Authors:
Khalid Saeed,Rohi Tariq, Wajeeha Khalil,Sheeraz Ahmed,Malik Taimur Ali, Farrukh Hassan, M.Naeem Khan Khattak,DOI NO:
https://doi.org/10.26782/jmcms.2019.06.00035Keywords:
Virtual Organization,Vulnerabilities,Security Attacks,Security Issues,Abstract
Virtual Organization (VO) allows organizations to exchange and share resources among each other as well as they can work in collaboration. Within the VO the workers can be from different organizations and they can have different affiliation. VO offers a different model of communication among enterprises. The communication in VO is based on information and communication technology. The workers of VO communicate and perform activities using the cyber infrastructure. Since VO involves the use of cyber infrastructure which is vulnerable to different possible security attacks and these security attacks can have different consequences. This research identifies the possible vulnerabilities to VO, evaluates different security attacks as well as their consequences and mitigation plan. Moreover at the end there are some proposed guidelines to VO administrators and users to improve the security of VOs. This research paper is the extension of our previous research work.Refference:
I. Abdulla, P. (2012). Understanding the Impact of Denial of Service Attacks on Virtual Machines.
II. Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A.,Gianoli, A., …&Spataro, F. (2004). VOMS, an authorization system for virtual organizations.In Grid computing (pp. 33-40).Springer Berlin Heidelberg.
III. ARP Spoofing. Retrieved from https://www.thesecuritybuddy.com/data-breaches-prevention/what-is-
arp-spoofing/on December 8, 2018.
IV.Cummings, J., Finholt, T., Foster, I., Kesselman, C., & Lawrence, K. A. (2008). Beyond being there: A blueprint for advancing the design,development, and evaluation of virtual organizations.V. Darko-Ampem, S., Katsoufi, M., &Giambiagi, P. (2006, October).Secure negotiation in virtual organizations. In Enterprise Distributed Object Computing Conference Workshops, 2006. EDOCW’06. 10th IEEE International
(pp. 48-48). IEEE.
VI.Denial of Service Attack. Retrieved from https://www.blackmoreops.com/2015/10/21/free-dos-attack-tools/
onDecember 4, 2018.
VII. DNS Cache Poisoning. Retrieved from https://techglimpse.com/dns-cache-poison-solution-simple-terms/
on December 8, 2018.
VIII. Higgins, K. J.,Vm’screate potential risks. Technical report, darkREADING, 2007.
http://www.darkreading.com/document.asp?doc_id=117908
IX. Kamel, M., Benzekri, A., Barrère, F., &Laborde, R. (2007, June). Evaluating the Virtual Organizations security solutions using the ISO/IEC 17799 standard.In Technology Management Conference (ICE),
2007 IEEE International (pp. 1-8).IEEE.
X. Kerschbaum, F., Haller, J., Karabulut, Y., & Robinson, P. (2006, May). Pathtrust: A trust-based reputation service for virtual organization formation. In International Conference on Trust Management (pp. 193-
205).Springer, Berlin, Heidelberg.
XI.Kerschbaum, F., & Robinson, P. (2009). Security architecture for virtual organizations of business web services.Journal of Systems Architecture,55(4), 224-232.
XII. Khalil, M. E., Ghani, K., & Khalil, W. (2016, April). Onion architecture: a new approach for XaaS (every-thing-as-a service) based virtual collaborations. In Learning and Technology Conference (L&T), 2016
13th(pp. 1-7). IEEE.
XIII. Khalil, W. (2012).Reference architecture for virtual organization (Doctoral dissertation, uniwien).
XIV. Khalil, W., &Schikuta, E. (2013). A Design Blueprint for Virtual Organizations in a Service Oriented Landscape.arXiv preprint arXiv:1312.5172
XV. Khalil, W., &Schikuta, E. (2012). Virtual organization for computational intelligence. In Human-Computer Interaction: The Agency Perspective (pp. 437-464). Springer, Berlin, Heidelberg.
XVI.Kim, Y. P., Lee, S., Lee, P., & Newby, G. B. (2006, October). Grid Information Retrieval Management System for Dynamically Reconfigurable Virtual Organization.In Grid and Cooperative Computing, 2006.GCC 2006. Fifth International Conference (pp. 301-306). IEEE.
XVII. Kirch, J. (2007). Virtual machine security guidelines.The Center for Internet Security.
XVIII. Kumar, A., Patwari, A., &Sabale, S. User Authentication by Typing Pattern for Computer and Computer based devices.
XIX. Lee, C. A., Desai, N., &Brethorst, A. (2014, December). A Keystone-Based Virtual Organization Management System.In Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International
Conference on (pp. 727-730).IEEE.
XX. Li, J., Li, B., Du, Z., &Meng, L. (2010, June). Cloudvo: Building a secure virtual organization for multiple clouds collaboration. In Software Engineering Artificial Intelligence Networking and Parallel/Distributed
Computing (SNPD), 2010 11th ACIS International Conference on (pp.181-186). IEEE.
XXI.Magiera, J., &Pawlak, A. (2005). Security Frameworks for virtual organizations.In Virtual Organizations
(pp. 133-148).Springer US.
XXII. Muthaiyah, S., &Kerschberg, L. (2007). Virtual organization security policies: An ontology-based integration approach. Information Systems Frontiers,9(5), 505-514.
XXIII. Phishing Attack. Retrieved from https://www.cloudflare.com/learning/security/threats/phishing-attack/
on December 8, 2018.
XXIV. Securing Virtual Applications and Servers. Retrieved from http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/unified-network-services-uns/white_paper_c11-652663.pdf on March 17
, 2016.
XXV. Sinnott, R. O., Chadwick, D. W., Doherty, T., Martin, D., Stell, A.,Stewart, G., …& Watt, J. (2008, May). Advanced security for virtual organizations: The pros and cons of centralized vs decentralized security
models. In Cluster Computing and the Grid, 2008.CCGRID’08. 8th IEEE International Symposium on
(pp. 106-113). IEEE.
XXVI. Sniffing Networks Part 2 – MAC addresses, IP. Retrieved from http://securitymusings.com/article/tag/arp-spoofing on March 17, 2016.