Towards Achieving Data Security With The Cloud Computing Adoption Framework

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation

information: DOI 10.1109/TSC.2015.2491281, IEEE Transactions on Services Computing
IEEE TRAN SACTION S, m anu scrip t ID
Towards achieving Data Security with the

Cloud Computing Adoption Framework
Victor Chang, Muthu Ramachandran, Member, IEEE
Abstract Offering real-time data security for petabytes of data is important for Cloud Computing. A recent survey on cloud
security states that the security of users data has the highest priority as well as concern. We believe this can only be able to
achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework
known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper
explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design
based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center
has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process
Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen
security performances before actual implementation. Results show that the time to take control of security breach can take
between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125
hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers
of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To
validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000
trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds
and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can
decrease for continuous injection of viruses and trojans, 97.43% of them can be quarantined. Our CCAF multi-layered security
has an average of 20% better performance than the single-layered approach which could only block 7,438 viruses and trojans.
CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.
Index Terms Cloud Computing Adoption Framework (CCAF),security framework, Business Process Modeling Notation
(BPMN), Data security in the Data Center, multi-layered security protection.
1 Introduction
LOUD Com pu ting and its ad option has been a topic

of d iscu ssion in the past few years. It has been an
agend a for organizational ad option d u e to benefits in
cost-savings, im provem ent in w ork efficiencies, bu siness
agility and qu ality of services [1-2]. With the rap id rise in
Clou d Com pu ting, softw are as a service (SaaS) is p articu larly in d em and , since it offers services that su it u sers
need . For exam ple, H ealth inform atics can help m ed ical
researchers d iagnose challenging d iseases and cancers [3].
Financial analytics can ensu re accu rate and fast sim u lations to be available for investors [4]. Ed u cation as a Service im proves the qu ality of ed u cation and d elivery [5].
Mobile app lications allow u sers to play online gam es and
easy-to-u se ap plications to interact w ith their peers.
While m ore people and organizations u se the Clou d services, secu rity and privacy becom e im portant to ensu re
that all the d ata they u se and share are w ell protected .
Som e researchers assert that secu rity shou ld be im plem ented before the u se of any Clou d services in place [68]. This m akes a challenging ad option scenario for organizations since secu rity shou ld be enforced and im plem ented in parallel w ith any services. Althou gh organiz ations that ad opt Clou d Com pu ting acknow led ge benefits
offered by Clou d services, challenges su ch as secu rity and
privacy rem ain a scru tiny for organizational ad option.
While overseeing the im portance of secu rity, the softw are
engineering and d evelopm ent process shou ld alw ays d esign, im plem ent and test secu rity featu res.
The d ata centers have encou ntered challenges of rapid
increase in the d ata [9-11]. For exam ple, in a d ata center
that the lead au thor u sed to w ork w ith, d aily increase of
100 terabytes of d ata w as com m on. If the organization has
encou ntered a rapid rise of d ata grow th and is u nable to
resp ond qu ickly and efficiently, problem s su ch as d ata
traffic, d ata secu rity and service level agreem ent issu es
V ictor Chang works for School of Computing, Creative Technologies and
Engineering, Leeds Beckett University, Headinely campus, Leeds LS6 3QR, can happen [6, 11]. In this paper, w e focu s on the d ata
UK. He is affiliated with Electronics and Computer Science, University of secu rity w hile experiencing a large increase of d ata,
Southampton, Southampton SO17 1BJ, UK. E-mail:
w eather they are from the external sou rces su ch as attack
V .I.Chang@leedsbeckett.ac.uk (corresponding author).
M uthu Ramachandran is with School of Computing, Creative Technologies of viru ses or trojans; or they from the internal sou rces if
and Engineering, Leeds Beckett University, Headinely campus, Leeds LS6 u sers or clients accu m u late hu nd red s of terabytes of d ata
3QR, UK. E-mail: M .Ramachandran @leedsbeckett.ac.uk
per d ay. This is a research challenge for d ata secu rity
w hich is essential for the better m anagem ent of the d ata
Please note that all acknowledgments should be placed at the center to hand le a rap id increase in the d ata.
end of the paper, before the bibliography (not e t hat correAp art from the d ata center secu rity m anagem ent for
sponding aut horship is not not ed in affiliat ion box, but
in acknow ledgment sect ion).
1939-1374 (c) 2015 IEEE. Personal

use is permitted, but republication/redistribution
requires IEEE permission. See
xxxx-xxxx/0x/$xx.00 200x IEEE
Published by the IEEE Computer Society
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation
IEEE TRAN SACTION S, m anu scrip t id
rapid grow th in d ata, the softw are engineering process

shou ld be robu st enou gh to w ithstand attacks and u na u thorized access. The entire process can be fu rther consolid ated w ith the d evelopm ent of a fram ew ork to tighten u p
the technical d esign and im plem entations, governance
and policies associated w ith good practices. This m ot ivates u s to d evelop a fram ew ork, Clou d Com pu ting
Ad option Fram ew ork (CCAF), to help org anizations su ccessfu lly ad opt and d eliver any Clou d services and pr ojects. In this paper, w e d em onstrate ou r secu rity d esign,
im plem entation and solu tion for CCAF. We u se penetr ation testing and related experim ents to valid ate its r obu stness and m easu re p recision, recall and F-m easu re to
ju stify ad vantages over other approaches. The breakd ow n
of this p aper is as follow s. Section 1.1, 1.2 and 1.3 present
literatu re related to Clou d application secu rity. Section 2
presents secu rity overview u nd er CCAF. Section 3 d escribes CCAF secu rity in d etails, inclu d ing the cod e, m u lti-layered ap proach and com ponent for each layer. Section 4 explains how to protect d ata secu rity and p red icts
likely consequ ences by u sing Bu siness Process Mod eling
N otation (BPMN ) sim u lations. Section 5 u ses penetration
testing against the CCAF m u lti-layered secu rity and
com pares w ith other sim ilar approaches. Section 6 presents Conclu sion.
1.1 Cloud applications security

literature and overview
We review a few selected literatu res that are relevant for
Clou d ap plication secu rity d escribed as follow s. Existing
literatu re [7-9, 11-12] d efine clou d ap plication service secu rity as threats, vu lnerabilities and p rotection of clou d
operational services and softw are as a service ap plications Liu et al [7] has proposed an agent-oriented m od eling fram ew ork for analyzing secu rity requ irem ents.
H ow ever, it is perceived as yet another m od eling la ngu age than secu rity requ irem ents captu ring fram ew ork.
Mather et al [8] provid es a d etailed d efinition and d escription on variou s clou d secu rity and p rivacy issu es.
H ow ever, there is no clear fram ew ork to follow from secu rity requ irem ents. Cebu la and You ng [12] fu rther classify clou d ap plications secu rity engineering and its im plem entation into tw o m ajor grou ps: soft w are acquisit ion securit y (w hich inclu d es the secu rity specifications in
all p rocesses to bu y, rent, or interchange softw are to u se
in an enterprise) and sy st ems & soft w are dev elopment
securit y (w hich inclu d e the secu rity specifications in all
processes to d evelop inform ation system s). H ow ever,
there is no clear fram ew ork to be ad opted to classify secu rity requ irem ents and then to feed tow ard s im plem ent ation. A fram ew ork w ith a holistic ap proach of offering an
integrated solu tion and m u lti-layered secu rity is requ ired .
1.2 Data security for the private clouds

hosted in the Data Center
As d iscu ssed in the introd u ction, the rapid d ata grow th
poses challenges for d ata secu rity for the private clou d s
hosted in the d ata center. Literatu res for d ifferent secu rity
solu tions are as follow s. Zhang et al [11] provid e review
of the Clou d Com pu ting and explain the research cha l-
lenges associated w ith secu rity. H ow ever, they only pr ovid e an overview of im portant secu rity challenges bu t d o
not provid e a fu ll d etailed solu tion on Clou d secu rity. Liu
et al [7] explain their softw are secu rity analysis w ith their
rationale and an exam p le. H ow ever, there is a lack of d etails abou t the softw are d esign and im plem entation pr ocess involved , and em pirical resu lts to evalu ate its perform ance and effectiveness of their proposed solu tion,
w hich looks like the com bination of UML and w orkflow s.
Yu et al [13] and Wang et al [14] propose their finegrained secu rity m od el for Clou d storage. Both are sim ilar, except that p rop osal from Yu et al [14] are m ore in
d etails and they explain theories and u sers associated
w ith their proof-of-concept. H ow ever, both proposals [13,
14] d o not have any experim ents, sim u lation and em pir ical d ata to prove the effectiveness and robu stness of their
fine-grained secu rity m od el. Thu s, both proposals d o not
ad d ress in-d epth d ata secu rity issu es, w hen the rapid
grow th of d ata is a challenge for the Data Center.
There are com m on observations in the secu rity pr oposed m ethod s: Each p aper [7-8, 10, 12, 14] only proposes
a single solu tion. In the event of frau d , cyber crim inal
activities and u nau thorized hack, the secu rity solu tion is
insu fficient to protect the d ata secu rity and the d ata center if only a single solu tion is ad opted . H ence, a better
alternative is requ ired . We proposed the m u lti-layered
secu rity to integrate secu rity techniqu es to illu strate the
essence and effectiveness of the fram ew ork w ith a d vantages of d oing so. First, the strength of each techniqu e
is enhanced . Second , since each techniqu e can not alw ays
fu lly prevent hacking or provid e a fu ll solu tion w ithou t
fallacy, the m u lti-layered secu rity can im prove the extent
of secu rity since it is m ore d ifficu lt for viru ses and trojans
to break d ifferent types of secu rity in one go. The aim is
to m axim ize secu rity p rotection and red u ce the threats.
To d em onstrate the d ata secu rity of the private clou d s
hosted in the d ata center, w e prop ose the u se of ethical
hacking to d em onstrate w hether ou r CCAF m u lti-layered
secu rity can w ithstand a large am ou nt of viru ses and trojans attacks, if the rapid d ata increase is from the external
m aliciou s hacking. We w ill provid e d etailed process and
resu lts in Section 5.
2 Security overview under cloud

computing adoption
framework (CCAF)
The cu rrent challenges facing clou d com m u nity on cloud
secu rity is enorm ou s. Therefore, w e need a clear fram ew ork, w hich provid es an integrated ap proach to stu d y
clou d service perform ances before the im plem entation,
the one that su p ports clear im plem entation of clou d secu rity attribu tes at the im plem entation level, and the one
that can be ad opted by both clou d u sers and clou d pr ovid ers. The u se of the fram ew ork is a su itable ap proach
illu strated by Zhang et al. [15], w ho propose a u ser-based
secu rity fram ew ork for collaborative com pu ting system s.
They explain their rationale, backgrou nd , core technologies, u sage scenarios, experim ents, resu lts and their interpretations. Their ap proach is heavily focu sed on the
1939-1374 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
Chang and Ram achand ran: Tow ard s achieving Clou d Data Secu rity w ith the Clou d Com p u t ing Ad op tion
Fram ew ork
3
u se of XML to transfer and interpret d ata throu gh their
secu rity m echanism . The u se of the fram ew ork is an su itable app roach provid ed w ith carefu l and clear explan ations. We have proposed ou r ow n fram ew ork, Clou d
Com pu ting Ad option Fram ew ork (CCAF), to ad d ress the
secu rity challenge.
The CCAF is a com prehensive m od el for ad opting and
ap plying clou d secu rity principles system atically. The
ou tcom e of each activity is show n insid e the p arenthesis.
These best practice techniqu es w ill keep grow as the
fram ew ork has been in variou s ap plications. It is a co nceptu al fram ew ork like ITIL version 3 to gu id e organizations for the best practices. Ad d itionally, su ch a fram ew ork can integrate w ith Clou d Com pu ting services to
provid e ad d ed valu es for ad opting organizations [16]. It
is also an architectu re fram ew ork focu sed on the d elivery
of a secu rity service, in the form of d eveloping a m u ltilayered secu rity for d ata centers. Zhang et al. (2008) explain their rationale, backgrou nd , core technologies, u sage scenarios, experim ents, resu lts and their interpret ations. Their app roach is heavily focu sed on the u se of
XML to transfer and interpret d ata throu gh their secu rity
m echanism . Fram ew ork is an ap propriate m ethod provid ed w ith carefu l and clear explanations. This section
presents the backgrou nd w ork and overview for ou r pr oposed Clou d Com pu ting Ad option Fram ew ork (CCAF).
2.1 Overview
We generalize the areas for secu rity overview . The follow ing are categories of CCAF secu rity aim s to cover:
Ap plication softw are secu rity w hich d eals w ith
how w e can bu ild system s that can au tom atically
protect them selves.
N etw ork (LAN , MAN , GAN ), w ireless netw ork secu rity and platform secu rity inclu d e Operating
System s, Virtu alization and system s softw are.
Convergence netw ork secu rity w here converging,
m u lti-netw ork m ed ia infrastru ctu res, social netw orks and technologies, w hich is one of the em erging areas of research.
Service-oriented secu rity w here issu es related to
system services su ch as d enial of service attacks,
d istribu ted d enial of services, and w eb services.
Clou d secu rity d eals w ith services secu rity, d at a
secu rity and privacy so that services d elivered and
assets are protected .
Open-sou rce softw are secu rity inclu d es issu es su ch
as tru st, certification and qu alification m od els.
Softw are com p onents and architectu re, secu rity
w hich d eals w ith bu ild ing com pon ents and architectu res w ith secu rity can be u sed as plu g-ins.
Web services secu rity is essential to ensu re secu re
services are d elivered w ith integrity.
System s & Softw are secu rity engineering d eals
w ith bu ild ing secu rity in CCAF right from r equ irem ents. This is also consid ered d eveloping
softw are applications w ith CCAF.
Recom m end ations from McGraw [17] provid e a com prehensive fram ew ork for system s engineering m ethod s
and concepts. H ow ever, it d oes not offer a com plete solu -
tion for Clou d Com pu ting. This m otivates u s to have a

com prehensive d esign, im plem entation and service for
Clou d secu rity u nd er the CCAF recom m end ation. CCAF
is a fram ew ork for organizations that w e have previou sly
d em onstrated how CCAF can be offered in healthcare
[18], finance [19] and other types of bu sinesses. It is ou r
goal to provid e gu id elines and recom m end ation for secu rity and privacy. Com pu ter secu rity has been classified
into a nu m ber of general concepts and processes su ch as
id entification, w hich id entifies objects, fu nctions, and actions, au thentication, au thorization, privacy, integrity and
d u rability. We have so far w ell established basic secu rity
featu res w ith id entification, au thentication, au thorization,
d igital secu rity encryption and d ecryption techniqu es.
Key featu res w ith their explanations are as follow s.
Identification is a basic and first process of establishing
and d istingu ishing am ongst person/ u ser & ad m in id s, a
program / p rocess/ another com pu ter id s, and d ata connections and com m u nications. Often w e u se alphanu m erical string as u ser id entification key and som e m ay u se
you r em ail as the u ser id entification key and this can be
checked against w hen a u ser login into the system . A u thentication and au thorization are tw o d istinct form s of
access controls to access any inform ation in the system .
Privacy is the key to m aintaining the su ccess of clou d
com pu ting and its im pact on sharing inform ation for social netw orking and team w ork on a specific p roject. This
can be m aintained by allow ing u sers to choose w hen and
w hat they w ish to share in ad d ition to allow ing encry p tion and d ecryption facilities w hen they need to protect
specific inform ation/ d ata/ m ed ia content.
Integrity is the basic featu re of hu m an being as a process
of m aintaining consistency of actions, com m u nications,
valu es, m ethod s, m easu res, principles, expectations, and
ou tcom es. Ethical valu es are im portant for clou d service
provid ers to protect integrity of clou d u sers d ata w ith
honesty, tru thfu lness and accu racy at all tim e. In clou d
com pu ting term s, w e can achieve integrity by m aintaining regu lar red u nd ancy checks and d igital certification in
ad d ition to other basic secu rity featu res of m aintaining
id entification, au thentication, and au thorization.
D urability is also know n as, persistency of u ser actions
and services in u se shou ld inclu d e sessions and m u ltiple
sessions.
2.2 CCAF Security Design

This section d escribes the system d esign requ ired by
CCAF. Captu ring and id entifying requ irem ents for secu rity explicitly is one of challenges in Clou d secu rity for
SaaS, w hich has an im pact on the fu nctionality of the sy stem . Therefore, w e need to be able specify secu rity r equ irem ents explicitly throu ghou t the secu rity -specific lifecycle phases as p art of achieving CCAF (secu rity r equ irem ents, d esign for secu rity, secu rity testing and secu rability testing). Tond el et al. [20] has provid ed an extensive su rvey on secu rity requ irem ents m ethod s w hich
help to id entify secu rity requ irem ents system atically and
stru ctu re them . For exam p le, Mead [21] for the SEIs
(softw are Engineering Institu te) has id entified a m ethod
know n as SQUARE (Secu re Qu ality Requ irem ents Eng ineering) w hich has been extend ed SysSQUARE (System s
Engineering SQUARE) tow ard s system s secu rity eng ineering m ethod . Ou r extend ed m ethod consists of ten
steps as follow :
Agree on definition to d efine a set of acronym s,
d efinitions, and d om ain -specific know led ge need s
to be agreed by stakehold ers. This w ill help id ent ify and valid ate secu rity-specific requ irem ents
clearly by stakehold ers.
Identify security goals to clearly d efine w hat is
expected of the system w ith respect to secu rity of
bu siness d rivers, p olicies and proced u res.
D evelop artefacts to d evelop scenarios, for exam ples, m isu se cases and tem p lates for specifications
and form s.
Perform risk assessments to cond u ct risk analysis
for all secu rity goals id entified , cond u ct threat
analysis.
Select an elicitation technique to inclu d e system atic id entification and analysis of secu rity requ ir em ents from stakehold ers in the form s of interviews,
business process modeling and simulations, prototypes,
discussion and focus groups. As p art of this phase,
one shou ld id entify level of secu rity, cost-benefits
analysis, organizational cu ltu re, stru ctu re and
style.
Elicit security requirements to inclu d e activities
su ch as prod u cing secu rity requ irem ents d ocu m ent based secu rity specific principle stru ctu re as
part of ou r goal of d eveloping CCAF earlier, risk
assessm ent resu lts, and techniqu es id entifies for
analysis su ch as business process modeling and simulations, threat modeling, and misuse cases, etc.
Categorize security requirements to inclu d e activities that (1) classify and categorize secu rity requ irem ents based on com pany-specific requ irem ents specification tem plates and (2) u se ou r recom m end ed secu rity principles as this w ill help
System s Engineers to ap ply CCAF and (3) track secu rity-specific requ irem ents to valid ate & verify at
all stages of the system s engineering life-cycle.
Identify systems data security requirements to
inclu d e activities on extracting and carefu lly id entifying d ata secu rity and relevant su b-system s
su ch as d ata centers, servers, clou d VMs, and
softw are secu rity, SQL secu rity, and other types of
secu rity that are relevant to the d ata. This separ ation of concerns allow s system s engineers to integrate, track, d esign, and d evelop d ata secu rity as
part of enterprise w id e system s d evelopm ent.
Prioritize security requirements to inclu d e activities of selecting and p rioritizing secu rity requ ir em ents based on bu siness goals as w ell as costbenefit analysis.
Inspect security requirements to cond u ct requ irem ents valid ation process u sing requ irem ents
inspection and review m eetings.
To achieve an integrated secu rity for the iterated requ irem ents, one can select keyw ord s as objects a nd com ponents. System and softw are com ponents shou ld contain a CCAF m u lti-layered secu rity and each layer has its
ow n secu rity focu s. Details w ill be presented in Section 3
and 5.
Most of the secu rity attribu tes and principles id entified
earlier are clearly applicable to d eveloping clou d services
w ith a system s engineering focu s. H ow ever, there are

som e clou d -specific secu rity related issu es su ch as secu rity in virtu alization and server environm ents. Clou d secu rity attribu tes can be fou nd in m any-fold as show n in
Figu re 1. Althou gh there are m any attribu tes available,
they can be fu rther categorized as follow s:
Confidentiality, Privacy and Trust These are w ell
know n basic attribu tes of d igital secu rity su ch as au thentication and au thorization of inform ation as w ell protecting privacy and tru st.
Cloud services security This inclu d es secu rity on all its
services su ch as SaaS, PaaS, and IaaS. This is the key area
of attention need ed for achieving clou d secu rity.
D ata security This category is again param ou nt to su staining clou d technology. This inclu d es protecting and
recovering planning for clou d d ata and service centers. It
is also im portant to secu re d ata in transactions.
Physical protection of cloud assets This category belongs to protecting clou d centers and its assets.
The above clou d secu rity attribu tes/ characteristics are
essential and u sefu l to u nd erstand non -fu nctional aspects
of services d evelopm ent an d service provision. These attribu tes are also u sefu l for bu ild ing CCAF and m aintaining secu rity.
Figu re 1: CCAF Clou d Secu rity Attribu tes serving for
the com m u nity
2.3 CCAF Data security

Data secu rity ad d ress m ost of the clou d com pu ting secu -
rity challenges either you consid er architectu ral and technological concerns nor process and regu latory secu rity
challenges; all of them com es d ow n to d ata in m any
form s su ch as inform ation (d eals w ith id entity m ana gem ent), d ata in transition and transaction, d ata in m od ification, privacy of u ser d ata, and d ata at rest on servers
and storages. H ow ever, the selections of a nu m ber of recom m end ations [7-9; 20-24] have id entified abou t eight
key d ata secu rity issu es that are:
Data tam pering d eals w ith issu es of u nau thorized
m od ification to a transaction. For exam ple, if you
ad d 100 tim es to a sim ple transaction of / $1000.00
this equ als to / $100K. Oracle [22] presents that
80% of secu rity breaches are cau sed by insid er attacks than any other form s of secu rity attacks.
Eavesd ropping and Data Theft d eal w ith stealing
Fram ew ork
5
critical personal d ata (personal and financial inform ation su ch as cred it card ) d u ring d ata tran sm ission. N etw ork and p acket sniffers can be u sed
to steal su ch inform ation.
Falsifying User Id entities d eals w ith id entity theft
by gaining access to d ata and can also threaten d igital signatu res w ith non -repu d iation attacks
Passw ord -related threats d eals w ith stealing and
cracking passw ord s.
Au thorized access to tables, colu m ns, and row s
d eals w ith secu rity at the d atabase level.
Lack of accou ntability d eals w ith system ad m inistrators for m onitoring and protecting d ata access
and u ser accou nt m anagem ent.
Com plex User Managem ent Requ irem ents d eal
w ith u ser accou nt m an agem ent strategies.
Mu lti-tier System s d eal w ith provid ing access to
other services and ap plication layers.
Scaling the secu rity ad m inistration of m u ltiple Sy stem s poses extra com plexity of m anaging clou d secu rity as it d eals w ith provid ing m u ltiple accesses
to m u ltiple applications.
3 CCAF data security in details

This section d escribes d ifferent types of system d evelop m ent and process d evelop m ent for CCAF. The content
inclu d es the cod e syntax to proceed w ith the CCAF secu rity, the architectu re and the proposal of the m u ltilayered secu rity.
3.1 CCAF Security Schema by XACML

This section describes the software scheme required by
CCAF. Extensible Access Control Markup Language
(XACML) is the language that can define the rule, permission, function and interactions in the use of SaaS and
Cloud security. A proposed XACML section type, Rescue,
is described here as an example. Rescue is used to block
virus, trojans and attacks such as denials of services and
unauthorized access. In the event of hacking, all the files
are backed up and retrieved from secure ports such as 22
for secure FTP and 443 for secure HTTPS. Instead of displaying IP addresses in the traditional method, the IP
addresses in all virtual machines are assigned at runtime.
There is an OVF ID that handles processing of the DR
request. The syntax is ovf:id =rescue presented in Table
1. All the OVF IDs can be mapped to the required IP addresses when a VM is deployed. This allows Rescue to
describe not just a single VM behavior, but expected
communications and actions between VMs required for
rescued actions. Another feature in Table 1 shows
ovf:required=true, which means Rescue action is on.
What triggers Rescue is when the security software detects activities from unknown IPs in the list of unknown
hosts to ensure Rescue can protect all the users in realtime.
Table 1: The CCAF Security Software Schema
<ns: Rescue ovf:required =true xsi:type="ovf:Rescue_Type">
3.2 CCAF multi-layered security

CCAF secu rity softw are im p lem entation is d em onstrated
by its m u lti-layers of secu rity m echanism to m axim ize
protection. It also ensu res red u ction in the infections by
trojans, viru s, w orm s and u nau thorized access and d enial
of service attacks. Each layer has its ow n protection and is
in charge of one or m u ltiple d u ties in the protection, pr eventive m easu rem ent and qu arantine action presented in
Figu re 2.
Encryption
Figu re 2: The CCAF m u lti-layered secu rity in a nu t shell

All the featu res in CCAF mu lti-layered inclu d e access
control, intru sion d etection system (IDS) and intru sion
prevention system (IPS), this fine-grained secu rity
fram ew ork introd u ced fine-grained perim eter d efense.
The layer d escription is as follow s.
The first layer of d efense is Access Control and
firew all to allow restricted m em bers to access.
The second layer consists of the ID S and IPS. The
aim is to d etect attack, intru sion and penetration,
and also provid e u p -to-d ate technologies to prevent attacks su ch as DoS, anti-sp oofing, port scanning, know n vu lnerabilities, pattern -based attacks,
<Info> Rescued actions for SaaS security </ Info>

<Rule>
param eter tam pering, cross site scripting, SQL injection and cookie poisoning. The id entity m anagem ent is enforced to ensu re that right level of a ccess is only granted to the right person.
The third layer, being an innovative ap proach, Encryption, enforces top d ow n policy based secu rity
m anagem ent; integrity m anagem ent. This featu re
m onitors and provid es early w arning as soon as
the behavior of the m u lti-layered entity starts to
behave abnorm ally; and end -to-end continu ou s assu rance w hich inclu d es the investigation and r em ed iation after an abnorm ality is d etected .
Althou gh Yu et al. [13] have illu strated a sim ilar exam ple, their prop osal is focu sed on theoretical concepts
rather than services on offer and im plem entation. They
focu s on access control and d o not have a com prehensive
ap proach in p rovid ing m u lti-layered secu rity. The d etails
in each layer of secu rity are presented as follow s.
CCAF Server
Three roles are offered by the server. First, it can au thenticate u sers d u ring the storage/ retrieval phase. Second , it
can access control. Third , it can encrypt/ d ecrypt d ata
betw een u sers and their clou d . The d ata can be fu rther
encrypted to prevent d ictionary attacks before being fo rw ard ed to the m etad ata m anager (MM). Blocks are d ecrypted and the server verifies the signatu re of each block
w ith the u sers pu blic key d u ring the retrieval phase.
While typing these three lines, an encrypted key -string

is generated to protect the d ata from p otential m aliciou s
hack. The key-string m ay look like this:
Security Manager (SM)

Secu rity Manager (SM) stores m etad ata w hich inclu d e
block signatu res, encrypted keys and process id entity
m anagem ent check. While SM checks and verifies the
right id entity, the CCAF secu rity proceed s to convergent
encryption, w hich serves as the third layer of secu rity. SM
has a link list and a sm all d atabase, w here the link list is
as follow s.
Each nod e in the linked list represents a d ata block. The
id entifier of each nod e is obtained by hashing the encrypted d ata block received from the server.
A link betw een tw o nod es, for exam ple, nod es A and B,
correspond s to the file id entifier and the encryption of the
key to d ecrypt the d ata block B.
SM can check w hether a u ser is au thorized to retrieve a
file that he/ she has requ ested . This offers an ad d itional
access control. Ad d itionally, SM can com m u nicate w ith
the clou d service provid er (SP) to store and retrieve d ata
blocks.
B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624
3.5 Layer 3: Convergent Encryption
3.3 Layer 1: Firewall

This section d escribes the intru sion p rotection u sed in
CCAF to ensu re that all d ata is safegu ard ed all the tim es.
The Intru sion Prevention System (IPS) is u sed w ith the
core syntax inclu d es:
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
key-string
7E0764BF 3E53053E
Once the key generation is d one, the IPS configu ration

can be saved . Sim ilar to Rescu e XML tag in Section 3.1,
the next step is to create a ru le for IPS, follow ed by co nfigu ring IPS signatu re storage location. The final step inclu d es IPS event notification. Their respective step s are
presented as follow s.
ip ips name <rule name> < optional ACL>
router#configure terminal
router(config)# ip ips name iosips
ip ips config location flash:<directory name>
router(config)#ip ips config location flash:ips
ip ips notify sdee
router(config)#ip ips notify sdee
3.4 Layer 2: Identity Management

The id entity m anagem ent is d ivid ed into three roles: u sers, CCAF server and the secu rity m anager as follow s.
Users
Users can encrypt each key from his block and his ow n
key. They can split files into blocks, encrypt them w ith
the key, follow ed by signing the resu lting encrypted
blocks and creating the storage requ est. For each file, this
key w ill be u sed to d ecrypt and rebu ild the original file
d u ring the retrieval phase. The u ser also u ses single sign on to access each block w ith a com p act signatu re schem e.
After the id entity m anagem ent phase, all d ata has to u nd ergo the secu rity test offered by Convergent encryption
(CoE), w hich u ses the hash of plaintext to w ork ou t the
encryption key (K). H ere is a sam ple exam ple to illu strate
how it w orks. Ad am obtains the encryption key from his
m essage M su ch that K = H (M), w here H is a crypt ograp hic hash fu nction; he u ses this key to encrypt his
m essage, hence: CoE = E(K, M)= E(H (M);M), w here E is a
block cipher. By applying this techniqu e, tw o d ifferent
u sers w ith tw o id entical plaintexts w ill obtain tw o id ent ical ciphertexts since the encryption key is the sam e. This
allow s the clou d storage p rovid er to perform efficient
storage (su ch as d ed u plication, w hich m eans the sam e file
is only stored and archived at one place w ithou t d u p lication) on su ch ciphertexts w ithou t having any know led ge
on the original plain -texts. We then illu strate to encryp t
the ciphertexts w ith other encryption algorithm u sing the
sam e keying m aterial for all inpu t to prevent attacks
against. The benefit is that the d ed u plication requ irem ent
can be com p atible w ith CoE.
3.6 The core code to deploy security

This section explains the core cod e to proceed w ith m u ltilayered secu rity to check the statu s of the CCAF secu rity
and introd u ces the state of 0 and 1. The statu s 0 m eans all
activities and all files are m anageable and cannot be fu lly
controlled . The analogy is like hu m an bod ies: w hile there
are also bad / cancerou s cells, the percentage is so tiny that
Fram ew ork
7
they are controlled . Bu t u ntil to a certain statu s trigger the
bod y im m u nity, bad / cancerou s cells cannot be controlled . To offset his, ou r hu m an bod y triggers the alarm
for bod y d efense. Sim ilar to ou r secu rity d esign , statu s=1
m eans that an alarm is triggered and the rem ed y action
begins. The system m anager can also m anu ally trigger it
if the d ata center is u nd er the threat before the system
d etection tu rns positive.
Table 2: The cod e syntax for CCAF secu rity
While trigger(status(job)) d o
check(status(job)); / / to check the status is 0 or 1
if (security == 1)
firew all(status(job));
id entity(status(job));
encryption(status(job));
else
action((status(job));
quarantine(status(job));
report(status(job)); / / report the system ; d o not stop CCAF
end ;
end ;
If secu rity is equ al to 1, w hich m eans the CCAF secu rity process is kicked off as show n in Table 2. If secu rity
is equ al 0, it m eans the CCAF recognizes there is a low
risk and threat. The term statu s(job) m eans that the
CCAF secu rity is offering real-tim e protection and actions
for qu arantine. All these CCAF com m and s enable the
fu nctioning of m u lti-layered secu rity. Explanations of
other parts of the secu rity process are as follow s.
trigger(statu s(job)) is to enable the triggering of
the contingency action . It is the first step to trigger a list of actions for m aintaining system and
d ata secu rity.
check(statu s(job) is to check the statu s of secu rity is 0 or 1. The statu s 0 is the controlled statu s
and statu s of 1 is the triggered statu s d u e to secu rity breach or threats.
firew all(statu s(job)) is to enable firew all on.
id entity(statu s(job)) is to enable id entity m anagem ent to be active.
encryption(statu s(job)) is to enable encryption
on. By d efau lt, the first three are on.
qu arantine((statu s(job)) is w hen the CCAF sy stem find s the Trojans or viru ses, it begins the isolate trojans and viru ses and attem pt to kill them
or retain them to be com pletely isolated .
action((statu s(job)) is to m anu ally m ake the
above com m and s.
report (statu s(job)) is to report to the system at

once after action((statu s(job)) or qu arantine((statu s(job)) are d one.
3.7 Isolation and quarantine if trojans

and viruses are detected
This section d escribes the actions taken if trojans and v iru ses are fou nd . All m aliciou s files and signatu res are
first isolated . The strong isolation and integrity m anag em ent is u sed to protect u ser safety w hile u sing the CCAF
secu rity service. Strong isolation is requ ired w hile d etecting vu lnerabilities in any of the clou d services, inclu d ing
the block of u nau thorized IPs and attack points/ ports.

While these m aliciou s files and u nau thorized access a ttem pts hap pen, qu arantine is the next step to ensu re the
safety and secu rity. It first backu ps the d ata safely and
then attem pts to qu arantine infected d ata. If a qu arant ine
action is u nsu ccessfu l, the files can be kept u nd er qu a rantine area, or chosen to be d eleted . In the qu arantine
area, the infected files are locked u p u ntil fu rther notice.
3.8 The integrated solution checking

all the files and data on one go
Descriptions in Section 3 present how to d eal w ith m aliciou s files and u nau thorized access in each layer of CCAF
secu rity. Ou r CCAF prop osal can also illu strate the int egrated approach w hich checks all layers in one go. This is
an im portant step d u e to the follow ing reasons. First, the
insid er threat is an issu e if the leaving em ployees or
som eone w ith a good know led ge of the secu rity system
can find w ays to sneak throu gh the secu rity check [25].
Second , each layer has its ow n gatekeeper for secu rity.
There is a possibility that w ell-w ritten m aliciou s cod e,
either d isgu ised as safe files or d isgu ised as p art of the
system files, can im p ose a secu rity risk if there is no final
check of the entire system . Third , often the Data Center
Clou d system s serve hu nd red s and thou sand s of u sers
and have a large nu m ber and volu m e of d ata possibly at
petabytes. The secu rity system need s to check all the st atu s of the d ata and check that w hether the real-tim e secu rity can be offered for Data services if that inclu d es
petabytes of d ata, and w hen the d ata is in u se. In other
w ord s, w e need an intelligent w ay to find ou t how to
m anage su ch a hu ge am ou nt of d ata has been in u sed and
in client-server requ ests at all tim es. More d etails w ill be
presented in the follow ing section.
4 The integrated solution of data

security simulated by business
process modeling notation
(BPMN)
This section d escribes the integrated solu tion of d ata secu rity w hich can be achieved by the sim u lations offered
by Bu siness Process Mod eling N otation (BPMN ) w hich
can sim u late the execu tion tim e of protecting and secu ring petabytes of d ata in the d ata center. BPM (Bu siness
Process Mod eling) is a p rocess of id entifying a nu m ber of
bu siness processes that w ill have an im pact on stakehold ers and to the system . BPMN is a tool-ind epend ent grap hical process d efinition langu age to stu d y perform ance
evalu ation of the system , clarify requ irem ents specification (su ch as u se cases), and is execu table. IBM [26] reports on saying BPM allow s u s to focu s on ou r m ost crit ical bu siness priorities first. This section of the paper is
d evoted to eleven habits for highly su ccessfu l BPM p r ogram s w ith em phasis on cond u cting a com plete BPM and
the team . BPMN allow s bu siness process to be m od eled
visu ally, sim u lated , optim ized for efficiency (tim e & cost),
optim ized for bu siness KPIs (key perform ance Ind icators), and qu antified for KPI m easu rable p aram eters su ch
as secu rity im provem ent [27]. KPIs are the key to achiev-
ing bu siness im p rovem ent for su stainability and perform ance evalu ation. Most of the existing w ork in this area
[27-29] has largely focu sed on perform ance evalu ation of
core bu siness p rocess only. This w ork has ap plied to
stu d y the perform ance of clou d d ata secu rity p rocess.
H ence, w e have d eveloped a nu m ber of key clou d secu r ity process that is critical for clou d d ata. Figu re 2 proposes
a good principle for the clou d architectu ral d esign pr ocess w hich is also based on som e of the key stakeho ld ers/ concepts to consid er d u ring architectu ral d esign:
Clients w ho are potential clou d cu stom ers as

w ell as clou d ad m inistrators
Clou d Provid ers
Clou d Managem ent Team
Data Centers/ Secu rity Pool
Intru sion Rejection Process

The Client of Clou d Com p u ting contains a com pu ter
softw are or/ and a com pu ter hard w are w hich d epend ents
on clou d com pu ting architectu re to su pport the application d eliveries, or w hich d esigned specifically for clou d
service d eliveries.
A Client of Clou d Com pu ting Architectu r e is an interface of com m on clou d u ser throu gh the w eb brow sers or
thin term inals. Clou d p rovid er is the one w ho offers the
Clou d Service Delivery Mod els to Client throu gh the internet. Accord ing to ou r proposed system the client ju st
send s a requ est to the clou d then the rem aining process is
taking care of clou d service provid er w ho consists of
Clou d Managem ent Team s, Data Centers/ Secu rity pools
and the Intru sion Detection Mechanism s. Figu re 3 and
Figu re 4 represent the BPMN process of Data Requ est
flow from Client to Clou d .
Figu re 3: Data Requ est Bu siness Process Mod el for Clou d

Secu rity
4.1 The steps involved with the

simulated BPMN process
In ord er to u nd erstand how the BPMN process w orks and
can offer the overall contribu tions to the integrated solu tion, this section p resents the steps involved in the sim u lated BPMN process. Sim u lating a p rocess allow s u s to
stu d y its behavior for external events/ triggers in that
process. Process sim u lation has been su ccessfu l in several
ap plications from low -end to high-end system s. Therefore, sim u lating a BPMN m od el help s u s to stu d y bu siness behaviors/ perform ance for variou s expected and
u nexpected scenarios. The BPMN sim u lation process consists of a nu m ber of cyclic phases (See Figu re A in Ap pend ix). BPMN starts w ith an actor called Client w ith a
sm all circle notation w hich send s a m essage to a process
(Data Requ est w ith rou nd ed squ are) w hich task has been
d evoted to take action based the requ est and therefore
send a m essage to the clou d (finishing circle). The second
phase is to annotate each elem ent in the process and

third ly to create tasks, assign sim u lation variables (d ifferent types of requ ests both valid and invalid ) to p rocess
and tasks in that process. Finally, create m essages b etw een elem ents in the process and ru n a nu m ber of sim u lations. Figu re 4 show s ou r m u lti-layered secu rity
d em onstrated by ou r CCAF solu tion, w hich inclu d es the
u se of firew all, id entity m anagem ent and encryption. This
can be sim u lated by the BPMN follow ing gu id elines.
Figu re 4: Ou r m u lti-layered secu rity solu tion

Data centers are the essential asset of Clou d Com p u ting corp orations and private clou d d eploym ent, these all
connect to all ap plications, storage services and servers.
The bu siness relies on the clou d d ata centers su p ports the
bu siness valu es and operations and d rive m axim u m efficiencies. The d ata centers are playing key roles that need
to be m anaged and planned very carefu lly to m eet ap plications and the u sers grow ing perform ance requ ir em ents/ d em and s. The d ata centers architectu res propose
technologies, practices and p rod u cts w hich help d ata centers engineers and m anagem ent team w ho is responsible
to answ er the bu siness goal requ irem ents. Accord ing to
ou r CCAF fram ew ork, any clou d d ata access service can
follow the bu siness p rocess step s d escribed in Figu re 4,
w hich inclu d e ou r m u lti-layer secu rity protocol (Enterprise
Firew all,
Id entity
Managem ent,
Encry ption/ Decryption, and Clou d d ata secu rity Process Co ntrols). The Clou d d ata secu rity Process Controls are fu rther refined d ata secu rity processes as show n in Figu re 5,
w hich is the BPM m od el for d ifferent states of m od els for
d ata secu rity. The d ata centers can u se this m od el to
stu d y the perform ances of selected clou d d ata architectu re. This process starts w ith a d ata statu s d ecision (d iam ond sym bol) p asses that d ata based on that d ecision to
any one of the paths of the clou d storage processes (d ata
at rest, d ata in u se, and d ata in change/ transition). This in
tu rn passed on to a d ata secu rity pool w hich is a sep arate
lane w ith d ed icated secu rity processes (su ch as d ata secu rity area and d ata center u pd ate) to stu d y secu rity controls in place before it end s.
Figu re 5 is the BPM m od el for d ifferent states of m o d els for d ata secu rity. The d ata centers can u se this m od el
to stu d y the perform ances of selected clou d d ata architectu re. This process starts w ith a d ata statu s d ecision (d iam ond sym bol) p asses that d ata based on that d ecision to
any one of the paths of the clou d storage processes (d ata
at rest, d ata in u se, and d ata in change/ transition). This in
tu rn passed on to a d ata secu rity pool w hich is a sep arate
lane w ith d ed icated secu rity processes (su ch as d ata secu rity area and d ata center u pd ate) to stu d y secu rity controls in place before it end s.
Fram ew ork
9
Figu re 5: BPMN m od el for three types of clou d d ata secu rity

Intru sion Detection: The intru sion d etection section is
u sed to intim ate the clou d m anagem ent team , d ata centers and also its secu rity p ools abou t the intru sions by
raising the alarm s. The d angers w hich w ill hap pen by the
intru sions are scalable (in the scale of 1-5; 1 is an ignorable d anger and 5 is the m ost d anger). In this bu siness process and by the ord ers of the m anagem ent team the rejection and w arning m essages/ e-m ails w ill be com posed to
send the client. The Figu re 5 show s the BPMN m od el for
sim u lation of Intru sion Detection/ Rejection Process
w hich can be u sed to stu d y the perform ances of the pr oposed clou d architectu ral d esign.
The u se of BPMN can sim u late the d aily operations in
the d ata centers, w hich contain u p t o 10 petabytes (PB) of
d ata. Figu re 5 also show s the BPMN m od el for d ifferent
states of m od els for d ata secu rity. The d ata center can u se
this m od el to stu d y the perform ances of selected clou d
d ata architectu re. This process starts w ith a d ata statu s
d ecision (d iam ond sym bol) passes that d ata based on that
d ecision to any one of the paths of the clou d storage pr ocesses (d ata at rest, d ata in u se, and d ata in
change/ transition). This in tu rn passed on to a d ata secu rity pool w hich is a separate lane w ith d ed icated secu rity
processes (su ch as d ata secu rity area and d ata center u pd ate) to stu d y secu rity controls in place before it end s.
The process starts w ith a possible in tru sion event (this
cou ld be an u nau thorized access to a d ata) w hich triggers
Raise Alarm process to com pose em ail/ m essage to the
clou d d ata ad m inistrator im m ed iately noted as the client
process in this m od el. See Figu re B in the Append ix. The
follow ing section d iscu sses perform ance analysis for each
of those BPM sim u lations.
4.2 BPMN Simulation for petabyte data

security
This section p resents Clou d big d ata secu rity that is associated w ith the integrated solu tion. As explained in
Section 2.3, d ata secu rity for petabytes of d ata is a p riority. In this section, w e p resent a BPMN sim u lations of a
Data Center, w hich is ou r d ata center based at the Un iversity of Lond on Com pu ting Center (ULCC). In ou r pr eviou s p aper, w e d em onstrate that the u se of Clou d bioinform atics and storage services provid e ad d ed valu es and
positive im pacts, and the d ata center of all these services
are located at ULCC [18-19]. Since Clou d secu rity is the
key to bu siness su stainability [1-2, 6, 8], w e shou ld stru ctu re secu rity strategy and operation to ensu re all services
can be d elivered and optim ized . This explains the im portance of u nd ertaking BPMN sim u lations, so that w e
know the execu tion tim e requ ired if the entire d ata at the
ULCC is at rest, or is in fu ll u se, or is involved in the

transfer of d ata across d ifferent netw orks (in m otion), as
presented in Figu re 5. In the im plem entation to resu lt
phase, w e u se BPMN for protecting the d ata against vu lnerabilities and raising alarm in d ata secu rity w hile all 10
PB of d ata in the Clou d has been intensively in u sed .
Figu re 6: Data secu rity Area Peak Access- H igh execu tion tim e w hen d ata in u se
Figu re 7: Raises Alarm

Figu re 6 show s a graph w ith execu tion tim e w hen the
BPMN process raised a secu rity alarm . The execu tion
tim e rose from 0 to three peaks (51, 36 and 30 hou rs) betw een Ju ly 27 and right before Ju ly 30, before falling to 10
hou rs of execu tion tim e right after Ju ly 30, 2013. The increm ent in execu tion tim e w as necessary since BPMN
alarm checked every single file and instance in 10 PB of
d ata in the Clou d . This explained w hy su ch a long execu tion tim e w as requ ired . We plan to d evelop algorithm s or
m ethod s that can optim ize the secu rity perform ance. The
execu tion tim e to ru n each BPMN process only takes 2
second s all the tim es, w hich has a very low execu tion
tim e. This ensu res that fast and efficient BPMB process
can m eet the requ irem ent of bu siness agility.
10
Figu re 9: Execu tion tim e to perform BPMN sim u lations

for Figu res 9-11
Figu re 8: Rejection Message

Figu re 7 show s a graph w ith peak execu tion tim e for
entering the d ata secu rity area of the bu siness process.
Resu lts show that increased stead ily from 0 to 60 hou rs
betw een Ju ly 22 and the m id d le of Ju ly 24, 2013. The execu tion tim e stayed stable at 60 hou rs betw een the m id d le
of Ju ly 24 and beginning of Ju ly 27. Som e execu tion tim e
increased d u e to the increasing d em and s in secu rity. The
im plications of this resu lt show that d ata secu rity instances execu tion tim e can be high w hen d ata w as constantly
in u se. On the other hand , the execu tion tim e w as less
than 2 hou rs if d ata w as not in u se. Figu re 8 show s a perform ance graph for a rejection m essage service w ith peak
execu tion tim es w hen a BPM process has sent a rejection
m essage to allow access to d ata in p rivacy. To protect 10
PB d ata, it can take u p to 125 hou rs.
For p rotecting clou d d ata, w e need to d istingu ish d ifferent states of transitions that can occu r in the clou d .
This w ill allow u s to em ploy ap propriate d ata secu rity
techniqu es. An exam ple m od el for d ifferent classes/ states
for clou d d ata is show n in Figu re 5 and Figu re 9. Ou r n otion of clou d d ata secu rity concept is to Divid e clou d
d ata transactions into a few possible w ays:
Data at Rest m eans clou d storage servers and all

types of storage on the clou d .
Data in Change inclu d es all types of d ata creation and m od ification processes, from file creation/ d eletion of fold ers.
4.3 Performances Evaluation and

analysis of results
Section 4.2 p resents BPMN sim u lations w hen all the d ata
are in fu ll u se and capacity w hile they have either encou ntered secu rity breach or have raised secu rity alarm .
The execu tion tim e betw een Figu re 6 and Figu re 8 represent the am ou nt of tim e for the d ata to be fu lly protected
or recovered after the secu rity incid ent.
They d o not represent the execu tion tim e of perfor m ing su ch BPMN sim u lations. This section presents the
resu lts of perform ing BPMN sim u lations in each instance.
There are eight instances altogether and each tim e execution tim e w as taken five tim es to average ou t, w ith the
stand ard d eviation of 3% of all tim e taken. All execu tion
tim e to com plete BPMN sim u lations for Figu res 9-11 need
betw een 1.92 and 2 second s as show n in Figu re 9. Resu lts
show that BPMN sim u lations su pp ort high -perform ance
in Clou d Com pu ting.
BPMN execution time to compute Figure 9, 10 and 11
2
1.98
Execution time (sec)
1.96
1.94
1.92
1.9
1.88
1.86
BPMN
execution
time to
compute
Figure 10,
11 and 12
Apart from su pp orting high -perform ance featu re in

Clou d Com pu ting d iscu ssed in the earlier part of this
section, this paper has introd u ced CCAF m u lti-layered
secu rity inclu d ing their com ponents and technical d etails.
This ensu res ou r w ork has m ad e theory into practice and
u se m u lti-layered secu rity to illu strate how to transform
the conceptu al fram ew ork into a real-life d eploym ent
u sed in Clou d secu rity. Sim ilarly, the u se of BPMN is
u sed to sim u late the fu ll d ata secu rity of the Data Center.
Resu lts presented in Section 4.2 show that it takes b etw een 50 and 125 hou rs for protecting d ata and raise
alarm in real-tim e w hen d ata is in u se. There is a gap tim e
betw een 50 and 125 hou rs w hich leaves vu lnerabilities to
the d ata center w ith 10 petabytes of d ata in place. The u se
of CCAF m u lti-layered secu rity provid es ad d itional protection to the d ata and ensu res that all d ata can be safegu ard ed before the all 10 p etabytes are fu lly optim ized
for services. We propose that the CCAF m u lti-layered
secu rity is the solu tion to this situ ation. In ord er to
d em onstrate the ad vantages of ad opting CCAF m u ltilayered secu rity, w e have u nd ertaken penetration tests to
see how m any viru ses and trojans are trap ped or cleaned ,
and the percentage of su ccessfu l blocked rate.
5 The experiments of
penetration testing for
ethical hacking
To d em onstrate w hether the ULCC can w ithstand the
rapid d ata grow th d u e to the viru ses and trojans, ethical
hacking is an appropriate w ay to test the system perform ance [30-31]. Ethical hacking inclu d es w ays to penetrate
into the secu rity system in the aw areness of the host. The
environm ent for the ethical hacking w as as follow s. One
hu nd red of virtu al m achines (VMs) w ere set u p and each
one had the CCAF m u lti-layered secu rity tu rning on. An
ethical hacking firm (w hich d id not w ant its nam e r evealed ) took p art in this test and provid ed 10,000 know n
viru ses and trojans d etected betw een 2010 and 2012 in the
internet secu rity breach and each of these viru ses/ trojans
had their fix patches or repairs by the m ost-u p-to-d ate
secu rity com pany. The objective is to test how m any v iru ses and trojans that CCAF m u lti-layered secu rity can
block and qu arantine. Another one hu nd red VMs have
the Mcafee antiviru s (a w ork partner) tu rning on to test
the perform ance. This section presents the penetration
testing and ou tcom es of the test to su pp ort that the m u ltilayered secu rity can perform better for, filter ou t m aliciou s attacks. To d o this test, 10,000 know n trojans and
viru ses are injected into the CCAF m u lti-layered secu rity
w ith the follow ing nu m bers record ed :
The nu m ber of viru ses and trojans d etected and
blocked by each layer.
The total nu m bers of viru ses and trojans d etected
Chang and Ram achand ran: Tow ard s Clou d Data Secu rity p rop osed and d em onstrated by Clou d Com p u ting
Ad op tion Fram ew ork
11
and blocked the system .
The nu m ber of viru ses and trojans d etected bu t
u nable to be blocked and sent to qu arantine.
In the qu arantine, the nu m ber of viru ses and tr ojans that can be d estroyed .
In the qu arantine, the nu m ber of viru ses and tr ojans that cannot be d estroyed .
Tw o types of experim ents w ere u nd ertaken. The first
one w as focu sed on penetration tests involved w ith injecting 10,000 viru ses and trojans in one go. The second one
w as focu sed on continu ou s penetration test, su ch as injecting 10,000 sam e viru ses and trojans every five hou rs to
test that the entire d ata center is u nd er the secu rity threat
as presented by BPMN sim u lations in Section 4.
Third , Bu siness Process Efficiency (BPMN e, %) =

(PTe*Total N u m ber of BPMN Process/ Total N o. of
Penetration Test H ou rs)*100%
5.1 Results of penetration tests

Figu re 10 show s the resu lts of penetration tests. 5,423 v iru ses and Trojans have been d etected and blocked by the
firew all. Another 3,742 viru ses and trojans have been d etected and blocked by id entity m anagem ent and intru sion
prevention system s. 842 trojans and viru ses are then d etected and blocked by the encryption. All the blocked
viru ses and trojans can be d estroyed in second s. Am ongst
all these figu res, there are rem aining 81 viru ses and tr ojans sent to qu arantine w hen they cannot be d estroyed
d irectly. 79 of them can be d estroyed by the qu arantine.
The rem aining 2 viru ses and trojans are u nable to be d estroyed bu t can be isolated ind epend ently. In other
w ord s, 10,000 trojans and viru ses d o not d am age any of
10 petabytes of d ata in the ULCC Data Center.
No. of viruses & trojans detected and blocked by each layer
Layer of FGSM
Firewall
No. of
viruses &
trojans
detected and
trapped by
each layer
Indentity
= ( /) x 100%
(3)
Based on form u la (1) to (2), the total nu m ber of viru ses

and trojans is 1,000 and the total nu m ber of d etect and
block is 9,919, total nu m ber of d etect, block and kill is
9,998, hence
PTe = (9919/ 10000) x 100% = 99.19%
STe = (9998 / 10000) x 100% = 99.98%
5.2 Results of continuous penetration

tests
Resu lts are presented in percentages rather than the
nu m ber of viru ses and trojans blocked . 10,000 sam e viru ses and trojans are injected every five hou rs to test how
the Data Center can cope w ith the vu lnerabilities in the
m ost cru cial 125 hou rs.
Resu lts in Figu re 11 show the percentage that viru ses and
trojans that have been blocked , w hich d rop ped from
99.19% to 76.00% in 125 hou rs. H ow ever, w e also d efend
that the percentage of qu arantine action is im portant to
protect petabytes of d ata. If the p ercentage of qu arantine
is high, the d ata secu rity can be m aintained . In every 5
hou rs, the percentage of qu arantine w as m easu red . It
started as high as 97.53% and then rem ains fairly constant
(w ithin 2.4% stand ard d eviations) throu ghou t the period
of 125 hou rs. These resu lts su pp ort ou r statem ents that
CCAF m u lti-layered secu rity can protect d ata secu rity.
Experim ents cond u cted in Section 4.1 and the penetration
testing took 125 hou rs each. The percentage of blocking
has d rop ped to 76.00% at the end of 125 hou rs, in this case
BPMN e=(76.00% x 125 / 125) = 76.00%.
percentage of blocking viruses and trojans
120
Encryption
1000
2000
3000
4000
5000
6000
No of viruses and trojans blocked
Figu re 10: Resu lts of penetration tests

Three d ifferent penetration testing m etrics have been pr esented . First, the efficiency of penetration testing is m ea su red based on a nu m ber of key penetration testing m etrics as follow s:
Penetration Test Efficiency (PTe, %) = (N o. of Viru s d etected & blocked (V) + N o. of Trojans d etected & blocked (T)/ Total N u m bers d etected &
blocked (N ) ) x 100%
(
1
1 /
N ) x 100%
(1)
Second , Secu rity Test Efficiency (STe, %) = (N u m ber

of Su rface Attacks Detected , Blocked & Killed
(SAs)/ Total N u m ber of System s Su rfaces Interfaces
(SIs))*100%
= (
0 / 0 ) x 100%
(2)
Percentage of blocking
100
0
80
percentage
of blocking
viruses and
trojans
60
40
20
0
1
9
11 13 15 17 19
Hours (1 unit = 5 hours)
21
23
25
Figu re 11: The percentage that viru ses and trojans that
have been blocked
5.3 Comparison with other approaches

This section d escribes com p arison betw een ou r and other
ap proaches. There are theoretical-based p rop osals by
Goyal et al [32], Yu et al. [13], Wang et al [14] and Zissis
and Lekkas [33] have ad d ressed sim ilar ap proaches w ith
their rationale and theories in place w ithou t perform ing
large scale experim ents to check the robu stness of their
m od els. We com p ared CCAF m u lti-layered secu rity w ith
a single-layered ap proach by perform ing experim ents. As
m entioned in Section 5.1, Mcafee antiviru s w as u sed to
12
com pare perform ance w ith ou r CCAF m u lti-layered secu rity. Mcafee service w as sim ilar to the intru sion d etection
system (IDS) and intru sion p revention system (IPS).
Multi-layered FGSM vs single-layered securtiy
Althou gh their third tool had a precision of 1, its recall

and F-m easu re valu es are 0.019 and 0.037, w hich are extrem ely low . The m etrics is based on ou r penetration testing resu lts and transform them into precision, recall and
F-m easu re. Their d efinitions are as follow s. Precision is
the ratio of correctly d etected vu lnerabilities to the nu m ber of all d etected vu lnerabilities:
Security approach
Single layered
Mcaf ee
(4)
No of
viruses and
trojans killed
or blocked
Multi-layered FGSM
2000
4000
6000
8000
10000
Recall is the ratio of tru e vu lnerabilities d etected to the

nu m ber of know n vu lnerabilities:
12000
No of viruses and trojans killed or blocked
Figu re 12: CCAF m u lti-layered secu rity versu s singlelayered secu rity (eg one Mcafee prod u ct)
10,000 viru ses and trojans provid ed by the ethical
hacking com pany w as u sed and resu lts su ch as the nu m ber of viru ses and trojans killed or isolated w ere recor d ed . Figu re 12 show s the num ber of viru ses and trojans
killed or blocked , w here the CCAF m u lti-layered cou ld
kill/ block 9,917 and the single-layered Mcafee cou ld
kill/ block 7,438. We then reprod u ced the sam e exper im ent show n in Figu re 12 to com pare tw o ap proaches.
The resu lts in Figu re 13 show ed that the CCAF m u ltilayered secu rity has an average of 20% perform ance better than the ad option of a single-layered secu rity (su ch as
Mcafee) throu ghou t the 125 hou rs of experim ents. Resu lts
in ou r em pirical stu d ies confirm that the m u lti-layered
ap proach can provid e a better secu rity service for the d ata
center, particu larly w hen the d ata secu rity is a prim ary
concern for the Clou d ad opters and u sers. H ow ever, only
one Mcafee prod u ct w as u sed for com p arison d u e to the
licensing issu e althou gh m u ltiple Mcafee p rod u cts cou ld
serve like w hat CCAF m u lti-layered secu rity cou ld offer.
Percentage of blocking viruses and trojans (multi-layered versus single-layered)
120
Percentage of blocking
100
80
CCAF
60
Macafee
40
20
0
1
(5)
w here:
Tru e positive (tp) refer to the nu m ber of true
vu lnerabilities d etected ;
False positives (fp) refer to the nu m ber of vu lnerabilities d etected bu t d o not exist.
Tru e vu lnerabilities (tv) refer to the total nu m ber
of vu lnerabilities d etected in penetration tests.
F-m easu re can be presented in term s of precision and
recall as follow s.
F-m easu re
(6)
Services that can generate a high F-m easu re m ean they

are better services [34]. If a service obtains a p recision of
0.8 m eans it can d etect vu lnerability w ith 80%. A recall of
0.9 m eans 90% of the know n vu lnerabilities is d etected .
While u sing form u la (3), F-m easu re is equ al to 0.8471. The
com bination of precision, recall and F-m easu re can d eterm ine the qu ality of the secu rity services. We rep rod u ce
the exp erim ents cond u cted by [34] and then com p are r esu lts of CCAF m u lti-layered secu rity w ith VS1, VS2, VS3
and VS 4 tools d u e to sim ilarities w ith CCAF technologies
except each is single layered secu rity.
Table 3: com parison betw een CCAF and other singlelayered services
Services
Precision
Recall
F-Measu re
CCAF
1
0.9919
0.996
VS1
0.455
0.323
0.378
VS2
0.388
0.241
0.297
VS3
1
0.019
0.037
VS4
0.567
0.241
0.338
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Number of hours (1 unit = 5 hours)
Figu re 13: Percentage of blocking viru ses and trojans for

CCAF m u lti-layered versu s single-layered secu rity
5.4 Metrics, Analysis and comparison

This section p resents the m etrics and its analysis and
com parison w ith other m ethod s based on ou r exper im ental resu lts p articu larly penetration testing. Antu nes
and Vieira [34] u se fou r types of tools for penetration testing, explain the u se of precision, recall and F-m easu re to
ju stify the valid ity of their resu lts. Am ongst all the fou r
tools for penetration testing, all resu lts w ere very low .
Resu lts in Table 3 show that the CCAF m u lti-layered

secu rity can provid e a m u ch better service since all the
tru e vu lnerabilities can be d etected w ith precision as 1.
Since only 5 ou t of 10,000 are m issed , the recall is 0.995,
resu lting in F-m easu re as 0.9975, w hich are above all the
test resu lts.
5.5 How to use CCAF for organizations

CCAF can be u sed on each VM and each server to
check all the incom ing d ata to see w hether they are clean,
qu arantine and free of su spected m aliciou s files. Su spected files w ill be alerted and m oved to the qu arantine sec-
Chang and Ram achand ran: Tow ard s Clou d Data Secu rity p rop osed and d em onstrated by Clou d Com p u ting
Ad op tion Fram ew ork
13
tion read y for fu rther checks. Since experim ents have
been cond u cted over 125 hou rs w ith 99.19% PTe, 99.98%
STe, 100% precision, 99.19% recall and 99.5% F-m easu re,
there is a good reliability. The u se of CCAF m u tli-layered
secu rity can ensu re the high level of protection and safegu ard of d ata secu rity for the organizations.
5.6 Relevance to Big Data

Ou r paper d em onstrates d ata secu rity u sing CCAF m u ltilayered secu rity to illu strate ou r proofs-of-concepts. There
are five characteristics w ith Big Data: volu m e, velocity,
variety, veracity and valu e. Ou r w ork m eets volu m e,
since extensive experim ents and sim u lations had been
perform ed for 10 petabytes of d ata. Ou r w ork also m eets
velocity, since 10,000 viru ses and trojans had been injected into ou r m u lti-layered secu rity to test how ou r p roposed solu tion can hand le a large am ou nt of infected
files. The find ing w as that u p to 125 hou rs w ere requ ired
to gain control and fu ll d ata recovery. Experim ental r esu lts in Section 5 also su p p ort veracity, since m ore than
99% of viru ses and trojans can be blocked and rem oved
u nd er the ethical penetration test.
6 Conclusion and Future Work

Ou r paper has d em onstrated the CCAF m u lti-layered
secu rity for the d ata secu rity in the Data Center u nd er the
proposal and recom m end ation of CCAF gu id elines. We
explained the rationale, overview , com ponents in the
CCAF, w here the d esign w as based on the requ irem ents
and the im plem entation w as illu strated by its m u ltilayered secu rity. We explained how m u lti-layered secu rity w as a su itable m ethod and recom m end ation, since it
offered m u ltiple protection and im provem ent of secu rity
for 10 PB of d ata in the Data Center based at the University of Lond on Com pu ting Center (ULCC). We explained
the technical d etails in each layer of secu rity and p rop ose
an integrated solu tion to check all the d ata w hen d ata is
intensively u sed . We u sed the Bu siness Process Mod eling
N otation (BPMN ) to sim u late the cases of how the d ata
can be u sed , either at rest, in u se, or in m otion. All sim u lations cou ld be com pleted w ithin 2 second s.
Ou r BPMN sim u lation resu lts show ed that it cou ld
take u p to 50 hou rs to p rotect all the 2PB d ata and u p to
125 hou rs to raise an alarm to take control of the situ ation
in the ULCC Data Center. This m eans that an integrated
ap proach w as requ ired to ensu re d ata protection, in case
that the d ata center is u nd er the attack or poten tial threat
from the rapid rise of d ata grow th in the d ata center,
w hich can be d u e to the external intru sion or the internal
rapid consu m ption. We then u sed FGSM for the penetr ation testing. 10,000 viru ses and trojans w ere injected into
Data Center w ith tw o experim ents perform ed . The first
experim ent show ed that firew all, id entity m anagem ent
and encryption cou ld block 5,423, 3,742 and 842 viru ses
and trojans respectively. The rem aining 81 cou ld be either
qu arantined or isolated . The second experim ent show e d
that continu ou s injection of 10,000 viru ses and trojans
cou ld m ake the blocking rate d ecreased from the 99.19%
to 76.00% in 125 hou rs. Despite of this resu lt, the CCAF
m u lti-layered secu rity cou ld qu arantine and isolate

97.53% of viru ses and trojans. Ou r w ork can d em onstrate
that the u se of CCAF m u lti-layered secu rity can p rotect
the d ata center from the rapid d ata grow th d u e to the
secu rity breach, and the u se of BPMN can calcu late how
m u ch tim e requ ired for rescu e action if the d ata secu rity
is com p rom ised . In this w ay, w e can w ork ou t the better
tactics and plans for d ata recovery and secu rity.
In this paper, w e d em onstrated that CCAF m u ltilayered secu rity cou ld p rovid e the ad d itional p rotection
for all 10 PB of d ata in 125 hou rs w hen the Data Center
w as u nd er the secu rity threat and attack. Data secu rity in
the Clou d is an im portant issu e for Clou d ad option. We
d em onstrated that ou r app roach cou ld provid e real-tim e
protection of all the d ata, block the m ajority of threats and
qu arantine the petabyte system s in the Data Center. We
plan to im prove ou r m ethod and cod e in the sim u lation
and choose the right type of algorithm s to im prove the
overall perform ance in execu tion tim e of d ata secu rity
and blocking viru ses/ trojans in real-tim e. We w ill d evelop m ore services and proofs-of-concept in CCAF to im prove the perform ance of BPMN sim u lation and penetr ation testing. Existing stu d ies on clou d secu rity [11, 14, 2024; 28-29, 33] have been focu sed on either id entify m anagem ent, general issu es concerning clou d secu rity, access
control or architectu re layers. Ou r ap proach provid es an
integrated solu tion to clou d secu rity based on a clear
fram ew ork, bu siness process m od eling to stu d y the im pact on the perform ance of a u ser accessed service w hich
is often learned on the fly w hich is costly and a CCAF
three layered m od el.
References
[1]
S., Marston, Z., Li, S., Band yopadhyay, J., Zhang, A., Ghalsasi,
"Cloud com puting The business perspective". Decision Su pport System s, Elsevier, 51(1): pp 176-189, 2011.
[2] M. A., Vouk, "Cloud Com puting Issues, Research and Im plem entations". Journal of Com -puting and Inform ation Technology - CIT 16, page 235246, Volum e 4, 2008.
[3] A. K., Jha, C. M., DesRoches, E. G., Cam pbell, K., Donelan, S. R.,
Rao, T. G., Ferris, & D., Blum enthal. Use of electronic health
record s in US hospitals. N ew England Journal of Med icine,
360(16), 1628-1638, 2009.
[4] H . T., Peng, W. W., H su, C. H ., Chen, F., Lai, J. M. Ho, "Fina ncialCloud: Open Cloud Fram ework of Derivative Pricing. In Social Com puting (SocialCom ), 2013 International Conference on
(pp. 782-789). IEEE, 2013, Septem ber.
[5] M., Mircea, A. I., And reescu, "Using cloud com puting in higher
ed ucation: A strategy to im prove agility in the current financial
crisis". Com m unications of the IBIMA, 2011, 1-15.
[6] M., Arm brust, A., Fox, R., Griffith, A. D., Joseph, R. H ., Katz, A.,
Konw inski, G., Lee, D., Patterson, A., Rabkin, I., Stoica, M.,
Zaharia, "Above the Cloud s: A Berkeley View of Cloud com p uting". Comm unications of the ACM, 53(4), 50-58, 2010.
[7] L., Liu, E., Yu, & J., Mylopoulos, Security and privacy requirem ents analysis w ithin a social setting. In Requirem ents
Engineering Conference, 2003. Proceed ings, 11th IEEE International (pp. 151-161), IEEE, 2003, Septem ber.
[8] T., Mather, S., Kumaraswam y, S. Latif, (2009), Cloud security
and privacy: an enterprise perspective on risks and com pli1939-1374 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
14
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]

ance. ISBN : 978-0-596-80276-9, O'Reilly Med ia, Inc.
d oi:10.3390/ info5020319
M., Pop, S. L., Salzberg, "Bioinform atics challenges of new se- [28] A., Behl., and K., Behl, An analysis of cloud com puting security
quencing technology". Trend s in Genetics, 24(3), 142-149, 2008.
issues, 2012 World Congress on Inform ation and Com m unicaA., Greenberg, A., J., H am ilton, D. A., Maltz, P., Patel, "The cost
tion Technologies (WICT), November, Trivand rum , Ind ia.
of a cloud : research problem s in d ata center networks". ACM
[29] V., Vard harajan, and U. Tupakula, Security as a Service Mod el
SIGCOMM com puter comm unication review , 39(1), 68-73, 2008.
for Cloud Environm ent, IEEE Transactions on N etwork and
Q., Zhang, L., Cheng, R., Boutaba, "Cloud com puting: state-ofService Managem ent 11(1), 60-75, March 2014.
the-art and research challenges". Journal of internet services
[30] M., Bishop, "About penetration testing". Security & Privacy,
and applications, 1(1), 7-18, 2010.
IEEE, 5(6), 84-87, 2007.
J. J. Cebula, L. R. Young, A Taxonom y of Operational Cyber
[31] M. H ., Yang, N ., Chand lrees, B., Lin, H . Y., Chao, "The effect of
Security, Technical Note: CMU/ SEI-2010-TN -028, Software
perceived ethical perform ance of shopping w ebsites on conEngineering Institute, USA, Decem ber 2010.
sum er trust". Journal of Com puter Inform ation System s, 50(1),
S., Yu, C., Wang, K., Ren, W., Lou, "Achieving secure, scalable,
15, 2009.
and fine-grained data access control in cloud com puting". In
[32] V., Goyal, O., Pand ey, A., Sahai, B., Waters, "Attribute-based
IN FOCOM, 2010 Proceed ings IEEE, 1-9, March 2010.
encryption for fine-grained access control of encrypted data". In
G., Wang, Q., Liu, J., Wu, "H ierarchical attribute-based encrypProceed ings of the 13th ACM conference on Com puter and
tion for fine-grained access control in cloud storage services". In
com m unications security, ACM, pp. 89-98, October, 2006.
Proceed ings of the 17th ACM conference on Com puter and
[33] D., Zissis, D., Lekkas, "Ad d ressing cloud com puting security
com m unications security (pp. 735-737), ACM, 2010, October.
issues". Future Generation Com puter System s, 28(3), pp. 583X., Zhang, M., Nakae, M. J., Covington, R., Sandhu, "Toward a
592, 2012.
usage-based security fram ew ork for collaborative com puting
[34] N ., Antunes, N ., & M., Vieira, M. "Assessing and Com paring
system s", ACM Transactions on Inform ation and System SecuVulnerability Detection Tools for Web Services: Benchm arking
rity (TISSEC), 11(1), 3, 2008.
Approach and Exam ples". IEEE Transactions on Services Co m G. McGraw, Softw are security: build ing security in, Ad d ison
puting, 8(2), 269-283, 2015.
Wesley, USA, 2006
Biographies of the authors
P., Brooks, J., Chittend en, "Metrics for Service Managem ent:
Designing for ITIL". Van Haren Publishing, ISBN : 978 90 8753 Dr. Victor Chang is a Senior Lecturer at Leeds Beckett University
6480, 2012.
since September 2012. Within four years, he completed PhD (CS,
V., Chang, R. J. Walters, G. Wills, "Cloud Storage and Bioinfo r- Southampton) and PGCert (Higher Education, Fellow) part-time. He
helps organizations in achieving good Cloud design, deployment and
m atics in a private cloud d eploym ent: Lessons for Data Intenservices. He won a European Award on Cloud Migration in 2011 and
sive research". Springer: CLOSER 2012, CCIS 367, pp. 245264, a best paper in 2012, and numerous awards since 2012. He is one
2013.
of the most active practitioners and researchers in Cloud Computing,
V., Chang, "Business Intelligence as Service in the Cloud ". Big Data and Internet of Things in the UK. He is an Editor-in-Chief of
IJOCI & OJBD journals, Editor of FGCS, founding chair of two interFuture
Generation
Computer
System s,
DOI:
national workshops and founding Conference Chair of IoTBD 2016
http:/ / dx.d oi.org/ 10.1016/ j.future.2013.12.028, 2014.
www.iotbd.org and COMPLEXIS 2016 www.complexis.org.
I. A., Tond el, et al., "Security requirem ents for rest of us: a su rvey". IEEE Software, Special Issue on Security and Agile r e- Dr. Muthu Ramachandran is a Principal Lecturer at Leeds Beckett
University. He has extensive research coupled with teaching experiquirem ent engineering m ethod s, Jan/ Feb, 2008.
ences on software and systems engineering methods & lifecycle,
N .R., Mead , et. al., "Security Quality Requirem ents Engineering
software development, Agile software engineering, project manage(SQUARE) Method ology". Technical Report, CMU/ SEI-2005- ment, process improvement, internet technology, mobile, networks,
SOA, IT systems, Cloud Computing and distributed computing. He
TR-009, 2005.
also co-edited and wrote several books.
Oracle, "Data Security Challenges". Oracle9i security overview
release num ber 2(9.2), accessed on 4th Novem ber,
http:/ / docs.oracle.com/ cd/ B10501_01/ network.920/ a96582/ o
verview .htm , 2012.
V. Kum ar, Sw etha M.S, Muneshw ara M. S., Prof Prakash S
Cloud com pu ting: toward s case stud y of d ata security m ech anism , International Journal of Ad vanced Technology & Eng ineering Research (IJATER), Volum e 2, Issue 4, July 2012.
F., Wen, L., Xiang, The Stud y on Data Security in Cloud
Com puting based on Virtualization , IEEE 2011 International
Sym posium on IT in Med icine and Ed ucation (ITME), 2(1)
Guangzhou , 2011.
B., Schneier, "Beyond fear". N ew York: Copernicus Books,
ISBN: 978-0-387-02620-6, 2003.
IBM, "Eleven habits for highly successful BPMp rogram s".
IBMThought Leadership White Paper, 2010.
G. M., Cim ino and G. Vaglini., An Interval-Valued Approach to
Business Process Sim ulation Based on Genetic Algorithm s and
the
BPMN ,
Inform ation
2014,
5,
319-356;

Towards Achieving Data Security With The Cloud Computing Adoption Framework

Uploaded by

Copyright:

Available Formats

Towards Achieving Data Security With The Cloud Computing Adoption Framework

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Towards Achieving Data Security With The Cloud Computing Adoption Framework

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation

IEEE TRAN SACTION S, m anu scrip t ID

Towards achieving Data Security with the

LOUD Com pu ting and its ad option has been a topic

in acknow ledgment sect ion).

1939-1374 (c) 2015 IEEE. Personal

IEEE TRAN SACTION S, m anu scrip t id

rapid grow th in d ata, the softw are engineering process

1.1 Cloud applications security

1.2 Data security for the private clouds

2 Security overview under cloud

tion for Clou d Com pu ting. This m otivates u s to have a

2.2 CCAF Security Design

IEEE TRAN SACTION S, m anu scrip t id

w ith a system s engineering focu s. H ow ever, there are

2.3 CCAF Data security

3 CCAF data security in details

3.1 CCAF Security Schema by XACML

3.2 CCAF multi-layered security

Figu re 2: The CCAF m u lti-layered secu rity in a nu t shell

<Info> Rescued actions for SaaS security </ Info>

IEEE TRAN SACTION S, m anu scrip t id

While typing these three lines, an encrypted key -string

Security Manager (SM)

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624

3.5 Layer 3: Convergent Encryption

3.3 Layer 1: Firewall

Once the key generation is d one, the IPS configu ration

3.4 Layer 2: Identity Management

3.6 The core code to deploy security

report (statu s(job)) is to report to the system at

3.7 Isolation and quarantine if trojans

the block of u nau thorized IPs and attack points/ ports.

3.8 The integrated solution checking

4 The integrated solution of data

IEEE TRAN SACTION S, m anu scrip t id

Clients w ho are potential clou d cu stom ers as

Clou d Provid ers

Clou d Managem ent Team

Data Centers/ Secu rity Pool

Intru sion Rejection Process

Figu re 3: Data Requ est Bu siness Process Mod el for Clou d

4.1 The steps involved with the

phase is to annotate each elem ent in the process and

Figu re 4: Ou r m u lti-layered secu rity solu tion

Figu re 5: BPMN m od el for three types of clou d d ata secu rity

4.2 BPMN Simulation for petabyte data

ULCC is at rest, or is in fu ll u se, or is involved in the

Figu re 7: Raises Alarm

IEEE TRAN SACTION S, m anu scrip t id

Figu re 9: Execu tion tim e to perform BPMN sim u lations

Figu re 8: Rejection Message

Data at Rest m eans clou d storage servers and all

4.3 Performances Evaluation and

Execution time (sec)

Apart from su pp orting high -perform ance featu re in

Third , Bu siness Process Efficiency (BPMN e, %) =

5.1 Results of penetration tests