the First Steps of Cloud Adoption. eWEEK, 14, 1-3.
[14]	Ernst & Young Advisory Services (2011) Into the Cloud, out of The Fog—The 2011 Global Information Security Survey. Ernst & Young, Zimbabwe.
[15]	Willcocks, L., Venters, W., Whitley, E. and Hindle, J. (2012) Cloud on the Landscape: Problems and Challenges. The New IT Outsourcing Landscape: From Innovation to Cloud Services. Palgrave Macmillan, Basingstoke.
[16]	Jansen, W. and Grance, T. (2011) Guidelines on Security and Privacy in Public Cloud Computing. NIST Technical Report-SP-800-144.
[17]	Vascellaro, J.E. (2013) Wall Street Journal Article. http://blogs.wsj.com/digits/2009/03/08/1214/
[18]	Bennett, R.G. (2010) Silver Clouds, Dark Linings: A Concise Guide to Cloud Computing. Prentice Hall, Upper Saddle River.
[19]	Guo, Z., Song, M. and Song, J. (2010) A Governance Model for Cloud Computing. IEEE Proceedings of the International Conference on Management and Service Science, Wuhan, 24-26 August 2010, 3759-3764.
[20]	Chaput, S.R. and Ringwood, K. (2010) Cloud Compliance: A Framework for Using Cloud Computing in a Regulated World. In: Antonopoulos, N. and Gillam, L., Eds., Cloud Computing Principles Systems and Applications, Springer, Heidelberg, 241-255.
[21]	Matthews, J., Garfinkel, T., Hoff, C. and Wheeler, J. (2009) Virtual Machine Contracts for Datacenter and Cloud Computing Environments. ACDC’09 Proceedings of the 1st Workshop on Automated Control for Datacenters and Clouds, Barcelona, 19 June 2009, 25-30. http://dx.doi.org/10.1145/1555271.1555278
[22]	Kamara, S. and Lauter, K. (2010) Cryptographic Cloud Storage. Proceedings of the 1st Workshop on Real Life Cryptographic Protocols and Standardization, Canary Islands, 28 January 2010, 1-14.
[23]	Brandic, I., Dustdar, S., Anstett, T., Schumm, D., Leymann, F. and Konrad, R. (2010) Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds. IEEE Proceedings of the 3rd International Conference on Cloud Computing, Miami, 5-10 July 2010, 244-251.
[24]	Ristenpart, T., Tromer, E., Shacham, H. and Savage, S. (2009) Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 199-212.
[25]	PCI Security Standards Council (2011) Information Supplement: PCI DSS Virtualization Guidelines.
[26]	Wei, J., Zhang, X., Ammons, G., Bala, V. and Ning, P. (2009) Managing Security of Virtual Machine Images in a Cloud Environment. In: Oprea, A., Ed., ACM Workshop on Cloud Computing Security, ACM, New York.
[27]	Trevino, L.K. (1992) The Social Effects of Punishment in Organizations: A Justice Perspective. Academy of Management Review, 17, 647-676.
[28]	Merhi, M.I. and Ahluwalia, P. (2013) Information Security Policies Compliance: The Role of Organizational Punishment. Proceedings of the 19th Americas Conference on Information Systems, Chicago, 15-17 August 2013, 1-7.
[29]	Alampalayam, S.P. and Kumar, A. (2003) Security Model for Routing Attacks in Mobile Ad Hoc Networks. Proceedings of IEEE VTC, Louisville, 6-9 October 2003, 2122-2126.
[30]	Alampalayam, S.P. and Kumar, A. (2007) Statistical Based Intrusion Detection Framework Using Six Sigma Technique. International Journal of Computer Science and Network Security, 7, 333-342.
[31]	Alampalayam, S.P. and Kumar, A. (2004) Predictive Security Model Using Data Mining. Proceedings of IEEE Globecom, Louisville, 29 November-3 December 2004, 2208-2212.
[32]	Alampalayam, S.P. and Srinivasan, S. (2009) Intrusion Recovery Framework for Tactical Mobile Ad Hoc Networks. The International Journal of Computer Science and Network Security, 9, 1-10.                  eww150108lx