Abstract:
scale IT service for distributed system environments. However, security and privacy issues are
major obstacles to the organizations using traditional IT infrastructure and ICT management
techniques. Initially this study proposed a new solution in order to maximize the level of trust,
based on security and privacy issues between the cloud provider and service users. In the
strategic framework, the level of trust can be significantly increased by improving data security
and privacy, in which we proposed a strong authentication, authorization, and access control
mechanisms under Security as a Service deployment model. This mechanism has not been
adopted by most of the frameworks. This service model strategy makes the technical and
technology administrators as light weight process handlers. Security as a Service is a new cloud
service model for promising and strengthening the security issues over on-promise data
management or off-promise data management by real-time surveillance over client console. If
in existing frameworks additional features like OTP, multi factor authentication, role-based
access control and regular security audits are included; a better and promised security can be
ensured over cloud where student centric data is being stored. This thesis proposed a role-
based multi-factor authentication framework to provide Security as a Service deployment to
secure student-centric data over the cloud and it combines authentication methods (strong
authentication, one-time password (OTP) and role-based access control) with encryption. To
enable the design of this framework, possible security and privacy issues were collected
through interview, observation and experimentation to identify major threats, vulnerabilities,
and challenges. In order to analyze the identified and observed security and privacy issues
AMU SMIS and other allied student-centric data management platforms were used for case
analysis. In order to design the strategic framework; the most feasible security frameworks
from case studies through literature review with best practices were analyzed for suitability,
customization as per need of target stakeholders involved in the processing of student centric
data. Finally, an Open Stack is selected as an open source cloud computing platform to deploy
Security as a Services offered by the security and privacy framework of this research. In order
to deploy and validate the framework at deployment site, an IaaS model has been proposed for
deploying the framework over AMU’s Private Student-Centric Cloud.
