Inlämning av Examensarbete / Submission of Thesis

Matthias Aifuobhokhan Okonoboh; Sudhakar Tekkali MCS-2011-201, pp. 64. COM/School of Computing, 2011.

The work

Författare / Author: Matthias Aifuobhokhan Okonoboh, Sudhakar Tekkali,
Titel / Title: Real-Time Software Vulnerabilities in Cloud Computing: Challenges and Mitigation Techniques
Abstrakt Abstract:

Context: Cloud computing is rapidly emerging in the area of distributed computing. In the meantime, many organizations also attributed the technology to be associated with several business risks which are yet to be resolved. These challenges include lack of adequate security, privacy and legal issues, resource allocation, control over data, system integrity, risk assessment, software vulnerabilities and so on which all have compromising effect in cloud environment. Organizations based their worried on how to develop adequate mitigation strategies for effective control measures and to balancing common expectation between cloud providers and cloud users. However, many researches tend to focus on cloud computing adoption and implementation and with less attention to vulnerabilities and attacks in cloud computing. This paper gives an overview of common challenges and mitigation techniques or practices, describes general security issues and identifies future requirements for security research in cloud computing, given the current trend and industrial practices.
Objectives: We identified common challenges and linked them with some compromising attributes in cloud as well as mitigation techniques and their impacts in cloud practices applicable in cloud computing. We also identified frameworks we consider relevant for identifying threats due to vulnerabilities based on information from the reviewed literatures and findings.
Methods: We conducted a systematic literature review (SLR) specifically to identify empirical studies focus on challenges and mitigation techniques and to identify mitigation practices in addressing software vulnerabilities and attacks in cloud computing. Studies were selected based on the inclusion/exclusion criteria we defined in the SLR process. We search through four databases which include IEEE Xplore, ACM Digital Library, SpringerLinks and SciencDirect. We limited our search to papers published from 2001 to 2010. In additional, we then used the collected data and knowledge from finding after the SLR, to design a questionnaire which was used to conduct industrial survey which also identifies cloud computing challenges and mitigation practices persistent in industry settings.
Results: Based on the SLR a total of 27 challenges and 20 mitigation techniques were identified. We further identified 7 frameworks we considered relevant for mitigating the prevalence real-time software vulnerabilities and attacks in the cloud. The identified challenges and mitigation practices were linked to compromised cloud attributes and the way mitigations practices affects cloud computing, respectively. Furthermore, 5 and 3 additional challenges and suggested mitigation practices were identified in the survey.
Conclusion: This study has identified common challenges and mitigation techniques, as well as frameworks practices relevant for mitigating real-time software vulnerabilities and attacks in cloud computing. We cannot make claim on exhaustive identification of challenges and mitigation practices associated with cloud computing. We acknowledge the fact that our findings might not be sufficient to generalize the effect of the different service models which include SaaS, IaaS and PaaS, and also true for the different deployment models such as private, public, community and hybrid. However, this study we assist both cloud provider and cloud customers on the security, privacy, integrity and other related issues and useful in the part of identifying further research area that can help in enhancing security, privacy, resource allocation and maintain integrity in the cloud environment.

Ämnesord / Subject: Datavetenskap - Computer Science\Distributed Computing
Datavetenskap - Computer Science\Software Engineering
Datavetenskap - Computer Science\Computersystems
Nyckelord / Keywords: Cloud Computing, Software Vulnerability, System Integrity, Distributed Systems

Publication info

Dokument id / Document id: houn-8lub3e
Program:/ Programme Datavetenskapligt program/Computer Science
Masterprogram i Software engineering 120 p/Master´s program in Software engineering 120 p
Registreringsdatum / Date of registration: 09/19/2011
Uppsatstyp / Type of thesis: Masterarbete/Master's Thesis (120 credits)


Handledare / Supervisor: Prof. Lars Lundberg
Examinator / Examiner: Prof Lars Lundberg
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: COM/School of Computing

+46 455 38 50 00
Anmärkningar / Comments:

Kungsmarksvagen 67
SE-371 44 Karlskrona

Tel: 0737159290

Files & Access

Bifogad uppsats fil(er) / Files attached: bth2011okonoboh.pdf (1085 kB, öppnas i nytt fönster)