617 research outputs found
Implementing a maintainable and secure tenancy model
Software-as-a-Service is a popular software delivery model that provides subscription-based services for customers. In this thesis, we identify key aspects of implementing a maintainable and secure tenancy model through analyzing research literature and focusing on a case study. We also study whether it is beneficial to change a single-tenant implementation to a multi-tenant implementation in terms of maintainability and security.
We research common tenancy models and security issues in SaaS products. Based on these, we set out to analyze a case study product, identifying potential problems in its single-tenant implementation. We then decide on changing said model, and show the process of implementing a new hybrid model. Finally, we present validation methods on measuring the effectiveness of such implementation.
We identified data security and isolation, efficiency and performance, administrative manageability, scalability and profitability to be the most important quality aspects to consider when choosing a maintainable and secure tenancy model. We also recognize that it is beneficial to change from a single-tenant implementation to a multi-tenant implementation in terms of these aspects
From security to assurance in the cloud: a survey
The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions
Cloud Multi-Tenancy: Issues and Developments
Cloud Computing (CC) is a computational paradigm that
provides pay-per use services to customers from a pool of
networked computing resources that are provided on demand.
Customers therefore does not need to worry about infrastructure
or storage. Cloud Service Providers (CSP) make custom built
applications available to customers online. Also, organisations
and enterprises can build and deploy applications based on
platforms provided by the Cloud service provider. Scalable
storage and computing resources is also made available to
consumers on the Clouds at a cost. Cloud Computing takes
virtualization a step further through the use of virtual machines,
it allows several customers share the same physical machine. In
addition, it is possible for numerous customers to share
applications provided by a CSP; this sharing model is known as
multi-tenancy. Though Multi-tenancy has its drawbacks but
however, it is highly desirable based on its cost efficiency. This
paper presents the comprehensive study of existing literatures
on relevant issues and development relating to cloud multitenancy
using reliable methods. This study examines recent
trends in the area of cloud multi-tenancy and provides a guide
for future research. The analyses of this comprehensive study
was based on the following questions relating to recent study in
multi-tenancy which are: what is the current trend and
development in cloud multi-tenancy? Existing publications were
analyzed in this area including journals, conferences, white
papers and publications in reputable magazines. The expected
result at the end of this review is the identification of trends in
cloud multi-tenancy. This will be of benefit to prospective cloud
users and even cloud providers
State of The Art and Hot Aspects in Cloud Data Storage Security
Along with the evolution of cloud computing and cloud storage towards matu-
rity, researchers have analyzed an increasing range of cloud computing security
aspects, data security being an important topic in this area. In this paper, we
examine the state of the art in cloud storage security through an overview of
selected peer reviewed publications. We address the question of defining cloud
storage security and its different aspects, as well as enumerate the main vec-
tors of attack on cloud storage. The reviewed papers present techniques for key
management and controlled disclosure of encrypted data in cloud storage, while
novel ideas regarding secure operations on encrypted data and methods for pro-
tection of data in fully virtualized environments provide a glimpse of the toolbox
available for securing cloud storage. Finally, new challenges such as emergent
government regulation call for solutions to problems that did not receive enough
attention in earlier stages of cloud computing, such as for example geographical
location of data. The methods presented in the papers selected for this review
represent only a small fraction of the wide research effort within cloud storage
security. Nevertheless, they serve as an indication of the diversity of problems
that are being addressed
Academic Cloud ERP Quality Assessment Model
In the past few decades, educational institutions have been using conventional academic ERP system to integrate and optimize their business process. In this delivery model, each educational institutions are responsible of their own data, installation, and also maintenance. For some institutions, it might cause not only waste of resources, but also problems in management and financial aspects. Cloud-based Academic ERP, a SaaS-based ERP system, begin to come as a solution with is virtualization technology. It allows institutions to use only the needed ERP resources, without any specific installation, integration, or maintenance needs. As the implementation of Cloud ERP increases, problems arise on how to evaluate this system. Current evaluation approaches are either only evaluating the cloud computing aspects or only evaluating the software quality aspects. This paper proposes an assessment model for Cloud ERP system, considering both software quality characteristics and cloud computing attributes to help strategic decision makers evaluate academic Cloud ERP system
Concurrency Lock Issues in Relational Cloud Computing
The widespread popularity of Cloud computing as a preferred platform for the deployment of web applications has resulted in an enormous number of applications moving to the cloud, and the huge success of cloud service providers. Due to the increasing number of web applications being hosted in the cloud, and the growing scale of data which these applications store, process, and serve – scalable data management systems form a critical part of cloud infrastructures. There are issues related to the database security while database is on cloud. The major challenging issues are multi-tenancy, scalability and the privacy. This paper focuses on the problems faced in the data security of Relational Cloud. The problems faced by various types of tenants and the type of access into the database makes a rework on the security of data, by analyzing proper locking strategies on the records accessed from the database. Data security in cloud computing addresses the type of access mode by the users (for analytical or transaction purpose) and the frequency of data access from the physical location (in shared or no-shared disk mode). Accordingly, the various data locking strategies are studied and appropriate locking mechanism will be implemented for real-time applications as in e-commerce. Keywords: Relational Cloud, Multi-tenant, two-phase locking, concurrency control, data management
Recommended from our members
A survey on security issues and solutions at different layers of Cloud computing
Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment
- …