7
PhDProposal
Securityand Privacy in Cloud Computing
Abstract
Therecent advances in technology has seen the emergence and popularityof cloud computing. As a result, privacy and security issues has beena major concern especially when outsourcing business applications anddata from a third party. This study aims at investigating theintegration of big data and cloud security, as well as the securityconcerns related with its implementation. The researcher aims todetermine the feasibility of Apache Hadoop during the implementationof cloud security. This will be in-line with the objectives ofEdinburg Napier University and Cloud Security Alliance (CSA) ofproviding new techniques and methods to counteract issues of cloudsecurity.
Keywords:Certification, Cloud computing, Privacy, Security, Verification
Table of Contents
Abstract 2
Chapter 1 4
Introduction 4
Chapter 2 5
State of the Art 5
2.1. Security verification and certification of multi-layer cloud services and supply-chains. 5
2.2. Continuous and incremental verification of security properties of cloud systems 6
2.3. Dependency analysis for large-scale composed systems 7
2.4. Accountability and transparency in highly distributed systems 8
2.5. Cloud computing and big data: An ideal combination 9
Chapter 3 11
Research Objectives and Approach 11
3.1. Main objective 11
3.2. Specific objectives 11
3.3. Research Approach 11
3.3.1. Constructivism Epistemology 11
3.3.2. Phenomenology Methodology 12
Chapter 4 13
Work Plan and Implications 13
Chapter 5 15
Conclusions 15
Reference List 16
Chapter 1Introduction
Cloudcomputing refers to a model used in enhancing the accessibility ofon-demand and convenient networks to the shared pool of theconfigurable resources like applications, storage and servers amongstothers. The technology has the potential of reducing costssignificantly by optimizing and increasing the economic and operatingefficiencies. This has enabled the development of a global computingmodel through the internet infrastructure. Nevertheless, failure toadopt privacy and security solutions for clouds has the potential tobring down the revolution of computing paradigm(Pearson 2013, p. 56).Therefore, several surveys conducted on cloud computing show thatprivacy and security is a major concern.
Chapter 2State of the Art
Thetopic of the research is `Security and Privacy in Cloud Computing’.The below topics will be examined.
2.1. Security verification and certification of multi-layer cloudservices and supply-chains.
Thecloud computing carriers has been facing key issues within thecommercial environment. In order to enhance the service to thecustomers, there is great need to come up with strategies that willhelp in coordinating behaviour of members within the supply chan ofcloud computing environment. This will make the members within cloudcomputing environment realise the impact of their actions to theother members so that they can establish an optimal strategy withinthe entire supply chain system to share the risks. This will play amajor role in achieving a win-win engagement and improve thecompetitiveness of the entire supply chain in cloud computing. Thisis normally based on a multi-level recursive model (Zissis &Lekkas 2012, p. 583).
Conceptof securityverification and certification of multi-layer cloud services andsupply-chains involves robust mechanism for supporting compliance andassurance. Nevertheless, the process faces certain problems such as:
The certification process has been conventionally represented for human beings hence unable to support any automated processing such as verification, certification and selection based on certificate.
The certification is incapable of providing the dynamic proofs for the status of current system during runtime, a factor that is very crucial in heterogeneous, unpredictable and dynamic scenarios such as cloud computing.
The applications available are not configured to handle the machine-oriented certificates.
Therefore,there is great need to develop a framework that solves the aboveproblems as well as provide:
Assurance certificates that are in machine-understandable format
Mechanisms that allows both dynamic and static proofs for system status based on monitoring, testing, trusted computing and other formal proofs.
A process that is supported by the tools and which helps developers create applications that can be easily verified and certified.
2.2. Continuous and incremental verification of security propertiesof cloud systems
Thereare few technologies that have adopted cloud computing. Policymakers, users and providers have one main goal of exploiting thebenefits of cloud computing and encourage its adoption. The successin adoption will ensure they gain access to range of servicesprovided by cloud computing that is growing at a very fast pace. Thisis mainly contributed by the ability of the cloud to scale theresource allocations in a dynamic way in accordance to changingworkloads. The reliance on third party networking, software andhardware may lead to violations on non-functioning requirements(NFRs) that are associated with the critical services. The NFRverification approaches like quality assurance, design by contractand model checking are specifically applicable for offline use duringthe validation and verification stages of the system development(Kshetri 2013, p. 372).
Themain aim of this topic is to investigate and propose formal techniquethat helps in verifying NFRs of the evolving cloud-based systems oncontinuous basis, as well as offer guidance on evolution ofconfigurations guaranteed to satisfy the NFRs for the system. The twosections to be highlighted are:
Continuous verification of cloud based systems
The recommendations to address such challenges
Theadvancement in cloud computing has changed the delivery and adoptionof ICT services. Some of the features that enhance the deployment ofdemanding and complex systems include fast provisioning, highscalability and on-demand availability of resources. Also, clouds canbe used in applying systems that have unpredictable load patternsthough there is problems of assurance. The flexibility andtransparency provided by the cloud complicates the method of assuringsecurity properties. This creates the need to investigate theassurance approaches and their suitability for the cloud services.This creates the following research questions.
How can the overall assurance of cloud service be derived when the individual assurance levels get aggregated?
How can the continuous assurance of the system be provided?
How can assurance evaluation be conducted in an automated manner?
2.3. Dependency analysis for large-scale composed systems
Theinternet technologies have played a major role in transforming theculture and industries in the world of today with any signs ofslowing down. The today’s internet services comprise of complexsoftware systems with large number of individual applications thatare well integrated in order to allow complex end-user services likee-commerce, web-based emails, social networks and searches amongstothers. Such services require huge storage power and enormouscomputing that will fit naturally to the massive computinginfrastructures. Emergence of such large scale services has encouragethe trends towards cloud computing. The requirement of cloudcomputing platform for large scale services is made up of differentcommodity machines. The number of machines is projected to grow inforeseeable future due to the increased demand for services andresources involved (Pearson & Yee 2012, p. 102).
Suchresources within the large-scale systems comprise of clusters thatare dispersed geographically around the globe. Each cluster can bemade of several nodes. The analysis and management of infrastructureto ensure efficient provision of resources is quite challenging. Atsuch a scale, there are considerable number of network and servercomponents that fail at any one time. Besides, the integration ofvarious heterogeneous environment may further pose new complexities.Ideally, the services are supposed to be self-managing andself-configuring to correspond with the growth in the range ofpermissible configurations (Pearson & Yee 2012, p. 103).Therefore, in view of this, the researcher will attempt to addressthe challenges encountered in large scale composed systems, that canhappen in either where few compositions are used with applied formany services, or for large number of compositions with manyservices.
2.4. Accountability and transparency in highly distributed systems
Issuesof accountability and transparency normally arise whenever the datais moved from local storage to remote storage on the cloud.Therefore, it is therefore imperative to give provision evidence whenhandling confidential data within the cloud. Nevertheless, in mostcases, the evidence is not provided, hence, missing verifiability andtransparency in cloud context(Xiao& Xiao 2013, p. 843).
Thereare several factors that relates to globalization and cloud computingsuch as light-touch self-regulation potential through back door,foreign government surveillance, weak data protection links andcertification for accountability. Currently, the transparency andaccountability on the part of provider is lacking, especially inservice de-provision/provision, privacy protection, data processingand tenant isolation amongst other aspects that are critical tocontrol and monitor the client. Even when the key terms are addedinto service level agreement, the techniques and processes must bedeveloped in a way that will automatically and continuously audit andmonitor the existing terms to ensure that the transparency isadequate. Also, the cloud providers should be prepared to give enoughevidence an privacy and security provision(Xiao& Xiao 2013, p. 844).
Inview of this, the researcher aims at defining how evidence isrequired and recommend different concepts of accountability andtransparency. This will attempt to show the importance of assurance,verification, auditing and monitoring, as well as the challenges ofevidence within the cloud computing environment.
2.5. Cloud computing and big data: An ideal combination 
Cloudcomputing and big data are currently amongst the topmost priority formany organization across the globe. The big data analytics providesvaluable insights for creating a competitive advantage, increasingrevenue and sparking new innovations. The cloud computing is capableof improving the productivity and agility of business throughimproved efficiencies and reduced costs (Younis & Kifayat 2013,p. 90).
Thetwo technologies cloud computing and big data, have continued toevolve. Many organizations are changing their language from how andwhat to store their big data to how they can derive analytics thatare meaningful and which can handle their business needs. With theincreased maturity of cloud computing, the providers are continuingto expand their service offerings. It therefore makes sense thatinformation technology organizations should adopt cloud computing asthe main platform for their big data projects. The environments forbig data require various clusters of servers so as to support thehigh velocity, large volumes and varied formats of data (Younis &Kifayat 2013, p. 91). On the other hand, the cloud environments offera cost-effective means through which big data is supported as well asprovides advanced analytics applications to drive the businesstowards achieving its value.
Theresearcher will attempt to describe:
Analytics-as-a-service models for the bid data analytics that are cloud-based
How cloud computing enables advanced analytics for big data
How information technology can assume the leadership for big data that is cloud based within an enterprise.
Chapter 3Research Objectives and Approach3.1. Main objective
Themain objective of this the research is security and privacy in cloudcomputing
3.2. Specific objectives
Thefollowing are specific objectives of the research
To determine the security verification and certification of multi-layer cloud services and supply-chains
To explore the continuous and incremental verification of security properties of cloud systems
To evaluate the dependency analysis for large-scale composed systems
To assess the accountability and transparency in highly distributed systems
To describe the combination of cloud computing and big data analytics
3.3. Research Approach
Theabove objectives presents the five main topics that the researcherintends to carry out during in three year period. Therefore, theresearcher will use constructivism epistemology and phenomenologymethodology.
3.3.1. Constructivism Epistemology
Thisis a research approach that aims at examining theory of existingknowledge and focusses how to build more knowledge throughexperiences rather than discovery. The approach is a departure fromthe conventional research methods. It proposes new ways of handling aproblem, hypotheses or issues, and researcher becomes a passiveobserver but an active participant (Creswell 2012, p. 20). Thisapproach will be ideal due to its ability to enable the researcherconstruct a body of knowledge of cloud computing security and privacybased on the knowledge that is already known.
3.3.2. Phenomenology Methodology
Phenomenologicalmethodology in research is an approach that helps identify aphenomena based on how it is perceived by actors. It entailsgathering deep perceptions and information through qualitative andinductive methods like interviews, participant observations anddiscussions. Phenomenology is mainly concerned with studying theexperience from individual perspective. Phenomenological researchseeks to describe instead of explaining. This approach will be idealfor the current research because it enhances better understanding ofmeanings that are attached to people and helps in development of newtheories(Tuohy & Cooney 2013, p. 17).
Chapter 4Work Plan and Implications
Thetable below shows the timelines for the execution of the research.
2016 | 2017 | 2018 | 2019 | 2020 | 2021 | ||||||||||||||||||||||||||||||||||||||||||||
TASK | Duration | Q3 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | ||||||||||||||||||||||||||||
PROPOSAL WRITING AND APPROVAL | 1 Quarter | ||||||||||||||||||||||||||||||||||||||||||||||||
Presentation of the Proposal | |||||||||||||||||||||||||||||||||||||||||||||||||
Discussion and correction | |||||||||||||||||||||||||||||||||||||||||||||||||
Approval of proposal | |||||||||||||||||||||||||||||||||||||||||||||||||
RESEARCH FOR THE 1ST TOPIC | 4 Quarters | ||||||||||||||||||||||||||||||||||||||||||||||||
Discuss with the advisor | |||||||||||||||||||||||||||||||||||||||||||||||||
Approval for the minor paper research topic | |||||||||||||||||||||||||||||||||||||||||||||||||
Submit the draft to minor area paper committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Finalize dissertation advisory committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Prepare submission to SPSP | |||||||||||||||||||||||||||||||||||||||||||||||||
RESEARCH FOR THE 2ND TOPIC | 4 Quarters | ||||||||||||||||||||||||||||||||||||||||||||||||
Discuss with the advisor | |||||||||||||||||||||||||||||||||||||||||||||||||
Approval for the minor paper research topic | |||||||||||||||||||||||||||||||||||||||||||||||||
Submit the draft to minor area paper committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Finalize dissertation advisory committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Prepare submission to SPSP | |||||||||||||||||||||||||||||||||||||||||||||||||
RESEARCH FOR THE 3RD TOPIC | 4 Quarters | ||||||||||||||||||||||||||||||||||||||||||||||||
Discuss with the advisor | |||||||||||||||||||||||||||||||||||||||||||||||||
Approval for the minor paper research topic | |||||||||||||||||||||||||||||||||||||||||||||||||
Submit the draft to minor area paper committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Finalize dissertation advisory committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Prepare submission to SPSP | |||||||||||||||||||||||||||||||||||||||||||||||||
RESEARCH FOR THE 4TH TOPIC | 2 Quarters | ||||||||||||||||||||||||||||||||||||||||||||||||
Discuss with the advisor | |||||||||||||||||||||||||||||||||||||||||||||||||
Approval for the minor paper research topic | |||||||||||||||||||||||||||||||||||||||||||||||||
Submit the draft to minor area paper committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Finalize dissertation advisory committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Prepare submission to SPSP | |||||||||||||||||||||||||||||||||||||||||||||||||
RESEARCH FOR THE 5TH TOPIC | 3 Quarters | ||||||||||||||||||||||||||||||||||||||||||||||||
Discuss with the advisor | |||||||||||||||||||||||||||||||||||||||||||||||||
Approval for the minor paper research topic | |||||||||||||||||||||||||||||||||||||||||||||||||
Submit the draft to minor area paper committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Finalize dissertation advisory committee | |||||||||||||||||||||||||||||||||||||||||||||||||
Prepare submission to SPSP | |||||||||||||||||||||||||||||||||||||||||||||||||
CRITICAL PATH | 20Quarters | ||||||||||||||||||||||||||||||||||||||||||||||||
Chapter 5
Conclusions
Thisresearch is about the security and privacy in cloud computing. Inview of this, five main topics will be reviewed. First, theresearcher will determine the securityverification and certification of multi-layer cloud services andsupply-chains. Second, the continuous and incremental verification ofsecurity properties of cloud systems will be explored. Third, thedependency analysis for large-scale composed systems will beevaluated. Fourth, the accountability and transparency in highlydistributed systems will be examined, and finally, the combination ofcloud computing and big data analytics will be described. Themain research approaches that will be adopted for this research areconstructivism epistemology and phenomenology methodology. Theresearch will take a period of three years, starting September 2016and ending August 2019.
Reference List
Creswell, J. (2012). Qualitative inquiry and research design: Choosing among five approaches. Thousand Oaks, California: Sage.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4), pp. 372-386.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing. London: Springer.
Pearson, S., & Yee, G. (2012). Privacy and security for cloud computing. London: Springer Science & Business Media.
Tuohy, D., & Cooney, A. (2013). An overview of interpretive phenomenology as a research methodology. Qualitative Researcher, 20(6), pp. 17-20.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. Communications Surveys & Tutorials, IEEE, 15(2), pp. 843-859.
Younis, M. Y., & Kifayat, K. (2013). Secure cloud computing for critical infrastructure: A survey. Liverpool John Moores University, United Kingdom: Tech. Rep.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), pp. 583-592.