Most recent issue published online for the International Journal of Cloud Computing.

Editorial

Surya Nepal; Mukaddim Pathan — 2012-05-03T23:20:50-05:00

Editorial
Surya Nepal; Mukaddim Pathan
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 101 - 118
Cloud computing has emerged as a new paradigm for the on-demand delivery of computing services to consumers as utilities. Given its innovative nature compared to the standard model of service provisioning, cloud computing raises new questions in terms of security, privacy and trust. Therefore, our focus in this special issue is to analyse the security, privacy and trust aspects of cloud with the aim of providing trusted cloud systems. In this editorial, we first provide a brief overview on various aspects of security, privacy and trust in cloud systems and discuss related recent research and development activities. We then present a brief summary of each of the papers included in this special issue.

Semantic-based policy management for cloud computing environments

Hassan Takabi; James B.D. Joshi — 2012-05-03T23:20:50-05:00

Semantic-based policy management for cloud computing environments
Hassan Takabi; James B.D. Joshi
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 119 - 144
Cloud computing environments do not allow use of a single access control mechanism, single policy language or single policy management tool for various cloud services. Currently, users must use diverse access control solutions available for each cloud service provider to secure their data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud service provider. Heterogeneity and distribution of these policies pose problems in their administration. The semantic web technologies can provide the solution to interoperability of heterogeneous cloud service providers. In this paper, we introduce a semantic-based policy management framework that is designed to give users a unified control point for managing policies that control access to their data no matter where the data is stored. We present the framework and describe its components. Furthermore, we present a proof of concept implementation and results of performance evaluation.

A novel methodology for secured c-governance using Hadamard coding

K. Mukherjee; G. Sahoo — 2012-05-03T23:20:50-05:00

A novel methodology for secured c-governance using Hadamard coding
K. Mukherjee; G. Sahoo
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 145 - 166
Cloud computing has opened a viable business option for corporations, industry and government organisations. This new paradigm is capable to trim down cost, can endow organisations with usage-based pricing, enhance functionality, improved collaboration, communication, omnipresent of application and data. Keeping this in view, this new technology is a natural choice for government sectors as e-governance to hike the recital of government machinery. So, we propose here a cloud computing-based e-governance, i.e., c-governance. But this cutting age of technology is still in its infant stage. So cloud computing and c-governance has to address lot of key issues like – security, performance, availability, scalable software architecture, etc. On this context, this manuscript has focused on a new security framework, security algorithms for c-governance based on Hadamard matrix. The results of the implementations are presented in order to lay bare the effectiveness of the proposed framework and algorithms.

RSA-based dynamic public audit service for integrity verification of data storage in cloud computing using Sobol sequence

P. Syam Kumar; R. Subramanian — 2012-05-03T23:20:50-05:00

RSA-based dynamic public audit service for integrity verification of data storage in cloud computing using Sobol sequence
P. Syam Kumar; R. Subramanian
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 167 - 200
Cloud storage has become a trend and more practical in recent years. This unique feature of the cloud poses many security challenging design issues. One of the most important security aspects that need to be addressed is that to assure the integrity of clients data stored in the cloud. In this paper, we propose a RSA-based dynamic public audit service for the integrity verification of data using Sobol sequence. Our scheme allows a third party auditor (TPA) on behalf of the clients to verify the integrity of data stored in the cloud and also supports data dynamics at block level while maintaining the same integrity assurance. Our model allows probabilistic proofs of integrity by challenging random blocks from the server which drastically reduces the computation and communication overhead. The security, performance analysis and experimental results show that our scheme is more secure and efficient than existed probability verification schemes.

A flexible cryptographic approach for secure data storage in the cloud using role-based access control

Lan Zhou; Vijay Varadharajan; Michael Hitchens — 2012-05-03T23:20:50-05:00

A flexible cryptographic approach for secure data storage in the cloud using role-based access control
Lan Zhou; Vijay Varadharajan; Michael Hitchens
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 201 - 220
There has been a recent trend in storing data in the cloud because of the significant benefits, such as on demand resources and low maintenance costs. However due to the distributed nature of the cloud, access control mechanisms need to be employed to protected the privacy of data stored in cloud. Role-based access control (RBAC) provides a flexible way for users to manage and share their data in the cloud. In this paper, we propose a role-based encryption (RBE) scheme which enforces RBAC policies using cryptographic techniques. In our scheme, an owner of data can encrypt the data to a role in a RBAC system, and only the users who have the permissions of the role in the RBAC system can decrypt the data. Our scheme achieves efficient user management where the manager of a role can easily grant/revoke the membership of the role to/from a user without the needs of other parties' participants. We compare our scheme with other previously published schemes and show that our scheme has better performance in both computation and management.

Trust modelling and analysis in peer-to-peer clouds

Ioan Petri; Omer F. Rana; Yacine Rezgui; Gheorghe Cosmin Silaghi — 2012-05-03T23:20:50-05:00

Trust modelling and analysis in peer-to-peer clouds
Ioan Petri; Omer F. Rana; Yacine Rezgui; Gheorghe Cosmin Silaghi
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 221 - 239
In the context of an increasing demand for data and computational services, the benefits of cloud computing are substantial. However, cloud computing capabilities (as currently provisioned) can prove limited when accessed through a single provider. Extending capabilities of clouds by using user owned and provisioned devices can address a number of challenges arising in the context of current cloud deployments – such as data centre power efficiency, availability and outage management and secure access. We present a mechanism of forming trustworthy P2P clouds where various end-users can join and exchange resources. We propose a trust model for managing the formation and use of such clouds where feedback aggregation is used for identifying the trust distribution. Using various experimental setups we evaluate the status of the cloud in the context of different malicious end-users.

Accountability services for verifying compliance in the cloud

Jinhui Yao; Shiping Chen; Chen Wang; David Levy; John Zic — 2012-05-03T23:20:50-05:00

Accountability services for verifying compliance in the cloud
Jinhui Yao; Shiping Chen; Chen Wang; David Levy; John Zic
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 240 - 260
The emergence of the cloud has revolutionised the modern day computing. It has provided a cheap and yet reliable outsourcing model for whomever with huge needs for computing resources. And by leveraging service oriented architecture, organisations and companies can wrap their business products as services, to collaborate with others to form business processes. This reinforces the impact of the cloud for that, its enormous computing capacity and network bandwidth make it an ideal platform for collaborative business processes. Within those business processes, each participant is usually an independent entity which may violate the predefined compliance requirements and attempt to avoid the stiff penalty using deceits. Therefore, the mechanism to unarguably verify one's compliance in collaboration is highly critical – the lack of which, will result a chaotic situation where participating entities can act willy-nilly and deny their faults. This paper outlines our approach to enforce strong accountability to address this issue. With accountability, the actions are always linked to the actors with undeniable evidence. We in detail analyse the evidence required to verify different types of compliance and to what extent they can be verified in a provable way. Then we deploy our system with experiment business processes to evaluate its effectiveness.

Intrusion detection system in cloud computing environment

Sudhir N. Dhage; B.B. Meshram — 2012-05-03T23:20:50-05:00

Intrusion detection system in cloud computing environment
Sudhir N. Dhage; B.B. Meshram
International Journal of Cloud Computing, Vol. 1, No. 2/3 (2012) pp. 261 - 282
In recent years, with the growing popularity of cloud computing, security in cloud has become an important issue. As 'prevention is better than cure', detecting and blocking an attack is better than responding to an attack after a system has been compromised. This paper proposes architecture capable of detecting intrusions, in a distributed cloud computing environment, and safeguarding it from possible security breaches. It deploys a separate instance of IDS for each user and uses a separate controller to manage the instances. IDS in this architecture can be signature-based as well as learning-based method.