Table 1 - uploaded by Raid Hussein
Content may be subject to copyright.
Cloud security experts' attributes used to validate the framework

Cloud security experts' attributes used to validate the framework

Source publication
Article
Full-text available
The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction...

Context in source publication

Context 1
... interviews were recorded using the Apple voice memory application. Details of the experts used in this study are presented in Table 1. ...

Similar publications

Article
Full-text available
Cloud computing" is a term, which involves virtualization, distributed computing, networking, software and Web services. Our Objective is to develop an effective load balancing algorithm using Divisible Load Scheduling Theorem to maximize or minimize different performance parameters (throughput, latency for example) for the clouds of different size...
Article
Full-text available
The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction...
Article
Full-text available
The fundamental concern of building a distributed Cloud manufacturing (CM) platform is how wide variety of manufacturing services (SaaS, PaaS, HaaS, IaaS) can be integrated under a common cloud platform? More technically, this concern is related to the classical data integration problem, i.e. how to universally map information from heterogeneous da...
Article
Full-text available
With the development ofWeb technologies and the increasing use of the Internet, more and more web services are being deployed. This gave birth to what called cloud services, which are widely used for building distributed cloud applications. With cloud-based service delivery, it seems hard for users to find the right service for their needs. However...
Chapter
Full-text available
Cloud computing is gaining popularity day by day due to its various qualities. It offers web services and computing resources on demand basis at a very low cost. Demand for cloud services is increasing everyday which brings a lot of load traffic with it, which need to be tackled carefully to maintain the performance of the cloud. To avoid overloade...

Citations

... Some researchers have come up with solutions to these security threats, for example, based on trusted computing, Yu et al. [27] combined trusted computing and cloud security by establishing TPM (short for Trusted Platform Module). Implementing a complete set of trusted systems for detecting and verifying VM identity information, Hussein et al. [28] proposed a framework to review and monitor the hard disk, CPU, and user data in the virtual machine image and protect the security of the virtual machine image in the cloud environment through an expert review method. Kansal et al. [29] proposed an early detection and isolation method called EDIP to mitigate insider attack behaviors. ...
... In this subsection, we compare VNGuarder with the existing related work [27][28][29][30], including the internal threat points of cloud system that different solutions focus on, whether they can monitor single node or multiple nodes of cloud platform, and whether they support behavior association tracking. e Functional Comparison shown in Table 4. ...
Article
Full-text available
Edge-assisted Internet of things applications often need to use cloud virtual network services to transmit data. However, the internal threats such as illegal management and configuration to cloud platform intentionally or unintentionally will lead to virtual network security problems such as malicious changes of user network and hijacked data flow. It will eventually affect edge-assisted Internet of things applications. We propose a virtual network internal threat detection method called VNGuarder in a cloud computing environment, which can effectively monitor whether the virtual network configuration of legitimate users under the IaaS cloud platform has been maliciously changed or destroyed by insiders. First, based on the life cycle of cloud virtual network services, we summarized two types of internal attacks involving illegal use of virtualization management tools and illegal invocation of virtual network-related processes. Second, based on normal behavior of tenants, a hierarchical trusted call correlation scheme is proposed to provide a basis for discovering that insiders illegally call virtualized management tools and virtual network-related processes on the controller node of the cloud platform or the network node and compute node. Third, a trace-enable mechanism combining real-time monitoring and log analysis is introduced. By collecting and recording the complete call process of virtual network management and configuration in the cloud platform, and comparing it with the result of the hierarchical trusted call correlation, abnormal operations can be reported to the tenants in time. Comprehensive simulation experiments on the Openstack platform show that VNGuarder can effectively detect illegal management and configuration of virtual networks by insiders without significantly affecting the creation time of tenant networks and the utilization of CPU and memory.
... 3DES uses a 64-bits block size and a 56-bits key size just like the DES, but it performs the same DES algorithm 3 times to every block of the data. The 3DES is definetely more secure than the DES, but it is vulnerable to brute force attack [19]. ...
Article
The widespread presence of Corona virus (COVID-19) is causing organizations and individuals major economics downsizing. For this reason, This worldwide uncontrolled Epidemic has gained great attention on cryptocurrency applications. In such contexts, we foresee the future in terms of recognition and transactions based on contact less and touch less systems. We assume that BlockChain can help by avoiding physical contact from manually handling paperwork during this pandemic and after. This paper presents a brief review of the effects of COVID-19 on world finances. Then, we exhibit a comparative study of the asymmetric cryptography algorithms, while introducing BlockChain and its main application ’the Bitcoin’, and the influence of the corona on the expansion of these applications.
... 3DES uses a 64-bits block size and a 56-bits key size just like the DES, but it performs the same DES algorithm 3 times to every block of the data. The 3DES is definetely more secure than the DES, but it is vulnerable to brute force attack [19]. ...
... IaaS provides and maintain a catalog that list the available virtual machines images (VMI). The VMI may include operating system like windows, Linux or Fedora and might contains other resources like applications that are created by organization such as database management system or application server [1]. There are some security issues associated with VMI in cloud computing that has harmful impact on the security of the cloud and might affect confidentiality, integrity or availability [2]. ...
... Validating the proposed risk estimation approach is essential to ensure its accuracy and acceptance. One of the most popular ways to validate a proposed technique is an expert review [40] . The use of the expert interviews allows collecting valid and reliable data that is related to the research to refine it in the light of opinions of well-qualified experts. ...
Article
The need to increase information sharing in the Internet of Things (IoT) applications made the risk-based access control model to be the best candidate for both academic and com- mercial organizations. Risk-based access control model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dy- namically. Unlike current static access control approaches that are based on predefined policies and give the same result in different situations, this model provides the required flexibility to access system resources and works well in unexpected conditions and situa- tions of the IoT system. One of the main issues to implement this model is to determine the appropriate risk estimation technique that is able to generate accurate and realistic risk values for each access request to determine the access decision. Therefore, this paper pro- poses a risk estimation technique which integrates the fuzzy inference system with expert judgment to assess security risks of access control operations in the IoT system. Twenty IoT security experts from inside and outside the UK were interviewed to validate the proposed risk estimation technique and build the fuzzy inference rules accurately. The proposed risk estimation approach was implemented and simulated using access control scenarios of the network router. In comparison with the existing fuzzy techniques, the proposed technique has demonstrated it produces precise and realistic values in evaluating security risks of access control operations in the IoT context.
... The safety in the IoT system should be considered since a device may work safely in normal use, but if the device is hacked, the attacker will try to manipulate the functionality of the device causing harm to objects controlled by the device or compromise people approaching into contact with it [47]. ...
Chapter
Full-text available
The Internet of Things (IoT) represents a revolution of the Internet which can connect nearly all environment devices over the Internet to share their data to create novel services and applications for improving our quality of life. Using cheap sensors, the IoT enables various devices and objects around us to be ad-dressable, recognizable and locatable. Although the IoT brought infinite benefits, it creates several challenges, especially in security and privacy. Handling these is-sues and ensuring security and privacy for IoT products and services must be a fundamental priority. Users need to trust IoT devices and related services are se-cure. Moreover, the IoT safety must be considered to prevent the IoT system and its components from causing an unacceptable risk of injury or a physical damage and at the same time considering social behaviour and ethical use of IoT technol-ogies to enable effective security and safety. This chapter provides a discussion of IoT security, privacy, safety and ethics. It starts by providing an overview of the IoT system, its architecture and essential characteristics. This is followed by dis-cussing IoT security challenges, requirements and best practices to protect IoT devices. The IoT privacy is also discussed by highlighting various IoT privacy threats and solutions to preserve privacy of IoT devices. The IoT safety, ethics, the need for the ethical design and challenges encountered are also discussed. In the end, smart cities are introduced as a case study to investigate various security threats and suggested solutions to maintain a good security level in a smart city.
... Validating the proposed AdRBAC model is essential to ensure any implementation will be appropriate. One of the most popular ways to validate a model is through an expert review, which is a qualitative approach [43]. The use of the expert interviews permits the collection of valid and reliable data that are relevant to the research to refine it in the light of the opinions of well-qualified experts. ...
Article
Full-text available
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
Article
Nowadays, machine learning and deep learning algorithms are used in recent studies as active security techniques instead of traditional ones to secure the cloud environment based on pre-trained data. In this paper, a literature review on machine and deep learning based defences against attacks and security issues in cloud computing is provided. A taxonomy of all different types of attacks and threats as per cloud security alliance (CSA) layers; and the general defences against cloud attacks is shown in this review as well as the reasons hich let the traditional security techniques fail to satisfy the desired security level are discussed. Forty-two case studies are selected based on seven quality assessment standards and then, analyzed to answer seven research questions which help to protect cloud environments from various attacks, issues, and challenges. The analysis of case studies shows a description of the most common security issues in cloud; machine learning and deep learning models that are applied, datasets models, performance metrics, machine learning and deep learning based countermeasures and defences that are developed to prevent security issues. Finally, the future scope and open challenges in cloud computing security based on machine and deep learning are discussed as well.
Chapter
Blockchain technology is getting a growing attention from various organizations and researchers as it provides magical solutions to the problems associated with the classical centralized architecture. Blockchain, whether public or private, is a distributed ledger with the capability of maintaining the integrity of transactions by decentralizing the ledger among participating users. On the other hand, the Internet of Things (IoT) represents a revolution of the Internet which can connect nearly all environment devices over the Internet to share their data to create novel services and applications for improving our quality of life. Although the centralized IoT system provides countless benefits, it raises several challenges. Resolving these challenges can be done by integrating IoT with blockchain technology. To be prepared for the integration process, this chapter provides an overview of technical aspects of the blockchain and IoT. It started by reviewing blockchain technology and its main structure. Applications and challenges of the blockchain are also presented. This is followed by reviewing the IoT system by highlighting common architecture and essential characteristics. Various applications and challenges of the IoT system are also discussed.