Cloud Security Issues

The emergence of cloud computing is a recent development, insights into critical aspects of security can be gleaned from reported experiences of early adopters and also from researchers analyzing and experimenting with available cloud provider platforms and associated technologies. The sections below highlight privacy and security-related issues that are believed to have long-term significance for public cloud computing and, in many cases, for other cloud computing service models. Because cloud computing has grown out of an amalgamation of technologies, including service oriented architecture, virtualization, Web 2.0, and utility computing, many of the privacy and security issues involved can be viewed as known problems cast in a new setting. The importance of their combined effect in this setting, however, should not be discounted. Public cloud computing does represent a thought-provoking paradigm shift from conventional norms to an open deperimeterized organizational infrastructure—at the extreme, displacing applications from one organization’s infrastructure to the infrastructure of another organization, where the applications of potential adversaries may also operate. Keywords: cloud security, IaaS, Privac

Analysis of attacks on Web based applications

As the technology used to power Web-based applications continues to evolve, new security threats are emerging. Web 2.0 technology provides attackers with a whole new array of vulnerabilities to exploit. In this thesis, we present an analysis of the attacker activity aimed at a typical Web server based on the data collected on two high interaction honeypots over a one month period of time. The configuration of the honeypots resembles the typical three tier architecture of many real world Web servers. Our honeypots ran on the Windows XP operating system and featured attractive attack targets such as the Microsoft IIS Web server, MySQL database, and two Web 2.0-based applications (Wordpress and MediaWiki). This configuration allows for attacks on a component directly or through the other components. Our analysis includes detailed inspection of the network traffic and IIS logs as well as investigation of the System logs, where appropriate. We also develop a pattern recognition approach to classify TCP connections as port scans or vulnerability scans/attacks. Some of the conclusions of our analysis include: (1) the vast majority of malicious traffic was over the TCP protocol, (2) the majority of malicious traffic was targeted at Windows file sharing, HTTP, and SSH ports, (3) most attackers found our Web server through search-based strategies rather than IP-based strategies, (4) most of the malicious traffic was generated by a few unique attackers

Management and Services

Management in all business areas and organisational activities are the acts of getting people together to accomplish desired goals and objectives. Service is intangible, therefore, it is not too easy to define the theory application in varieties of service industries. Service Management usually incorporates automated systems along with skilled labour; it also provides service development. Due to enormous demand of service industries and management development, the book under the title "Management and Services" would create a milestone in management arena for all categories of readers including Business Administration, Engineering and Architecture. This book covers educational service development, service-oriented-architecture and case research analysis, including theory application in network security, GRID technology, integrated circuit application. The book is comprised of five chapters and has been divided into two parts. Part A contains chapters on service development in educational institutions and it depicts the application of supply chain management concept in service industries like tertiary educational institutions and multiple ways of web 2.0 applications transforming learning patterns and pathways. To understand the subject in a practical manner, Part B of this book consists of noteworthy case studies and research papers on management and services and represents theory application of Data mining, Fuzzy Cluster, Game theory, GRID Technology, simulation of Operational Amplifier and Current Controlled Conveyor II in network security, architecture, and integrated circuit application

A survey of communication protocols for internet of things and related challenges of fog and cloud computing integration

The fast increment in the number of IoT (Internet of Things) devices is accelerating the research on new solutions to make cloud services scalable. In this context, the novel concept of fog computing as well as the combined fog-to-cloud computing paradigm is becoming essential to decentralize the cloud, while bringing the services closer to the end-system. This article surveys e application layer communication protocols to fulfill the IoT communication requirements, and their potential for implementation in fog- and cloud-based IoT systems. To this end, the article first briefly presents potential protocol candidates, including request-reply and publish-subscribe protocols. After that, the article surveys these protocols based on their main characteristics, as well as the main performance issues, including latency, energy consumption, and network throughput. These findings are thereafter used to place the protocols in each segment of the system (IoT, fog, cloud), and thus opens up the discussion on their choice, interoperability, and wider system integration. The survey is expected to be useful to system architects and protocol designers when choosing the communication protocols in an integrated IoT-to-fog-to-cloud system architecture.Peer ReviewedPostprint (author's final draft

Transformation through research? The AC+erm Project and Electronic Records Management

The article focuses on the three-year project being undertaken by Northumbria University in Northumbria, England and funded by the Arts & Humanities Research Council (ANRH) named as AC+erm. The AC+erm project is a qualitative study composed of three main phases including a comprehensive Systematic Literature Review, an investigation of the three aspects of designing an architecture for electronic records management (ERM), and distribution of findings. The primary data from selected experts are gathered through the Delphi technique8, developed by the Rand Corp. in the U.S., to formulate an opinion on the research topic. Further, it provides short analysis of the issues associated with Web 2.0 and cloud computing technologies.