SECURITY CHALLENGES AND SOLUTIONS FOR A TRUSTWORTHY PUBLIC CLOUD ENVIRONMENT

pullfarmInternet and Web Development

Nov 3, 2013 (3 years and 9 months ago)

83 views

VSRD International Journal of Computer Science
& Information Technology, Vol. 3

No. 3

March
2013

/
1

e
-
ISSN
: 2231
-
2471
,
p
-
ISSN :
2319
-
2224

©
VSRD

International Journals

:
www.vsrdjournals.com


RESEARCH
ARTICLE

SECURITY

CHALLENGES AND SOLUTIONS

FOR A
TRUSTWORTHY PUBLIC CLOUD ENVIRONMENT

1
Pragya Singh,
2
Aniruddha Singh
*
,
3
Saurabh Srivastava and
4
Amritanshu Kalia

1
Assistant
Professor, MBA/MS

Department


2,3,4
Research Scholar
, Department of
Cyber Law and Information Security
,

1,2,3,4
Indian Institute of Information Technology
,
Allahabad
,

Uttar
Pradesh,

INDIA
.

*
Corresponding Author

:
aniruddha.iiita@gmail.com

ABSTRACT

Cloud computing represents today’s most exciting computing paradigm shift in information technology. Cloud computing makes it

possible for content providers to quickly deploy and scale services and benefit from low
-
cost, pay
-
by
-
use models, while users enjo
y the
flexibility provided by Internet
-
based computing technologies. However, security and privacy are perceived as primary obstacles to its
large scale adoption. The very flexibility and rapid provisioning that cloud computing offers pose serious obstacle
s to any security
architecture. Users find it difficult to fully trust cloud
-
based services because cloud
-
based data storage and protection methods are largely
user transparent. There is no way to know, for example, if the service providers have properly d
eleted users’ purged data or if they are
saving it for their own reasons, such as passing on the user’s name to third parties offering products related to the provide
d service or
extracting privacy information for malicious use. Current research on cloud s
ecurity is still in the early stages, and no universal model or
set of techniques has yet emerged. Methods include segregating user resources during data processing to prevent widespread vi
rus
infection, the use of a third
-
party auditor to verify the integ
rity of data stored in the cloud and access control based on data attributes and
semantics
. In this paper, we outline several critical security challenges and propose further investigation of security solutions for
a
trust
worthy public cloud environment
.

K
ey
words

:
Cloud Computing, Security Challenges, Multitenancy Security And Privacy, Cloud Service Providers, Intrusion Detection.


1.

INTRODUCTION

Cloud computing is the latest addition in the long
-
dreamt
vision of computing in terms of utility. This technique
provides a
convenient, on
-
demand network access to a
centralized pool of configurable computing resources that
can be rapidly deployed with great efficiency and minimal
management overhead [1]. With its numerous advantages,
cloud computing enables a fundamental parad
igm shift in
how we deploy and deliver computing services


that is, it
makes possible computing outsourcing such that both
individuals and enterprises can avoid committing large
capital outlays when purchasing and managing software
and hardware, as well a
s dealing with the operational
overhead therein [1].

Whereas the benefits of cloud computing are tremendous,
security and privacy concerns related to them are the
primary obstacles to their wide adoption [2]. Because cloud
service providers (CSPs) are sepa
rate administrative
entities, moving to the commercial public cloud deprives
users of direct control over the systems that manage their
data and applications. Even if CSPs’ infrastructure and
management capabilities are much more powerful and
reliable than

those of personal computing devices, the cloud
platform still faces both internal and external security and
privacy threats, including media failures, software bugs,
malware, administrator errors and malicious insiders.
Noteworthy outages and security bre
aches to cloud services
appear from time to time [2]. Because users don’t have
access to the cloud’s internal operational details, CSPs
might also voluntarily examine users’ data for various
reasons without detection. Additionally, owing to hardware
virtua
lization, multiple users can now share the same
physical infrastructure, which runs their distinct application
instances simultaneously. Although it increases resource
utilization, this unique multitenancy feature also presents
new security and privacy vul
nerabilities for user
interactions [3]. Hence, we argue that without providing a
strong security and privacy guarantee, we can’t expect users
to
have optimum
control of their data and computing
applications over to the cloud based solely on economic
saving
s and service flexibility.

Current research on cloud security has a long way to go and
no universal model or set of techniques has yet been
successfully implemented. Methods include segregating
user resources during data processing to prevent widespread
vi
rus infection, the use of a third
-
party auditor to verify the
integrity of data stored in the cloud [4] and access control
based on data attributes and semantics [5]. Here, we outline
several critical security challenges, point out their
importance, and mo
tivate further investigation of security
solutions that will help a trustworthy public cloud
environment become a reality.

2.

DATA SECURITY IMPLEM
ENTATION

An important issue that arises when outsourcing data
Pragya Singh,
Aniruddha Singh, Saurabh Srivastava and Amritanshu Kalia

VSRDIJCSIT, Vol. I
I
I
(
I
I
I
)
,
March
2013

/
2



service to the cloud is protecting data integrity a
nd long
-
term storage correctness. Although outsourcing data to the
cloud is economically attractive for long
-
term, large scale
storage, it doesn’t immediately guarantee data integrity and
availability. This problem, if not properly addressed, can
impede th
e successful deployment of cloud architecture.
Given that users no longer locally possess their data, they
can’t utilize traditional cryptographic primitives to protect
its correctness [6]. Such processes require a local copy of
the data so that their inte
grity can be authenticated which is
not viable when storage is outsourced. Moreover, the large
amount of cloud data and the user’s constrained computing
capabilities make data correctness auditing in a cloud
environment expensive and even formidable. So, e
nabling a
unified storage auditing architecture is important for this
nascent cloud economy to become fully established; users
will need ways to assess risk and gain trust in the cloud.
From a system
-
usability viewpoint, such a design should
incur very lim
ited auditing overhead in terms of
computation and bandwidth, incorporate cloud data’s
dynamic features, and preserve users’ privacy when a
specialized third
-
party auditor is introduced [6].

Beyond storage correctness, other security issues arise
related t
o cloud storage services. One noteworthy security
notion is proof of ownership [7]. This technique aims to
prevent the exposure of user data via the side channels that
results from cross
-
user de
-
duplication, which is widely used
to save the space and bandw
idth CSPs require. Other
challenging security problems include assured data deletion
and remote assessment of fault tolerance


that is, the
remote detection of hard
-
drive failure vulnerabilities in the
cloud [8].

3.

COMPUTATIONAL SECURI
TY THREATS

Another fundamental service enabled within the cloud
paradigm is computation outsourcing. By outsourcing
workloads to the cloud, users’ computational power is no
longer limited by their resource
-
constrained devices.
However, while in operation, such outsou
rcing practices
reveals both data and computation results to the commercial
public cloud. This raises big security concerns, especially
when the outsourced computation workloads contain
sensitive information pertaining to confidentiality.
Consequently, var
ious factors can cause the cloud to behave
unfaithfully and fetch incorrect results. Thus, there is
immense need of secure computation outsourcing
mechanisms to both protect sensitive workload information
and ensure that the computation results returned fr
om the
cloud are correct. First, such a mechanism must be
practically feasible in terms of computational complexity.
Otherwise, either the user’s cost can become prohibitively
huge, or the cloud might not be able to complete the
outsourced computations in
a reasonable amount of time.
Second, it must provide sound security guarantees without
restricting system assumptions. Namely, it should strike a
good balance between security guarantees and practical
performance. Third, this mechanism must enable substant
ial
computational savings at the user side compared to the
amount of effort required to solve a problem locally.
Otherwise, users have no reason to outsource computation
to the cloud.

A recent breakthrough in fully homomorphic encryption
(FHE) has shown ph
enomenal results of secure
computation outsourcing to be viable in theory. But
applying this general mechanism to everyday computing
tasks is still far from practical due to FHE operations’
extremely high complexity, which can’t yet be handled in
practice.

On a different front, researchers are working on
mechanisms for specific computation outsourcing
problems, such as linear programming via problem
transformation, [9] genomic computation via specialized
computation partition,[10] and efficient verification

of
large
-
scale biometric computations, all of which should
provide much more practical e
fficiency than the more
general solutions
.

4.

ACCESS CONTROL MECHA
NISM

The risk of attack while the service passes through the
access network depends upon the network bei
ng used. The
risk is relatively high with a public access network and
relatively low with a wired intranet. Normally, higher the
risk, stronger the security mechanisms must be. In many
application scenarios, such as those in enterprises or
organizations, u
sers’ access to data is usually selective and
highly differentiated. Different users enjoy different access
privileges with regard to the data. When data are outsourced
to the cloud, enforcing secure, efficient, and reliable data
access across a large numb
er of users is a critical task.
Traditionally, to control the dissemination of privacy
-
sensitive data, users establish a trusted server to store data
locally in clear, and then control that server to check
whether requesting users present proper certificat
ion before
letting them access the data [11]. From a security
standpoint, this access control architecture is no longer
applicable when we outsource data to the cloud. Because
data users and cloud servers aren’t in the same trusted
domain, the server might

no longer be fully trusted as an
omniscient reference monitor [11] for defining and
enforcing access control policies and managing user details.
One possible approach to enforce data access without
relying on cloud servers could be to encrypt data in a
di
fferentiated manner and disclose the corresponding
decryption keys only to authorized users. This approach
usually suffers from severe performance issues, however,
and doesn’t scale, especially when a potentially large
number of on
-
demand users desire fine
-
grained data access
control. Researchers have been working on how to realize a
fine
-
grained access control design that fully leverages the
cloud’s computation resource richness [11]. Via this
approach, users would be able to securely delegate to the
cloud

most cumbersome user/ data management workloads
such as handling frequent user access privilege updates in
Pragya Singh,
Aniruddha Singh, Saurabh Srivastava and Amritanshu Kalia

VSRDIJCSIT, Vol. I
I
I
(
I
I
I
)
,
March
2013

/
3



large dynamic systems while still preserving the data
confidentiality against any unauthorized access
.

5.

SERVICE METERING MEC
HANISM
THROUGH A TRUSTWOR
THY SOURCE

With increase in the popularity of computing as a service,
users employ cloud resources as a public utility to
accomplish their tasks. To make the service profitable,
CSPs charge users according to the resources they
consume. However, because us
ers might have little or no
visibility into the cloud infrastructure, they’re often unable
to directly connect their actual cloud resource consumption
and the usage charges [12]. Consequently, CSPs might
incorrectly apply unexpected costs to a user’s usage

report
when the true culprit might be possible software bugs or
network congestion caused by other users running tasks on
the same physical infrastructure. So, assuring service
metering’s trustworthiness is of utmost importance if the
utility based comput
ing paradigm’s success is to be taken
into account. A unified mechanism for securely and fairly
measuring resource consumption is greatly needed and will
benefit both cloud users and CSPs. At first, a trustworthy
service
-
metering mechanism will let users o
btain verifiable
assurance on the amount of cloud resources actually
consumed and hence help them trust the cloud more easily.
Secondly, such a mechanism can serve as an indispensable
arbitration route to resolve any issue over charges between
cloud users
and a CSP. Thirdly, an unbiased and
independent service auditor can further employ such a
mechanism to audit and quantify the quality of service the
CSP promises in its service
-
level agreement, ensuring that
the utility computing
-

oriented service model is

economical.
Finally, trustworthy service metering will definitely
encourage more cloud mechanism adoption, thus leading to
an increase in revenue for CSPs owing to improved overall
resource utilization.

6.

MULTITENANCY SECURIT
Y AND
PRIVACY

Multitenancy is an

essential attribute of cloud computing
[1]. In order to optimize resource utilization, CSPs use
virtualization of hardware to hide a computing platform’s
physical characteristics. This facilitates multiple users run
their distinct application instances si
multaneously on the
same physical infrastructure without seeing each other’s
data. Multitenancy is a feature that increases use of the
underlying hardware resources and with virtualization,
eases the management burden for CSPs, thus allowing
efficient and
effective resource provisioning and re
-
allocation without the need for any upfront hardware
purchase or setup. Despite its benefits, the severe security
threats and privacy vulnerabilities to both the cloud
infrastructure and cloud users presented by multi
tenant
cloud environment cannot be ignored. Virtualized
environments share similar functionalities with existing
operating systems and applications in the physical
environment, so software bugs and newly identified
security vulnerabilities in these systems

remain the primary
threat to any virtualized multitenant environment.
Considering the scale of cloud systems, the potential threat
from these security risks can be even bigger compared to
that for a non
-
virtualized computing environment.
Furthermore, for
resource management in the cloud,
different virtualized application instances must be
constantly provisioned, allocated, or even migrated between
multiple physical machines. Consequently, such dynamic
features in the multitenant environment further exacerb
ate
the problem’s complexity and make achieving and
maintaining consistent security difficult [2].

Multitenancy also opens doors for potential privacy leaks.
As mentioned previously, side
-
channel attacks present new
risks to cloud users’ information in the

multitenant
environment. In a recent study, researchers used
engineering techniques to infer the virtualized resource
allocation strategy from CSPs and successfully placed their
virtualized application instance on the same physical
machine as the target v
ictim. They were then able to extract
the victim’s private information through traffic patterns and
other side
-
channel information [3]. Multitenancy security
and privacy is one of the critical chal
lenges for the public
cloud
.

7.

RESEARCH METHODOLOGY

AND
IMPLE
MENTATION ASPECTS

To fill the need for more discerning security architecture,
security
-
on
-
demand design that applies security algorithms
and protocols according to three stages in the service data’s
life cycle has been discussed. The architecture matches t
he
requirement to one of the three data stages, viz: in
transmission, in process, or in storage, ensuring the least IT
resource consumption per service and adjusting the
service’s ease of use accordingly.

Security Domains Level :
Dividing the cloud service

and
Internet transmission into several security domains with
each domain being governed by its respective security
policy can simplify the deployment of solutions to cloud
service security. Figure 1 show how the three domains
interrelate to ensure that a
service is protected in all three
stages. The network security domain is a bridge for the
service and storage security domains and for the user and
the service security domain, thereby ensuring data
protection from origination to storage.

Pragya Singh,
Aniruddha Singh, Saurabh Srivastava and Amritanshu Kalia

VSRDIJCSIT, Vol. I
I
I
(
I
I
I
)
,
March
2013

/
4




Fig.

1

:

Interr
elationship of
Multilevel
Security Domains

Network :
The main threats while data is in transmission
are denial
-
of
-
service attacks fabricated identity, and
intermediate traffic. To protect against these threats, the
network security domain includes mechanis
ms such as the
Secure Socket Layer/Transport Layer Security (SSL/TLS)
protocols, IPSec, network
-
based intrusion detection, and
traffic cleaning.

The security gateway which mediates all
communications to and from the system is an important
entity in this do
main because it enables more fine
-
grained
access control. If a malicious act occurs, such as a
distributed denial
-
of
-
service attack, [9] the gateway can
immediately limit or even turn off malicious
communication, thus thwarting the attacker.

Service :
The

main threats to data in the cloud services are
an illegally controlled service and malicious service
interruption. To address these threats, the service security
domain includes mechanisms such as authentication,
authorization, vulnerability scanning, dat
a isolation, and
virus detection. To protect legitimate services from illegal
control and process interruption, an intrusion detection and
prevention system monitors all user actions.

Storage :
The main threats while data is in storage are
unauthorized acc
ess and data alteration and theft. Protection
mechanisms include encryption, marking data with
different access levels to enable access control, and
integrity verification. Backup techniques, such as a
redundant array of independent disks and data recovery
,
insure against data loss [10].

8.

SECURITY LAYER ARCHI
TECTURE

Figure 2 below shows the three layers of the proposed
security architecture. The user specifies the security level
which the input layer receives as input, access network risk,
and service type.
The policy layer determines the
parameters for security mechanisms according to the three
inputs. The security mechanisms layer protects a specific
service according to the security parameters from the policy
layer.

Input Layer :
The three inputs into the
input layer
determine which security policy will govern the service.

Security Level :
The service provider’s system must
allow

access
to
authorized

and authenticated

user
s according to
security clearance and authorization level simultaneous
ly

and keep unauthorized users
away
. Because the application
environment poses a certain risk to the system’s ability to
perform these tasks, the security level must reflect both
what a specific service requires and the risk to the system in
providing that s
ervice securely

[12]
.

Each service provider offers a minimum service security
level, which means that users can choose not to set a
security level and still receive minimum protection. The
security level is not the same as security strength. Security
level

refers to the difficulty of breaking into a system and
reflects both security strength and risk to the application
environment. Security strength, on the other hand, reflects
only the difficulty of breaking the security mechanism.

Traditional security pla
nning has maintained the security
level in high
-
risk system environments by increasing the
strength of security mechanisms.
The proposed
architecture
adjusts security strength according to the specific service
needs as well as the risk.

This
architecture i
ncludes service
type in the input layer because different service types
require different security mechanism combinations

[13]
. A
multi
-
media service, for example, is sensitive to time delay,
allows a certain degree of packet loss, and does not require
int
egrity verification. For a file transmission service, in
contrast, integrity verification is a crucial protection
mechanism.

Users need not specify service type. Once a
user starts a specific service, the cloud service
automatically configures the service
type input.

Access Network Risk :
The risk of attack while the service
passes through the access network

such as 3G, public Wi
-
Fi, or wired office networks

depends on the network
being used. The risk is relatively high with a public Wi
-
Fi
access network an
d relatively low with a wired intranet.

Users need not specify the access network risk. The cloud
service can acquire that value from the terminal location,
the IP address range at the user’s terminal, or border entities
at the access network. Normally, th
e higher the risk, the
stronger the security mechanisms must be.

Policy Layer :
In the policy layer, three security policies
receive inputs simultaneously and produce the security
mechanism parameters on the basis of the specified security
level, service t
ype, and access network risk

[14]
. Because
the three inputs decide the strength and combination of
security mechanisms, the security policy’s main role is to
evaluate those inputs and produce the appropriate mix of
security parameters. These parameters, in

turn, ensure that
security mechanisms protect the service at a consistent
security level.

Each security policy produces the parameters
that will activate security mechanisms in one of the three
domains. In the network security domain, for example,
IPSec i
s an important security mechanism. The Security
Association (SA) handles many of IPsec’s security
Pragya Singh,
Aniruddha Singh, Saurabh Srivastava and Amritanshu Kalia

VSRDIJCSIT, Vol. I
I
I
(
I
I
I
)
,
March
2013

/
5



parameters, such as protocol type, package mode,
encryption algorithm, and key life cycle

[11]
.

To protect data in the network domain, our architecture’s
secu
rity policy produces the needed SA security parameters
for that service. From that point, the SA security parameters
drive the IPsec to protect data flow.


Fig.

2

:

Security Architecture Divided Into Input, Policy
,
And Security Mechanism Layers

Security M
echanism Layer :
Each domain
has been
framed to be

governed by
various

security polic
ies
, which
in turn provides the appropriate security mechanisms, such
as IPsec in the network security domain, honeypot in
service security domain, and data encryption/dec
ryption in
the storage security domain.

Some security mechanisms are appropriate for more than
one security domain and take different names, depending
on their function

[15]
. For example, intrusion detection is
network
-
based in the network security domain,

but it
becomes host
-
based in the service security domain. The
antivirus mechanism is also appropriate for both the
network and service security domains.

9.

OVERHEAD
S IN

SECURITY
ARCHITECTURE IMPLEME
NTATION

Although designing security into the cloud benefits
users
and CSPs, it increases
the
overhead for both

inevitably. For
users in particular, such overheads could offset the cloud’s
economically appealing benefits and might conflict with
their reasons for using the cloud in the first place.
In this
paper, we
have
described several critical security
concerns
although the
list is by no means comprehensive. For
example, although cloud computing provides literally
unlimited computation powers while reducing costs, how to
prevent malicious cloud users

from abusing
cloud resources
is still an issue. Such abuses could include password/key
cracking, malicious data hosting, or botnet command and
control. Adopting stricter monitoring of cloud resource
usage could be one way to mitigate this concern, but it’s
inevitably i
n conflict with legal users’ privacy rights.
Hence,
more

research
and innovation
is needed

in this field
[10]
. Security and privacy is one fundamental obstacle to
cloud computing’s success. In this context, we’ve discussed
several critical security challen
ges that current research
address
es
. This article is intended as a call for action to
motivate further investigation of the

many challenging
security issues that will impact the public cloud’s future.
Clearly, much work for a trustworthy public cloud
envir
onment remains to
be done
.

10.

CONCLUSION

Unlike many methods, which require manual configuration,
the proposed architecture makes the upgrading process
extremely user
-
friendly.
This architecture offers several
advantages. Since each security domain faces
different
security threats but, however, draws from the same set of
security mechanisms to address those threats, each domain
can focus on its own issue as per its tailored security policy.

Specifying a service’s security level is a simple selection
proces
s on a familiar computing interface, such as a
webpage, requiring no special security knowledge.
Dividing
the larger security universe into three specific domains
simplifies security policy delegation and makes it more
practical.

In such architecture of cl
oud computing, since the
same service provider may not offer network management,
service provision, and storage, etc., having three domains
also fits well with different providers for these applications.

Another advantage is this architecture's simplicity.

The user
platform needs to configure as less as three inputs only.
A
user who believes that the service will handle sensitive
personal information can simply choose a high security
level before using the service; the architecture does the rest
of the conf
iguring.
Once the users order a service and
specify the security level, the platform automatically factors
in the service type and access network risk.

One traditional
implementation concern is how users upgrade the security
level beyond the service provid
er’s default and how to
accommodate different user platforms. In this architecture,
end
-
to
-
end security mechanisms for differentiated security
are based only on the user’s browser. The security
mechanisms are independent of the user’
s hardware and
operatin
g system and since
the security policy provides
security on demand, there is no need to adapt security
mechanisms for every domain. Using existing network
resources represents a substantial savings in efforts to
deploy cloud computing
.

11.

REFERENCES

[1]

P. Mell a
nd T. Grance, “The NIST Definition of Cloud
Computing,” US Nat’l Inst. of Science and Technology,
2011; http://csrc.nist.gov/publications/ nistpubs/800
-
145/SP800
-
145.pdf.

[2]

“Security Guidance for Critical Areas of Focus in Cloud
Computing,” Cloud Security Al
liance, Dec. 2009;
https://cloudsecurityalliance.org/csaguide.pdf.

[3]

T. Ristenpart et al., “Hey, You, Get Off of My Cloud!
Exploring Information Leakage in Third
-
Party Compute
Clouds,” Proc. 16th ACM Conf. Computer and
Communications Security (CCS 09), ACM P
ress, 2009, pp.
Pragya Singh,
Aniruddha Singh, Saurabh Srivastava and Amritanshu Kalia

VSRDIJCSIT, Vol. I
I
I
(
I
I
I
)
,
March
2013

/
6



199

212.

[4]


Q. Wang et al., “Enabling Public Auditability and Data
Dynamics for Storage Security in Cloud Computing,” IEEE
Trans. Parallel and Distributed Systems, vol. 22, no. 5, 2011,
pp. 847
-
859.

[5]

G. Pallis, “Clou d Computing: The New Front
ier of Internet
Computing,” IEEE Internet Computing, vol. 14, no. 5, 2010,
pp. 70
-
73.

[6]

C. Wang et al., “Privacy
-
Preserving Public Auditing for
Storage Security in Cloud Computing,” Proc. 30th IEEE Int’l
Conf. Computer Communications (INFOCOM 10), IEEE
Press
, 2010, pp. 525

533.

[7]

S. Halevi et al., “Proofs of Ownerhip in Remote Storage
Systems,” Proc. 18th ACM Conf. Computer and
Communications Security (CCS 11), ACM Press, 2011, pp.
491

500.

[8]

K. Bowers et al., “How to Tell if Your Cloud Files Are
Vulnerable to Dr
ive Crashes,” Proc. 18th ACM Conf.
Computer and Communications Security (CCS 11), ACM
Press, 2011, pp. 501

514.

[9]

C. Wang, K. Ren, and J. Wang, “Secure and Practical
Outsourcing of Linear Programming in Cloud Computing,”
Proc. 31st IEEE Int’l Conf. Computer
Communications
(INFOCOM 11), IEEE Press, 2011, pp. 820

828.

[10]

R. Wang et al., “Privacy
-
Preserving Genomic Computation
through Program Specialization,” Proc. 16th ACM Conf.
Computer and Communications Security (CCS 09), ACM
Press, 2009, pp. 338

347.

[11]

S. Yu et
al., “Achieving Secure, Scalable, and Fine
-
Grained
Access Control in Cloud Computing,” Proc. 30th IEEE Int’l
Conf. Computer Communications (INFOCOM 10), IEEE
Press, 2010, pp. 534

542.

[12]

M. Liu and X. Ding, “On Trustworthiness of CPU Usage
Metering and Accoun
ting,” Proc. 1st Int’l Workshop Security
and Privacy in Cloud Computing (ICDCSSPCC 10), IEEE
Press, 2010, pp. 82

91.

[13]

S. Subashini and V. Kavitha, “A Survey on Security Issues in
Service Delivery Models of Cloud Computing,” J. Network
and Computer Applicati
ons, vol. 34, no. 1, 2011, pp. 1
-
11.

[14]

C. Wang et al., “Toward Publicly Auditable Secure Cloud
Data Storage Services,” IEEE Network, vol. 24, no. 4, 2010,
pp. 19
-
24.

[15]

L.K. Hu, S. Yi, and X.Y. Jia, “A Semantics
-
Based Approach
for Cross Domain Access Control,”
J. Internet Technology,
vol. 11, no. 2, 2010, pp. 279
-
288.

