The
Impact of LAN/WAN Security on Databases in a Cloud Computing Environment
A
Research Proposal Submitted to
The
Graduate Council in Partial Fulfillment of
The
Requirement for the Degree of
Doctor
of Computer Science with a concentration in
Department
of Computer Science
BY
Tai
Tan Cleveland
BS,
Electronic Engineering Technology 1991, from NSU
MS,
Information Systems Security, August 2006 from CTU
Impact
of LAN/WAN Security on Databases in a Cloud Computing Environment
BY
Tai
Tan Cleveland
This
Research Proposal is approved
By
Dr.
Bhanu Kapoor
Table of Contents
Section 4
4.1 Introduction
4.2 Cloud Security, a Challenge with many Facets
4.2.1
The Guaranteed Security
4.2.2
Summarization of the Topical Area
4.3 Discussion
4.3.1
Theoretical Implications of the Research
4.3.2
What and re
4.3.3
When, Who and How
4.3.4
Why
4.3.5
Connecting the Topical Area to Prior Research
4.3.6
Explanation of Unanticipated Findings
4.3.7
Implications for Practice
4.4 Recommendations for Further Research
4.5 Planning in a Next Five Years
Section
4
Programmatic Research Proposal
4.1
Introduction
Presently, cloud computing remains the
most prevalent topic in the field of information technology. It entails
outsourcing the resources and data center functionality through network
connections. Holding of the applications through cloud computing will link the
cloud resources to the data centers of the company to facilitate the data
access. From the customer’s point of view, cloud computing technology induces
complications related with safety and responsibilities (Kaufman, 2009).
Patently, one is prompted to consider the virtualized infrastructure security
issues related to the cloud computing technologies. Cloud security is an
ultimate impossibility for some infrastructures, and hence, prone to risk
culture development (Boran, 2003).
Cloud computing is divided into three
sections: Application, storage and connectivity. Every component will work
differently to avail different products to both the businesses as well as the
individuals throughout the world. Despite
whether the reference to the infrastructure is in the form of a service
(IaaS), a platform (PaaS) or applications (SaaS), the cloud will lead to
divisions in Information Technology (ITA, 1998). It induces a division
of tasks faced by many industries. Various companies are conversant with the
issues that are related to cloud computing; such as, who is responsible for
what aspects of security of data and applications, and which points deserve to
be scrutinized and contracted out. However, there is the question of who can
access the corporate data, as Microsoft clearly illustrated this summer,
stating its obligations in relation to the U.S. Patriot Act in provision of
appropriate tools to intercept terror threats (Kaeo, 2004).
Actually, the concern
of security of cloud computing can be recapitulated to an equation with four
variables: Technology and security controls, legal and contractual constraints,
the deployment model and the division of labor, and finally, the process of purchase
and insurance. Each of these variables will change depending on the type of
cloud model chosen; IaaS, PaaS and SaaS, and the deployment measures; either
public or private. In most cases, these models are
useful in applications in business collaborations, managing information systems
and in human resource management. Their wide application from the survey study
indicates that they have lower risks with only 10% doubting the same against
63% of its proponents.
4.2.1
The Guaranteed Security
According to Michael
Pauly, security in the cloud is not a guarantee. Of greater risk is the
business imperatives’ perception of the intricacy in giving the solution to the
problems identified (Cleveland, 2009). Pauly (2013) compared this to a
company placing its cursor to the right button and repudiating the access to
the suppliers’ safety points. This may be constantly challenging, but the Cloud
Security Alliance is actively working to counter this problem. In light of this
approach and other stringent concerns, cloud service providers may hire hackers
to break into the network in order to evaluate any weaknesses (Sosinsky, 2011).
However, there is an ultimate positivity impact in any organization when the
security issue within the cloud is such a debate, and this will not slow down
any developments. A majority of SMEs should benefit from heavy security in the
cloud environment and their internal systems (Bernard, 1995).
Nevertheless, security to the cloud
vendors has been a critical issue, but there are significant efforts to handle
this problem in the process of being developed. The same concerns were reflected from the survey when 35 respondents
questioned the service integrity while 31 questioned its availability (Jaeger & Schiffman, 2010).
If cloud providers are incapable of providing
reliable security measures, strong concords between these providers must be
agreed upon to hold them accountable. In environments dominated by SaaS
(Software as a Service), security measures and fields of action are primed
through contracts. In the IaaS (Infrastructure as a Service) model, the
security of the underlying infrastructures and the upper layers is managed by
the supplier of the IaaS (Shroff, 2010). The customer is
responsible for any operation after the installation of the infrastructure. Such
operations may be performed in the operating systems, applications and data.
PaaS (Platform as a Service) is located in between the SaaS and IaaS. The
enforcement of security of this platform is the responsibility of the PaaS
provider, but the customer is responsible for the protection of applications
that are developed on this platform. This largely applies in private clouds
that are virtualized into a single entity where some subscribers deem it to be
safer in data storage (Canavan, 2001).
The cloud provider is expected to
guarantee the security of the cloud, the network and the physical environment.
The choice of a cloud provider should, thus, be based on professionalism and
sound expertise. The cloud provider must be conversant with the best network
security solutions and operating security systems (Sosinsky, 2011).
Moreover, the cloud provider should be able to demonstrate the assessment and
acceptance of all the safety risks, test the protection system, and be able to
control the security threats. In addition, assessment of cloud provider
response to incidents is crucial (Sannella, 1994). For example, checking
whether a security operations center (SOC) has been set up can act as an
initial evaluation of the cloud
provider’s proficiency. Finally, network security should protect all virtual
access points in the cloud. Moreover, the physical security may require a
thorough review of the specific solutions that the cloud provider has set up
for data recovery in case of any disaster. It should distinctly indicate
storage for the data and the availability of the encrypted data being moved to
a remote site. It is also recommended that the cloud provider choose the
techniques that provide the physical security measures according to SAS 70 or
ISO 9000 (Armbrust et al., 2009).
4.2.2 Summarization of the Topical Area
The virtual lack of security
architectures has, for several years, prompted the experts to question the
problem, though it is only recently that the issue has resurfaced. The security
debate currently raging in the cloud is also disquieting. While the industry is
still agitated by the subject, the RSA Conference has made it to be its main
focus, and it appears that several companies are far behind the cloud computing
security architectures (Sosinsky, 2011). Gartner published a
study that addresses the most common security risks in the data center
virtualization projects. The study is compatible with the investigations done
towards pointing out the rationale behind the lack of security of virtual architectures
(Gartner, 2008). Neil MacDonald, an analyst at Gartner, pointed out that
virtualization is inherently unsafe, but that most virtualized workloads are
deployed unsafely. According to MacDonald, the basis of the unsafe deployment
includes lack of tools and processes, maturity and lack of training teams,
resellers and consultants. Also, most virtualization projects do not include
security teams in the initial architecture. The other major cause is related to
the mobility of virtual servers, which makes them complicated in controlling
security (Nichols & Lekkas, 2002). Generally, the
qualifications of the operational teams in securing the production environment,
the operating systems and the hardware have contributed to the solutions on
virtualization. Actually, this argument does not take into account the new
software layer made when the production environment is virtualized with the
hypervisor and VMM (Virtual Machine Monitor). However, the main principles of
safety remain unchanged. Protection of the virtual environment, including
virtual work, applies similar principles as the WAN/LAN traditional. For
professionals, it is important to patch securely virtualized platforms and to
develop good change control processes. Conversely, “zero time” coverage of the
servers through an Internet Protocol address outside the server is requisite in
guaranteeing unexploited vulnerabilities from the hackers (Jaeger & Schiffman, 2010).
4.3 Discussion
Due to the initiative by Obama’s
administration in favor of cloud computing, United States government agencies
are facing the pressure of the budget office to shift more services and
applications to the cloud; preferably commercial services (Sosinsky, 2011).
Last year, in his reformation plan for the management of the U.S. Federal IT,
the Chief Information Officer (CIO) Vivek Kundra specified the responsibility
of the government in ordering the CIOs of federal agencies to identify at least
three essential services to migrate into the cloud (Kundra, 2012). At least one
of the three must have migrated in a year, and the other two should have 1 ½
years to develop the switch. When evaluating the options for the new
deployments, the budget office ordered that agencies choose clouds by default
during the specification of their plans since it is a safe option and reliable.
So far, 25 agencies have identified 78 systems to be migrated (Shroff, 2010).
Shawn P. McCarthy, a research director
at International Data Corporation, estimates that 80 percent of cloud migration
by the government will be to private clouds; internal or outsourced (McCarthy,
2011). A private cloud is described as infrastructure that is outsourced or
hosted at a center, and is open to the public. Nonetheless, running on
dedicated systems which are operated by a provider should be approved by the
government through service level agreements. Alternatively, a public cloud is
mostly used by the agencies when dealing with the information that is not
sensitive, such as information on administration, and which is presented on web
portals (Bryman, 2008). For example, AWS GovCloud Amazon, which is a private
cloud, was launched at the IT Summit for NASA in August. Tsengdar Lee, who is
technical director in charge of NASA's IT, expressed excitement in working with the private sector,
but he, as well, forewarned them to approach it with great caution. According
to Lee, approximately 60 percent of the migration project to the NASA cloud will
be housed in its private cloud, Nebula (Jaeger & Schiffman, 2010; Shroff,
2010; Vaquero, Rodero-Merino, Caceres & Lindner, 2009).
The following discussion presents
particular views in the perspective of theoretical implications of the
research. It seeks to yield to the questions based on what, where, when, who,
how and why, as far as this research is concerned. In addition, it adds more
findings from the research survey pertaining to what various corporations perceive
as important in line with various security issues. In contrast to empirical
findings, these theoretical implications further highlight various issues and
concerns that should be investigated to enhance security in public and private
cloud computing (Tavel, 2007).
Many theories have been developed on how
to handle negative activities including hacking in the cloud computing
environment. Psychologically, there are different theories proposed for the
same activity. However, to be precise, the theory by Erik Erikson regarding
psychosocial development is an example of a popular psychological theory
related to cloud computing. According to Erikson, the development of the
personality undergoes several phases. The first stage is trust versus mistrust
based on security dependence and quality. The second is autonomy versus doubt
and shame. In this theory, there is more personal control and decisions
employed to eliminate any doubts in the security models of SaaS, PaaS and IaaS (Jaeger & Schiffman, 2010; Shroff, 2010; Vaquero,
Rodero-Merino, Caceres & Lindner, 2009).
4.3.3
When, Who and How
According to these theories, the effects of
different types of social experiences are usually very critical. For example,
Erikson’s theory is about psychological ego development. Ego is the key tool in
social interactions, and ego-related identity is subject to continuous change.
This identity is prone to entanglement with the new experiences that a person
keeps and faces on a daily basis. Thus, reinforcing such persons propels them
into a sense of self-dependence and control.
The central key for discussing the
psychological theory in this topic is because there is a need to handle the psychologies
of the general population and because there are the different types of negative
variables that provoke the general population to act in any negative manner.
Such an assessment will help persons to act in a positive manner that will
promote security and development in various aspects of computing (McCarthy, 2011).
Such persons develop a positive sense in line with their contributions to
networking development rather than feeling segregated and marginalized. In its
application to cloud computing, 70% were of the opinion that if the cloud
network was more inclusive, then more persons will experience positive
development because there will be a reduction in capital spending on software,
security of information, hardware, and IT support by contracting out cloud
infrastructure services. It goes without saying that there will be equality in
its applications in such a way that there would be no hacking from persons that
cannot access the same services (Shroff, 2010).
Definitely, cloud computing is now very
far from a fad. According to Jim Reavis, the co-founder and executive director
of the Cloud Security Alliance, the cloud and awareness of successful projects
among many drivers will be possible for the next few months. He described that
the merger and acquisition accelerate the same movement. Some CIOs of large
companies solicited him to look to the cloud and see how he can meet their
needs generated by new acquisitions or spin/sale of a division (Vaquero,
Rodero-Merino, Caceres & Lindner, 2009).
The challenges resulting from compliance and security posed by cloud
computing have been a constant concern amongst the security professionals
According to a survey by Tech Target Security Media Group on 1091 respondents,
61 percent of CIOs primarily evoked
compliance and audit-ability in the first position of their concerns for cloud computing.
Sixty-eight percent were concerned about the issue of security and data
encryption, while 45 percent were concerned about the management and access
control (Jaeger & Schiffman, 2010; Shroff, 2010; Vaquero, Rodero-Merino,
Caceres & Lindner, 2009).
From an IT viewpoint, it would be the ultimate
situation if, in cooperation with built-in
house data centers, public and private
clouds could be well thought out to be flexible pools of computing and also
storage place of resources that are effortlessly connected. The administration of such a group of
properties requires the capacity to compliantly map applications to altered
sites as well as the capacity to move presentations and their data crossways
and inside these pools. The ease with which such changes can be reached and
realized, control the receptiveness with which creative IT can fulfill changing
various business needs (Kaeo, 2004). The cloud providers have not been
transparent. According to a participant in a survey on Discount Shipping
Insurance, the suppliers hindered the customer from accessing their security
checks; this was accompanied by an expression of the dissatisfaction associated
with the cloud encryption complexity. Groups such as Cloud Security Alliance (CSA)
have been working to obtain solutions to these problems. With the rise of CSA,
Reavis described that the rapid adoption of cloud computing, which is driven by
the global economic environment, complicates the task of inventing new
solutions (Jaeger & Schiffman, 2010; Shroff, 2010; Vaquero, Rodero-Merino,
Caceres & Lindner, 2009). Suppliers
are believed to play their part in creating these problems by seizing the
opportunity to misquote cloud solutions in their organizations, which may never
exist (ITA, 1998). This is a considerable escalation that
affects the resolution of real problems. However, some interesting technologies
are emerging, despite the ambient background problems. Cloud passage, for
example, offers services for firewalls and vulnerability management servers,
and services designed specifically for cloud environments. According to CEO,
Carson Sweet, the technology used in controlling the problem of security
management for servers in a cloud environment will lead to virtual machines
being created quickly through cloning. Other technologies that facilitate data
analysis include the cloud passage platform, the demon halo, the halo grid and the
distributed computing grid. When created, they automatically safeguard the
servers that are well secured for maximum protection in computing (Armbrust et al., 2009).
Cipher Cloud successfully offers a web proxy
that ensures that the encryption and tokenization of corporate data is sent to
a service provider cloud. Encryption keys are designed in customer formats; the
functions associated with the data are preserved and the latency added does not
exceed 2 percent, depending on the direction of Cipher Cloud (King, 2008).
This technology is compatible with Force.Com, the PaaS of Salesforce.com, and
Google Apps. It is offered as a managed service but can also be deployed
internally, as a virtual appliance. Reavis believes that cloud computing is
reinventing IT gradually, and he expects to do the same with the IT security
industry (Vaquero, Rodero-Merino, Caceres & Lindner, 2009). The CSA is now studying how the cloud can be
used to secure everything, not just the cloud (Shroff, 2010).
As such, the cloud gives rise to
significant differences in security. Michael Pauly points out that the cloud
changes the situation dramatically (Pauly, 2013).
There is no question of access to software or hardware, but only in the
operation. This means using something that is not known is implying that there
will be no control over it. Consequently, the appropriate security mechanisms
to apply will be determined. Sometimes, there may be complexities in the
control, but security is also possible and is literally a matter of life or
death (Khare, 2006).
When it comes to data security on a cloud computing environment, the
security of the LAN/WAN cannot be stressed enough. With the invention and
development of cloud computing, comes numerous threats from many data security
adversaries. The identification of the data security adversary is as critical
as putting mitigation checks in place in order to ensure or minimize the
results of the attack. There are two three?? main data security adversaries are
identified below:
a)
Weak adversary: This
kind of adversary mainly focuses on merely corrupting the user’s data files
stored on individual servers, and as soon as the data server is exposed to
security threats and is vulnerable, the adversary can corrupt the original data
files by modifying or introducing its own fraudulent data to prevent the
original data from being retrieved by the user. In a virtualized cloud
environment, each client has a virtual machine that is running client specific
applications (Armbrust et al., 2009;
Howe, 1988). As the operating system (OS) of the cloud provider is running
multiple VMs concurrently, it is a
challenging task to manage all the virtual machines concurrently, and in recent
security breaches, black hat hackers and other security experts have discovered
security holes in some hypervisor implementations (Howe, 1988). Hypervisors are
getting more and more common, and are growing in deployment in everything from
data center systems to embedded consumer electronics; however, as their
deployment increases, more and more security concerns come into play, including
a variety of attack methods and the dire consequences of a compromised
hypervisor (Clarke & Knake,
2012; Cleveland, 2009).
b)
Holes include
the ability to insert code into virtual machines, the disclosure of
unauthorized information, and potential disruption of service. Once a compromise is made at the hypervisor
level, one can easily penetrate the operating system that resides on that
particular VM and its storage system including the access to perform malicious
operations on the applications that reside on the machines (Howe, 1988). So if
one were to breach the hypervisor running several varieties of guest operating
systems, one could use root access to the hypervisor to commit security
breaches on a cloud computing environment that dents the security of the
LAN/WAN. Such breaches include, but are not limited to, planting rootkits into
the memory of running operating system kernels, and performing file system
trickery as a side-effect of having direct and raw access to nonvolatile data
storage mediums (Buyya et al., 2011; Salomon, 2003).
This, in a sense, can be classified in other times as a form of access denial
to data.
c)
Strong
adversary: A strong adversary can be termed as the data managers’ worst situation.
The main aim of this adversary is to
expose and make vulnerable the entire data storage system, including the
servers, and change the data files with absolutely no detection at all from the
LAN/WAN security system (Buyya et al.; 2011).
The
real concern is that "cyber criminals” have never been very effective,
though their malicious acts threaten consumer data as well as those of
businesses. Some of the questions raised in this context should ask whether it
was still possible to guarantee security after has been so prevalent. The
responses were negative indicating unfeasibility in the whole exercise. It was
said that secure network equipment would have been required in the future (King, 2008).
Nevertheless, cloud computing has contributed to the small and medium
enterprises security. Presently, in an infrastructure, the use of network
equipment in security control is negligible, and primarily, a firewall will be
used for many security purposes. Therefore, any reluctance by companies to
embrace the cloud security would increase related risks (Kaeo, 2004).
According
to Trend Micro, 43% of IT decision-makers have already encountered a problem
with a cloud’s security service provider over the last 12 months. This prompted
the publisher to enquire from 1200 IT decision-makers from around the world,
including the United Kingdom and Germany, but not from France, regarding those
figures. Among the respondents, 10 percent already use cloud services in
production while 50% used cloud services on pilot or deployment. As per the
survey by Trend Micro, the main obstacle to the adoption of cloud computing for
50 % of the respondents is securing the infrastructure and data providers. For
the question on who was really responsible for the insecurity of cloud
computing, the results showed that 85% of respondents using cloud services
encrypted their data before they entrusted them to their supplier. In contrast,
the survey report for this research received 58 out of 60 respondents who cited
security concerns in cloud computing as a major consideration before investing
in the same (Sosinsky, 2011).
Cloud
computing technology is subject to change, so the notion of LAN/WAN security of
a database in a cloud computing environment will also be subject to
modification. In the perspective of recommendations for further research, on-going
exploration is inevitable because, with the sophistication of future technology,
more complicated ways of different illegal and online negative activities will
definitely emerge (Howe, 1988). Therefore, network protection
specialists should work to provide virtual environments of network security
capabilities, which are at least comparable to those of physical environments.
They should develop offers that are designed to virtualized environments with
Xen and ESX, among others (Shroff, 2010). Yann Le Borgne, CTO
of Sourcefire Southern Europe, points out that probes are available in the virtual
mode for the prevention and detection of any intrusion on virtual networks. He
expressed the possibility of using expertise towards passive network discovery,
and pointed out that the welcomed elements result when the system managers
sometimes forget that with virtualization, security teams will lose their
visibility (King, 2008).
Later,
the publisher announced integration with VMware, vShield and API. This integration
was aimed at winning the capacity to act; the virtual probes backed information
on the network and administrators can write rules concerning information
compliance. From an event, it is possible to block the service or network
stream at initial stages (ITA, 1998). Specifically, when the IPS
detects a violation of rules, like unauthorized applications or ports network
non-standard or unexpected access to a critical service, the API configures the
VMware vShield App dynamically (for application protection) or vShield Edge
(for the control of network access) to block the activity that does not comply
to the set specifications (Khare, 2006).
4.5
Planning in a Next Five Years
What
I would like to do in the next five years?
My choice to study cloud computing in my Doctoral was
informed by the fact that cloud computing is one of the 5 most promising
technologies in the future. Cloud computing has already been established to introduce
well-deserved cost savings for businesses
which opt to use cloud computing as compared to traditional information
systems (Dinkar & Geetha, 2011). This
fact can be exemplified by the fact that the Obama Administration is in total
support of moving all government systems to the cloud to minimize operational
expenditure within government.
My research proposal has already established that there
are serious security concerns when it comes to cloud computing. Since cloud
computing is the future of computing, I have taken a first step to study
security challenges in cloud computing which need to be addressed in order to
secure the future of cloud computing. In my future Doctoral research work, I would
like to keep researching in the field of cloud computing to find out the best possible
solutions for the security challenges which I have identified within my work.
These challenges will further be studied while focusing on the three sections
of cloud computing: application, storage and connectivity. My Doctoral work
within the next five years will include a deep examination of the security
issues which surround these three areas of cloud computing i.e. application,
storage and connectivity.
To further my Ph. D. work, I will then move into the next
area of my research which will seek to unearth the most probable trends of
cloud computing. This will ensure that I complete a two-stage Ph.D. research project
whose first stage will include the detailed examination of the security challenges
of cloud computing and the solutions which can be adopted by businesses to
mitigate such security issues. This will be particularly important because, for
cloud computing to move to the next step, the academic and professional
community must provide solutions to the security challenges in cloud computing.
Once these solutions have been proposed, I will move further to research,
predict and make proposals of the next trends of cloud computing.
This will be the final part and the epitome (climax) of
my Ph. D. work at the end of five years. This will be in line with the
resolution by academics, professionals & researchers who have already
established, without a doubt, that cloud computing will be an important IT
component in the modern world and it is the future of business computing. Can
cloud computing provide a future for personal computing? Currently
telecommunication companies have already begun offering cloud computing space
for their subscribers to store some of the mobile phone information such as contacts
and messages (Dinkar & Geetha, 2011).
Can this concept be extended further to provide more personal computing via the
cloud? Can cloud impact and change the
future of home computing? The examination of these questions may present much
needed answers in determining the next big thing for cloud computing once the
security issues and challenges have been identified and solutions proposed by
the first component of my Ph. D. work
(Shakunthala & Rangarajan, 2010).
In conclusion, my Doctoral work within the next five
years will involve a 1-2-3 part (component) study which will involve (1) a
detailed examination of the issues and challenges facing cloud computing (2) a
proposal of solutions to the identified challenges and issues and (3) an
examination of the probable future of cloud computing beyond the currently
available functionalities. This will be
the epitome of my Ph. D. work and it will provide the professional and academic
community with insights into the future of cloud computing, establishing the
contribution of my Ph. D. Academic work to society.
Bibliography
Antonopoulos,
N. & Gillam, L. (2010). Cloud
computing: Principles, systems and applications.
London: Springer.
Armbrust, M.,
Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G.,
Patterson,
D., Rabkin, A., Stoica, I. &
Zaharia, M. (2009). “Above the Clouds:
A Berkeley View of Cloud Computing.” Electrical
Engineering and Computer Sciences, University of California at Berkeley.
Retrieved on April 14 2013 from:
http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf
Bernard, H. R. (1995). Research methods in anthropology
(2nd ed.). London: SAGE.
Boran, S. (2003). IT Security Cookbook . New York: Magma.
Bowman et al. (1993). Reasoning about naming systems.ACM
Transformation Program. Retrieved from
http://dl.acm.org/citation.cfm?doid=161468.161471
Brooks, C. (2009, November 16). SaaS and the future of
cloud rosy. Retrieved from http://www.CloudComputing.com
Bryman, A. (2008). Social research methods (3rd ed.).
Oxford: Oxford University Press.
Buyya, Rajkumar, Broberg, J. &
Goscinski (2011). Cloud Computing
Principles and Paradigms. Hoboken, New Jersey: John Wiley & Sons, Inc.
Canavan, J. E. (2001). Fundamentals of network security.
Norwood, MA: Artech House.
Chen, Y., Paxson, V., & Katz, R. (2010). What’s new
about cloud computing security? Technical Report No. UCB/EECS-2010-5.
Chen, T. M. & Abu-Nimeh, S. (2011). Lessons from Stuxnet.
Computer, 44(4):91-93.
Chow, R., Golle, P., Jackobsson, M., Shi, E., Staddon, J.,
Masouka, R. & Mollina, J (2009). Controlling data on the cloud: outsourcing
computations without outsourcing control. Proc. Cloud Computing Security
Workshop (CCSW09), pp. 85–90
Clarke, R. A. & Knake, R. K. (2012). Cyber War: The Next Threat to National Security and What to Do about It.
New York: Ecco, an imprint of HarperCollins Publishers.
Cleveland, T. (2009). Database security in a cloud
computing environment’ IT World.Cloud Security Alliance (2010). Top threats
to cloud computing V1.0. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Cloud Security Alliance (2011). Security guidance for
critical areas of focus in cloud computing V3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
Fennelly, Lawrence J. (2004). Effective Physical Security. Butterworth-Heinemann.
Fern´andez,
A., Peralta, D., Herrera, F. & Ben´ıtez, J. M. (2012). “An Overview of E-Learning in
Cloud
Computing.” Workshop on LTEC 2012, AISC 173, pp.
35–46.
Ferrari, D.,
& Verma, D. C. (1989). A scheme for
real-time channel establishment in wide-area
networks.
International Computer Science Institute.
Ford, B. (2012)
“Icebergs in the clouds; the other risks of cloud computing.” Proc. 4th
Workshop
on
Hot Topics in Cloud Computing, arXiv:1203.1979v2,
2012.
Forman, G. (2003). An extensive empirical study of feature
selection metrics for text classification . J. Mach. Learn.
Forouzan,
B. A. & Fegan, S. C. (2003). Local
area networks. Boston: McGraw-Hill.
Fortier,
P. J. & Desrochers, G. R. (1990). Modeling
and analysis of local area networks. Boca
Raton: CRC Press.
Furht, B. & Escalante, A. (2011). Handbook of data intensive computing.
New York: Springer.
Galbreath, Nicholas & Galbreath, Nick. (2002). Cryptography for Internet and Database
Applications. Hoboken, New Jersey: John Wiley & Sons, Inc.
Gartner Group
(2008). “Gartner’s hype cycle report, 2008. Technical report.” Gartner Group.
Retrieved
on April 10 2013 from: http://www.gartner.com/.
Geelan, J.
(2008). Twenty one experts define cloud computing.” Virtualization. Retrieved on
April
10 2013 from:
http://virtualization.sys-con.com/node/612375.
Gentry,
C. (2009). “Fully homomorphic encryption using ideal lattices.” Symposium on the
Theory
of Computing (STOC), pp. 169-178.
Goldman,
J. E. & Rawles, P. T. (2000). Local
area networks: A business-oriented approach.
New York: Wiley.
Gillam, L. (2010). Cloud computing: Principles, systems
and applications. London: Springer-Verlag.
Groth,
D. & Skandler, T. (2009). Network and
Study Guide, Fourth Edition. New York: Sybex Inc
Howe, K. R. (1988). Against the Quantitative-Qualitative
Incompatibility Thesis or Dogmas Die Hard. Educational Researcher, 17(8),
10-16.
Hurwitz, J., Bloor, R., Kaufman, M.,
& Halper, F. (2010). Cloud Computing
for Dummies. Hoboken, New Jersey:
John Wiley & Sons, Inc.
Iachello, G. & Hong, J. (2007). End-user privacy in
human-computer interaction. Foundations and Trends in Human-Computer
Interactions, 1(1):1-137.
ITA. (1998). Implementation of technology: A developer’s
guide to assessment of progress. –. Retrieved from
https://www.howard.edu/.../Implementation%20of%20Technology--Assess%20Rubric.pdf
Jaeger, T., & Schiffman, J. (2010). Outlook: Cloudy with
a chance of security challenges and improvements. IEEE security &
privacy, 1(2), 77-80.
Jamil,
E. (n.d). “What really is SOA. A
comparison with Cloud Computing, Web 2.0, SaaS,
WOA, Web
Services, PaaS and others.” Soalib Incorporated. Retrieved on April 10 2013
from:
http://soalib.com/doc/whitepaper/SoalibWhitePaper_SOAJargon.pdf
Johnson, B. R., & Onwuegbuzie, A. J. (2004). Mixed
Methods Research: A Research Paradigm whose time has come. Educational
Researcher, 33(7), 14-26.
Kaeo, M. (2004). Designing network security.
Indianapolis, IN: Cisco Press.
Kaufman, L. M. (2009). Data security in the world of cloud
computing, security and privacy. J Inter. Security, 7(4), 56-62.
Khare, R. (2006). Network security and ethical hacking.
Beckington: Luniver Press.
King, R. (2008). Cloud computing: Small companies take
flight. Retrieved from http://www.businessweek.com/technology/content/aug2008/tc2008083_619516.htm
Kundra, V. (2012). Federal Cloud Computing Strategy. Federal
IT , 1-33.
Kyriazis, et. al. (2010). A real-time service oriented
infrastructure. International Conference on Real-Time and Embedded Systems .
Singapore.
Lim, H. C.,
Babu, S. & Chase, J. S. (2010). Automated
control for elastic storage. New York:
ACM
Press.
Lim, H. C.,
Babu, S., Chase, J. & Parekh, S. (2009).
Automated control in cloud computing:
challenges and opportunities. New
York: ACM Press.
Lorido-Botran,
T., Miguel-Alonso, J., & Lozano, J. (2012). “Auto-scaling Techniques for
Elastic
Applications
in Cloud Environments: Technical Report EHU-KAT-IK-09-12.” EHU.
Retrieved on April 10 2013 from:
http://www.sc.ehu.es/ccwbayes/isg/administrator/components/com_jresearch/files/publications/autoscaling.pdf
MacVittie, L.
(2009). “Load balancing is key to
successful cloud-based (dynamic)
architectures.” DevCentral Home.
Retrieved on April 14 2013 from:
http://devcentral.f5.com/weblogs/macvittie/archive/2009/01/23/loadbalancing-
is-key-to-successful-cloud-based-dynamic-architectures.aspx.
Accessed
on 3 March 2010.Marks, E. A., & Lozano, B.
(2009). Executive's guide to cloud computing. London: John Wiley and
Sons.
Marinescu, D.
(2012). “Cloud Computing: Theory and Practice.” University of Central Florida.
Retrieved
on April 10 2013 from: http://www.cs.ucf.edu/~dcm/LectureNotes.pdf
McCarthy, S. (2011). Proven Practices: A Proven IT Study. IDC
Government Insights.
Nair, M. S., Kevathy, R. & Tatavarti, R. (2008).
An improved decision-based algorithm for
impulse noise removal. Image and Signal Processing, 1, 426-431
McFedries, P.
(2008). “The cloud is the computer.” IEEE
Spectrum Online. Retrieved on April
10
2013 from: http://www.spectrum.ieee.org/aug08/6490.
Members of
EGEE-II (2008), An EGEE comparative study: Grids and clouds - evolution or
revolution.
Technical report. Enabling Grids for
E-science Project. Retrieved on April 10
2013 from: https://edms.cern.ch/document/925013/.
McNamara,
J. E. & Romkey, J. (1996). Local area
networks: An introduction to the technology.
Boston: Digital Press.
Milojicic, D.
(2008). Cloud computing: Interview with Russ Daniels and Franco Travostino.
IEEE
Internet Computing, 5, 7–9.
Nayak, S. & Yassir, A. (2012). Cloud Computing As an
Emerging Paradigm. International Journal of Computer
Science and Network Security, 12(1): 61-65
Nichols, R. K., & Lekkas, P. C. (2002). Wireless
security: Models, threats, and solutions . London: McGraw-Hill.
Pauly, M. (2013). “Cloud
Computing End-To-End. Why Preparation Is Everything.” T-Systems.
Retrieved on April 14
2013 from: http://www.t-systemsus.com/umn/uti/508254_2/blobBinary/Backgrouder_DS-ps.pdf
Rannenberg,
K., (2010). Security privacy - silver
linings in the cloud: Proceedings. Berlin:
Springer.
Reda, J. F., Reifler, S., & Thatcher, L. G. (2005). Compensation
committee handbook (2nd ed.). Hoboken, New Jersey: John Wiley & Sons, Inc.
Rhee, M. Y. (2003). Internet
Security. Hoboken, New Jersey: John Wiley & Sons, Inc.
Rittinghouse, J. W. & Ransome, J.
F. (2010). Cloud Computing
Implementation, Management, and Security. Taylor and Francis Group, LLC.
Rogers,
R. (2009). The end of the virtual:
Digital methods. Amsterdam: Vossiuspers UvA.
Salomon, David. (2003). Data
Privacy and Security. Springer.
Sannella, M. J. (1994). Constraint satisfaction and
debugging for interactive user interfaces. Doctoral Thesis. University of Washington.
Shroff, G. (2010). Enterprise cloud computing: Technology,
architecture, applications. Cambridge University Press.
Sosinsky, B. (2011). Cloud computing bible. John Wiley
and Sons.
Savage,
T. M., & Vogel, K. E. (2013). An
introduction to digital multimedia. Burlington, MA:
Jones & Bartlett Learning.
Stallings,
W. (2000). Local and metropolitan area
networks. Upper Saddle River, NJ: Prentice
Hall.
Stockinger, H.
(2007). Defining the grid: a snapshot on the current view. The Journal of
Supercomputing, 1, 3-17.
Tavel, P. (2007). Modeling and simulation design. AK
Peters Ltd.
UNESCO (2010). Cloud Computing In Education.” UNESCO Institute for Information
Technologies
in Education. Retrieved on April 10 2013 from:
http://iite.unesco.org/pics/publications/en/files/3214674.pdf
Urgaonkar, B.,
Shenoy, P., Chandra, A., Goyal, P. & Wood, T. (2008). Agile dynamic
provisioning of multi-tier Internet
applications. ACM Transactions on
Autonomous and Adaptive Systems, 3(1), 1-39.
Vaquero, L., Rodero-Merino, L., Caceres,
J. & Lindner, M. (2009). A Break in
the Clouds:
Towards a Cloud Definition
ACM. SIGCOMM Computer Communication
Review,39(1),
50-55.
Weiss, A.
(2007). Computing in the clouds. Networker,
4, 16-25.
Yao, A. C. (1986). “How to Generate and Exchange Secrets.” Proceedings of the 27 Annual IEEE Symposium
on Foundations of Computer Science, 1986, pp.162-167.
Dinkar, S., & Geetha, M. (2011). Moving to the Cloud:
Developing Apps in the New World of Cloud Computing. Elsevier.
Shakunthala, & Rangarajan. (2010). Emerging Trends in Computing
2010. Allied Publishers.
No comments:
Post a Comment