Introduction
The term cloud computing generally is a description of a model or mechanism under establishment for the purpose of facilitation of an easier mechanism of accessing resources by use of a sharing mechanism. The resources referenced in this case refer to attributes such as storage systems, networks, presence of services as well as servers. These resources under provision ensure for ease of transmission of data as well as the minimization in the running costs or management and maintenance of these resources. It is imperative for one to remember that these systems ensure that there is less utilization of funds in the purchasing of some of these resources under which initial costs and running costs would be too high. Even with the presence of such systems with regard to cloud computing, the major issue often discussed and worrying the involved personages are those relating to privacy, security and the absence of attacks on the user’s data (Sen, 2013). The internet technologists and gurus are continuously trying to upgrade the cloud computing systems so as to ensure that there is a mitigation of the problems associated with security breaches as well as hacking through the virtual storage mechanisms (Sen, 2013). The cloud computing models under which the systems operate are divided into groups where the administration as well as monitoring is evaluated. The first of the methods resides from the phenomenon that the systems are subject to becoming privately controlled in nature. The management of the system in this case is dependent on an external group and sometimes is a third party. The other mechanism/model of handling of cloud computing services is the public computing structure. The system is free for people to use and is often sold on sites such as Amazon. The other platform under which cloud computing systems are offered to the users is the community system of cloud computing. Under this system, several organizations come together in a bid to utilize the same resources. These groups of organizations and corporations often have a common agenda with regard to same type of policies.
The utilization of cloud computing by all of these fundamental groups poses a threat of data attacks and is highly prone to hacking by persons with malicious intentions. It hence becomes imperative for the paper to give an insight into the general working structure of the systems as well as a comprehensive analysis of the type of attacks, the mitigation strategies as well as the established recommendations in dealing with the vice.
Purpose, Aims and Target Deliverables
a. Purpose
It is the sole purpose of the research project to give an analysis into the working mechanisms of cloud computing as well as the types of attacks to be expected or currently incorporated by the individuals with malicious intent. The intent of attacks may solely be due to rivalry as a result of competition among major corporations. It may also be due to personal differences among the personalities at the helm of the executive board, with reference to the chief executive officer and former employees. However, among the core reason for the increment in the attacks is due to the mentality of the personages in trying to reveal that they are able to hack a major entity, this is regarding to the hackers and other IT experts. Other personages do it for the money, so as to get compensated in terms of remunerations, and ransoms from the business conglomerates facing the attacks.
b. Aims
The aims of the research are such that they will be able to give a documentation of the following key issues:
- To give an analysis and evaluation of the evolution and the relevance of cloud computing in the recent years as well as its current position in the contemporary world.
- To determine the best techniques involved in the securing of networks as well as protection of servers.
- To give recommendations on the actions to be taken to personalities and individuals caught in the process of conducting hacking as well as defrauding money from competent organizations.
- To give a recommendation of the best stratagems to be incorporated and the interrelationship between governmental structures and the corporations using cloud computing in countries all over the world in the minimization of the attacks.
c. Target Deliverables
The whole research project is supposed to take a total of 13 weeks. It is from this context that one ought to ensure that there is incorporation of the best strategies and tasks to be completed at specific time frames for the proper comprehension of the research and fathoming of the components of the overall project.
First is that there will be a subdivision of the deliverables in terms of two time frames. The deliverables under requirement for the first phase are subject to be under completion by the end of seven weeks while the last phase will be delivered by the end of six weeks to make a total of thirteen weeks.
Target Deliverables – Part 1
1- Literature Review on Cloud Computing Attacks
It is imperative to conduct a literature review analysis on the type of cloud computing attacks as well as definition of the attacks to be conducted as part of the research, and the remittal of an interim report on the subject matter.
The main topics relevant in the literature review involve the following:
- Denial of Service type of Attacks with regard to DOS attacks
- Cloud Malware Injection analysis type of attacks
- An insight into Attacks that are on the Basis of Close Proximity
- Attacks as a Result of Interference from an Adversary in the Middle
A Critical Evaluation of the Structure and Factors Determining the Occurrence of Cloud Wars
The above gives information on the relationship between the presences of conditions highly favorable for the occurrence of cloud attacks. For instance, the reason behind why the attacks normally focus their strength on the degeneration and the utmost exhausting of the resources in cloud computing (Luo et al. 2011). An analysis of the type of resources under which are subject to depletion with regard to both the attacker and the user are also documented.
Target Deliverables – Part 2
2. An insight into the Attack Taxonomy Relevant in Cloud Computing
- The Service to User type of taxonomical evaluation
- The Users or clientele to the Services rendered is also analyzed.
- The Cloud system to the type of Services offered
- The Services to Cloud system of stratification is subject to consideration
- The Cloud to the clientele analysis of the type of grouping of the attacks.
- The Users or clientele to the form of Cloud Computing is also subject to analysis by the research.
An Evaluation into the Surfaces Prone to Attacks with reference to Cloud Computing
Structure
The above will give an insight into the type of instance and environment under which the attacks are prone to occurrence. For instance, it will provide an emphasis on the reasons why the user is the first recipient of attacks from the services rendered by cloud computing endeavors.
Significance of the Research
Cloud computing is almost a new phenomenon under which the conduction of computing services takes place. It is under this platform that businesses thrive as well as institutions such as learning centers with respect to universities and other research centers put to maximal use their resources with the aim of minimization of losses from the purchasing of their own resources (Luo et al. 2011) The significance of the project in terms of analyzing the security concerns in place in the use of shared resources is key to put under evaluation as it shows the intensity of the attacks present in the modern society (Sen, 2013).
Project Approach
1. Literature Review
The key step of the carrying out of the research is the literature review. Under this platform the key sources of data and information on cloud computing and the data attacks present is carried out. The specific environments favoring the spread of the vice as well as the type of attacks present are normally conducted (Luo et al. 2011). An exploration of the various databases that are to provide the information on the type of data which give comprehensive knowledge base on the data attacks is subject to scrutiny.
2. Project Execution Stratagems
An analysis into the Denial of Service type of Attacks with regard to DOS attacks
According to the information present as a result of conduction of statistics of the type of attacks with regard to cloud computing, the DoS occur due to the high number of users engaged to the use of the internet utilizing the same network (Chonka et al. 2011) Now the large number of users sending numerous numbers of instructions will be noticeable by the cloud operating system. Hence the system will react according to the number of instructions sent by the users and will adjust to increase its power. The increment in its power refers to submitting of a higher number of resources with regard to service delivery as well as the number of machines which are virtual in nature to deal with the increase load of work from the users. It is from this perspective that the cloud computing operating system becomes overworked and therefore becomes prone to attacks from the side channel systems. Therefore, an in-depth analysis of the above phenomenon is subject to be analyzed by the paper in the most comprehensive manner to ensure clarity and efficacy of the research.
A Study into Cloud Malware Injection analysis type of Attacks
The research aims for the provision of a more detailed study into the above phenomenon in that the injection of malware into the cloud operating system is dynamic in nature as it involves a certain procedure for its efficacy in its working mechanism. First is the incorporation of a virtual machine into the working mechanism of the cloud service. The injection of the malware could be targeted for the performance of any particular service under which the individual with the malicious intent aims at accomplishing. First is that in this system the individual with the malicious intentions will aim for the creation of an individual implementation module which is service oriented (SaaS) or any other type of instance (Kepes, 2011). The trick is to ensure the cloud treats the new malware as a legit instance which is valid in nature and its execution will lead to a myriad of outcomes. Details into the recommendations for the prevention of such occurrences will be subject to provision by the research.
An Insight into Attacks on the Basis of Close Proximity
The adversary of an institution or organization and hence aiming to conduct activities that are malicious in nature could conduct such attacks on the organization by placing a machine in a close location to the cloud server. The machine is designed in such a way as to pose a threat to the cloud server by the action of the personage hurling attacks that are due to close proximity and are aimed at the servers. Now these occurrences are largely present in majority of the organizations with an intention of targeting the algorithms that are cryptographic in nature (Lombardi and Di Pietro, 2011). It is from this perspective that a study into the legitimate users that utilizes the cryptographic mechanisms and actually pays for the services rendered is imperative for the creation of mechanisms of curbing side channel attacks.
An Evaluation of Authentication Oriented Attacks
Authentication is a term with reference to some of the fissure points which are hosted by the cloud systems. It is mostly targeted by the personalities with malicious intents with regard to cloud computing kind of attacks. There are many mechanisms which can be adopted with the aim of the authentication of the personages utilizing the system. It may be on the basis of the information under which the user knows or the description of the user or the material possessions of the clientele. The conduction of attacks based on this perspective are highly dependent on this phenomenon with regard to the securing of the process as well as the mechanism involved in the authentication stratagems, as they form the most targets of most adversaries (Kepes, 2011). The research aims to bring to attention the structure of the SaaS as well as the IaaS into the minimization as well as the curtailing of such attacks in future.
An Evaluation of Attacks on the Basis of an Adversary being in the Middle
The above forms the basis of most attacks as the personalities with the adversary traits places themselves in the middle of two personages utilizing the system with regard to the users. Now there is a high probability of an attacker in the middle of two users to launch attacks by the ability to gain access to the information between the two parties and/or change the contents of the information between them.
Project Management Approach
The project is bound to take place within a period of not less than 13 weeks. First and foremost is the analysis into the literature review as well as the authentication by the remittal of the type of the project as well as the feasibility of the project to the supervisor. Such is will be undertaken in the first seven weeks. It comprises of analysis of the DoS attacks which will take place in week 1. In week 2 will be the analysis and collection of information of Cloud Malware injection. In the third week will involve activities involving analysis of Side Channel Attacks. The fourth week will involve a detailed analysis into Man in the Middle Attacks. The fifth to seven weeks will involve the analysis of the factors determining cloud wars while obtaining relevant data into the above phenomenon.
The 8th to 12th week will involve the second phase of the project which involves an insight into the taxonomical evaluation of Cloud computing. It involves details into Service to User attacks in week 8, user to services in week 9. In the 9th and 10th week will involve an in depth analysis into the cloud to the type of services rendered by the project. Others include cloud to clientele analysis, and users to clientele analysis to be conducted in the 11th week. Finally, the evaluation of surfaces prone to attacks as well as completion of the research will be subject to completion in the last two weeks with respect to the 12th and 13th week respectively.
Project Plan
A Table Showing the Tasks and the Time Frames as Depicted in the Project Plan
Risks
The table presented in this slide are the possible risks to the current project, their descriptions, likelihood levels, and possible actions.
| Risks | Descriptions | Likelihood | Impacts | Possible Actions |
| Time elapsing | The intended period for which the collection of data and analysis should be done may not be met as intended. | Medium | High | Ensure that I adhere to the time plan especially concerning data collection. |
| Limited access to databases | I may be facing difficulties getting access to various search databases that publish information about cloud computing and related data attacks.
| High | High | Get access through library databases and where possible use the open-access journal for scholarly authenticity. |
| Poor data sources | It is possible to face challenges in gathering enough and relevant information concerning data attacks on cloud computing.
| Low | High | Expand the search terms to capture a broad range of possibilities and publication period. period. |
| Supervisor unavailability | The appointed academic supervisor may not be available when needed due to various reasons. | Low | Low | Plan and communicate often with the supervisor to ensure reschedules are planned before hand. |
Conclusion
The conduction of the research project into the structure of attacks and details into the minimization of such in future is mandatory as it forms the very essence of the utilization of cloud computing. It will be useful to organizations performing research activities, as well as all stakeholders conducting the research.
References
A., Xiang, Y., Zhou, W., & Bonti, A. (2011). Cloud security defense to protect cloud computing against HTTP-DoS and XML-DoS attacks. Journal of Network and Computer Applications, 34(4), 1097-1107.
Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009). Cloud computing: Distributed internet computing for IT and scientific research. IEEE Internet computing, 13(5), 10-13.
Kepes, B. (2011). Understanding the cloud computing stack: Saas, paas, iaas. Diversity Limited
1-17.
Kulkarni, G., Gambhir, J., Patil, T., & Dongare, A. (2012, June). A security aspects in cloud computing. In 2012 IEEE International Conference on Computer Science and Automation Engineering (pp. 547-550). IEEE.
Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud computing. Journal of Network and Computer Applications, 34(4), 1113-1122.
Luo, J. Z., Jin, J. H., Song, A. B., & Dong, F. (2011). Cloud computing: architecture and key technologies. Journal of China Institute of Communications, 32(7), 3-21.
Samba, A. (2012). Logical data models for cloud computing architectures. IT Professional Magazine, 14(1), 19.
Sen, J. (2013). Security and privacy issues in cloud computing. Architectures and Protocols for Secure Information Technology Infrastructures, 1-45.
Appendix
Feedback from project presentation on Week 3, and how that makes improvement in my project.
| Critique from | Feedback | Improvement |
| The Supervisor | The Idea of the project not clear | Define specific idea of the project |
| The Supervisor | Motivation and significance of the project should be more clear | significance of the project is completely changed |
| The Supervisor | Deliverables should be more clear | Explain the project plan and develop the scope. |
