Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
net/publication/299572565
CITATIONS READS
26 12,581
1 author:
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Self adaptive framework for secure VM migration over cloud computing View project
All content following this page was uploaded by Vuyyuru Krishna Reddy on 02 April 2016.
Abstract
The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing
services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to
address the security during the transmission of sensitive data and critical applications to shared and public cloud
environments. The cloud environments are scaling large for data processing and storage needs. Cloud
computing environment have various advantages as well as disadvantages on the data security of service
consumers. This paper aims to emphasize the main security issues existing in cloud computing environments.
The security issues at various levels of cloud computing environment is identified in this paper and categorized
based on cloud computing architecture. This paper focuses on the usage of Cloud services and security issues to
build these cross-domain Internet-connected collaborations.
I. Introduction
The Cloud Computing offers dynamically scalable resources provisioned as a service over the web and so
guarantees lots of economic advantages to be distributed among its adopters. betting on the kind of resources
provided by the Cloud, different layers may be outlined (see Figure 1). The bottom-most layer provides basic
infrastructure elements like Servers, CPU's, memory, and storage, and is henceforth typically denoted as
Infrastructure-as-a-Service (IaaS). Amazon Elastic Compute Cloud (EC2) and Amazon easy Storage Service
(S3) are distinguished example for an IaaS provide. Platform-as-a-Service (PaaS) that allows deploying and
dynamically scaling Python and Java primarily based net applications. Google App Engine for net is an example
for an PaaS. Finally, the top-most layer provides it users with able to use applications additionally referred to as
Software-as-a-Service (SaaS). SaaS has proven to be a universally accepted and trusted service to access
application functionality through a browser while not the requirement to possess or install pricey hardware or
software. To access these Cloud services, 2 main technologies may be currently identified. net Services are
commonly used to supply access to IaaS services and net browsers are used to access SaaS applications. In PaaS
environments each approach may be found. During this paper, we offer a summary on security problems with
Cloud Computing.
The paper is organized as follows. In section 2, we outline the layered architecture of Cloud Computing and
different security issues mapping used in the context of Cloud Computing and security. Then, in Section 3, we
provide a set of user layer security-related issues that apply to different Cloud Computing scenarios. In Section
4 Service Provider Layer security-related issues. In section 5, Virtual Machine Layer security-related issues. In
section 6, Infrastructure security-related issues. Finally concludes this paper in Section 7.
We provide and architectural view of the security issues to be addressed in cloud computing environment for
providing security for the customer. We have defined four layers based on cloud computing services
categorization. The cloud computing categorization based on services as Software-as-a-Service (SaaS),
Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). This section elaborates the four layers
shown in figure 1 and mapping the different security issues in each layer.
Some of the important components of User layer are Cloud Applications, Programming, Tools and
Environments. Some of the popular examples for these applications are B2B, Face Book, MySpace, Enterprise,
ISV, Scientific, CDNs, Web 2.0 Interfaces, Aneka, Mashups, Map Reduce, Hadoop, Dryad , Workflows,
Libraries, Scripting. Some of the security issues related to the user layer are Security as a Service, Browser
Security, and Authentication as elaborated in next sections.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7149
V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)
Some of the important components of Service Provider Layer are SLA Monitor, Metering, Accounting,
Resource Provisioning, Scheduler& Dispatcher, Load Balancer, Advance Resource Reservation Monitor, and
Policy Management.
Some of the security issues related to Service Provider Layer are Identity, Infrastructure, Privacy, Data
transmission, People and Identity, Audit and Compliance, Cloud integrity and Binding Issues.
Some of the important components of Virtual Machine Layer creates number of virtual machines and number of
operating systems and its monitoring. Some of the security issues related to Virtual Machine Layer are VM
Sprawl, VM Escape, Infrastructure, Separation between Customers, Cloud legal and Regularity issues, Identity
and Access management
Some of the important components of Data Center (Infrastructure) Layer contains the Servers, CPU's, memory,
and storage, and is henceforth typically denoted as Infrastructure-as-a-Service (IaaS). Some of the security
issues related to Data Center Layer are secure data at rest, Physical Security: Network and Server
End Users need to access resources within the cloud and may bear in mind of access agreements like acceptable
use or conflict of interest. The client organization have some mechanism to find vulnerable code or protocols at
entry points like servers, firewalls, or mobile devices and upload patches on the native systems as soon as they
are found. The cloud should secure from any user with malicious intent that will conceive to gain access to
information or pack up a service.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7150
V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)
3.3 Authentication
In the cloud environment, the primary basis for access control is user authentication and access control are more
important than ever since the cloud and all of its data are accessible to all over the Internet. Trusted Platform
Module (TPM) is a widely available and stronger authentication than username and passwords. Trusted
Computing Groups (TCG’s) is IF-MAP standard about authorized users and other security issue in real-time
communication between the cloud provider and the customer. When a user is reassigned or fired, the customer’s
uniqueness management system can report the cloud provider in real-time so that the user’s cloud access can be
revoked or modified within seconds. In cloud any fired user is logged, they can be immediately disconnected.
Trusted Computing enables authentication of client nodes and other devices for improving the security in cloud
computing. The frequently targeted attack is authentication in hosted and virtual services. The secure
mechanisms are used to the authentication process for frequent target of attackers by different ways to
authenticate users based on different information know by the user.
The public cloud computing surroundings offered by the cloud supplier and make sure that a cloud computing
resolution satisfies organizational security and privacy needs. The cloud supplier to provision the safety controls
necessary to safeguard the organization’s information and applications, and additionally the proof provided
regarding the effectiveness of these controls migrating organizational information and functions into the cloud.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7151
V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)
With cloud computing, the organization’s trust boundary will become dynamic and the application, system, and
network boundary of an organization will extend into the service provider domain.
Application security and user access controls will compensate for the loss of network control and to strengthen
risk assurance. Strong authorization, authentication based on claims or role, trusted sources with user activity
monitoring, identity federation , accurate attributes, single sign-on (SSO), and auditing.
4.2 Privacy
Privacy is the one of the Security issue in cloud computing. Personal information regulations vary across the
world and number of restrictions placed by number of countries whether it stored outside of the country. For a
cloud service provider, in every jurisdiction a single level of service that is acceptable. Based on contractual
commitments data can store within specific countries for privacy regulations, but this is difficult to verify. In
Private and confidential customer data fast rising for the consequences and potential costs of mistakes for
companies that handle. But professionals develop the security services and the cloud service privacy practices.
An effective assessment strategy must cover data protection, compliance, privacy, identity management, secure
operations, and other related security and legal issues.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7152
V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)
changes or blockings. This attack requires to adding to the Cloud system by creating its own malicious service
implementation module (PaaS or SaaS) or virtual machine instance (IaaS).
A virtual machine (VM) could be a software implementation of a machine that executes programs like a
physical machine. Extending virtual machines to public clouds causes the enterprise network perimeter to
evaporate and therefore the lowest-common denominator to impact the safety of all.
5.1 VM Escape
Virtual Machines (VM) have some relation with host machines and if VM is improperly configured could allow
functionality to fully avoid the virtual environment. It find full kernel or root access to customer node. This
result gives full system failure in the security mechanisms and is called VM escape. Some more risks in VM is
the hypervisor is the part of a virtual machine that allows enables VM/host isolation and resource sharing. It
provides the necessary separation during planned attack greatly determines how the virtual machine can
continue to exist risk. Rogue Hypervisors is the guest operating system is booted inside of a virtual environment
working like as a traditional OS managing I/O to hardware and network traffic, even though it’s controlled by
the hypervisor. The hypervisor has a full control over the system, not only in the VM and also on the host
machine. Increased Denial of Service Risk: The threat of denial-of-service (DoS) attacks against a virtualized
system is as prevalent as it is against no virtualized systems; but because the virtual machines share the host’s
resources, such as memory, processor, disk, I/O devices, and so on, a denial-of-service attack risk against
another VM, the host, or an external service is actually greatly increased.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7153
V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)
Background Tasks is traditional server operating systems are scheduled to run after important hours with
number of low-priority processes. Updating and Patching is the concept of suitable patching and updating of
systems in standards organizations. But the creation of VMs gives burden to the patch control process.
Implementing File Integrity Checks is a verifying process of the files retain the accurate consistency, and is the
process of that the files maintain serves as a check for disturbance into the system. Securing VM Remote Access
is most of the VM systems are located in a server farm physically distinct from the management location. Strong
authentication practices should be employed with Private/public PKI key pairs, One-time passwords, Strong
passwords, Two-factor authentication, Use encrypted communications only, such as a SSH or VPNs, and MAC
address or IP address filtering.
Cloud suppliers provide security-related services to a good vary of client types; the security equipped to the
foremost demanding clients is additionally created on the market to those with the smallest amount stringent
necessities. Whereas Infrastructure Security Solutions and product are often simply deployed, they need to a part
of an entire and secure design to be effective.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7154
V.Krishna Reddy et al. / International Journal of Engineering Science and Technology (IJEST)
permits unified service delivery, however additionally creates interdependency. as an example, identification
and authentication can be performed through an organization’s personal cloud infrastructure, as a method for its
users to achieve access to services provisioned in a very public cloud.
Preventing holes or leaks between the composed infrastructures could be a major concern with hybrid clouds, as
a result of will increase in complexity and diffusion of responsibilities. the supply of the hybrid cloud, computed
because the product of the supply levels for the part clouds, also can be a concern; if the % availability of
anyone part drops, the availability suffers proportionately. In cloud environment, purchasers want to form
certain that every one tenant domains are properly isolated that no probability exists for data or transactions to
leak from one tenant domain into successive.
For doing this, purchasers wish the talent to configure trusted policy-based security zones or virtual domains. As
data moves beyond the client's management, they expect capabilities like intrusion detection and prevention
systems to be designed into the environment. the priority is not solely intrusions into a client's trusted virtual
domains, but conjointly the potential for data leakages and for extrusions—the misuse of a client’s domain to
mount attacks on third parties. Moving data to external service suppliers raises additional problems regarding
internal and Internet-based denial of service (DoS) or distributed denial of service (DDoS) attacks. In a shared
environment, all parties ought to agree on their responsibilities to review data and perform these reviews on an
everyday basis. The organization to take the lead in terms of contract management for any risk assessments or
controls deployment and it does not execute directly. Where image catalogs are provided by the cloud provider,
purchasers want this footage to be secure and properly protected against corruption and abuse. Several shoppers
expect this footage to be cryptographically certified and guarded.
Application or software security got to be a vital part of your security program. Most enterprises with data
security programs have nevertheless to institute an application security program to take care of this realm.
Designing and implementing applications targeted for deployment on a cloud platform would need that existing
application security programs reevaluate current practices and standards.
7. Conclusion
In this paper, we explored the security issues at various levels of cloud computing service architecture. Security
of customer information is a major requirement for any services offered by any cloud computing. We
investigated ongoing security issues in Software-as-a-service (SaaS), Platform as a service (PaaS) and
Infrastructure as a service (IaaS). Cloud computing systems challenge is assessing and managing risk. In the
system lifecycle, risks that are identified should be rigorously balanced against the protection and privacy
controls out there and therefore the expected edges from their utilization. Too several controls may be
ineffective and inefficient, if the advantages outweigh the prices and associated risks. Federal agencies and
organizations ought to work to confirm an acceptable balance between the amount and strength of controls and
therefore the risks related to cloud computing solutions. Cloud computing security issues are to be addresses in
all the levels of cloud environment with essential protocols, specifications and tools.
References
[1] Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono, “On Technical Security Issues in Cloud Computing”, 2009 IEEE
International Conference on Cloud Computing
[2] Michael Gregg, “10 Security Concerns for Cloud Computing”, Expert Reference Series of White Papers, Global Knowledge, 2010
[3] “IBM Point of View: Security and Cloud Computing”, Cloud computing White paper November, 2009.
[4] Stephen C. Hawald , Cloud Computing with Software as a Service (SaaS): How It Is Changing the Business and Organization Today,
IT Today
[5] “Security and high availability in cloud computing environments” , IBM Global Technology Services Technical White Paper ,IBM ,
June 2011
[6] Dan Sullivan, “The Definitive Guide to Cloud Computing”, Realtime Publishers
[7] “Cloud Computing and Security –.A Natural Match”, Trusted Computing Group, April 2010.
[8] Ronald L. Krutz, Russell Dean Vines “Cloud Security A Comprehensive Guide to Secure Cloud Computing”, Wiley Publishing, Inc.,
2010
[9] Tim Mather, Subra Kumaraswamy, Shahed Latif “Cloud Security and Privacy”, O’Reilly Media, 2009
[10] John W. Rittinghouse, James F. Ransome “Cloud Computing: Implementation, Management, and Security” ,CRC Press, 2009.
[11] K. Thirupathi Rao et al., “High Level Architecture to Provide Cloud Services Using Green DataCenter”, in Advances in Wireless and
Mobile Communications (AWMC) Volume 3 Number 2, pp 109-119, Research India Publication ISSN 0973-6972 (2010).
[12] V. Krishna Reddy, B. Thirumal Rao, Dr. L.S.S. Reddy, P.Sai Kiran “Research Issues in Cloud Computing “ Global Journal of
Computer Science and Technology, Volume 11,Issue 11, July 2011.
ISSN : 0975-5462 Vol. 3 No. 9 September 2011 7155