Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures

Accelerating the Adoption of Cloud Technology by SMEs in Nigeria

The contentions for this study were to investigate the reason for the slow adoption of Cloud Computing by SME operators in Nigeria and to develop a suitable information model to guide the would-be users in making an informed decision regarding cloud adoption. A structured interview was conducted with a select number of SME operators and industry associates within the researcher’s domain, and a reasonable number of valid responses were obtained.  Technology Acceptance Model (TAM) was adapted as the research framework to qualitatively examine the conditions that affect the adoption of Cloud computing into microfinance business operations, within which a suitable model for improving the adoption of Cloud computing was recommended. The analysis of the study revealed that SMEs in Nigeria, with particular reference to microfinance subsector in Akwa Ibom State are yet to fully embrace Cloud technology.  It was discovered that most of the SMEs studied, has some level of reservation about cloud computing, arising from not having appropriate education and enlightenment about the cloud economic offerings and potentials. From the outcome of the research, the researcher identified that most people’s concerns are as a result of lack of knowledge about cloud computing and so the researcher concluded that appropriate enlightenment by industry stakeholders, cloud service providers, cloud enthusiasts and even the government on the risks and overwhelming economic incentives of cloud computing as well as the provision of a monitored free trial services will encourage the adoption of cloud technology by SMEs. Index Terms - Cloud Adoption, Cloud Computing, Cloud End-user, Cloud Service Providers, Data Security, Microfinance, Nigeria, SMEs, Vendors,

TOWARDS AN INCENTIVE COMPATIBLE FRAMEWORK OF SECURE CLOUD COMPUTING

Cloud computing has changed how services are provided and supported through the computing infrastructure. It has the advantages such as flexibility , scalability , compatibility and availability . However, the current architecture design also brings in some troublesome problems, like the balance of cooperation benefits and privacy concerns between the cloud provider and the cloud users, and the balance of cooperation benefits and free-rider concerns between different cloud users. Theses two problems together form the incentive problem in cloud environment. The first conflict lies between the reliance of services and the concerns of secrets of cloud users. To solve it, we proposes a novel architecture, NeuCloud, to enable partially, trusted, transparently, accountably privacy manipulation and revelation. With the help of this architecture, the privacy-sensitive users can be more confident to move to public clouds. A trusted computing base is not enough, in order to stimulate incentive-compatible privacy trading, we present a theoretical framework and provide the guidelines for cloud provider to compensate the cloud user\u27s privacy-risk-aversion. We implement the NeuCloud and evaluate it. Moreover, a improved model of NeuCloud is discussed. The second part of this thesis strives to solve the free-rider problem in cloud environment. For example, the VM-colocation attacks have become serious threats to cloud environment. We propose to construct an incentive-compatible moving-target-defense by periodically migrating VMs, making it much harder for adversaries to locate the target VMs. We developed theories about whether the migration of VMs is worthy and how the optimal migration interval can be determined. To the best of our knowledge, our work is the first effort to develop a formal and quantified model to guide the migration strategy of clouds to improve security. Our analysis shows that our placement based defense can significantly improve the security level of the cloud with acceptable costs. In summary, the main objective of this study is to provide an incentive-compatible to eliminate the cloud user\u27s privacy or cooperative concerns. The proposed methodology can directly be applied in commercial cloud and help this new computing fashion go further in the history. The theoretical part of this work can be extended to other fields where privacy and free-rider concerns exist

Investigation of the viability of an integrated cloud-based electronic medical record for health clinics in Free State, South Africa

Thesis (Master of Information Technology) -- Central University of Technology, Free State, 2019The use of paper-based medical records leads to gaps in patient healthcare. Paper-based records are prone to challenges such as lack of real-time access to patient data, and inability to share and exchange medical data among different health institutions. A solution to address most of the challenges associated with paper-based medical records is to have an information system, such as an Electronic Medical Record (EMR) system. EMRs have proven to be more complete and quicker to access as opposed to paper records. Although EMRs may help resolve some of the problems with paper-based medical records, if the EMR systems are not linked or integrated, the problem of real-time accessibility and exchange of patient data remains unresolved. This leads to challenges in monitoring a patient’s health progress and providing continuity of care. The emerging cloud-computing model, which leverages the Internet to allow the sharing of IT resources as online services, may offer a cost-effective solution of integrating diverse EMR systems. It can serve as an electronic medical record storage centre which simplifies the complexities with EMR exchange methods between different systems and saves the equipment setup expenses for smaller healthcare facilities. In addition, cloud computing may improve healthcare services and benefit medical research. Despite the benefits offered by cloud computing, the adoption of cloud computing in the healthcare industry is the slowest compared to other industries. Further, adopting cloud computing involves many factors which require rigorous evaluation prior to introducing the new computing model to an organization. Very few empirical studies have focused on exploring factors influencing the adoption of cloud computing, especially in the public health sector. This study aimed to investigate the viability of an integrated cloud-based EMR system by exploring factors which influence the intent to adopt cloud computing at public healthcare facilities in the Free State province, South Africa. Through a review of literature on existing studies on the adoption of cloud computing and the Technology-Organization-Environment (TOE) framework, TOE factors were identified and adopted to suit the study’s context. The study carried out a quantitative cross-sectional research by collecting data using a questionnaire which was surveyed to a sample of five principal network controllers from all districts of the Free State and 31 public healthcare facilities in the Free State (FS), South Africa. The data collected was analyzed using SPSS version 19. The study’s hypotheses were tested by conducting a Spearman’s Coefficient Correlation. Results of the study revealed that most of the public healthcare facilities are using paper-based medical records with some form of IT to record basic patient information. Further, results of the study showed that some of the Health Information Systems (HIS) utilized at these healthcare facilities in the FS include Meditech, PADS, PharmAssist, Tier.net, HPRS, Rx Solutions, RDM, ETR and DHIS. According to this study, investments into IT infrastructure need to be considered by these health facilities as the current internet facilities will not be able to accommodate the use of cloud computing and only some facilities have internet facilities in place. Despite these challenges, these healthcare facilities are willing to adopt a cloud-based EMR system. Lastly, results of the study revealed that the factors associated with the intent to adopt cloud computing included relative advantage, security concern, organization readiness and top management support

Analysis of Computer Network Security Storage System Based on Cloud Computing Environment

A fundamental component of cloud computers from a business perspective is that users are allowed to use any desire and pay with a product that desire. Its cloud services were accessible anytime and anywhere consumers needed them. As a result, consumers are free to purchase whatever IT services they want, and they don't have to worry about how easy things can be managed. The remote server is used in a new information storage computing architecture that is considered an Internet generation. Ensuring security, material at resource providers' sites is a challenge that must be addressed in cloud technology. Thus, rather than reliance on a single provider for knowledge storing, this research implies developing construction for protection of knowledge stockpiling with a variation of operations, in which knowledge is scrambled and divided into numerous cipher frames and distributed across a large number of provider places. This support was applied to provide greater security, scalability, or reliability that was suggested according to the new structure. This paper, presented an encoded model for the cloud environment to improve security. The proposed model comprises the parity metadata for the database management provision to the provider. In the developed encoder chunks parity is not stored within the single resources with the provision of the available information chunks. The constructed security architecture in the RAID layer increases the dependability of the data with the deployment of the RAID 10 deployment. The developed RAID-based encoder chunks exhibit improved efficiency for the higher uptime at a minimal cost

MODELING OF SELECTION PROCESSES OF CLOUD SYSTEMS PARAMETERS PROVIDING THEIR STABILITY IN ACCORDANCE WITH RELIABILITY AND SAFETY

We have carried out the analysis of commercial and free software for support and organization of cloud computing, outlined the advantages and disadvantages of existing methods for reliability and security improvement of computing systems. Most of the existing systems do not take into account a number of factors that affect the safety, reliability and performance of calculations, the complexity of adaptation to changing requirements and environmental conditions. The work objective is formulated consisting in selection of cloud computing system architecture that provides maximum satisfaction of requests with different priority level, coming both from users and from services of the system itself. To solve this problem we propose a method of the system configuring for cloud services based on the model of a neuro-fuzzy system. The method gives the possibility to increase the productivity of users' requests providing the reliability and security of the processed information in special-purpose and dual-use systems. The architecture of the neuro-fuzzy network is developed, its input and output parameters are determined. Applying the proposed models, the configuration of a cloud information system designed to solve certain groups of tasks is carried out as an example. The decision result was a distribution matrix of system resources for serving of different task groups

Secure and Reliable Data Outsourcing in Cloud Computing

The many advantages of cloud computing are increasingly attracting individuals and organizations to outsource their data from local to remote cloud servers. In addition to cloud infrastructure and platform providers, such as Amazon, Google, and Microsoft, more and more cloud application providers are emerging which are dedicated to offering more accessible and user friendly data storage services to cloud customers. It is a clear trend that cloud data outsourcing is becoming a pervasive service. Along with the widespread enthusiasm on cloud computing, however, concerns on data security with cloud data storage are arising in terms of reliability and privacy which raise as the primary obstacles to the adoption of the cloud. To address these challenging issues, this dissertation explores the problem of secure and reliable data outsourcing in cloud computing. We focus on deploying the most fundamental data services, e.g., data management and data utilization, while considering reliability and privacy assurance. The first part of this dissertation discusses secure and reliable cloud data management to guarantee the data correctness and availability, given the difficulty that data are no longer locally possessed by data owners. We design a secure cloud storage service which addresses the reliability issue with near-optimal overall performance. By allowing a third party to perform the public integrity verification, data owners are significantly released from the onerous work of periodically checking data integrity. To completely free the data owner from the burden of being online after data outsourcing, we propose an exact repair solution so that no metadata needs to be generated on the fly for the repaired data. The second part presents our privacy-preserving data utilization solutions supporting two categories of semantics - keyword search and graph query. For protecting data privacy, sensitive data has to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. We define and solve the challenging problem of privacy-preserving multi- keyword ranked search over encrypted data in cloud computing. We establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. We first propose a basic idea for keyword search based on secure inner product computation, and then give two improved schemes to achieve various stringent privacy requirements in two different threat models. We also investigate some further enhancements of our ranked search mechanism, including supporting more search semantics, i.e., TF × IDF, and dynamic data operations. As a general data structure to describe the relation between entities, the graph has been increasingly used to model complicated structures and schemaless data, such as the personal social network, the relational database, XML documents and chemical compounds. In the case that these data contains sensitive information and need to be encrypted before outsourcing to the cloud, it is a very challenging task to effectively utilize such graph-structured data after encryption. We define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing. By utilizing the principle of filtering-and-verification, we pre-build a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure

Cloud computing-legal issues and dilemmas

Cloud computing is a part of our everyday life, a revolutionary invention of the 21st century that overcomes perhaps the biggest problem since the advent of the Internet and online communications and transactions - the problem of secure data transfer and storage. Cloud Computing is a modern technology that enables the use of IT services remotely, over the Internet and a network of physically remote servers. This type of computing provides great opportunities for consumers, customers, companies, all interested parties to communicate and do business online, with a significant reduction in costs and investment in hardware and software. Cloud computing services are accessible and attractive to users, primarily because they are either free or the price for their use is symbolic. Cloud computing, compared to the standard model of using home or office computers at work, differs in that the entire load for storing data and applications from the computer is transferred to the network and then to the cloud servers, so that all information and applications which we need can be found in the cloud. Servers are located in several locations around the world, on so-called "server farms" and guarantee continuous and stable access to applications, data storage and protection and control of all data and background processes. Users of cloud computing services need a computer with an Internet browser, a stable Internet connection and a concluded subscription agreement with a provider that provides such services. Cloud computing agreements and contracts are usually made online. The contract may also specify security measures (eg requests for cleaning or deleting data on damaged media, storage of customer data on private hardware, storage and diversification of data in different locations, etc.). The legal rules applicable to cloud computing contracts may require that the contract be in written form, especially when it comes to the processing and storage of personal data, and that all supporting documents be attached to the main contract. Even when no written form is required, for reasons of legal certainty, ease of reference, clarity, completeness, enforceability and efficiency of the contract, the parties may decide to conclude the contract in writing. Key words: Computing, cloud, contract

Review of the environmental and organisational implications of cloud computing: final report.

Cloud computing – where elastic computing resources are delivered over the Internet by external service providers – is generating significant interest within HE and FE. In the cloud computing business model, organisations or individuals contract with a cloud computing service provider on a pay-per-use basis to access data centres, application software or web services from any location. This provides an elasticity of provision which the customer can scale up or down to meet demand. This form of utility computing potentially opens up a new paradigm in the provision of IT to support administrative and educational functions within HE and FE. Further, the economies of scale and increasingly energy efficient data centre technologies which underpin cloud services means that cloud solutions may also have a positive impact on carbon footprints. In response to the growing interest in cloud computing within UK HE and FE, JISC commissioned the University of Strathclyde to undertake a Review of the Environmental and Organisational Implications of Cloud Computing in Higher and Further Education [19]

Dynamic reciprocal authentication protocol for mobile cloud computing

A combination of mobile and cloud computing delivers many advantages such as mobility, resources, and accessibility through seamless data transmission via the Internet anywhere at any time. However, data transmission through vulnerable channels poses security threats such as man-in-the-middle, playback, impersonation, and asynchronization attacks. To address these threats, we define an explicit security model that can precisely measure the practical capabilities of an adversary. A systematic methodology consisting of 16 evaluation criteria is used for comparative evaluation, thereby leading other approaches to be evaluated through a common scale. Finally, we propose a dynamic reciprocal authentication protocol to secure data transmission in mobile cloud computing (MCC). In particular, our proposed protocol develops a secure reciprocal authentication method, which is free of Diffie–Hellman limitations, and has immunity against basic or sophisticated known attacks. The protocol utilizes multifactor authentication of usernames, passwords, and a one-time password (OTP). The OTP is automatically generated and regularly updated for every connection. The proposed protocol is implemented and tested using Java to demonstrate its efficiency in authenticating communications and securing data transmitted in the MCC environment. Results of the evaluation process indicate that compared with the existing works, the proposed protocol possesses obvious capabilities in security and in communication and computation costs