1

Security Issues in Cloud Computing

B. S. PANDA1*

, Rahul Abhishek2, Pratik

3, Binay Ranjan

4

1Asst. Professor, MITS Engineering College, Rayagada, Orissa. 2Student, Dept. of Information Technology. MITS, Rayagada, Orissa. 3Student, Dept. of Information Technology. MITS, Rayagada, Orissa.

4Student, Dept. of Computer Science & Engg. MITS, Rayagada, Orissa.

E-mail: bspanda@sify.com

E-mail: rahulmithu.abhishek@gmail.com

Abstract:

In this paper, we discuss cloud computing security and its security issues. In particular, we discuss a

scheme for secure publications of documents in a cloud. It will converse secure federated query

processing, and discuss the use of secure co-processors for cloud computing. Cloud computing is a

general term for anything that involves delivering hosted services over the Internet. These services are

broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and

Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that's often

used to represent the Internet in flowcharts and diagrams. There is a critical need to securely store,

manage, share and analyze massive amounts of complex(e.g., semi-structured and unstructured) data to

determine patterns and trends in order to improve the quality of healthcare, better safeguard the nation and explore alternative energy. Because of the critical nature of the applications, it is important that

clouds be secure. The emerging cloud computing model attempts to address the explosive growth of web-

connected devices, and handle massive amount of data.

Key Words: IaaS, PaaS, SaaS , Cloud Module ,Data Encryption ,security concerns , Data security.

1. Introduction

As a metaphor for the Internet, "the cloud" is a

familiar cliché, but when combined with

"computing," the meaning gets bigger and fuzzier. Some analysts and vendors define cloud

computing narrowly as an updated version of

utility computing: basically virtual servers

available over the Internet (figure 1). Others go

very broad, arguing anything you consume outside

the firewall is "in the cloud," including

conventional outsourcing.

Cloud computing is a new consumption and

delivery model for IT services. The concept of

cloud computing represents a shift in thought, in those end users need not know the details of a

specific technology. The service is fully managed

by the provider. Users can consume services at a

rate that is set by their particular needs. This on-

demand service can be provided at any time.

Fig1. Cloud Computing

Data security involves encrypting the data as well

as ensuring that appropriate policies are enforced

for data sharing. In addition, resource allocation

and memory management algorithms have to be

secure. Finally, data mining techniques may be

applicable to malware detection in clouds. We

have extended the technologies and concepts we

2

have developed for secure grid to a secure cloud. We have defined a layered framework for assured

cloud computing consisting of the secure virtual

machine layer, secure cloud storage layer, secure

cloud data layer, and the secure virtual network

monitor layer (Figure 2). Cross cutting services

are provided by the policy layer, the cloud

monitoring layer, the reliability layer and the risk

analysis layer. For the Secure Virtual Machine

(VM) Monitor we are combining both hardware

and software solutions in virtual machines to

handle problems such as key logger examining XEN developed at the University of Cambridge

and exploring security to meet the needs of our

applications (e.g., secure distributed storage and

data management). For Secure Cloud Storage

Management, we are developing a storage

infrastructure which integrates resources from

multiple providers to form a massive virtual

storage system.

Figure2. Layered framework for assured cloud

2. Cloud Computing Models

Cloud computing models can be broken into three

basic designs, which are shown here and

described below(Figure 3).

Figure3. Cloud Computing Models

2.1 Infrastructure-as-a-Service (IaaS) – As the name implies, you are buying infrastructure. You

own the software and are purchasing virtual power

to execute as needed. This is much like running a

virtual server on your own equipment, except you

are now running a virtual server on a virtual disk.

This model is similar to a utility company model,

as you pay for what you use. An example is

Amazon Web Services at http://aws.amazon.com.

2.2 Platform-as-a-Service (PaaS) – In this model

of cloud computing, the provider provides a platform for your use. Services provided by this

model include all phases of the system

development life cycle (SDLC) and can use

application program interface (APIs), website

portals, or gateway software. Buyers do need to

look closely at specific solutions, because some

providers do not allow software created by their

customers to be moved off the provider’s

platform. An example of PaaS is GoogleApps.

2.3 Software-as-a-Service (SaaS) – This model is designed to provide everything and simply rent

out the software to the user. The service is usually

provided through some type of front end or web

portal. While the end user is free to use the service

from anywhere, the company pays a per use fee.

Salesforce.com offers this type of service.

3. Cloud Computing Attacks

As more companies move to cloud computing,

look for hackers to follow. Some of the potential

attack vectors criminals may attempt include:

3.1 Denial of Service (DoS) attacks - Some

security professionals have argued that the cloud

is more vulnerable to DoS attacks, because it is

shared by many users, which makes DoS attacks

much more damaging. Twitter suffered a

devastating DoS attack during 2009.

3.2 Side Channel attacks – An attacker could

attempt to compromise the cloud by placing a

malicious virtual machine in close proximity to a

target cloud server and then launching a side channel attack.

3.3 Authentication attacks – Authentication is a

weak point in hosted and virtual services and is

frequently targeted. There are many different

ways to authenticate users; for example, based on

3

what a person knows, has, or is. The mechanisms used to secure the authentication process and the

methods used are a frequent target of attackers.

3.4 Man-in-the-middle cryptographic attacks –

This attack is carried out when an attacker places

himself between two users. Anytime attackers can

place themselves in the communication’s path,

there is the possibility that they can intercept and

modify communications.

4. Security Concerns of Cloud Computing

While cost and ease of use are two great benefits

of cloud computing, there are significant security concerns that need to be addressed when

considering moving critical applications and

sensitive data to public and shared cloud

environments. To address these concerns, the

cloud provider must develop sufficient controls to

provide the same or a greater level of security than

the organization would have if the cloud were not

used. Listed here are ten items to review when

considering cloud computing.

5. Secure Data Publication Applied To Cloud

Cloud computing facilitates storage of data at a

remote site to maximize resource utilization.

As a result, it is critical that this data be protected

and only given to authorized individuals. This

essentially amounts to secure publication of data

that is necessary for data outsourcing, as well as

external publications. We have developed techniques for publication of data in a secure

manner. We assume that the data is represented as

an XML document. This is a valid assumption as

many of the documents on the web are now

represented as XML documents. In the access

control framework proposed in Bertino (2002),

security policy is specified depending on user

roles and credentials Users must possess the

credentials to access XML documents.

Security could improve due to centralization of data, increased security-focused resources, etc.,

but concerns can persist about loss of control over

certain sensitive data, and the lack of security for

stored kernels. Security is often as good as or

better than under traditional systems, in part because providers are able to devote resources to

solving security issues that many customers

cannot afford. However, the complexity of

security is greatly increased when data is

distributed over a wider area or greater number of

devices and in multi-tenant systems that are being

shared by unrelated users. In addition, user access

to security audit logs may be difficult or

impossible. Private cloud installations are in part

motivated by users' desire to retain control over

the infrastructure and avoid losing control of information security. This essentially amounts to

secure publication of data that is necessary for

data outsourcing, as well as external publications.

Since data in the cloud will be placed anywhere, it

is important that the data is encrypted. We are

using secure co-processor as part of the cloud

infrastructure to enable efficient encrypted storage

of sensitive data.

Security is needed at server access internet access

database access data privacy program access. Security concerns arising because both customer

data and program are residing in provider

premises.

Security is used to save data and program from

disrupts services, theft of information, loss of

privacy, hostile program, hostile people giving

instructions to good programs, bad guys

corrupting or eavesdropping on communications.

6. Summary and Conclusion

In this paper, we first discussed cloud computing then cloud module and its expansion secondly

security issues for cloud. These issues include

storage security, middleware security, data

security, network security and application

security. The main goal is to securely store and

manage data that is not controlled by the owner of

the data. We discussed how we may secure

documents that may be published. There are

several other security challenges including

security aspects of virtualization. We believe that

due to the complexity of the cloud, it will be difficult to achieve end-to-end security.

However, the challenge we have is to ensure more

secure operations even if some parts of the cloud

fail.

4

For many applications, we not only need information assurance but also mission assurance.

Figure2. Case study of Worldwide Spending

Cloud

Reference

1. Andy BechtolsheimChairman & Co-

founder, Arista Networks.

November 12th, 2008

2. Encrypted Storage and Key Management for the cloud. Cryptoclarity.com. 2009-

07-30.

3. http://www.cryptoclarity.com/CryptoClar

ityLLC/Welcome/Entries/2009/7/23_Enc

rypted_Storage_and_Key_Management_

for_the_cloud.html. Retrieved 2010-08-

22

4. Mills, Elinor (2009-01-27). "Cloud

computing security forecast: Clear skies". CNET.

5. Michael Gregg, Global Knowledge

Instructor, CISA, CISSP, CISM, MCSE,

CTT+, CGEIT, A+, N+, Security+,

CNA, CCNA, CIW Security Analyst,

CEH, CHFI, CEI, DCNP, ES Dragon

IDS, ES Advanced Dragon IDS, and

SSCP.

6. Ashwin Alfred Pinto, Shvetank Verma,

Satyam Singh, Prashant Srivastava, Rahul Gupta, and Vijay Chourasia.

Proceedings of the World Congress on

Engineering 2011

7. Vol I WCE 2011, July 6 - 8, 2011,

London, U.K.

8. www.cloudbook.net/resources.

9. "Service-Oriented Computing and Cloud

Computing: Challenges and

Opportunities". IEEE Internet

Computing. Retrieved 2010-12-04.

10. "The NIST Definition of Cloud Computing (Draft)". National Institute of

Science and Technology. Retrieved 24

July 2011.