Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

Quality of Information in Mobile Crowdsensing: Survey and Research Challenges

Smartphones have become the most pervasive devices in people's lives, and are clearly transforming the way we live and perceive technology. Today's smartphones benefit from almost ubiquitous Internet connectivity and come equipped with a plethora of inexpensive yet powerful embedded sensors, such as accelerometer, gyroscope, microphone, and camera. This unique combination has enabled revolutionary applications based on the mobile crowdsensing paradigm, such as real-time road traffic monitoring, air and noise pollution, crime control, and wildlife monitoring, just to name a few. Differently from prior sensing paradigms, humans are now the primary actors of the sensing process, since they become fundamental in retrieving reliable and up-to-date information about the event being monitored. As humans may behave unreliably or maliciously, assessing and guaranteeing Quality of Information (QoI) becomes more important than ever. In this paper, we provide a new framework for defining and enforcing the QoI in mobile crowdsensing, and analyze in depth the current state-of-the-art on the topic. We also outline novel research challenges, along with possible directions of future work.Comment: To appear in ACM Transactions on Sensor Networks (TOSN

SLA-based trust model for secure cloud computing

Cloud computing has changed the strategy used for providing distributed services to many business and government agents. Cloud computing delivers scalable and on-demand services to most users in different domains. However, this new technology has also created many challenges for service providers and customers, especially for those users who already own complicated legacy systems. This thesis discusses the challenges of, and proposes solutions to, the issues of dynamic pricing, management of service level agreements (SLA), performance measurement methods and trust management for cloud computing.In cloud computing, a dynamic pricing scheme is very important to allow cloud providers to estimate the price of cloud services. Moreover, the dynamic pricing scheme can be used by cloud providers to optimize the total cost of cloud data centres and correlate the price of the service with the revenue model of service. In the context of cloud computing, dynamic pricing methods from the perspective of cloud providers and cloud customers are missing from the existing literature. A dynamic pricing scheme for cloud computing must take into account all the requirements of building and operating cloud data centres. Furthermore, a cloud pricing scheme must consider issues of service level agreements with cloud customers.I propose a dynamic pricing methodology which provides adequate estimating methods for decision makers who want to calculate the benefits and assess the risks of using cloud technology. I analyse the results and evaluate the solutions produced by the proposed scheme. I conclude that my proposed scheme of dynamic pricing can be used to increase the total revenue of cloud service providers and help cloud customers to select cloud service providers with a good quality level of service.Regarding the concept of SLA, I provide an SLA definition in the context of cloud computing to achieve the aim of presenting a clearly structured SLA for cloud users and improving the means of establishing a trustworthy relationship between service provider and customer. In order to provide a reliable methodology for measuring the performance of cloud platforms, I develop performance metrics to measure and compare the scalability of the virtualization resources of cloud data centres. First, I discuss the need for a reliable method of comparing the performance of various cloud services currently being offered. Then, I develop a different type of metrics and propose a suitable methodology to measure the scalability using these metrics. I focus on virtualization resources such as CPU, storage disk, and network infrastructure.To solve the problem of evaluating the trustworthiness of cloud services, this thesis develops a model for each of the dimensions for Infrastructure as a Service (IaaS) using fuzzy-set theory. I use the Takagi-Sugeno fuzzy-inference approach to develop an overall measure of trust value for the cloud providers. It is not easy to evaluate the cloud metrics for all types of cloud services. So, in this thesis, I use Infrastructure as a Service (IaaS) as a main example when I collect the data and apply the fuzzy model to evaluate trust in terms of cloud computing. Tests and results are presented to evaluate the effectiveness and robustness of the proposed model

Mobile Technology Deployment Strategies for Improving the Quality of Healthcare

Ineffective deployment of mobile technology jeopardizes healthcare quality, cost control, and access, resulting in healthcare organizations losing customers and revenue. A multiple case study was conducted to explore the strategies that chief information officers (CIOs) used for the effective deployment of mobile technology in healthcare organizations. The study population consisted of 3 healthcare CIOs and 2 healthcare information technology consultants who have experience in deploying mobile technology in a healthcare organization in the United States. The conceptual framework that grounded the study was Wallace and Iyer\u27s health information technology value hierarchy. Data were collected using semistructured interviews and document reviews, followed by within-case and cross-case analyses for triangulation and data saturation. Key themes that emerged from data analysis included the application of disruptive technology in healthcare, ownership and management of mobile health equipment, and cybersecurity. The healthcare CIOs and consultants emphasized their concern about the lack of cybersecurity in mobile technology. CIOs were reluctant to deploy the bring-your-own-device strategy in their organizations. The implications of this study for positive social change include the potential for healthcare CIOs to emphasize the business practice of supporting healthcare providers in using secure mobile equipment deployment strategies to provide enhanced care, safety, peace of mind, convenience, and ease of access to patients while controlling costs

Cloud Service Provider Evaluation System using Fuzzy Rough Set Technique

Cloud Service Providers (CSPs) offer a wide variety of scalable, flexible, and cost-efficient services to cloud users on demand and pay-per-utilization basis. However, vast diversity in available cloud service providers leads to numerous challenges for users to determine and select the best suitable service. Also, sometimes users need to hire the required services from multiple CSPs which introduce difficulties in managing interfaces, accounts, security, supports, and Service Level Agreements (SLAs). To circumvent such problems having a Cloud Service Broker (CSB) be aware of service offerings and users Quality of Service (QoS) requirements will benefit both the CSPs as well as users. In this work, we proposed a Fuzzy Rough Set based Cloud Service Brokerage Architecture, which is responsible for ranking and selecting services based on users QoS requirements, and finally monitor the service execution. We have used the fuzzy rough set technique for dimension reduction. Used weighted Euclidean distance to rank the CSPs. To prioritize user QoS request, we intended to use user assign weights, also incorporated system assigned weights to give the relative importance to QoS attributes. We compared the proposed ranking technique with an existing method based on the system response time. The case study experiment results show that the proposed approach is scalable, resilience, and produce better results with less searching time.Comment: 12 pages, 7 figures, and 8 table

Comprehensive Framework for Selecting Cloud Service Providers (CSPs) Using Meta synthesis Approach

IntroductionNowadays, cloud computing has attracted the attention of many organizations. So many of them tend to make their business more agile by using flexible cloud services. Currently, the number of cloud service providers is increasing. In this regard, choosing the most suitable cloud service provider based on the criteria according to the conditions of the service consumer will be considered one of the most important challenges. Relying on previous studies and using a meta-synthesis approach, this research comprehensively searches past researches and provides a comprehensive framework of factors affecting the choice of cloud service providers including 4 main categories and 10 sub-areas. Then, using the opinions of experts who were selected purposefully and using the snowball method, and using the Lawshe validation method, the framework is finalized.Research Question(s)This research aims to complete the results of previous studies and answer the following questions with a systematic review of the subject literature:-What are the components of the comprehensive framework for choosing cloud service providers?-What are the effective criteria to choose a cloud service provider?-What is the selected framework of effective factors? Literature ReviewMany researchers have looked at the problem of choosing the best CSP from different aspects and have tried to provide a solution in this field. In this regard, we can refer to "Tang and Liu" (2015) who proposed a model called "FAGI" which defines the choice of a trusted CSP through four dimensions: security functions, auditability, management capability, and Interactivity helps. "Kong et al." (2013) presented an optimization algorithm based on graph theory to facilitate CSP selection. Some researchers have also provided a framework for CSP selection, such as "Gash" (2015) who provides a framework called "SelCSP" with the combination of trustworthiness and competence to estimate the risk of interaction. "Brendvall and Vidyarthi" (2014) suggest that in order to choose the best cloud service provider, a customer must first identify the indicators related to the level of service quality related to him and then evaluate different providers. Some researchers have focused on using different techniques for selection. For example: "Supraya et al." (2016) use the MCDM method to rank based on infrastructure parameters (agility, financial, efficiency, security, and ease of use). They investigate the mechanisms of cloud service recommender systems and divide them into four main categories and their techniques in four features of scalability, accessibility, accuracy, and trustIn this research, it has been tried to use the models and variables of the subject literature in developing a comprehensive framework. The codes, concepts, and categories related to the choice of cloud service providers are extracted from previous studies, and a comprehensive framework of the factors influencing the choice of cloud service providers is presented using the meta-composite method. MethodologyIn this research, based on the "Sandusky and Barroso" meta-composite qualitative research method, which is more general, a systematic review of the research literature was conducted, and the codes in the research literature were extracted. Then the codes, categories, and finally the proposed model are formed. The seven-step method of "Sandusky and Barroso" consists of: formulation of the research question, systematic review of the subject literature, search and selection of suitable articles, extraction of article information, analysis and synthesis of qualitative findings, quality control, and presentation of findings. Lawshe validation method has been used to validate the research findings. ResultsIn the meta-synthesis method, all the factors extracted from previous studies are considered as codes and concepts are obtained from the collection of these codes. Using the opinion of experts and considering the concept of each of these codes, codes with similar concepts were placed next to each other and new concepts were formed. This procedure was repeated in converting the concepts into categories and the proposed framework was identified. This framework consists of 27 codes, 10 concepts, and 4 categories (Table 1).Table 1: Codes, concepts, and categories extracted from the sourcescategoryConceptCodeNo.TrustSecurityHardware Security1Network Security2Software Security3Confidentiality4Control5Guarantee and AssuranceAccessibility6Stability7Facing ThreatsTechnical Risk8Center for Security Measures9TechnologyEfficiencyService Delivery Efficiency10Interactivity11Hardware and Network InfrastructureConfiguration and Change12Capacity (Memory, CPU, Disk)13Functionality Flexibility14Usability15Accuracy16Service Response Time17Ease of use18ManagerialMaintenanceEducation and Awareness19Customer Communication Channels20StrategicLegal Issues21Data Analysis22Service Level Agreement23CommercialCustomer SatisfactionResponsiveness24Customer Feedback25CostSubscription Fee26Implementation Cost27The lack of a common framework for evaluating cloud service providers is compounded by the fact that no two providers are the same, so that this issue complicates the process of choosing the right provider for each organization. Figure 1 shows the proposed comprehensive framework including 4 categories and 10 concepts covering the issue of choosing cloud service providers. These factors are useful in determining the provider that best matches the personal and organizational needs of the service recipient. The main categories are: trust building, technology, management, and business, which will be explained in the following.Figure 1: Cloud service provider selection framework 5- ConclusionBy comprehensively examining the factors affecting the choice, this research introduces specific areas such as trust building, technology, management, and business as the main areas of cloud service provider selection and add to the previous areas. The category of building trust between the customer, and the cloud service provider is of particular importance. In this research, the concepts related to trust building are: security (including hardware security, network security, software security, confidentiality and control), (availability, stability and stability), and facing threats (technical risk). In 36% of the articles, the concept of trust is mentioned, but in each study, only a limited number of factors affecting this category are discussed. This research takes a comprehensive look at the category of technology, the concepts of productivity (including service delivery efficiency, interactivity), hardware and network infrastructure (including configuration and repair, capacity (memory, processor, disk)), and performance (including flexibility, usability, accuracy of operation, service response time, ease of use). Considering the variety of services on different cloud platforms, service recipients must ensure that the provision of services is managed easily and in the shortest possible time by the cloud provider. The commercial aspect of service delivery deals with the two concepts of customer satisfaction (including responsiveness, customer feedback) and service rates (including: subscription cost and implementation cost), which are of interest to many businesses. The results of this research will help the decision makers of using the cloud space (both organizational managers and cloud customers) in choosing the best cloud service provider to have a comprehensive view of the effective factors before choosing and plan according to their needs

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments