An Improved Security Solution for Cloud Computing Management Infrastructures: The Insider Perspective

Aburuotu, E.  C; Ojekudo, Nathaniel  A.

Aburuotu, E. C School of Post Graduate Studies, Department of Computer Science, Faculty of Natural and Applied Sciences, Ignatius Ajuru University of Education
Ojekudo, Nathaniel A. Department of Computer Science, Faculty of Natural and Applied Science, Ignatius Ajuru University of Education, Port Harcourt

Keywords: Infrastructures, Cloud

Abstract

This study examines the security of cloud computing management infrastructures from the perspective of the insider attacker. It is also proposed to design and implement a security system for the infrastructures responsible for the management of cloud computing environment against the insider attacker. To achieve this aim, we designed a security solution that handles login verification and login information storage. The application stores the login information of every personnel who has been defined to access the system. The solution also stores information about infrastructure managers, the host server, the virtual server, the smart routers and switches, all of which are used for storage and transmission of data over the internet. The infrastructural security solution is applicable to Infrastructure as a service (IaaS). The system is also capable of handling authentication of cloud members, verification and monitoring of data transfer, thus maintaining network security for our cloud environment and data confidentiality. The security system also provides the administrator with the privilege of monitoring who is logged into the cloud environment, in other to protect the network from hackers. Because design method is required to complete this research, Waterfall Design Methodology was adopted for the research, design and implementation methodology. Programming is performed using PHP, coding is done using HTML platform, Couchbase offline server is used as our local server for hosting this cloud network security system, and advanced network security Standard algorithm is implemented for ensuring security framework.

Downloads

Download data is not yet available.

References

1. Amara Naseer Huang Zhiqui Awais Ali (2017). Cloud Computing Security Threats and Attacks with Their Mitigation Techniques. Conference: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (Cyber).
2. Antonio Celesti; Francesco Tusa; Massimo Villari; Antonio Puliafito (2010). Security and Cloud Computing: InterCloud Identity Management Infrastructure. Published in: 2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises.
3. Badger, L., Grance, T., Patt-Corner, R., & Voas, J. (2012). Draft: cloud computing synopsis and recommendations. National Institute of Standards and Technology. http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf
4. Bertion, E., Paci, F., & Ferrini, R. (2009). Privacy-preserving digital identity management for cloud computing. IEEE Computer Society Data Engineering Bulletin, 1-4.
5. Bruening, P. J., & Treacy, B. C. (2009). Cloud computing: privacy, security challenges. Bureau of National Affairs.
6. Brunette, G. (2009). Cloud security alliance: security guidance for critical areas of focus in cloud computing. https://cloudsecurityalliance.org/csaguide.pdf
7. Enoch, N. O. (2012). Information systems development- a structured approach. Oyas Bee Enterprises.
8. European Network and Information Security Agency (ENISA) (2009). Cloud computing: cloud computing: benefits, risks and recommendations for information security. European Telecommunication Standards Institute. http://www.etsi.org
9. Kannan, M., Lee, S., Solsky O., & Smith, J. (2009). Centre for the protection of natural infrastructure (CPNI)’s information security briefing on cloud computing. http://www.cpni.gov.uk/Documents/Publications/2010/2010007
10. Kean, R., Harris, D., & Meegan, J. (2012). Security for cloud computing, 10 steps to ensure success. Clouds Standards Customers Council. http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf.
11. Ko, M., Ahn, G.-J., & Shehab, M. (2009). Privacy-enhanced user-centric identity management. In Proceedings of IEEE International Conference on Communications. Pp.998-1002.
12. Mell, P., & Grance, T. (2009). The NIST definition of cloud computing. National Institute of Standards and Technology. (www.csrc.nist.gov).
13. Mell, P., Grance, T. (2010). The NIST definition of cloud computing. Communication. ACM, 53(6), 50-61.
14. Monjur, A., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of the Network Security and Its Applications, 6(1), 64-77. http://airccse.org/journal/nsa/6114nsa03.pdf.
15. Mehmet Yildiz; Jemal Abawajy; Tuncay Ercan; Andrew Bernoth (2009). A Layered Security Approach for Cloud Computing Infrastructure. 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks. DOI: 10.1109/I-SPAN.2009.157.
16. Naseer, A., Zhiqui, H., & Ali, A. (2017). Cloud computing security threats and attacks with their mitigation techniques. International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (Cyber). http://www.doi.10.1109/CyberC.2017.37
17. Qaisar, S., & Khawaja, K. F. (2012). Cloud computing: network/security threats and countermeasures. Interdisciplinary Journal of Contemporary Research in Business, 3(9), 34-50. www.journal-archives.webs.com/1323-1329.pdf.
18. Sen, J. (2012). Security and privacy issues in cloud computing. Innovation labs, Tata consultancy services. http://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf.