investigative analysis of security issues and challenges in cloud computing and their counter...

7
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 57 INVESTIGATIVE ANALYSIS OF SECURITY ISSUES AND CHALLENGES IN CLOUD COMPUTING AND THEIR COUNTER MEASURES 1 Sajay K R, 2 Dr. Suvanam Sasidhar Babu, 3 Y. Vijayalakshmi 1 Research Scholar, Bharathiar University (Associate Professor, Department of Computer Applications,Vidya Academy of Science & Technology, &Technology, Thalakottukara, Thrissur, Kerala, India 2 Professor, Department of Computer Science & Engineering, Sreenarayana Gurukulam College of Engineering, Kadayiruppu, Ernakulam, Kerala, India 3 PhD Research Scholar, Karpagam University, Coimbatore, India ABSTRACT Cloud Computing is a recent technology paradigm that enables organizations or individuals to share various services in a seamless, flexible and cost-effective manner. In the modern era of business operation, the technical adoption of cloud services are high on rise by the large scale to small scale business establishment on various products and services. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it. Organizations which consider adopting cloud based services must also understand the many major problems of information policy including issues of privacy, security, reliability, access and regulation. There are various means by which introducing a malicious program inside the cloud is not that complicated task for attacker. The various services providers as well as past researcher have introduced some of the potential security features which is claimed to be highly effective. However, accomplishing fail-proof security systems in cloud is never witnessed nor reported by any user or researcher, which clearly specifies that security problems do persist and are on exponential rise. Therefore, this paper discusses about the security issues in cloud supported by brief description of standard security models currently available in cloud. Keywords: Security, Cloud Computing, Attacks, Security Models. I. INTRODUCTION Cloud computing is a state of the art computing model in which the computing resources for example; software, hardware, databases and data are accessed as a service usually through a web browser or light-weight desktop machine over the internet. Cloud computing also describes applications that are extended to be accessible through the Internet. These applications use large data centers and powerful servers that host Web applications and Web services. A typical cloud is a pool of commuting resources such as servers, application development platforms, storage devices, load balancers and virtual machines that are shared among cloud users. Cloud computing also suffers from a lot of security issues and threats that can outlaw the entire cloud to function; hence posing a serious question mark on the cloud handiness and security. On the other hand, these issues are truly opportunities to further enhance the cloud to make it INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 5, Issue 12, December (2014), pp. 57-63 © IAEME: www.iaeme.com/IJCET.asp Journal Impact Factor (2014): 8.5328 (Calculated by GISI) www.jifactor.com IJCET © I A E M E

Upload: iaeme

Post on 15-Jul-2015

55 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

57

INVESTIGATIVE ANALYSIS OF SECURITY ISSUES AND

CHALLENGES IN CLOUD COMPUTING AND THEIR

COUNTER MEASURES

1Sajay K R,

2Dr. Suvanam Sasidhar Babu,

3Y. Vijayalakshmi

1Research Scholar, Bharathiar University (Associate Professor, Department of Computer Applications,Vidya Academy

of Science & Technology, &Technology, Thalakottukara, Thrissur, Kerala, India 2Professor, Department of Computer Science & Engineering, Sreenarayana Gurukulam College of Engineering,

Kadayiruppu, Ernakulam, Kerala, India 3PhD Research Scholar, Karpagam University, Coimbatore, India

ABSTRACT

Cloud Computing is a recent technology paradigm that enables organizations or individuals to share various

services in a seamless, flexible and cost-effective manner. In the modern era of business operation, the technical adoption

of cloud services are high on rise by the large scale to small scale business establishment on various products and

services. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting

it. Organizations which consider adopting cloud based services must also understand the many major problems of

information policy including issues of privacy, security, reliability, access and regulation. There are various means by

which introducing a malicious program inside the cloud is not that complicated task for attacker. The various services

providers as well as past researcher have introduced some of the potential security features which is claimed to be highly

effective. However, accomplishing fail-proof security systems in cloud is never witnessed nor reported by any user or

researcher, which clearly specifies that security problems do persist and are on exponential rise. Therefore, this paper

discusses about the security issues in cloud supported by brief description of standard security models currently available

in cloud.

Keywords: Security, Cloud Computing, Attacks, Security Models.

I. INTRODUCTION

Cloud computing is a state of the art computing model in which the computing resources for example; software,

hardware, databases and data are accessed as a service usually through a web browser or light-weight desktop machine

over the internet. Cloud computing also describes applications that are extended to be accessible through the Internet.

These applications use large data centers and powerful servers that host Web applications and Web services. A typical

cloud is a pool of commuting resources such as servers, application development platforms, storage devices, load

balancers and virtual machines that are shared among cloud users. Cloud computing also suffers from a lot of security

issues and threats that can outlaw the entire cloud to function; hence posing a serious question mark on the cloud

handiness and security. On the other hand, these issues are truly opportunities to further enhance the cloud to make it

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &

TECHNOLOGY (IJCET)

ISSN 0976 – 6367(Print)

ISSN 0976 – 6375(Online)

Volume 5, Issue 12, December (2014), pp. 57-63

© IAEME: www.iaeme.com/IJCET.asp

Journal Impact Factor (2014): 8.5328 (Calculated by GISI)

www.jifactor.com

IJCET

© I A E M E

Page 2: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

58

more alive, productive and secure by implementing the state of the art and refined security measures. A distinctive cloud

is affected by different issues like Denial of Service (DOS) attacks, session hijacking threats, flashing attacks, failing to

obey governmental regulations and data confidentiality issues. The issues such as DOS attacks, malware injection,

hijacking of a server or a specific service and user identity theft are very common. Network sniffing is yet another severe

threat in which a packet sniffer can steal protected data which may include session cookies, users' passwords, UDDI

(Universal Description Discovery Integrity) files and WSDL (Web Service Description Language). SQL injections to

execute an always true statement in a query to get all the tables back can harm a cloud by unauthorized access to users´

data. These threats are essentially compelling numerous users not to use cloud services in present time because the

consequences of such security issues can be tremendously severe to any business entity and can even result in a total

cessation of a pretentious entity. Several security management standards and measures have been intended to safeguard

the cloud but nevertheless cloud security is at a high risk due to the innovative hacking techniques. These security

standards comprise of Information Technology Infrastructure Library (ITIL) guidelines, ISO/IEC 27001/27002 standard

and Open Virtualization Format (OVF) standards. The dark side of this picture is that; despite having such measures we

cannot promise cloud security. This hard reality has two explanations; one is the weaknesses in these security routines

currently adopted all over the globe and secondly the innovative hacking techniques that are quickly becoming

extraordinarily intelligent, sophisticated and hard to detect.

II. SECURITY AND PRIVACY ISSUES IN CLOUD

Security of the Cloud Computing system can be thought in two dimensions: physical security and cyber security.

Physical security concerns the physical properties of the system. For example, a data center, which is owned by provider

infrastructure, has to realize security standards; supervision and manageability on security preventions, uninterrupted

power supplies, precautions for natural disasters (earthquake, flood, fire etc.) are indispensable. Cyber security defines the

prevention of system from cyber attacks. These attack can use huge amounts of computing resources, disables their usage

by consumer efficiently. Therefore, the significant issues that raises up due to adoption of cloud services by clients are

briefed as follows:

Highly Insecure Data Transfer: The services of the cloud service provider is usually done using internet which is

infected by innumerous malicious program in various shape and size. Hence, providing sufficient protection for a single

cloud user is almost equivalent to a single non-cloud user. All the security problems that can possibly victimize a non-

cloud user are equally applicable for a paid cloud user too. If the data used by the user are not properly encrypted and

robustly authenticated using efficient protocols like IPSec, the degree of susceptibility is on rise.

Internet-facing Services: Public cloud services are delivered over the Internet. Applications and data that were

previously accessed from the confines an organization’s intranet, but moved to the cloud, must now face increased risk

from network threats.

Insecure data: Although the cloud computing infrastructure is usually very secure, it is also a very tempting target for

the criminal underground. All public clouds have been engineered with cloud computing security as one of the top

concerns. Any such vulnerability reported or not, in your chosen cloud, might put the entire data at risk. In the “old world”,

infrastructural vulnerabilities sometimes actually pose a critical risk, but often are hidden behind multiple layers of

security devices, both physical security and network/OS security.

Breach notification and data residency: Not all data requires equal protection, so businesses should categorize data

intended for cloud storage and identify any compliance requirements in relation to data breach notification or if data may

not be stored in other jurisdictions. Data management at rest Businesses should ask specific questions to determine the

cloud service provider’s data storage life cycle and security policy. Businesses should find out if: Multitenant storage is

being used, and if it is, find out what separation mechanism is being used between tenants. Mechanisms such as tagging

are used to prevent data being replicated to specific countries or regions. Storage used for archive and backup is encrypted

and if the key management strategy includes a strong identity and access management policy to restrict access within

certain jurisdictions.

Data Protection in Motion: It is seen that businesses always encrypt sensitive data in motion to the cloud, but if data

is unencrypted while in use or storage, it will be incumbent on the enterprise to mitigate against data breaches. However,

the existing clients still encounters security issues of data protection while in motion.

User access control: Data stored on a cloud provider’s server can potentially be accessed by an employee of that

company and the user have none of the usual personnel controls over those people.

Page 3: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

59

Data separation: Every cloud-based service shares resources, namely space on the provider’s servers and other parts

of the provider’s infrastructure. However, efficiencies of the compartmentalization approaches, such as data encryption,

the provider uses to prevent access into the virtual container by other customers are very rare.

III. TOP THREATS FOR CLOUD COMPUTING USERS

Cloud Security Alliance has proposed the biggest security threats of cloud systems. These threats are as follows:

Abuse and immoral Use of Cloud Computing:

IaaS providers offer services to their customers through a registration process where anyone with a valid credit card can

register and immediately begin using cloud services. By abusing the relative anonymity behind these registration and

usage models, spammers and other criminals have been able to conduct their activities with relative freedom.

Insecure Interfaces and APIs:

The security and availability of general cloud services is dependent upon the security of APIs. These interfaces must be

designed to protect against both accidental and malicious attempts

Data Loss or Leakage:

There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an

obvious example. Unauthorized parties must be prevented from gaining access to sensitive data.

Malicious Insiders:

The malicious insider threat is one that gains in importance as many providers still don't reveal how they hire people,

how they grant them access to assets or how they monitor them. Models affected by these threats are shown in the

Table 1.

Table 1: Service Models Affected

Type of Threat Models affected

Abuse Use of Cloud Computing IaaS , PaaS

Insecure Interfaces and APIs IaaS , PaaS , SaaS

Data Loss or Leakage IaaS , PaaS , SaaS

Malicious Insiders IaaS , PaaS , SaaS

IV. COUNTERMEASURES TO THESE THREATS

1. Confronting Abuse and immoral Use of Cloud Computing:

Stricter initial registration and validation processes.

Enhanced credit card fraud monitoring and coordination.

Comprehensive introspection of customer network traffic.

Monitoring blacklists for one’s own network blocks.

2. Confronting Insecure Interfaces and APIs:

Analyze the security model of cloud provider interfaces.

Ensure strong authentication and access controls are implemented in concert with encrypted transmission.

3. Confronting Data loss or Leakage: Implement strong API access control.

Encrypt and protect integrity of data in transit.

Analyzes data protection at both design and run time.

4. Confronting Malicious Insiders Specify HR requirements as part of legal contracts.

Require transparency into overall information security and management practices.

Page 4: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

60

V. ATTACKS ON CLOUD COMPUTING

A. XML Signature Wrapping Attack Wrapping attacks aim at injecting a faked element into the message structure so that a valid signature covers the

unmodified element while the faked one is processed by the application logic. So, an attacker can perform an arbitrary

Web Service request while authenticating as a legitimate user.

B. SQL injection attacks In this type of attack a malicious code is inserted into a standard SQL code. Thus the attackers gain unauthorized

access to a database and are able to access sensitive.

C. Sniffer Attacks These types of attacks are launched by applications which can capture packets flowing in a network and if the

data that is being transferred through these packets is not encrypted, it can be read.

D. Account Hijacking It is usually carried out with stolen credentials. Examples of such attacks include: eavesdropping on transactions,

manipulation of data, and redirection to illegitimate sites.

Table 2: Known Attacks on Cloud Computing

Attack

Consequences

Category

Name

Theft-of-service

Cloud service usage without billing

Cloud resource stealing with no cost

Cloud

Infrastructure

Denial of Service

Service/hardware unavailability

Wrapping a malicious code in Xml to gain

unauthorized access

Accessing any other private information

Network,

Cloud

Infrastructure

Malware

Injection

User data/information leakage

Cloud resources/infrastructure information

leakage

Cloud

Infrastructure

VI. COUNTERMEASURES TO THESE ATTACKS

1)Countermeasure to XML Signature Wrapping Attack Solution is to use the SOAP message during message passing from the web server to the web browser. A STAMP bit will

be added onto the signature value when it is appended in the SOAP header. This bit will be transmitted when the

message is interfered with by a third party during the transfer. When the message reaches its destination the STAMP bit

is checked. If it has been changed, then a new signature value is generated by the browser and the new value is sent back

to the server as recorded to modify the authenticity checking

2) Countermeasure to SQL injection attacks Filtering techniques to sanitize the user input etc. are used to check the SQL injection attacks

3) Countermeasure to Sniffing Attacks A malicious sniffing detection platform based on ARP and RTT can be used to detect a sniffing system running on a

network.

4) Countermeasure to Account Hijacking In order to prevent this attack, Drop box has implemented two-factor authentication into the company’s security controls

in which user has to enter two of the following three properties: something the user knows (e.g., password, PIN),

something the user has (e.g., ATM card) and/or something the user is (e.g., biometric characteristic, such as a

fingerprint).

Page 5: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

61

5) Countermeasure to Theft of Service Attacks Gruschkaet al. in has suggested using a new instance of cloud-to-user surface in victim machine to monitor the

scheduling of parallel instances. Then, the outputs of both the attacker and the legitimate instances are compared. A

significant difference in results is reported to the responsible authorities as an attack.

There are other solutions provided for hypervisor scheduling such as but they are only limited to CPU-bound issues.

6) Countermeasure to Denial of Service Attack Karnwal and T . Sivakumar in provides a framework called “cloud defender” that is based on following stages:

• Sensor: It monitors the incoming request messages. If there is hypothetical increase in number of messages coming

from same consumer, it marks it as suspicious.

HOP Count filter: It will count the hop count value (total nodes, does message traverse from source to destination) and

compare it with pre-defined HOP count. If a difference is found, it means that the header or the message has been

modified and thus is marked suspicious.

• IP Frequency Divergence: Marks a message suspicious, if there is same frequency of IP messages.

VII. SECURITY MODELS IN CLOUD

The brief illustration of available cloud security models are:

Cloud Multiple-Tenancy Model of NIST: Multiple-tenancy is an important function characteristic of cloud computing

that allows multiple applications of cloud service providers currently running in a physical server to offer cloud service

for customers. Multiple-tenancy model of cloud computing implemented by virtualization offers a method to satisfy

different customer demands on security, segmentation, isolation, governance, SLA and billing/chargeback etc.

Cloud Risk Accumulation Model of CSA: Understanding the layer dependency of cloud service models is very critical

to analyze the security risks of cloud computing. IaaS is the foundation layer of all cloud services, PaaS is built upon

IaaS and SaaS is built upon PaaS, so there is an inherited relation between the service capability of different layers in

cloud computing. Similar to the inheritance of cloud service capability, the security risks of cloud computing is also

inherited between different service layers. i) IaaS provides no distinctive function similar to application service but

maximum extensibility for customers, meaning that IaaS holds little security functions and capabilities except for the

infrastructure’s own security functions and capabilities. IaaS demands that customers take charge of the security of

operating systems, software applications and contents etc. ii) PaaS offers the capability of developing customized

applications based on the PaaS platform for customers and more extensibility than SaaS, at the cost of reducing those

available distinctive functions of SaaS. Similarly, the intrinsic security function and capability of PaaS are not complete,

but customers possess more flexibility to implement additional security. iii) SaaS presents the least customer

extensibility, but the most integrated service and the highest integrated security among three service layers. In SaaS,

cloud service providers take charge of more security responsibilities, and customers pay for little security effort on the

SaaS platform. One critical feature of cloud security architecture is that the lower service layer that a cloud service

provider lies in, the more management duties and security capabilities that a customer is in charge of. In SaaS, cloud

service providers need to satisfy the demands on SLA, security, monitor, compliance and duty expectation etc. In PaaS

and IaaS, the above demands are charged by customers, and cloud service provider is only responsible for the availability

and security of elementary services such as infrastructure component and underlying platform.

Jerico Formu’s Cloud Cube Model: Jerico formu’s cloud cube model is a figuration description of security attribute

information implied in the service and deployment models of cloud computing and the location, manager and owner of

computing resources.

The Mapping Model of Cloud, Security and Compliance: The mapping model of cloud ontology, security control and

compliance check presents a good method to analyze the gaps between cloud architecture and compliance framework and

the corresponding security control strategies that should be provided by cloud service providers, customers or third

parties. Unfortunately, the compliance framework of cloud computing is not naturally existed with the cloud model.

Correspondingly, the mapping model of cloud, security and compliance contributes to determining whether accept or

refuse the security risks of cloud computing.

Data Security based on Diffie Hellman and Elliptical Curve Cryptography: The authors have discussed a design for

cloud architecture which ensures secured movement of data at client and server end. The non breakability of Elliptic

curve cryptography is used for data encryption and Diffie Hellman Key Exchange mechanism for connection

Page 6: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

62

establishment. The encryption mechanism uses the combination of linear and elliptical cryptography methods. It has

three security checkpoints: authentication, key generation and encryption of data.

User Authentication, File encryption and Distributed Server: The authors have discussed security architecture for

cloud computing platform. This ensures secure communication system and hiding information from others. AES based

file encryption system and asynchronous key system for exchanging information or data is included in this model. This

structure can be easily applied with main cloud computing features, e.g. PaaS, SaaS and IaaS. This model also includes

onetime password system for user authentication process. The work mainly deals with the security system of the whole

cloud computing platform.

Trusted Computing Technology: The author proposed a method to build a trusted computing environment for cloud

computing system by integrating the trusted computing platform into cloud computing system. A model system is

discussed in which cloud computing system is combined with trusted computing platform with trusted platform module.

In this model, some important security services, including authentication, confidentiality and integrity, are provided in

cloud computing system.

Identity-Based Cryptography: The authors in introduced a Hierarchical Architecture for Cloud Computing (HACC).

Then, Identity-Based Encryption (IBE) and Identity-Based Signature (IBS) for HACC are proposed. Finally, an

Authentication Protocol for Cloud Computing (APCC) is presented. Performance analysis indicates that APCC is more

efficient and lightweight than SSL Authentication Protocol (SAP), especially for the user side. This aligns well with the

idea of cloud computing to allow the users with a platform of limited performance to outsource their computational tasks

to more powerful servers.

VIII. SET OF RECOMMENDATIONS FOR ORGANIZATIONS

Set of recommendations for organizations are:

Governance Extend organizational practices pertaining to the policies, procedures and standards used for application development.

Compliance Understand the various types of laws and regulations that impose security and privacy obligations on the organization.

Trust Incorporate mechanisms into the contract that allow visibility into the security and privacy controls.

Identity and Access Management Ensure that adequate safeguards are in place to secure authentication, authorization and other identity and access

management functions.

Software Isolation Understand virtualization and other software isolation techniques that the cloud provider employs.

Availability Ensure that during an intermediate or prolonged disruption or a serious disaster, critical operations can be immediately

resumed in a timely and organized manner.

IX. CONCLUSION

In today’s global competitive market, companies must innovate and get the most from its resources to succeed.

This requires enabling its employees, business partners, and users with the platforms and collaboration tools that promote

innovation. Cloud computing infrastructures are next generation platforms that can provide tremendous value to

companies of any size. Cloud computing helps IT enterprises use various techniques to optimize and secure application

performance in a cost-effective manner. The standard security issues as well as standard model of security mitigation

existing presently are also discussed. Apart from advantages it has some disadvantages on security and privacy concerns,

which are seen as the primary obstacles to wide adoption. At the same time, because of the distributed nature of the

system, there is a risk of security attacks on services and resources in cloud computing. These attacks can be both outside

and inside the cloud provider’s network. The idea of handling over important data to another company worries some

people. Our future work direction will be to introduce a novel authentication based scheme to ensure effective security in

cloud.

Page 7: Investigative analysis of security issues and challenges in cloud computing and their counter measures

Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14)

30 – 31, December 2014, Ernakulam, India

63

X. REFERENCES

[1] B. Furht, Armando Escalante, Handbook of Cloud Computing, Springer, 2010.

[2] K. Hamlen, Murat Kantarcioglu, Latifur Khan, Security Issues for Cloud Computing, International Journal of

InformationSecurity and Privacy, 4(2), vol. 39, pp. 39-51, 2010.

[3] D. Jamil, & H. Zaki., Cloud Computing Security. International Journal of Engineering Science and Technology,

vol.3, Iss.4, p.3478-3483, 2011.

[4] B.C. Brown, B.C. Brown, How to Stop E-mail Spam, Spyware, Malware, Computer Viruses, and Hackers from

RuiningYour Computer or Network: The Complete Guide for Your Home and Work, Atlantic Publishing

Company, 2010.

[5] D. Zissis, & D. Lekkas, Addressing cloud computing security issues. Future Generation Computer Systems,

Elsevier, vol. 28, Iss. 3, 2012.

[6] K.D. Kadam, S.K. Gajre, & R.L. Paikrao, Security issues in cloud computing. International Journal of Computer

Applications, 2012.

[7] K.Hashizume, D.G Rosado, E.F.-Medina, and E.B.Fernandez, “An analysis of security issues for cloud

computing”, Journal of Internet Services and Applications, 2013.

[8] Cloud Security Alliance. Security guidance for critical areas of focus in cloud computing (v2.1). December,

2009.

[9] J.Chea, Y.Duanb, T.Zhanga, J.Fana, “Study on the security models and strategies of cloud computing”,

International Conference on Power Electronics and Engineering Application, Elsevier, 2011.

[10] N. Tirthani, R. Ganesan, Data Security in Cloud Architecture Based on Diffie Hellman and Elliptical Curve

Cryptography,IACR Cryptology, 2014.

[11] K.W.Nafi, T.S.Kar, S.A.Hoque, “A Newer User Authentication, File encryption and Distributed Server Based

Cloud Computing security architecture”, International Journal of Advanced Computer Science and

Applications, Vol. 3, No. 10, 2012.

[12] Z. Shen, Q. Tong, “The Security of Cloud Computing System enabled by Trusted Computing Technology”, 2nd

IEEE International Conference on Signal Processing Systems, 2010.

[13] H. Li, Y. Dai, B. Yang, Identity-Based Cryptography for Cloud Security, Springer, 2009.

[14] R. Chow, Markus Jakobsson, Ryusuke Masuoka, Authentication in the Clouds: A Framework and its

Application to Mobile Users, ACM, 2010.

[15] K-W Park, J. Han, J.W Chung, “THEMIS: A Mutually Verifiable Billing System for the Cloud Computing

Environment”, IEEE Transactions on service computing, 2012.

[16] S. Ahmad, B. Ahmad, S. M. Saqib, and R. M. Khattak, “Trust Model: Cloud’s Provider and Cloud’s User”,

International Journal of Advanced Science and Technology, Vol. 44, July, 2012.

[17] B. Tang and R. Sandhu, “Cross-Tenant Trust Models in Cloud Computing”, IEEE, 2013.

[18] W. Wang, G. Zeng, D. Tang, J.Yao, Cloud-DLS: Dynamic trusted scheduling for Cloud computing, Experts

systems with Applications, Elsevier, vol.39, pp.2321-2329, 2012.

[19] M. R. Asghar, M. Ion, G. Russello, B. Crispo, “ESPOONERBAC: Enforcing Security Policies in Outsourced

Environments”, Elsevier Computers & Security 2013.

[20] K.W. Hamlen, L. Kagaly, M. Kantarcioglu, “Policy Enforcement Framework for Cloud Data Management”,

IEEE Computer Society, 2013.

[21] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security in Cloud Computing”, International Journal

of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012, pp. 258 - 265, ISSN Print:

0976 – 6367, ISSN Online: 0976 – 6375.

[22] Abhishek Pandey, R.M.Tugnayat and A.K.Tiwari, “Data Security Framework for Cloud Computing Networks”

International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 1, 2013, pp. 178 - 181,

ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.

[23] Nada M. Badr and Noureldien A. Noureldien, “Review of Mobile Ad Hoc Networks Security Attacks and

Countermeasures”, International journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 6,

2013, pp. 145 - 155, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.