Good How Can We Model And Analyse Dynamic Privacy Requirements In Evolving Technological Environments? Thesis Proposal Example
Type of paper: Thesis Proposal
Topic: Security, Cloud, Information, Confidentiality, Computers, Privacy, Telephone, Model
Terms like ‘work from anywhere’, ‘cloud’ and ‘mobile computing’ are no longer technical jargon as now these terms are ubiquitous. Almost everyone in the computing world and even otherwise is aware or probably using these technologies. Most of the users are already using some form of cloud computing, either in the form of emails, or sharing the data or office files and other similar applications. Although most of these applications were available in pre-cloud era, but making these applications available through cloud has its own advantages. People use new services unknowingly that they are perhaps using the advanced technologies, as they are more concerned about such features like availability, scalability, low cost and performance. These features are readily provided by cloud, but, sometimes at the cost of security and privacy.
There are some known security issues inherent in cloud computing or mobile form of computing. For instance, it is known that the cloud servers and nodes are shared by many “tenants” and there are chances that some application may read or sniff the data belonging to other users’ applications. This can severely compromise the co-tenant’s security and privacy. Still other applications work as spyware or malware, which can sneak into other user’s space and start sending out vital information to the hacker. Other more serious issue is that the sensitive and confidential business information and the data, which can be a life-breath for the company is in the hands of cloud service providers. Knowingly or inadvertently the data can be subjected to misuse. .
Similarly, mobile computing and application is the buzz word for today’s businesses. Every company, which is into online trading or dealing with ecommerce, tends to have their mobile application available for its use on the client’s Smartphone or handheld device. The clients can easily download the application onto their mobile devices and transact from their mobile screens. Even corporate world have some sort of application for their employees who can connect to their office network through their mobiles, using VPN and Internet. This lets them log into their respective accounts and work from anywhere. However, privacy can be severely affected as the sensitive data can be stolen through the mobiles. Mobile phones are known to be low on security as software exists in the market, which can easily replicate the mobiles so that the data is shared in two devices in parallel, without the knowledge of the right owner. This cellular counterfeiting and cloning can lead to stealing lot of data from the cell phone itself, ability to authenticate into the office network and even make fake calls, IMs or messages. .
These are the known problems and an indication of the signs of times. Clearly the underlying software lacks the capabilities to make the system secure. There are certain security loopholes which are cleverly exploited by those who have in-depth knowledge of the working of these devices or environments, such as cloud computing. They take the advantage of these security lacunae in the systems and easily sneak into them. It is therefore necessary that the proper framework should be available which will help the making of these devices or environments secure. The purpose of this research is to determine the existing environments available, which have led to the development of such systems and finally to propose the framework which can be utilized to start building a much secured system from the deign levels.
1.1 Research Questions
Q1. How can one model and analyse dynamic privacy requirements in evolving technological environments?
Q2. What are the Gaps in existing models that prevents in providing robust software environment free from potential security breaches?
Q3. How can the model be validated to ensure that the new software development framework would avoid privacy leakage?
The aims of this research is to attempt and ascertain the nature of the gap which exists in the availability of software framework which may help in designing the dynamically secure systems and the actual need of the software design framework that should help in maintaining the privacy of the user data in highly active environs of computing. Post understanding the gap, the attempt of this research would be to propose a new software design framework which can help the designers and developers to design the system which is able to provide secure system, without compromising the privacy of the user’s confidential data.
Security and privacy issues are extremely important concerns as more and more companies and individuals opt for mobile computing, flexibility at work and cloud computing. Previously as the data or information was accessed between the four walls or behind the firewalls of the office premises, the data, privacy of the individual and the information could be secured in rather easier fashion. One firewall at times was sufficient. As the computing environments have attained more dynamics and attributes like flexibility to access from anywhere, so the objective of this research is to ascertain the state-of-art security framework available in designing a secure system.
Another objective of this research, compatible with the aims of the study as defined above, are determining the parameters which can define a system as secure, like the privacy of the individual, privacy of the data or confidentiality if the information and degree to which the data continues to be secure in a dynamic environment. It will also be illustrated that how the security and privacy of the data is affected as the nature of computing environment increasingly transforms from static to more vibrant, as the companies launch their applications on websites, clouds and androids. The study will demonstrate as to how the privacy of individual can get compromised using the same corporate application when launched from a Smartphone as compared when launched from within the company’s desktop.
As other aim of this research is to attempt to propose a framework which can protect the safety, security and privacy of the customer data and information in highly dynamic environment, an extensive literature review, relevant to the context and as per the recommendation of the research process will be undertaken. There are standard texts which clearly recommend the best practices in conducting the literature review for a technical research. The research processes will be followed and primary and secondary sources will be identified to conduct the research. A detailed study will be conducted on the identified resources and the existing research available in this context. This will help to find out possible gaps in the available state-of-art frameworks meant to be used in designing the secure systems right from the design levels. Based on this study, new framework system will be proposed which may be used by the designers and developers which can securely protect the data, information and privacy of the user and confidentiality of the company’s data. The framework should be such that it enables the system to scale to the new security requirements in pro-active systems.
2. Systematic Literature Review
This section deals with the identification of resources in the context of this research. The section details about the current research and attempts to determine the gaps and approach to plug in those specific gaps.
2.1 Research Method
This research involves software engineering process improvement in the context of hardening the security and ensuring the privacy of the users. Hence, a systematic literature review method needs to be adopted. . The researcher Keele recommends adopting three phased research, which culminates into the summary of the review. These three phases are the initial planning phase, then executing the procedure phase and finally the summary of the review. As it was highlighted that it is important to identify certain parameters which are critical to achieve the research objectives, so this method actually helps, right from the initial planning phase. This phase controls and guides in forming the research parameters compatible with the research aims. Moreover the papers selected will pertain to the software model related to cloud or mobile security and the underlying framework, over which the security has been built in to the relevant environment and devices.
Since the cloud computing, work from anywhere and mobile computing are relatively new concepts, so the papers will be considered only from last 5 years, that is 2009 onwards. Standard paper repository and libraries will be considered for resourcing the research papers – like Elsevier/ScieneDirect, Google Scholar, ACM and IEEE Xplore Digital Library. Following search terms will be used – “dynamic privacy”, “Security development framework”, “Software model”, “user Privacy”, “Cloud computing”, “mobile computing”, “Security requirements” and “technological environments”. Although these search terms will result in to lot of papers, but, a careful study will be conducted so as to select only those papers which are relevant to the research context as described above.
2.2 PhD Methodology
Advanced methodology, commensurate with doctorate levels, will be adopted in not only in the Literature Review Process, but, also in all other process. Specifically, the Literature Review process as recommended by the researchers like Saunders, is an early research activity and it constitutes in the form of an upward spiral, as shown in the below figure. It begins with formulating the research objectives, with the help of resources, and proceeds to defining the parameters, similar to what the researcher Keele had highlighted. Next step in the process is to generate the keywords, which were done and then find the repositories accessible, search the literature, refine the keywords further to generate more relevant literature and continue with the process in the similar manner in the form of an upward spiral. This method will be adopted in conducting the complete Literature Review.
Novelty of Research
Many researchers like Shaun Shei have defined and recommended methodology that can analyze and design systems based on cloud computing. The model they have provided has the capabilities to ensure that the security requirement is identified and complied. The model can also automate the procedures of generating and verifying the security policy and cloud configuration. This model helps the developer to generate the cloud computing configuration which will satisfy all the security requirements for a given environment. As per the cloud environments defined by National Institute of Standards and Technology (NIST), Private Cloud, Public Cloud, Community Cloud and Hybrid cloud, the Public cloud is least secure. Therefore, the model proposed should be such that the nature of cloud as well as application type should be taken into account. . Furthermore, some researchers have provided a model which can test the security post or during design and development. .
However, in the model which is intended to be presented in this research have certain new dimensions to it. For one, the model which is going to be proposed will enable the users and developers to define the security requirements dynamically. The proposed model will also be capable of adjusting the security configuration automatically as the application user moves from office premises to the mobile environment. There will also be provision that the user defines the level of security, like enabling encryption and invoke higher levels of security in the communication. So some parameters can be user defined at the run time and other parameters can be taken automatically as the system should be able to sense the level of security needed at the particular instant.
Aggarwal, S. and L. McCabe. A 4-year total cost of ownership (TCO) perspective comparing cloud and on-premise . Netsuite, Hurwitz, 2013.
Dela Torre, K. Oracle Cloud Central. Oracle.com, 2013.
DePerry, D, T. Ritter and A Rahimi. Traffic Interception & Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. ISecPartners, n.d. <https://www.isecpartners.com/media/106086/femtocell.pdf>.
Durkee, D. Why Cloud Computing Will Never Be Free. ACM, 2009.
Kalloniatis, C., H Mouratidis and S Islam. Evaluating cloud deployment scenarios based on security and privacy requirements. Springer, 2013.
Keele, S. Guidelines for performing systematic literature reviews in software engineering. 2007.
Mell, P and T Grance. The NIST Definition of cloud computing: Recommendations of the National Institute of Standards and Technology. NIST, 2011.
Mouratidis, H and P Giorgini. Security Attack Testing (SAT)—testing the security of information systems at design time. Elsevier, 2007.
Rackspace. 88 per cent of cloud users point to cost savings according to Rackspace Survey. Rackspace, 2013.
Saunders, T, P Lewis and A Thornhill. Research Methods. Pearson Education, 2009.
Shei, S. A Model-Driven Approach Towards Designing and Analysing Secure Systems for Multi-Clouds. 2015.