Muhammad Tariq | University of Lahore, Lahore Pakistan (original) (raw)
Papers by Muhammad Tariq
— Cloud computing has brought new innovations in the paradigm of information technology (IT) indu... more — Cloud computing has brought new innovations in the paradigm of information technology (IT) industry through virtualization and offering low price services on pay-as-per-use basis. Since the development of cloud computing, several issues like security, privacy, cost, load balancing, power consumption, scheduling algorithms are still under research. A threat agent is an attacker, intruder and/or employee that takes the benefits of the vulnerabilities and risks in the system. There are different information security standards, governance and security frameworks, and guides to protect the organizations to protect from threat agents. In this research cloud vulnerabilities and risks have been identified that can be exploited by the threat agent and mapped into renowned information security standard NIST SP 800-53 Rev.3 to check whether the standard provides claim security to cloud users.
Heartbleed, a big Open Secure Socket Layer (OpenSSL) vulnerability appeared on the web on 7th Apr... more Heartbleed, a big Open Secure Socket Layer (OpenSSL) vulnerability appeared on the web on 7th April 2014. This highly risked vulnerability enabled attackers to remotely read protected memory contents from Hyper Text Transfer Protocol
Secure (HTTPS) sites. In this paper, the authors will review
and analyze Heartbleed vulnerability effects on secured websites, a year later (April 2015). To accomplish this, we conducted an analysis on a dataset of 100 Italian public and private sector websites like banks, stock exchanges, Cloud Organizations and services on HTTPS websites, thereby obtained that only 1% of the websites show the vulnerability. However, new vulnerabilities as Padding Oracle on Downgraded Legacy Encryption (POODLE) & Factoring Attack on RSA-Export Keys (FREAK) affect a lot of websites, particularly the websites used as point of accesses of Italian telematics process. We concluded the paper with the analysis of the Cloud risks that are very harmful for the Cloud customers as well as the Cloud venders due to Heartbleed attack
International Journal of Computer Networks and Communications Security, Aug 31, 2013
Cloud Computing is one of the rapidly adopted technology in the field of Information and Communic... more Cloud Computing is one of the rapidly adopted technology in the field of Information and Communication Technology (ICT) in which resources (like processor and storage devices) can be rented out and released by the Cloud customer by using the Internet in on-demand basis. Information Security issues in Cloud Computing hold vital importance as the global economy depends upon the secure flow of information within the organization and exchange of information with other organization (private and public Cloud).
To measure security in Cloud Computing at each level, Information Security metrics are better tools that help the organization to take good decisions on the base of qualitative and quantitative analysis,performance reports, efficiency and effectiveness of the implemented standard or certification security controls.
SLA metrics are mostly used to evaluate performance of the service object but not to measure Information Security risks. These service objects can be further categorized as Hardware, Software, Network, Storage and Help Desk / Service Desk. Each object has its own quality metrics and can be combined to form a complex and compound service. COBIT is IT Governance framework which is widely used in IT industry. It covers several areas of IT Governance. Information Security is the part of this framework and the same part can be used to build SLA based Information Security Metrics in Cloud Computing. To obtain Information Security Metrics particularly for Cloud Computing, a criteria have been developed and Information Security Metrics are developed accordingly to facilitate both Cloud Customers and Cloud Service Providers.
11th Islamic Countries Conference on Statistical Sciences (ICCS-11), Dec 22, 2011
Wireless Networking technology is now one of the most popular technologies but still there are dr... more Wireless Networking technology is now one of the most popular technologies but still there are drawbacks which are closely associated with Wireless Networks. In wireless network communication, the data is transferred from one point to another point through radio waves which makes wireless networks weak for attacks. To eliminate threats, understanding about said attacks always provides good ability to defend wireless network. This research paper will describe the overview of the wireless technology with its drawbacks, Present security and privacy issues, Potential wireless network Security threats (unauthorized access, Active eavesdropping, Man in the Middle Attack, Denial of
Service and etc), Tools that hackers often use to exploit vulnerabilities in wireless networking (NetStumbler, Kismet, Airsnort, Airsnarf, Airjack and etc) and will propose the best ways to secure Wireless Network.
9th International Conference on Statistical Sciences, Jul 7, 2012
Cloud computing has recently emerged as new computing paradigm which basically aims to provide cu... more Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet. Cost and security are influential issues to deploy cloud computing in large enterprise. Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance,
effectiveness and impact of the security constraints. It is very hard issue to get maximum benefits from Information security metrics in cloud computing.
The aim of this paper is to discuss security issues of cloud computing, and propose basic building blocks of information security metrics framework for cloud computing. This framework helps cloud users to create information security metrics, analyze cloud threats, processing on cloud threats to mitigate them and threat assessment.
Islamic Countries Society of Statistical Sciences, Jul 7, 2012
Service Level Agreement is legal contract between services supplier and customer which exactly sp... more Service Level Agreement is legal contract between services supplier and customer which exactly specifying terms and conditions and all standards of services. Although agreement defined set of terms and conditions, scope of services, Service level monitoring, Complaint mechanism, support activities, tool and technologies Service level plan, violation and penalties and support services etc, but could not manage and gain values.
International Journal of Cloud Computing and Services Science (IJ-CLOSER), Oct 1, 2012
Cloud computing has recently emerged as new computing paradigm which basically aims to provide c... more Cloud computing has recently emerged as new computing paradigm which
basically aims to provide customized, reliable, dynamic services over the
internet. Cost and security are influential issues to deploy cloud computing
in large enterprise. Privacy and security are very important issues in terms of
user trust and legal compliance. Information Security (IS) metrics are best
tool used to measure the efficiency, performance, effectiveness and impact of
the security constraints. It is very hard issue to get maximum benefits from
Information security metrics in cloud computing. The aim of this paper is to
discuss security issues of cloud computing, and propose basic building
blocks of information security metrics framework for cloud computing. This
framework helps cloud users to create information security metrics, analyze
cloud threats, processing on cloud threats to mitigate them and threat
assessment.
— Cloud computing has brought new innovations in the paradigm of information technology (IT) indu... more — Cloud computing has brought new innovations in the paradigm of information technology (IT) industry through virtualization and offering low price services on pay-as-per-use basis. Since the development of cloud computing, several issues like security, privacy, cost, load balancing, power consumption, scheduling algorithms are still under research. A threat agent is an attacker, intruder and/or employee that takes the benefits of the vulnerabilities and risks in the system. There are different information security standards, governance and security frameworks, and guides to protect the organizations to protect from threat agents. In this research cloud vulnerabilities and risks have been identified that can be exploited by the threat agent and mapped into renowned information security standard NIST SP 800-53 Rev.3 to check whether the standard provides claim security to cloud users.
Heartbleed, a big Open Secure Socket Layer (OpenSSL) vulnerability appeared on the web on 7th Apr... more Heartbleed, a big Open Secure Socket Layer (OpenSSL) vulnerability appeared on the web on 7th April 2014. This highly risked vulnerability enabled attackers to remotely read protected memory contents from Hyper Text Transfer Protocol
Secure (HTTPS) sites. In this paper, the authors will review
and analyze Heartbleed vulnerability effects on secured websites, a year later (April 2015). To accomplish this, we conducted an analysis on a dataset of 100 Italian public and private sector websites like banks, stock exchanges, Cloud Organizations and services on HTTPS websites, thereby obtained that only 1% of the websites show the vulnerability. However, new vulnerabilities as Padding Oracle on Downgraded Legacy Encryption (POODLE) & Factoring Attack on RSA-Export Keys (FREAK) affect a lot of websites, particularly the websites used as point of accesses of Italian telematics process. We concluded the paper with the analysis of the Cloud risks that are very harmful for the Cloud customers as well as the Cloud venders due to Heartbleed attack
International Journal of Computer Networks and Communications Security, Aug 31, 2013
Cloud Computing is one of the rapidly adopted technology in the field of Information and Communic... more Cloud Computing is one of the rapidly adopted technology in the field of Information and Communication Technology (ICT) in which resources (like processor and storage devices) can be rented out and released by the Cloud customer by using the Internet in on-demand basis. Information Security issues in Cloud Computing hold vital importance as the global economy depends upon the secure flow of information within the organization and exchange of information with other organization (private and public Cloud).
To measure security in Cloud Computing at each level, Information Security metrics are better tools that help the organization to take good decisions on the base of qualitative and quantitative analysis,performance reports, efficiency and effectiveness of the implemented standard or certification security controls.
SLA metrics are mostly used to evaluate performance of the service object but not to measure Information Security risks. These service objects can be further categorized as Hardware, Software, Network, Storage and Help Desk / Service Desk. Each object has its own quality metrics and can be combined to form a complex and compound service. COBIT is IT Governance framework which is widely used in IT industry. It covers several areas of IT Governance. Information Security is the part of this framework and the same part can be used to build SLA based Information Security Metrics in Cloud Computing. To obtain Information Security Metrics particularly for Cloud Computing, a criteria have been developed and Information Security Metrics are developed accordingly to facilitate both Cloud Customers and Cloud Service Providers.
11th Islamic Countries Conference on Statistical Sciences (ICCS-11), Dec 22, 2011
Wireless Networking technology is now one of the most popular technologies but still there are dr... more Wireless Networking technology is now one of the most popular technologies but still there are drawbacks which are closely associated with Wireless Networks. In wireless network communication, the data is transferred from one point to another point through radio waves which makes wireless networks weak for attacks. To eliminate threats, understanding about said attacks always provides good ability to defend wireless network. This research paper will describe the overview of the wireless technology with its drawbacks, Present security and privacy issues, Potential wireless network Security threats (unauthorized access, Active eavesdropping, Man in the Middle Attack, Denial of
Service and etc), Tools that hackers often use to exploit vulnerabilities in wireless networking (NetStumbler, Kismet, Airsnort, Airsnarf, Airjack and etc) and will propose the best ways to secure Wireless Network.
9th International Conference on Statistical Sciences, Jul 7, 2012
Cloud computing has recently emerged as new computing paradigm which basically aims to provide cu... more Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet. Cost and security are influential issues to deploy cloud computing in large enterprise. Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance,
effectiveness and impact of the security constraints. It is very hard issue to get maximum benefits from Information security metrics in cloud computing.
The aim of this paper is to discuss security issues of cloud computing, and propose basic building blocks of information security metrics framework for cloud computing. This framework helps cloud users to create information security metrics, analyze cloud threats, processing on cloud threats to mitigate them and threat assessment.
Islamic Countries Society of Statistical Sciences, Jul 7, 2012
Service Level Agreement is legal contract between services supplier and customer which exactly sp... more Service Level Agreement is legal contract between services supplier and customer which exactly specifying terms and conditions and all standards of services. Although agreement defined set of terms and conditions, scope of services, Service level monitoring, Complaint mechanism, support activities, tool and technologies Service level plan, violation and penalties and support services etc, but could not manage and gain values.
International Journal of Cloud Computing and Services Science (IJ-CLOSER), Oct 1, 2012
Cloud computing has recently emerged as new computing paradigm which basically aims to provide c... more Cloud computing has recently emerged as new computing paradigm which
basically aims to provide customized, reliable, dynamic services over the
internet. Cost and security are influential issues to deploy cloud computing
in large enterprise. Privacy and security are very important issues in terms of
user trust and legal compliance. Information Security (IS) metrics are best
tool used to measure the efficiency, performance, effectiveness and impact of
the security constraints. It is very hard issue to get maximum benefits from
Information security metrics in cloud computing. The aim of this paper is to
discuss security issues of cloud computing, and propose basic building
blocks of information security metrics framework for cloud computing. This
framework helps cloud users to create information security metrics, analyze
cloud threats, processing on cloud threats to mitigate them and threat
assessment.