A Transformation-Based Approach to Business Process Management in the Cloud

Business Process Management (BPM) has gained a lot of popularity in the last two decades, since it allows organizations to manage and optimize their business processes. However, purchasing a BPM system can be an expensive investment for a company, since not only the software itself needs to be purchased, but also hardware is required on which the process engine should run, and personnel need to be hired or allocated for setting up and maintaining the hardware and the software. Cloud computing gives its users the opportunity of using computing resources in a pay-per-use manner, and perceiving these resources as unlimited. Therefore, the application of cloud computing technologies to BPM can be extremely beneficial specially for small and middle-size companies. Nevertheless, the fear of losing or exposing sensitive data by placing these data in the cloud is one of the biggest obstacles to the deployment of cloud-based solutions in organizations nowadays. In this paper we introduce a transformation-based approach that allows companies to control the parts of their business processes that should be allocated to their own premises and to the cloud, to avoid unwanted exposure of confidential data and to profit from the high performance of cloud environments. In our approach, the user annotates activities and data that should be placed in the cloud or on-premise, and an automated transformation generates the process fragments for cloud and on-premise deployment. The paper discusses the challenges of developing the transformation and presents a case study that demonstrates the applicability of the approach.     

An Identification of Factors Motivating Individuals’ Use of Cloud-Based Services

The purpose of this study is to develop a better understanding of the factors motivating individuals who use cloud-based services despite the privacy and security risks associated with it. The authors developed a research model that incorporates the theory of planned behavior (TPB) and constructs from previous research to explain individuals’ intentions to use cloud-based services. Our analysis shows support for the relationships among predictor variables (attitude, subjective norm, perceived behavioral control, and information privacy) and the outcome variable (behavioral intention). Additionally, our analysis shows IT leadership and trust as moderating variables between the TPB predictor variables (attitude and perceived behavioral control), but not subjective norm. The results indicate that IT leadership support of cloud-based systems can have a positive effect on cloud adoption and individuals are likely to continue their use of cloud computing despite the privacy and security risks associated with it.     

A comprehensive approach to privacy in the cloud-based Internet of Things

In the near future, the Internet of Things is expected to penetrate all aspects of the physical world, including homes and urban spaces. In order to handle the massive amount of data that becomes collectible and to offer services on top of this data, the most convincing solution is the federation of the Internet of Things and cloud computing. Yet, the wide adoption of this promising vision, especially for application areas such as pervasive health care, assisted living, and smart cities, is hindered by severe privacy concerns of the individual users. Hence, user acceptance is a critical factor to turn this vision into reality.To address this critical factor and thus realize the cloud-based Internet of Things for a variety of different application areas, we present our comprehensive approach to privacy in this envisioned setting. We allow an individual user to enforce all her privacy requirements before any sensitive data is uploaded to the cloud, enable developers of cloud services to integrate privacy functionality already into the development process of cloud services, and offer users a transparent and adaptable interface for configuring their privacy requirements.     

Hybrid Cloud Architecture for Higher Education System

As technology improves, several modernization efforts are taken in the process of teaching and learning. An effective education system should maintain global connectivity, federate security and deliver self-access to its services. The cloud computing services transform the current education system to an advanced one. There exist several tools and services to make teaching and learning more interesting. In the higher education system, the data flow and basic operations are almost the same. These systems need to access cloud-based applications and services for their operational advancement and flexibility. Architecting a suitable cloud-based education system will leverage all the benefits of the cloud to its stakeholders. At the same time, educational institutions want to keep their sensitive information more secure. For that, they need to maintain their on-premises data center along with the cloud infrastructure. This paper proposes an advanced, flexible and secure hybrid cloud architecture to satisfy the growing demands of an education system. By sharing the proposed cloud infrastructure among several higher educational institutions, there is a possibility to implement a common education system among organizations. Moreover, this research demonstrates how a cloud-based education architecture can utilize the advantages of the cloud resources offered by several providers in a hybrid cloud environment. In addition, a reference architecture using Amazon Web Service (AWS) is proposed to implement a common university education system.     

A survey on privacy inference attacks and defenses in cloud-based Deep Neural Network

Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.     

A Cloud-Manager-Based Re-Encryption Scheme for Mobile Users in Cloud Environment: a Hybrid Approach

Cloud computing is an emerging computing paradigm that offers on-demand, flexible, and elastic computational and storage services for the end-users. The small and medium-sized business organization having limited budget can enjoy the scalable services of the cloud. However, the migration of the organizational data on the cloud raises security and privacy issues. To keep the data confidential, the data should be encrypted using such cryptography method that provides fine-grained and efficient access for uploaded data without affecting the scalability of the system. In mobile cloud computing environment, the selected scheme should be computationally secure and must have capability for offloading computational intensive security operations on the cloud in a trusted mode due to the resource constraint mobile devices. The existing manager-based re-encryption and cloud-based re-encryption schemes are computationally secured and capable to offload the computationally intensive data access operations on the trusted entity/cloud. Despite the offloading of the data access operations in manager-based re-encryption and cloud-based re-encryption schemes, the mobile user still performs computationally intensive paring-based encryption and decryption operations using limited capabilities of mobile device. In this paper, we proposed Cloud-Manager-based Re-encryption Scheme (CMReS) that combines the characteristics of manager-based re-encryption and cloud-based re-encryption for providing the better security services with minimum processing burden on the mobile device. The experimental results indicate that the proposed cloud-manager-based re-encryption scheme shows significant improvement in turnaround time, energy consumption, and resources utilization on the mobile device as compared to existing re-encryption schemes.     

A meta-heuristic optimization approach to the scheduling of bag-of-tasks applications on heterogeneous clouds with multi-level arrivals and critical jobs

As cloud computing evolves, it is becoming more and more apparent that the future of this industry lies in interconnected cloud systems where resources will be provided by multiple “Cloud” providers instead of just one. In this way, the hosts of services that are cloud-based will have access to even larger resource pools while at the same time increasing their scalability and availability by diversifying both their computing resources and the geographical locations where those resources operate from. Furthermore the increased competition between the cloud providers in conjunction with the commoditization of hardware has already led to large decreases in the cost of cloud computing and this trend is bound to continue in the future. Scientific focus in cloud computing is also headed this way with more studies on the efficient allocation of resources and effective distribution of computing tasks between those resources. This study evaluates the use of meta-heuristic optimization algorithms in the scheduling of bag-of-tasks applications in a heterogeneous cloud of clouds. The study of both local and globally arriving jobs has been considered along with the introduction of sporadically arriving critical jobs. Simulation results show that the use of these meta-heuristics can provide significant benefits in costs and performance.     

Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality

As the cloud computing paradigm evolves, new types of cloud-based services have become available, including security services. Some of the most important and most commonly adopted security services are firewall services. These cannot be easily deployed in a cloud, however, because of a lack of mechanisms preserving firewall policy confidentiality. Even if they were provided, the customer traffic flowing through the Cloud Service Provider infrastructure would still be exposed to eavesdropping and information gaining by performing analysis. To bypass these issues, the following article introduces a novel framework, known as the Ladon Hybrid Cloud, for preserving cloud-based firewall policy confidentiality. It is shown that in this framework, a high level of privacy is provided thanks to leveraging an anonymized firewall approach and a hybrid cloud model. A number of optimization techniques, which help to further improve the Ladon Hybrid Cloud privacy level, are also introduced. Finally, analysis performed on the framework shows that it is possible to find a trade-off between the Ladon Hybrid Cloud privacy level, its congestion probability, and efficiency. This argument has been demonstrated through the results of conducted experiments.     

基于云存储的多用户可搜索加密方案

云存储服务允许用户外包数据并以此来降低资源开销。针对云服务器不被完全信任的现状,文章研究如何在云环境下对数据进行安全存储和加密搜索。多用户的可搜索加密方案为用户提供了一种保密机制,使用户可以在不受信任的云存储环境下安全地共享信息。在现有的可搜索加密方案的基础上,文章提出了一种安全有效的带关键字搜索的加密方案,以及更加灵活的密钥管理机制,降低了云端数据处理的开销。     

BlindIdM: A privacy-preserving approach for identity management as a service

Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time, it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data confidentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.     

Policing as a Service in the Cloud

ABSTRACT

Security and privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for end users. However, the existing security and privacy issues in the cloud still present a strong barrier for users to adopt cloud computing solutions. This paper investigates the security and privacy challenges in cloud computing in order to explore methods that improve the users’ trust in the adaptation of the cloud. Policing as a Service can be offered by the cloud providers with the intention of empowering users to monitor and guard their assets in the cloud. This service is beneficial both to the cloud providers and the users. However, at first, the cloud providers may only be able to offer basic auditing services due to undeveloped tools and applications. Similar to other services delivered in the cloud, users can purchase this service to gain some control over their data. The subservices of the proposed service can be Privacy as a Service and Forensics as a Service. These services give users a sense of transparency and control over their data in the cloud while better security and privacy safeguards are sought.     

A novel protocol for efficient authentication in cloud-based IoT devices

The Internet of Things (IoT) has emerged as one of the most revolutionary technological innovations with the proliferation of applications within almost all fields of the human race. A cloud environment is the main component of IoT infrastructure to make IoT devices efficient, safe, reliable, usable, and autonomous. Reduction in infrastructure cost and demand accessibility of shared resources are essential parts of cloud-based IoT (CIoT) infrastructure. Information leakage in cloud-assisted IoT devices may invite dangerous activities and phenomena. Various cloud-based systems store IoT sensor data and later on access it accordingly. Some of them are public, and some of them are private. Private cloud services must be secured from external as well as internal adversaries. Hence, there must be a robust mechanism to prevent unauthorized access to devices. This paper proposes a novel and efficient protocol based on the Elliptic Curve property known as Elliptic Curve Discrete Logarithm Problem (ECDLP) with hash and XOR functions for the authentication in cloud-based IoT devices. In comparison to the existing protocols, the proposed protocol is resistant to attacks and other security vulnerabilities. The one-way hash function and XOR function effectively ensure a reduction in computation cost. AVISPA and BAN logic have been used for formal analysis of the proposed protocol. As per the performance analysis results, it is clear that the proposed protocol is efficiently suitable for cloud-assisted IoT devices.

     

A survey on security challenges in cloud computing: issues,threats, and solutions

Cloud computing has gained huge attention over the past decades because of continuously increasing demands. There are several advantages to organizations moving toward cloud-based data storage solutions. These include simplified IT infrastructure and management, remote access from effectively anywhere in the world with a stable Internet connection and the cost efficiencies that cloud computing can bring. The associated security and privacy challenges in cloud require further exploration. Researchers from academia, industry, and standards organizations have provided potential solutions to these challenges in the previously published studies. The narrative review presented in this survey provides cloud security issues and requirements, identified threats, and known vulnerabilities. In fact, this work aims to analyze the different components of cloud computing as well as present security and privacy problems that these systems face. Moreover, this work presents new classification of recent security solutions that exist in this area. Additionally, this survey introduced various types of security threats which are threatening cloud computing services and also discussed open issues and propose future directions. This paper will focus and explore a detailed knowledge about the security challenges that are faced by cloud entities such as cloud service provider, the data owner, and cloud user.

     

Customers perspectives on adoption of cloud computing in banking sector

The advent of cloud computing has transformed the role of the Internet in many businesses and organizations. Currently, banks are increasingly adopting cloud technologies to fulfil their varied purposes and to create a flexible and agile banking environment that can quickly respond to new business needs. However, past studies tend to focus more on the adoption issues of cloud computing from the organizational perspective with little attention paid on the users’ view of these cloud-based services. Therefore, this paper attempts to investigate the factors influencing cloud computing adoption in the banking sector from the customers’ perspective and to propose an adoption model for this purpose. The model is mainly developed based on the TAM-diffusion theory model (TAM-DTM) with the introduction of three new constructs namely trust, cost, and security and privacy. Questionnaires were randomly distributed to 162 bank customers in Malaysia. Survey data were analyzed using the partial least squares (PLS) method while SmartPLS was used to test the hypotheses and to validate the proposed model. The results suggest that trust, cost, and security and privacy can be successfully integrated within the TAM-TDM. The security and privacy constructs exhibited strong positive influence on perceived ease of use, perceived usefulness, and trust. The study concludes that perceived usefulness, perceived ease of use, cost, attitudes toward cloud and trust significantly influence users’ behavioral intention to adopt cloud computing. Thus, the finding of this study will enable banks to focus more on customer perspectives on cloud-based applications and identify their attitude towards their adoption.     

Executing mobile applications on the cloud: Framework and issues

Modern mobile devices, such as smartphones and tablets, have made many pervasive computing dreams come true. Still, many mobile applications do not perform well due to the shortage of resources for computation, data storage, network bandwidth, and battery capacity. While such applications can be re-designed with client–server models to benefit from cloud services, the users are no longer in full control of the application, which has become a serious concern for data security and privacy. In addition, the collaboration between a mobile device and a cloud server poses complex performance issues associated with the exchange of application state, synchronization of data, network condition, etc. In this work, a novel mobile cloud execution framework is proposed to execute mobile applications in a cloud-based virtualized execution environment controlled by mobile applications and users, with encryption and isolation to protect against eavesdropping from cloud providers. Under this framework, several efficient schemes have been developed to deal with technical issues for migrating applications and synchronizing data between execution environments. The communication issues are also addressed in the virtualization execution environment with probabilistic communication Quality-of-Service (QoS) technique to support timely application migration.     

Cloud refactoring: automated transitioning to cloud-based services

Using cloud-based services can improve the performance, reliability, and scalability of a software application. However, transitioning an application to use cloud-based services is difficult, costly, and error-prone. The required re-engineering effort includes migrating to the cloud the functionality to be accessed as remote cloud-based services and re-targeting the client code accordingly. In addition, the client must be able to detect and handle the faults raised in the process of invoking the services. As a means of streamlining this transitioning, we developed a set of refactoring techniques—automated, IDE-assisted program transformations that eliminate the need to change programs by hand. In particular, we show how a programmer can extract services, add fault tolerance functionality, and adapt client code to invoke cloud services via refactorings integrated with a modern IDE. As a validation, we have applied our approach to automatically transform two third-party Java applications to use cloud-based services. We have also applied our approach to re-engineer a suite of services operated by General Electric to use cloud-based resources to better satisfy the GE business requirements.     

基于访问控制安全高效的多用户外包图像检索方案

由于公有云不是可信的实体,通过公有云提供图像检索服务时,它可能会窃取图像数据的敏感信息。近年来,密文图像检索方法被提出,用于保护图像隐私。然而,传统的隐私保护图像检索方案搜索效率较低,且无法支持多用户场景。因此,提出一种基于访问控制安全高效的多用户外包图像检索方案。该方案采用一次一密和矩阵变换方法,实现基于欧几里得距离（简称欧氏距离）相似性的密文图像检索,并利用矩阵分解和代理重加密,实现多用户外包图像检索。采用局部敏感哈希算法构建索引,提高密文图像检索效率。特别地,提出一种基于角色多项式函数的轻量级访问控制策略,该策略能够灵活设定图像访问权限,防止恶意用户窃取隐私信息。安全性分析论证了所提方案能够保护图像和查询请求的机密性;实验结果表明所提方案能够达到高效的图像检索。     

A semi-supervised privacy-preserving clustering algorithm for healthcare

With the proliferation of healthcare data, the cloud mining technology for E-health services and applications has become a hot research topic. While on the other hand, these rapidly evolving cloud mining technologies and their deployment in healthcare systems also pose potential threats to patient’s data privacy. In order to solve the privacy problem in the cloud mining technique, this paper proposes a semi-supervised privacy-preserving clustering algorithm. By employing a small amount of supervised information, the method first learns a Large Margin Nearest Cluster metric using convex optimization. Then according to the trained metric, the method imposes multiplicative perturbation on the original data, which can change the distribution shape of the original data and thus protect the privacy information as well as ensuring high data usability. The experimental results on the brain fiber dataset provided by the 2009 PBC demonstrated that the proposed method could not only protect data privacy towards secure attacks, but improve the clustering purity.     

A Proposed Biometric Authentication Model to Improve Cloud Systems Security

Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password. Unfortunately, this approach has many security problems because personal data can be stolen or recognized by hackers. This paper aims to present a cloud-based biometric authentication model (CBioAM) for improving and securing cloud services. The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system (CBioAS), where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’ information. The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy, sensitivity, and specificity. The research study introduces a novel algorithm called “Bio_Authen_as_a_Service” for implementing and evaluating the proposed model. The proposed system performs the biometric authentication process securely and preserves the privacy of user information. The experimental result was highly promising for securing cloud services using the proposed model. The experiments showed encouraging results with a performance average of 93.94%, an accuracy average of 96.15%, a sensitivity average of 87.69%, and a specificity average of 97.99%.     

Linking building data in the cloud: Integrating cross-domain building data using linked data

Within the operational phase buildings are now producing more data than ever before, from energy usage, utility information, occupancy patterns, weather data, etc. In order to manage a building holistically it is important to use knowledge from across these information sources. However, many barriers exist to their interoperability and there is little interaction between these islands of information.As part of moving building data to the cloud there is a critical need to reflect on the design of cloud-based data services and how they are designed from an interoperability perspective. If new cloud data services are designed in the same manner as traditional building management systems they will suffer from the data interoperability problems.Linked data technology leverages the existing open protocols and W3C standards of the Web architecture for sharing structured data on the web. In this paper we propose the use of linked data as an enabling technology for cloud-based building data services. The objective of linking building data in the cloud is to create an integrated well-connected graph of relevant information for managing a building. This paper describes the fundamentals of the approach and demonstrates the concept within a Small Medium sized Enterprise (SME) with an owner-occupied office building.