• 경영정보학연구
• /
• 제17권1호
• /
• pp.1-18
• /
• 2015

최근 많은 IT 기업들이 클라우드 서비스 시장에 진입하면서 출시되는 클라우드 서비스의 숫자가 크게 늘어나고 있다. 이러한 이유로 발생하는 클라우드 서비스 선택의 문제들을 해결하고, 기술적인 역량이 부족한 클라우드 서비스 사용자들의 서비스 초기화와 운용을 돕기 위해서 클라우드 서비스 중개업 회사들이 크게 주목받고 있다. 본 연구에서는 원 클라우드 서비스 제공자들과 클라우드 서비스 중개업 회사들 간의 협업을 대표적인 사례들인 국내의 NCloud24와 미국의 RightScale을 통해 보았다. 두 회사의 비즈니스 모델을 비즈니스 모델 캔버스를 사용하여 분석하였으며, 클라우드 서비스 중개업 회사들의 출현을 IaaS(Infrastructure-as-a-Service) 클라우드 서비스 회사들의 언번들링(Unbundling) 과정으로 해석하였다. 그리고 두 사례간의 차이점을 비교하고, 이를 바탕으로 향후 국내 클라우드 서비스 중개업이 나아가야 할 방향에 대하여 조망하였다.

• 인터넷정보학회논문지
• /
• 제19권3호
• /
• pp.25-33
• /
• 2018

본 논문에서는 클라우드 컴퓨팅 환경을 기반으로 하는 실시간 엔터프라이즈 워크플로우 관리 시스템을 구현하는데 있어서 반드시 수반되어야 하는 워크플로우 모델링 방법론으로서 정보제어넷 기반 클라우드 워크플로우 모델을 제안한다. 본 논문에서 제안하는 모델은 클라우드 서비스 배치모델을 기반으로 하는 클라우드 워크플로우 아키텍처, 즉 조직 수준 클라우드 배치모델, 커뮤니티 수준 클라우드 배치모델, 공적 수준 클라우드 배치모델, 혼합형 클라우드 배치모델 등으로 분류되는 클라우드 배치모델에 따른 클라우드 워크플로우 아키텍처를 지원하는 것을 목적으로 한다. 이 모델은 전통적으로 엔터프라이즈 워크플로우의 대표적인 정형적 모델링 기법인 정보제어넷 모델링 방법론을 클라우드 배치모델과 연계할 수 있도록 확장시킨 수학적 그래프 모델이다. 결론적으로, 본 논문에서는 제안된 정보제어넷 기반 클라우드 워크플로우 모델을 적용할 수 있는 클라우드 워크플로우 아키텍처와 그에 따른 클라우드 워크플로우 서비스를 설계함으로써 제안된 모델의 적용가능성을 검증한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권3호
• /
• pp.843-871
• /
• 2015

Cloud computing evolve as a cost effective business model for IT companies to focus on their core business without perturbing on infrastructure related issues. Hence, major IT firms and Small & Medium Enterprises (SME) are adopting cloud services on rental basis from cloud providers. Cloud Service level agreements (SLA) act as a key liaison between consumers and providers on renting Anything as a Service (AaaS). Design of such an agreement must aim for greater profit to providers as well as assured availability of services to consumers. However in reality, cloud SLA is not satisfying the parties involved because of its inherent complex nature and issues. Also currently most of the agreements are unilateral to favour the provider. This study focuses on comprehensive, 360-degree survey on different aspects of the cloud service agreements. We detailed the life cycle of SLA based on negotiation, different types of SLA, current standards, languages & characteristics, metrics and issues involved in it. This study will help the cloud actors to understand and evaluate the agreements and to make firm decision on negotiation. The need for standardized, bilateral, semantic SLA has also been proposed.

• 디지털산업정보학회논문지
• /
• 제12권1호
• /
• pp.81-87
• /
• 2016

Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.

• 정보과학회 논문지
• /
• 제43권9호
• /
• pp.1052-1059
• /
• 2016

클라우드 컴퓨팅 시스템의 주요 역할은 신뢰받지 않은 클라우드 서버의 데이터베이스 실행이 키 관리의 복잡성을 요구하기 때문에 중요한 이슈가 되고 있다. 본 연구는 키 실행을 최소화하는 셀프 프락시 서버를 사용한 키 관리 시스템을 제안하고, 사용자가 암호화된 데이터베이스에 질의할 때 데이터 소유자가 관련키에 직접적으로 관여하지 않는 셀프 생성 알고리즘을 생성하여 클라우드 서비스 성능을 개선한다. 셀프 프락시 서버는 클라우드 키 서버에 문제가 발생했을 때와 효율적인 클라우드 키 관리를 위하여, 이를 대신한 분산 서버로서 능동적이고 자율적인 키 관리를 지원한다. 따라서 제안한 키 관리 시스템은 클라우드 서버 데이터베이스의 기밀성 지원으로 안전한 클라우드 서비스를 제공한다.

• The Journal of Asian Finance, Economics and Business
• /
• 제6권1호
• /
• pp.217-229
• /
• 2019

The purpose of the research is to verify how task characteristics for business and technology characteristics, economic feasibility, technology readiness, organizational factors, environmental factors of cloud computing affect the performance of cloud computing adoption through Fit and Viability. The research aims to verify the relationship among the success factors for adopting cloud computing based on the Fit-Viability model. Respondents who work for IT companies which is using cloud computing in South Korea were chosen. The data was analyzed by the structural equating model. As a result, Task characteristics and Technology characteristics affected Fit in a positive manner, while Technology readiness, Organizational factors and Environmental factors also positively impacted Viability. Fit and Viability both affected the successful adoption of cloud equally. In particular, Environmental factors were proven to have the biggest impacts on Viability, and affected highly indirect impact on the Performance of cloud computing adoption through Viability. Entering the era of the fourth industrial revolution, corporations have established digital transformation strategies to secure a competitive edge while growing continuously, and are also carrying out various digital transformation initiatives. For the success of adoption of foundational technologies, they need to understand not only the decision-making factors of adopting cloud computing, but also the success factors of adopting cloud computing.

• 한국IT서비스학회지
• /
• 제12권4호
• /
• pp.1-23
• /
• 2013

This study examines whether key characteristics of cloud computing services would affect the intention of use for personalized cloud computing services. The research model was generated based on Technology Acceptance Model (TAM) with resistance variable, and verified statistically by undertaking a survey about the perception of personal users. As the results of this analysis, we could find the structural relationship among the factors affecting adoption of the cloud computing service. We found that the expectation of ubiquity as a representative function of the cloud computing service meaningfully affected the perceived ease of use and resistance, and that the relativeness with existing services also meaningfully affected the perceived ease of use, but not the resistance. In addition, the moderating effects of use experience in the path leading from the perceived ease of use and resistance to the intention of use were identified. This study will provide diverse implications for the companies providing personalized cloud computing services.

• 대한임베디드공학회논문지
• /
• 제8권6호
• /
• pp.303-309
• /
• 2013

Cloud storage services are used for efficient sharing or synchronizing of user's data across multiple mobile devices. Although cloud storages provide flexibility and scalability in storing data, security issues should be handled. Currently, typical cloud storage services offer data encryption for security purpose but we think such method is not secure enough because managing encryption keys by software and identifying users by simple ID and password are main defectives of current cloud storage services. We propose a secure data access method to cloud storage in mobile environment. Our framework supports hardware-based key management, attestation on the client software integrity, and secure key sharing across the multiple devices. We implemented our prototype using ARM TrustZone and TPM Emulator which is running on secure world of the TrustZone environment.

• Journal of Information Processing Systems
• /
• 제12권2호
• /
• pp.226-233
• /
• 2016

Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.