See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/299572565

Security Architecture of Cloud Computing

Article · September 2011

CITATIONS READS

26 12,581

1 author:

Vuyyuru Krishna Reddy

K L University
42 PUBLICATIONS   232 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Self adaptive framework for secure VM migration over cloud computing View project

Cloud computing View project

All content following this page was uploaded by Vuyyuru Krishna Reddy on 02 April 2016.

The user has requested enhancement of the downloaded file.

  V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

Security Architecture of Cloud Computing

V.KRISHNA REDDY1, Dr. L.S.S.REDDY
Department of Computer Science and Engineering,
Lakireddy Bali Reddy College of Engineering, Mylavaram.
Krishna4474@gmail.com1

Abstract

The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing
services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to
address the security during the transmission of sensitive data and critical applications to shared and public cloud
environments. The cloud environments are scaling large for data processing and storage needs. Cloud
computing environment have various advantages as well as disadvantages on the data security of service
consumers. This paper aims to emphasize the main security issues existing in cloud computing environments.
The security issues at various levels of cloud computing environment is identified in this paper and categorized
based on cloud computing architecture. This paper focuses on the usage of Cloud services and security issues to
build these cross-domain Internet-connected collaborations.

Keywords : Infrastructure-as-a-Service (IaaS); Platform-as-a-Service (PaaS); Software-as-a-Service (SaaS);

Virtual Machine (VM).

I. Introduction

The Cloud Computing offers dynamically scalable resources provisioned as a service over the web and so
guarantees lots of economic advantages to be distributed among its adopters. betting on the kind of resources
provided by the Cloud, different layers may be outlined (see Figure 1). The bottom-most layer provides basic
infrastructure elements like Servers, CPU's, memory, and storage, and is henceforth typically denoted as
Infrastructure-as-a-Service (IaaS). Amazon Elastic Compute Cloud (EC2) and Amazon easy Storage Service
(S3) are distinguished example for an IaaS provide. Platform-as-a-Service (PaaS) that allows deploying and
dynamically scaling Python and Java primarily based net applications. Google App Engine for net is an example
for an PaaS. Finally, the top-most layer provides it users with able to use applications additionally referred to as
Software-as-a-Service (SaaS). SaaS has proven to be a universally accepted and trusted service to access
application functionality through a browser while not the requirement to possess or install pricey hardware or
software. To access these Cloud services, 2 main technologies may be currently identified. net Services are
commonly used to supply access to IaaS services and net browsers are used to access SaaS applications. In PaaS
environments each approach may be found. During this paper, we offer a summary on security problems with
Cloud Computing.
The paper is organized as follows. In section 2, we outline the layered architecture of Cloud Computing and
different security issues mapping used in the context of Cloud Computing and security. Then, in Section 3, we
provide a set of user layer security-related issues that apply to different Cloud Computing scenarios. In Section
4 Service Provider Layer security-related issues. In section 5, Virtual Machine Layer security-related issues. In
section 6, Infrastructure security-related issues. Finally concludes this paper in Section 7.

II. Overview of High-level Cloud Architecture

We provide and architectural view of the security issues to be addressed in cloud computing environment for
providing security for the customer. We have defined four layers based on cloud computing services
categorization. The cloud computing categorization based on services as Software-as-a-Service (SaaS),
Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). This section elaborates the four layers
shown in figure 1 and mapping the different security issues in each layer.
Some of the important components of User layer are Cloud Applications, Programming, Tools and
Environments. Some of the popular examples for these applications are B2B, Face Book, MySpace, Enterprise,
ISV, Scientific, CDNs, Web 2.0 Interfaces, Aneka, Mashups, Map Reduce, Hadoop, Dryad , Workflows,
Libraries, Scripting. Some of the security issues related to the user layer are Security as a Service, Browser
Security, and Authentication as elaborated in next sections.

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7149
  V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

Some of the important components of Service Provider Layer are SLA Monitor, Metering, Accounting,
Resource Provisioning, Scheduler& Dispatcher, Load Balancer, Advance Resource Reservation Monitor, and
Policy Management.

Figure 1: Security Architecture of Cloud Computing 

Some of the security issues related to Service Provider Layer are Identity, Infrastructure, Privacy, Data
transmission, People and Identity, Audit and Compliance, Cloud integrity and Binding Issues.
Some of the important components of Virtual Machine Layer creates number of virtual machines and number of
operating systems and its monitoring. Some of the security issues related to Virtual Machine Layer are VM
Sprawl, VM Escape, Infrastructure, Separation between Customers, Cloud legal and Regularity issues, Identity
and Access management
Some of the important components of Data Center (Infrastructure) Layer contains the Servers, CPU's, memory,
and storage, and is henceforth typically denoted as Infrastructure-as-a-Service (IaaS). Some of the security
issues related to Data Center Layer are secure data at rest, Physical Security: Network and Server

3. End User Security Issues

End Users need to access resources within the cloud and may bear in mind of access agreements like acceptable
use or conflict of interest. The client organization have some mechanism to find vulnerable code or protocols at
entry points like servers, firewalls, or mobile devices and upload patches on the native systems as soon as they
are found. The cloud should secure from any user with malicious intent that will conceive to gain access to
information or pack up a service.

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7150
  V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

3.1 Security-as-a- service

In Cloud environment the security provided by customers using cloud services and the cloud service providers
(CSPs).Security-as-a-service is a security provided as cloud services and it can provided in two methods: In first
method anyone can changing their delivery methods to include cloud services comprises established information
security vendors. The second method Cloud Service Providers are providing security only as a cloud service
with information security companies. Almost all the security companies, anti-malware vendors involved in the
delivery of SaaS with regard to email filtering and so on.

3.2 Browser Security

In a Cloud environment, remote servers are used for computation. The client nodes are used for input/output
operations only, and for authorization and authentication of information to the Cloud. A standard Web browser
is platform in-dependent client software useful for all users throughout the world. This can be categorized into
different types: Software-as-a-Service (SaaS), Web applications, or Web 2.0. TLS is used for data encryption
and host authentication
The Legacy Same Origin Policy is the insertion of scripting languages into Web pages for access rights for
scripts. In is to allow access read or write operations the same origin on content, to disallow but from the
different origin any access on content. Origin means a “the same application”, it can be defined with domain
name, protocol, port in a web. But some problems with the SOP, but it could be solved with “origin” definition.
In the case of WWW it’s not working properly. Security requirements for to protect both data during transport,
and to authenticate the server’s domain name in Web applications is TLS.
Attacks on Browser-based Cloud Authentication are one of the security problem with browser-based protocols
in Cloud Computing and it is not capable to generate cryptographically valid XML tokens. So, it can possible
with a trusted third party. Login is not possible at a server due to the fewer credentials in browser, So HTTP
forward it to the Passport login server. After entering username and password from user, then the Passport
server convert this authentication into a Kerberos token, it can redirected to the requesting server from other
HTTP redirect. Kerberos tokens are not clear to the browser is the security problem with Passport, and it
protected by the SOP. But any attacker can access those tokens then he accesses all services of the victim.
Secure Browser-based Authentication is the situation is not suggested, but we can perform for better results by
combined SOP and TLS for secure FIM protocols. In Cloud Computing by using TLS Browser Enhancements
are very limited in an authentication center. It is not possible for XML Signature, the browser can be added
many Web Service functionalities by simply loading an appropriate JavaScript library during runtime. So, the
browser security API can be adding the enhancements XML Encryption and XML Signature.

3.3 Authentication
In the cloud environment, the primary basis for access control is user authentication and access control are more
important than ever since the cloud and all of its data are accessible to all over the Internet. Trusted Platform
Module (TPM) is a widely available and stronger authentication than username and passwords. Trusted
Computing Groups (TCG’s) is IF-MAP standard about authorized users and other security issue in real-time
communication between the cloud provider and the customer. When a user is reassigned or fired, the customer’s
uniqueness management system can report the cloud provider in real-time so that the user’s cloud access can be
revoked or modified within seconds. In cloud any fired user is logged, they can be immediately disconnected.
Trusted Computing enables authentication of client nodes and other devices for improving the security in cloud
computing. The frequently targeted attack is authentication in hosted and virtual services. The secure
mechanisms are used to the authentication process for frequent target of attackers by different ways to
authenticate users based on different information know by the user.

4. Service Provider Security Issues

The public cloud computing surroundings offered by the cloud supplier and make sure that a cloud computing
resolution satisfies organizational security and privacy needs. The cloud supplier to provision the safety controls
necessary to safeguard the organization’s information and applications, and additionally the proof provided
regarding the effectiveness of these controls migrating organizational information and functions into the cloud.

4.1 Identity and access management

Identity and Access Management (IAM) features are Authorization, Authentication, and Auditing (AAA) of
users accessing cloud services. In any organization “trust boundary” is mostly static and is monitored and
controlled for applications which are deployed within the organization’s perimeter. In a private data center, it
managed the trust boundary encompasses the network, systems, and applications. And it is secured via network
security controls including intrusion prevention systems (IPSs), intrusion detection systems (IDSs), virtual
private networks (VPNs), and multifactor authentication.

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7151
  V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

With cloud computing, the organization’s trust boundary will become dynamic and the application, system, and
network boundary of an organization will extend into the service provider domain.
Application security and user access controls will compensate for the loss of network control and to strengthen
risk assurance. Strong authorization, authentication based on claims or role, trusted sources with user activity
monitoring, identity federation , accurate attributes, single sign-on (SSO), and auditing.

4.2 Privacy
Privacy is the one of the Security issue in cloud computing. Personal information regulations vary across the
world and number of restrictions placed by number of countries whether it stored outside of the country. For a
cloud service provider, in every jurisdiction a single level of service that is acceptable. Based on contractual
commitments data can store within specific countries for privacy regulations, but this is difficult to verify. In
Private and confidential customer data fast rising for the consequences and potential costs of mistakes for
companies that handle. But professionals develop the security services and the cloud service privacy practices.
An effective assessment strategy must cover data protection, compliance, privacy, identity management, secure
operations, and other related security and legal issues.

4.3 Securing Data in Transmission

Encryption techniques are used for data in transmission. To provide the protection for data only goes where the
customer wants it to go by using authentication and integrity and is not modified in transmission. SSL/TLS
protocols are used here.
In Cloud environment most of the data is not encrypted in the processing time. But to process data, for any
application that data must be unencrypted. In a fully homomorphism encryption scheme advance in
cryptography, which allows data to be processed without being decrypted. To provide the confidentiality and
integrity of data-in-transmission to and from cloud provider by using access controls like authorization,
authentication, auditing for using resources, and ensure the availability of the Internet-facing resources at cloud
provider.
Man-in-the-middle attacks is cryptographic attack is carried out when an attacker can place themselves in the
communication’s path between the users. Here, there is the possibility that they can interrupt and change
communications.

4.4 User Identity

In Organizations, only authorized users across their enterprise and access to the data and tools that they require,
when they require them, and all unauthorized users are blocked for access. In Cloud environments support a
large enterprise and various communities of users, so these controls are more critical. Clouds begin a new level
of privileged users working for the cloud provider is administrators. And an important requirement is privileged-
user monitoring, including logging activities. This monitoring should include background checking and physical
monitoring. To coordinate authentication and authorization with the enterprise back-end or third-party systems
are identity federation and rapid on boarding capabilities. For allowing users to easily and quickly leverage
cloud services use single sign-on capability is required to simplify user logons for both the cloud and internally
hosted applications.

4.5 Audit and Compliance

An organization implements the Audit and compliance to the internal and external processes that may fallow the
requirements classification with which it must stand and the requirements are customer contracts, laws and
regulations, driven by business objectives, internal corporate policies and check or monitor all such policies,
procedures, and processes are without fail. In traditional Out sourcing relationships plays an important role for
Audit and compliance. In Cloud dynamic nature, increase the importance of these functions in platform-as-a-
service (PaaS), infrastructure-as-a-service (IaaS), and software-as-a-service (SaaS) environments.
Customers’ business and regulatory requirements are monitor ,establish and demonstrate with set of controls and
it is a challenge task for Cloud service providers (CSPs). In clouds , to audit and compliance with coordination
of external auditing, regulatory compliance and internal policy compliance.

4.6 Cloud Integrity and Binding Issues

In a Cloud Computing system, the major responsibility is coordinating and maintaining instances of virtual
machines (IaaS) or explicit service execution modules (PaaS). For any user request, the Cloud system is
responsible for determining a free-to-use instance of implementation type for the requested service and for
accessing that new instance the address is to be communicated for the requesting user. Cloud Malware Injection
Attack is a basic attack in Cloud system for attempt aims at injecting a malicious service performance or virtual
machine. It is useful for any purpose the adversary is interested in data modifications to full functionality

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7152
  V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

changes or blockings. This attack requires to adding to the Cloud system by creating its own malicious service
implementation module (PaaS or SaaS) or virtual machine instance (IaaS).

4.7 Flooding Attacks

Cloud system provider maintains all basic operational tasks in Cloud Computing. In this tasks server hardware
maintenance is the most important instead of operating as own hardware. So, Cloud Computing enables
companies (clients) to rent server hardware on demand (IaaS). It gives more economic benefits when it comes to
dynamics in server load. Same servers can operate in different time zones with different data traffic. In Cloud
Computing environment provides a dynamic adaptation of hardware requirements to the actual workload
occurring without buying sufficient server hardware for the high workload times. Practically, it can be achieved
by using virtual machines. If a company’s demand on computational power rises, it simply is provided with
more instances of virtual machines for its services.
Direct Denial of Service is a service attack involves saturating the objective with bogus requests to prevent it
from responding to reasonable requests in a timely manner. An attacker to launch physical attack typically uses
multiple computers or a botnet. It can capture large number of resources to protect against and cause charges to
rise. The cloud dynamic provisioning in some ways minimizes the task of an attacker to cause harm. At the
same time, the resources of a cloud are significant with enough attacking computers they can become saturated.
Indirect Denial of Service is manage the computational power of the attacker, in cloud service the direct
flooding attack gives some side effect and the same hardware provides some other services may suffer the
workload caused by the flooding.
The service instance may on flooded service instance, the same server with another. By using the flooding attack
requests the server’s hardware resources are completely exhausted, then the same hardware machine are unable
to perform the other service instances intended tasks. So, the Denial of Service is targeted other services with
target service instances on the same server hardware. In Cloud computing environment, denial of service can
cause and notice the lack of availability and switch to other service instances to other servers. It is extra burden
to all other servers and it spreads all the servers in the complete computing Cloud.

4.8 Accounting and Accountability

Accounting and Accountability is a main cost-effective driver behind operation a Cloud Computing service is
charging the customers according to their actual usage and another flooding attack on a Cloud service is
drastically increasing the bills for Cloud usage. For computational power usage there is no “upper limits” then
the client running the flooded service most likely has to foot the bill for the workload caused by the attacker.

5. Security Issues in Virtualization

A virtual machine (VM) could be a software implementation of a machine that executes programs like a
physical machine. Extending virtual machines to public clouds causes the enterprise network perimeter to
evaporate and therefore the lowest-common denominator to impact the safety of all.

5.1 VM Escape
Virtual Machines (VM) have some relation with host machines and if VM is improperly configured could allow
functionality to fully avoid the virtual environment. It find full kernel or root access to customer node. This
result gives full system failure in the security mechanisms and is called VM escape. Some more risks in VM is
the hypervisor is the part of a virtual machine that allows enables VM/host isolation and resource sharing. It
provides the necessary separation during planned attack greatly determines how the virtual machine can
continue to exist risk. Rogue Hypervisors is the guest operating system is booted inside of a virtual environment
working like as a traditional OS managing I/O to hardware and network traffic, even though it’s controlled by
the hypervisor. The hypervisor has a full control over the system, not only in the VM and also on the host
machine. Increased Denial of Service Risk: The threat of denial-of-service (DoS) attacks against a virtualized
system is as prevalent as it is against no virtualized systems; but because the virtual machines share the host’s
resources, such as memory, processor, disk, I/O devices, and so on, a denial-of-service attack risk against
another VM, the host, or an external service is actually greatly increased.

5.2 VM Security Recommendations Best Practice Security Techniques

Hardening the Host Operating System is Vulnerabilities are move to the virtual machine operating system from
the operating system of the host computer. Limiting Physical Access to the Host is to protect the hardware of the
virtual machine by using physical host security to avoid intruders from attacking the hardware. Using Encrypted
Communications is to provide secure communications by using Cryptography techniques like Transport Layer
Security (TLS), encrypted Virtual Private Networks (VPNs), Secure Shell (SSH), and Secure HTTP (HTTPS)
etc., between the client domain and host domain and, or from administrations to host systems. Disabling

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7153
  V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

Background Tasks is traditional server operating systems are scheduled to run after important hours with
number of low-priority processes. Updating and Patching is the concept of suitable patching and updating of
systems in standards organizations. But the creation of VMs gives burden to the patch control process.
Implementing File Integrity Checks is a verifying process of the files retain the accurate consistency, and is the
process of that the files maintain serves as a check for disturbance into the system. Securing VM Remote Access
is most of the VM systems are located in a server farm physically distinct from the management location. Strong
authentication practices should be employed with Private/public PKI key pairs, One-time passwords, Strong
passwords, Two-factor authentication, Use encrypted communications only, such as a SSH or VPNs, and MAC
address or IP address filtering.

5.3 Separation between Users

One of the most important cloud concerns issue is separation between a cloud provider’s users to avoid
intentional or inadvertent access to sensitive information. In a cloud Environment, provider use virtual machines
(VMs) and a hypervisor to separate cloud customers. The VM and virtual network separation security
improvements from TCG technologies. VM integrity and hardware-based verification of hypervisor are
provided by TPM. Strong network separation and security are provided by TNC architecture and standards.

5.4 Cloud legal issues

A cloud provider has practices and strong policies that address regulatory and legal issues, to inspect cloud
provider policies and practices to ensure their adequacy each customer must have its legal and regulatory
experts. The issues to be considered include auditing, data security and export, data retention and destruction,
legal discovery and compliance. In limiting access to data, Trusted Storage and TPM access techniques can play
a key role.

6. Infrastructure Security Issues

Cloud suppliers provide security-related services to a good vary of client types; the security equipped to the
foremost demanding clients is additionally created on the market to those with the smallest amount stringent
necessities. Whereas Infrastructure Security Solutions and product are often simply deployed, they need to a part
of an entire and secure design to be effective.

6.1 Securing Data-Storage

In Cloud computing environment data protection as the most important security issue. In this issue , it concerns
include the way in which data is accessed and stored , audit requirements, compliance , notification
requirements , issues involving the cost of data breaches, and damage to brand value. In the cloud storage
infrastructure, regulated and sensitive data needs to be properly segregated. In the service provider’s data center
, protecting data privacy and managing compliance are critical by using encrypting and managing encryption
keys of data in transfer to the cloud.
Encryption keys share securely between Consumer and the cloud service provider and encryption of mobile
media is an important and often overlooked need. PaaS based applications, Data-at-rest is the economics of
cloud computing and a multitenancy architecture used in SaaS. In other words, data, when stored for use by a
cloud-based application or, processed by a cloud-based application, is commingled with other users’ data. In
cloud computing, data co-location has some significant restrictions. In public and financial services areas
involving users and data with different risks. The cloud-wide data classification will govern how that data is
encrypted, who has access and archived, and how technologies are used to prevent data loss.
At the cloud provider, the best practice for securing data at rest is cryptographic encryption and shipping self-
encrypting is used by hard drive manufacturers. Self-encrypting provides automated encryption with
performance or minimal cost impact. Software encryption is less secure and slower because the encryption key
can be copied off the machine without detection.

6.2 Network and Server

Server-Side Protection: Virtual servers and applications, very like their non-virtual counterparts, have to be
compelled to be secured in IaaS clouds, each physically and logically. Example, virtual firewalls are often used
to isolate teams of virtual machines from different hosted teams, like production systems from development
systems or development systems from different cloud-resident systems. Rigorously managing virtual machine
pictures is additionally vital to avoid accidentally deploying pictures underneath development or containing
vulnerabilities.
Hybrid clouds are a sort of composite cloud with similar protection problems. in a very hybrid cloud the
infrastructure consists of private cloud composed with either a public cloud or another organization’s private
cloud. The clouds themselves stay distinctive entities, sure along by standardized or proprietary technology that

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7154
   V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)

permits unified service delivery, however additionally creates interdependency. as an example, identification
and authentication can be performed through an organization’s personal cloud infrastructure, as a method for its
users to achieve access to services provisioned in a very public cloud.
Preventing holes or leaks between the composed infrastructures could be a major concern with hybrid clouds, as
a result of will increase in complexity and diffusion of responsibilities. the supply of the hybrid cloud, computed
because the product of the supply levels for the part clouds, also can be a concern; if the % availability of
anyone part drops, the availability suffers proportionately. In cloud environment, purchasers want to form
certain that every one tenant domains are properly isolated that no probability exists for data or transactions to
leak from one tenant domain into successive.
For doing this, purchasers wish the talent to configure trusted policy-based security zones or virtual domains. As
data moves beyond the client's management, they expect capabilities like intrusion detection and prevention
systems to be designed into the environment. the priority is not solely intrusions into a client's trusted virtual
domains, but conjointly the potential for data leakages and for extrusions—the misuse of a client’s domain to
mount attacks on third parties. Moving data to external service suppliers raises additional problems regarding
internal and Internet-based denial of service (DoS) or distributed denial of service (DDoS) attacks. In a shared
environment, all parties ought to agree on their responsibilities to review data and perform these reviews on an
everyday basis. The organization to take the lead in terms of contract management for any risk assessments or
controls deployment and it does not execute directly. Where image catalogs are provided by the cloud provider,
purchasers want this footage to be secure and properly protected against corruption and abuse. Several shoppers
expect this footage to be cryptographically certified and guarded.
Application or software security got to be a vital part of your security program. Most enterprises with data
security programs have nevertheless to institute an application security program to take care of this realm.
Designing and implementing applications targeted for deployment on a cloud platform would need that existing
application security programs reevaluate current practices and standards.

7. Conclusion

In this paper, we explored the security issues at various levels of cloud computing service architecture. Security
of customer information is a major requirement for any services offered by any cloud computing. We
investigated ongoing security issues in Software-as-a-service (SaaS), Platform as a service (PaaS) and
Infrastructure as a service (IaaS). Cloud computing systems challenge is assessing and managing risk. In the
system lifecycle, risks that are identified should be rigorously balanced against the protection and privacy
controls out there and therefore the expected edges from their utilization. Too several controls may be
ineffective and inefficient, if the advantages outweigh the prices and associated risks. Federal agencies and
organizations ought to work to confirm an acceptable balance between the amount and strength of controls and
therefore the risks related to cloud computing solutions. Cloud computing security issues are to be addresses in
all the levels of cloud environment with essential protocols, specifications and tools.

References

[1] Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono, “On Technical Security Issues in Cloud Computing”, 2009 IEEE
International Conference on Cloud Computing
[2] Michael Gregg, “10 Security Concerns for Cloud Computing”, Expert Reference Series of White Papers, Global Knowledge, 2010
[3] “IBM Point of View: Security and Cloud Computing”, Cloud computing White paper November, 2009.
[4] Stephen C. Hawald , Cloud Computing with Software as a Service (SaaS): How It Is Changing the Business and Organization Today,
IT Today
[5] “Security and high availability in cloud computing environments” , IBM Global Technology Services Technical White Paper ,IBM ,
June 2011
[6] Dan Sullivan, “The Definitive Guide to Cloud Computing”, Realtime Publishers
[7] “Cloud Computing and Security –.A Natural Match”, Trusted Computing Group, April 2010.
[8] Ronald L. Krutz, Russell Dean Vines “Cloud Security A Comprehensive Guide to Secure Cloud Computing”, Wiley Publishing, Inc.,
2010
[9] Tim Mather, Subra Kumaraswamy, Shahed Latif “Cloud Security and Privacy”, O’Reilly Media, 2009
[10] John W. Rittinghouse, James F. Ransome “Cloud Computing: Implementation, Management, and Security” ,CRC Press, 2009.
[11] K. Thirupathi Rao et al., “High Level Architecture to Provide Cloud Services Using Green DataCenter”, in Advances in Wireless and
Mobile Communications (AWMC) Volume 3 Number 2, pp 109-119, Research India Publication ISSN 0973-6972 (2010).
[12] V. Krishna Reddy, B. Thirumal Rao, Dr. L.S.S. Reddy, P.Sai Kiran “Research Issues in Cloud Computing “ Global Journal of
Computer Science and Technology, Volume 11,Issue 11, July 2011.

 
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7155

View publication stats