MITS5002 Software Engineering Methodology: Security Issues And Research Challenges Assessment 1 And 2 Answer

pages Pages: 4word Words: 890

Question :

MITS5002 Software Engineering MethodologyAssignment 1 and 2Presentation and Research Report

NOTE: This Document is used in conjunction with Assessment 1 [Presentation & participation] and Assessment 2 [Research Report] in the Teaching and Assessment Plan document [MITS55002_Teaching and Assessment Plan.doc]


This assessment item relates to the unit learning outcomes as in the unit descriptor. This assessment is designed to improve student presentation skills and to give students experience in researching a topic and writing a report relevant to the Unit of Study subject matter.


These instructions apply to both Assignment 1 - Presentation and Assignment 2 Research Report.

Assignment 1 - Presentation and Participation - 10%(Sessions 5-12) Individual Assignment

For this component you will be required to do a 5-10 minute presentation on a recent academic paper on a topic related to Software Engineering or Software Engineering Methodologies. Some possible topic areas include but are not limited to:

  • Software Engineering for Data Warehouse systems
  • Risk Analysis in Software Engineering
  • Project Management methodologies
  • Advances in Prototyping for software engineering
  • Cleanroom methodology
  • Test Driven methodologies
  • Advanced human Interfaces
  • Artificial Neural Networks
  • Cloud Computing
  • Agent Oriented Software Engineering

The paper you select must be directly relevant to one of the above topics or another topic and be related to Software Engineering. The paper must be approved by your lecturer and be related to what we are studying this semester in Software Engineering. The paper can be from any academic conference or other relevant Journal or online sources such as Google Scholar, Academic department repositories, or a significant commercial company involved in research such as IBM etc. All students must select a different paper. Thus, the paper must be approved by your lecturer before proceeding. In case two students are wanting to present on the same paper, the first who emails the lecturer with their choice will be allocated that paper. Please note that popular magazine or web-site articles are not academic papers.

A grade of 10% of the Units mark will be awarded for your presentation and your participation in other student presentations. You are to prepare a set of powerpoint slides for your presentation. If you do not participate in at least 70% of other student’s presentations you will forfeit a significant proportion of the marks for this component.

Noteif class numbers are large the presentations may be organized into groupsbut students will still all need to select their own individual paper for assignment 2. In the case where presentations are arranged in groups each group can decide which students paper will be used for the presentation.

The presentations will occur in sessions 5-12 on the academic calendar for the semester and the order of presentations will be by arrangement, but these will be evenly spread over those sessions.

What to Submit.

There is no submission for this component, you are allocated marks based on your presentation and participation

Assignment 2 - Research Report - 10%(Due Session 9) Individual Assignment

For this component you will write a report or critique on the paper you chose from Assignment 1, the Presentation and Participation component above.

Your report should be limited to approx. 1500 words (not including references). Use 1.5 spacing with a 12 point Times New Roman font. Though your paper will largely be based on the chosen article, you should use other sources to support your discussion or the chosen papers premises. Citation of sources is mandatory and must be in the IEEE style.

Your report or critique must include:

Title Page: The title of the assessment, the name of the paper you are reporting on and its authors, and your name and student ID.

Introduction: Identification of the paper you are critiquing/ reviewing, a statement of the purpose for your report and a brief outline of how you will discuss the selected article (one or two paragraphs).

Body of Report: Describe the intention and content of the article. If it is a research report, discuss the research method (survey, case study, observation, experiment, or other method) and findings. Comment on problems or issues highlighted by the authors. Report on results discussed and discuss the conclusions of the article and how they are relevant to the topics of this Unit of Study.

Conclusion: A summary of the points you have made in the body of the paper. The conclusion should not introduce any ‘new’ material that was not discussed in the body of the paper. (One or two paragraphs)

References: A list of sources used in your text. They should be listed alphabetically by (first) author’s family name. Follow the IEEE style. The footer must include your name, student ID, and page number.

Note: reports submitted on papers which are not approved or not the approved paper registered for the student will not be graded and attract a zero (0) grade.

Show More

Answer :



The purpose of reviewing the paper is to identify the security issues and challenges related to cloud computing. For this purpose, the paper written by Sanjay Kumar, R.S. Verma, and K. Mohan is chosen. The paper has been published on International Journal of Advanced Research In Computer Science in 2017. This paper elaborates the data security issues in cloud computing. The paper uses an observation method used by different organization and examines various techniques related to data security and privacy.     


Intention and content of the article

Virtualization and cloud computing are two primary requirements required by industries global wide due to the growing number of data volume faced by industries nowadays. Despite different advantages provided by cloud computing, the cloud-computing environment is going through different security issues and challenges regarding data protection and security.  The virtualization security problem can be mainly seen in the public domain and hybrid domain. The roots of the problem are no longer confined to the public domain only; rather the root has been penetrated to the public domain also. The paper reviewed these issues and the mitigation procedure by which a business model can deliver high-performance products with state-of-art security issues [4].

As identified by the article, a new series of non-traditional security threats have been identified by companies and these issues need immediate attention. The demand of information security thus becomes high and the article focuses on the procedure to increase the amount of information security required by the organizations [4].

Data security is related to the data accuracy and data loss and each of these vital factors has to be tackled properly. Most of the time, it is seen that by the implementation of security in a cloud environment becomes responsible for the loss of data. The research focuses on data security and safety in the cloud environment and designing of the system where data loss in minimum.  

Cloud computing environment can be divided broadly into three domains, which are Public domain, Private domain, and Hybrid domain. However, in all these three computing environments, Application Programming Interface (API) of cloud computing still remains private. A uniform standard regarding the Application Programming Interface (API) has not been established and the research emphasizes the need for an international standard [4]. It is therefore difficult for users to migrate programs and data from one device to another, and this is exactly why the number of users using cloud computing is considerably lower than the users use a computation device. Most of the Small and Medium Sized Enterprises do favor the considerable computing environment rather than a cloud environment for the same reason and high cost of the cloud-computing environment. However, both of the large-sized and SMEs that using cloud-computing have the same issues regarding auditability and security of data complaining about fishing and threats in cloud-computing.  

Data security is therefore considered as primary thing considered by cloud-service providers. In a cloud environment, data are stored in a logical array, rather than any fixed memory location as in case of solid-state devices. The security protection of data is thus different from any conventional solid-state devices and extremely different. Sometime, data may have to be stored in an intranet server in a cloud-computing environment. With the increment in the volume of data, the requirement of the bandwidth of a server increases. With the development of internet technology, the limitation in bandwidth has been reduced considerably [4].

Virtualization is another matter associated with cloud computing. In virtualization, a parent machine can be divided into several machines depending upon the requirement and each of them can act independently from their parent system. The computation speed thus increases considerably, whenever computing is performed in a cloud environment. After computation is over, the completed data is sent back to the parent computer, however, during computation, no daughter computers able to change the settings of parent computer. The problem in the virtualization is the authentication problem. In general, a multifactor authentication protocol is used in the solid-state devices wherever implementation in such factor in case of cloud system is difficult [4]. Most of the cloud-computing systems use single-factor authentication protocol, and at the most, implementation of two-factor authentication, the factor is possible in a cloud-computing system. This research paper emphasizes on Virtual Machine Security especially related to the Google Docs. 

The security issues identified in the article related to the cloud-computing environment is divided into four layers similar to TCP/IP protocol suite. The uppermost layer is referred to as the application layer, following it, a Platform layer, Infrastructure layer and Hardware layer serially as indicated in the figure below:

Cloud-computing security architecture

Figure 1: Cloud-computing security architecture

(Source: [4])     

An adequate amount of security is to be given to every layer as identified above. Data security and privacy protection issues are associated with the information life cycle. As per the article, data lifecycle or information life cycle can be divided into four phases as indicated below:

Data Life cycle

Figure 2: Data Life cycle

(Source: [4])

Phase 1: Data generation

The data generation process is the process by which a user process or store data in a cloud computing environment. An adequate amount of security is to be provided by the cloud service provider to keep personal data safe.

Phase 2: Transfer

This stage included the encryption process and the transmission of data. The transmission protocol needs to be designed in such a way that, it can be transferred accurately from the sender’s end to receiver’s end without any data leakage.  

Phase 3: Use

This is the service provided by the cloud service providers. Some service providers provide SaaS, while some offer PaaS. Depending upon the service provided, encryption also differs.

Phase 4: Share

In this stage, the authentication protocol is used. Whenever a user goes to share data with another user, the cloud system requires authentication. This authentication is however based on single-factor authentication or most two-factor authentication, whereas multifactor authentication is desirable. 

Phase 5: Storage

The main advantage of a cloud-based system is the possession of unlimited memory. A large volume of data can be stored in the cloud-memory system depending upon the service that the software offers 

Research method

This research observes that the idea of data encryption and security is the same as defined by standard organizations. The researchers have observed that The Organization for Economic Cooperation and Development defines the data sensitivity refers to any recognizable or unidentified data. These data need to be protected in with end-to-end encryption.

Another definition is given by the American Institute of Certified Public Accountants (AICPA) and GICA, regarding Privacy principles. The federal organization has defined the Generally Accepted Privacy Principles (GAPP) regarding, storage, accumulation, protection and maintenance of data. The principle emphasizes on the ID of the data that can be provided. The standards safety protocols defined by each of the organization revolve around Data Life Cycle [4].    

Problems and issues highlighted by the authors

As per the article, four layers of cloud system architecture have to provide appropriate security. The application layer has an issue in security regarding web service and presentation. The web services where the user directly interacts with the cloud services provided by the service provider. Examples of such services are Google Drive, Microsoft Azure, Amazon EC2 and Drop box. The interface of cloud systems is not secured as that of solid-state devices and any type of data leakage may happen in the cloud-based services. The issue can be mitigated if and only if cloud-computing systems provide security encryption in the interface of computing layer. An end-to-end encryption has to be provided for securing data transmission [4].

Next, the research identifies a software framework by which computation would be done. The security protocol involves the software packages also where computations are done. Therefore, the algorithm of the protocol needs to match with the algorithm of the software packages. A lack of synchronicity has created an issue. The infrastructure and hardware stand as the third and fourth layer respectively. A total modification in IT infrastructure is required in implementing cloud security and this incurs a great amount of cost [4]. The cost related issue has thrown a significant challenge in the implementation of state-of-art security.          

Findings and Result

From the article, it has been found that data utilization in s simple storage service is used global companies worldwide. The research has identified Amazon S3, in which data encryption is practical. In most of the cases, the static data encryption process is used regardless of whether the service provided is Saas, Iaa S or PaaS in nature.

Conclusion (article’s conclusion)

Reviewing the article, it can be said that, interest in cloud computing is increasing day by days although there are numerous issues that require attention. The fundamental elements of cloud computing emphasize the protection and safety of data. Conveyance model can be applied in the context of the data life cycle. The article also sheds light on risks of the security of data while sharing. In the future, a standard framework similar to the ISO framework has to be provided in data sharing in the cloud environment to ensure the security and safety of data.      


In light of the above discussion, it can be concluded that owing to the growing volume of data, the importance of the cloud-computing environment is rising contagiously. With the growing volume of data, risks also emerge regarding the safety and security of data. The future of the cloud computing resides on the safety and security encryption provided by the service provider and authentication protocol has to be modified to the volume of data accordingly.