A secure smart-work service model based OpenStack for Cloud computing

Kim, Jin-Mook; Jeong, Hwa-Young; Cho, IlKwon; Kang, Sun Kil; Park, Jong Hyuk

doi:10.1007/s10586-013-0251-1

Cited by 12 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Roman et al [] conduct a comparative security analysis of several cloud systems, including OpenStack; the focus of this study is only on storage systems, such as Amazon's S3 service, rather than on the more general case of combined processing and storage services. Kim et al [] discuss some OpenStack security issues; their focus is mostly on denial of service attacks, rather than on attacks on confidentiality or integrity, but they do provide some insight into a SQL injection attack.…”

Section: Introductionmentioning

confidence: 99%

Assessing Systemic Risk to Cloud‐Computing Technology as Complex Interconnected Systems of Systems

Haimes

Horowitz

Guo

et al. 2015

Systems Engineering

View full text Add to dashboard Cite

This paper presents a methodology for modeling cloud-computing technology (CCT), its users, and, most important, would-be malicious intruders as complex interdependent and interconnected systems of systems (S-o-S). The paper posits and demonstrates that due to the inherent structure of CCT as S-o-S, users of public CCT are at a higher risk of unlawful intrusion than users of non-CCT systems. At the same time, the flexibility and the agility of CCT S-o-S provide advantages relative to most non-CCT S-o-S. The need is for the CCT community to employ these advantages as an integral part of its cyber security strategy. Our analysis builds on the following theory and methodology: we consider CCT and its users as complex interconnected hardware and software subsystems that interact as S-o-S through shared states, resources, and subsystems, which are connected in series (rather than in parallel, as is the case for most non-CCT systems); exploiting the serial connectivity of CCT S-o-S, we use fault-tree analysis to demonstrate the resulting unreliability of CCT S-o-S; building on the published literature, we incorporate Pareto-optimal frontiers to compare the risks faced by security-conscious users of CCT (e.g., large corporations) versus those faced by cost-conscious users (e.g., small or startup companies); and we show that users of CCT as S-o-S are at a higher risk than users of non-CCT systems for certain assumptions and types of cyber attacks. The paper is structured as follows: Part A outlines the characteristics of CCT S-o-S, addresses the inherent vulnerability of CCT S-o-S to cyber intrusion and attack, and provides a brief literature review; Part B offers a rationale for modeling CCT as interconnected and interdependent S-o-S; Part C demonstrates, through the use of fault-tree analysis, the higher risk faced by CCT and its users as complex S-o-S; Part D presents an economic analysis of the security of CCT as S-o-S; and Part E offers conclusions and lessons learned. C⃝ 2015 Wiley Periodicals, Inc. Syst Eng 18: 284-299, 2015

show abstract

Section: Introductionmentioning

confidence: 99%

Assessing Systemic Risk to Cloud‐Computing Technology as Complex Interconnected Systems of Systems

Haimes

Horowitz

Guo

et al. 2015

Systems Engineering

View full text Add to dashboard Cite

show abstract

“…The cloud computing term it might be new to the public, but it is slowly gaining attractiveness and acceptance gradually, it shapes to the Internet-based growth and use of technology where the cloud simplifies or signify the Internet [4]. It encompasses considerable technical infrastructure that users do not need to know or understand in any level of detail, they just connect to it and access the resources [5]. In principle, the cloud enables computer software and hardware resources to gain access to over the internet without the essential for any comprehensive, precise knowledge of the infrastructure used to supply the resources, like a utility model.…”

Section: Literature Reviewsmentioning

confidence: 99%

Untitled

2023

IJCCSA

View full text Add to dashboard Cite

This study was initiated as a result of the researcher's concerns regarding computing infrastructure at the Department of statistic South Africa (Stats-SA). The concerns arise from issues observed on the physical infrastructure platform currently deployed within the organi sation. It is therefore proposed to investigate the attitude and perceptions of users working in Stats-SA on cloud computing and their willingness to migrate from physical infrastructure to cloud. The issue of user behavior during the transition from traditional IT services to cloud services has been addressed in a lot of studies, but the perceptions of employees at Stats-SA have never been investigated. The study expounds on the technology acceptance model by incorporating factors such as availability, accessibility, security and reliability by investigating the perception of end-users. The investigation took the mixed research approach. A questionnaire was developed using three technology acceptance instruments: perceived ease of use, usefulness and attitude to measure the end-user's intention to move to the cloud.

show abstract

“…However, other concerns related to other components of OpenStack are not considered. Moreover, as has been identified in the security issues of this OSS-based solution, two main security areas are investigated and solved: The identity and access management and the access control and data protection (Baset et al, 2013;Khan et al, 2011;Kim et al, 2013). Further, in order to narrow the scope of literatures concerning the security of the object storage components of OpenStack, only those literatures targeting the areas of identity and access management, access control and privacy and data protection are selected (Chou, 2013).…”

Section: Introductionmentioning

confidence: 99%

A Proposed Framework for Outsourcing and Secure Encrypted Data on OpenStack Object Storage (Swift)

Albaroodi¹,

Manickam²,

Anbar³

2015

Journal of Computer Science

View full text Add to dashboard Cite

Despite the numerous potential benefits of Open Source Cloud Computing (OSCC) in several industrial and academic-oriented environments, OSCC could be also associated with some risks. However, which a proper awareness to the cloud consumers or organisations, these risks can be clearly identify and avoided. OpenStack Swift security can provide a greater understanding of how OpenStack Swift functions and what types of security issues arise therein. In this study, a lightweight and robust cloud-based security model for OpenStack object storage within a cloud computing environment is proposed. Swift is a multiuser based model in which every owner encrypts her/his files; each owner uses different levels of cryptographic security. A reduction in the key distribution complexity in this diverse model with a variety of security based settings is critical. Note that proposed model incorporates cryptographic algorithms at the first level (authentication/authorisation) and a hash function to introduce a more secure access method for authentication and authorisation.

show abstract

A secure smart-work service model based OpenStack for Cloud computing

Cited by 12 publications

References 6 publications

Assessing Systemic Risk to Cloud‐Computing Technology as Complex Interconnected Systems of Systems

Assessing Systemic Risk to Cloud‐Computing Technology as Complex Interconnected Systems of Systems

Untitled

A Proposed Framework for Outsourcing and Secure Encrypted Data on OpenStack Object Storage (Swift)

Contact Info

Product

Resources

About