Cloud computing and its security aspects

eSAT Publishing House
eSAT Publishing HouseeSAT Publishing House

IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology

IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 62
CLOUD COMPUTING AND ITS SECURITY ASPECTS
Subhash Basishtha1
, Saptarshi Boruah2
1
Department of Information Technology, Assam University, Silchar-788011, India
2
Department of Information Technology, Assam University, Silchar-788011, India
Abstract
Cloud computing is a new computing paradigm in the field of it that provides hosted services to a large number of user on demand
basis over the internet. They are internet based network that has large numbers of servers. It allows to use the services only when you
want and pay only for the amount what you have used. Since cloud computing share distributed resources over an open environment,
so security becomes a major concern here. To improve the work performance different services are distributed on different servers but
the security and safety aspects are remaining insufficient. Security is the one of major issues that hampers the growth of cloud. So, in
this paper we first try to give an idea about cloud computing and then concentrate on the major security aspects of cloud computing
paradigm.
Keywords: Cloud Computing, IT, Infrastructure, cloud, Security.
----------------------------------------------------------------------***--------------------------------------------------------------------
1. INTRODUCTION
Cloud computing is the latest trend in the IT field. It is a way
to increase the capacity or add capabilities dynamically without
investing in new infrastructure, training new personnel, or
licensing new software. This technology has the capacity of
allocating resources to its user on request over the network. In
cloud computing we can obtain networked storage space and
computer resources. With the help of cloud it is possible to
access the information from anywhere at any time. The cloud
removes the need of to be in the same physical location as the
hardware. The cloud provider both own and house the
hardware and software necessary to run your application. It is
mainly developed to cut the operational and capital costs so
that IT department can focus on strategic projects instead of
keeping the datacenter running. In the last few years cloud
computing becomes one of the fast growing technology in the
IT industry. As more and more information of individual or
companies are placed on the cloud, security becomes a major
concern. Security issues play a significant role in slowing
down its acceptance.
One way of thinking cloud computing is to consider the
experience with email. In case of email client, if it is Yahoo!,
Gmail, Hotmail, and so on, takes care of housing all of the
hardware and software necessary to support client personal
email account. When you want to access your email you open
your web browser, go to the email client, and log in. The most
important requirement is having internet access. Your email is
not housed on your physical computer; you access it through
an internet connection, and you can access it anywhere. An
email client is similar to how cloud computing works. Except
instead of accessing just your email, you can choose what
information you have access to within the cloud. [3]
2. SURVEY ON CLOUD SECURITY
Fig 1: Ranking of security in cloud computing as surveyed by
IDC. [5]
The Fig: 1 shows the survey on security. This represents
security as first rank according to IT executives. This
information is collected from 263 IT professional by asking
different question related to the cloud, and many of the
executives are worried about security perspective of cloud. [5]
3. OVERVIEW
The cloud is helpful for the businesses or companies that
cannot afford the hardware or the storage space that they
required. With the help of cloud they can store their
information in the cloud and can the use the computer
resources. Thus removing the cost of purchasing the memory
devices and other hardware. They only have to pay the amount
for the uses of the space over cloud and for the other services
as well. Your company need not to pay for hardware and
maintenance; the service provider will pay for hardware and
maintenance.
IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 63
That is, use as much or as less you need, use only when you
want, and pay only what you uses.
The only requirement to use the cloud is that to access the
cloud you must have an internet connection.
The term Cloud Computing was inspired by the cloud symbol
that is often used to represent the Internet in flow charts and
diagrams.
Key benefits of cloud computing: [6]
 Flexibility – There is the ability to update hardware and
software quickly based on customer demands and updates
in technology.
 Savings – There is a reduction of capital expenditures and
IT personnel.
 Location & Hardware Independence – Users can access
application from a web browser connected anywhere on
the internet.
 Multi-tenancy – Resources and cost are shared among
many users, allowing overall cost reduction.
 Reliability – Many cloud providers replicate their server
environments in multiply data centers around the globe,
which accounts for business continuity and disaster
recovery.
 Security – Centralization of sensitive data improves
security by removing data from the users’ computers.
Cloud providers also have the staff resources to maintain
all the latest security features to help protect data.
 Maintenance – Centralized applications are much easier to
maintain than their distributed counterparts. All updates
and changes are made in one centralized server instead of
on each user’s computer.
4. CLOUD COMPONENTS
In simple, cloud computing is made up of several components:
the clients, the data centers and the distributed servers. Each
element has a specific role in delivering a functional cloud
based application.[14]
Fig 2: Cloud Components
4.1 Clients
The clients are the devices that the end users interact with to
manage their information on the cloud. They are generally
categorized into three types:
a) Mobile: mobile devices include PDA or Smartphone.
b) Thin: thin clients are computers that don’t have internal
hard drives rather server do the entire task and then only
display the information.
c) Thick: thick clients are the regular computer that use web
browser like Firefox or internet explorer to connect to the
cloud.
Among them thin clients are becoming popular because of the
reason as mentioned below:
 Thin clients are cheaper because they don’t contain much
hardware.
 Thin clients are managed at the server so there is less
chance of failure.
 Since all the processing is done by server and there is no
hard drive therefore there is less number of security
problems.
 Since all the data are stored on the server so there is less
chance of lost of data if client computer is crashed or
stolen.
4.2 Data Centre
Datacenter is the collection of servers where the applications
are hosted so that clients can use them to operate on their
business. The software and the data are stored on the server.
This structure reduces capital expenditures, since the business
only pays for the resources that they have used.
4.3 Distributed Server
In cloud computing the servers are not kept at the same
location they are distributed geographically at different
location. This gives the service providers more flexibility in
options and security. For instance in case of Amazon, their
cloud is distributed in server all over the world. If something is
happen to one site then it could be accessed through another
site also.
5. TYPES OF CLOUD
There are different types of clouds that you can subscribe
depending on your needs. As a home user or small business
owner, you will most likely use public cloud services.
a) Public Cloud - A public cloud can be accessed by any
subscriber with an internet connection and access to the
cloud space. [3] It is typically based on a pay-per-use
model. Public clouds are less secure than the other cloud
models because it places an additional burden of ensuring
all applications and data accessed on the public cloud are
not subjected to malicious attacks. [8]
IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 64
b) Private Cloud - A private cloud is established for a
specific group or organization and limits access to just that
group.[3] In the private cloud, scalable resources and
virtual applications provided by the cloud vendor are
pooled together and available for cloud users to share and
use. It differs from the public cloud in that all the cloud
resources and applications are managed by the
organization itself, similar to Intranet functionality.
Utilization on the private cloud can be much more secure
than that of the public cloud because of its specified
internal exposure.
c) Hybrid Cloud - A hybrid cloud is essentially a
combination of at least two clouds, where the clouds
included are a mixture of public, private, or community.
[3]It provides virtual IT solutions through a mix of both
public and private clouds. Hybrid Cloud provides more
secure control of the data and applications and allows
various parties to access information over the Internet. It
also has an open architecture that allows interfaces with
other management systems. Hybrid cloud can describe
configuration combining a local device, such as a Plug
computer with cloud services. [4]
Fig3: Cloud Computing Types
5.1 Choosing the Cloud Providers
Each provider serves a specific function, giving users more or
less control over their cloud depending on the type. When you
choose a provider, compare your needs to the cloud services
available. Your cloud needs will vary depending on how you
intend to use the space and resources associated with the cloud.
If it will be for personal home use, you will need a different
cloud type and provider than if you will be using the cloud for
business. Keep in mind that your cloud provider will be pay-
as-you-go, meaning that if your technological needs change at
any point you can purchase more storage space (or less for that
matter) from your cloud provider. [3]
There are three types of cloud providers that you can subscribe
to. They are: Software as a Service (SaaS), Platform as a
Service (PaaS), and Infrastructure as a Service (IaaS). [15]
a) SaaS: A SaaS provider gives subscribers access to both
resources and applications. SaaS makes it unnecessary
for you to have a physical copy of software to install on
your devices. SaaS also makes it easier to have the same
software on all of your devices at once by accessing it on
the cloud. In a SaaS agreement, you have the least
control over the cloud.
b) PaaS: A PaaS system goes a level above the Software
as a Service setup. A PaaS provider gives subscribers
access to the components that they require to develop
and operate applications over the internet.
c) IaaS: An IaaS agreement, as the name states, deals
primarily with computational infrastructure. In an IaaS
agreement, the subscriber completely outsources the
storage and resources, such as hardware and software
that they need.
Fig 4: Cloud computing Architecture [13]
SaaS, e.g., Google Docs [10]
PaaS, e.g., Google AppEngine [11]
IaaS, e.g., Amazon EC2 [12]
6. SECURITY ASPECTS
Security plays the major role in cloud computing acceptance.
There is a lot of personal information and potentially secure
data that people store in the personal computers. When this
information is transferred to cloud then there should be
precautions to secure the data. Clouds are still subject to
traditional data confidentiality, integrity, availability, and
privacy issues, plus some additional attacks. Some of security
issues are as follows: [1]
a) Confidentiality:
 There is always a fear whether the sensitive data remain
confidential after transferring it to the cloud.
 Will the cloud providers be honest and will not peek the
data.
b) Integrity:
 How the clients will know that cloud provider is doing
the computations correctly.
IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 65
 How the clients know that data are preserved without
tampering it.
c) Availability:
 What happens if the cloud providers go out of business?
 What happens if cloud providers are attacked in a denial
of service attack?
d) Privacy issues:
 Cloud stores data from a large number of clients so
privacy becomes a major concern.
e) Additional attacks:
 Entity outside the organisation can store and compute
data so attackers can easily target the communication
link between the cloud providers and the client.
For resolving some cloud security issues we need to adapt well
known techniques and should perform new research and
innovate to make clouds secure.
6.1 Security Issues in SaaS
Following key security element should be carefully considered
as an Integral part of the SaaS deployment process: [2]
a) Data Security
b) Network Security
c) Data locality
d) Data integrity
e) Data access
f) Data Segregation
g) Authorization and Authentication
h) Data Confidentiality
i) web Application security
j) Availability
k) Backup
6.2 Security Issues in PaaS
 In PaaS, the provider might give some control to the
people to build applications on top of the platform. But
any security below the application level such as host and
network intrusion prevention will still be in the scope of
the provider.
 Applications sufficiently complex to leverage an
Enterprise Service Bus (ESB) need to secure the ESB
directly, leveraging a protocol such as Web Service
(WS) Security (Oracle, 2009).The ability to segment
ESBs is not available in PaaS environments. Metrics
should be in place to assess the electiveness of the
application security programs.
 Hackers are likely to attack visible code, including but
not limited to code running in user context. They are
likely to attack the infrastructure and perform extensive
black box testing. The vulnerabilities of cloud are not
only associated with the web applications but also
vulnerabilities associated with the machine-to-machine
Service Oriented Architecture (SOA) applications.[2]
6.3 Security Issues in IaaS
Taking virtual machines, which contain critical applications
and sensitive data, off premise to public and shared cloud
environments creates security challenges for organizations that
have relied on network perimeter defence as the main method
to protect their datacenter. It may also revoke compliance and
breach security policies. OS Security issues also alive in IaaS.
Following are the points which are considered in IaaS.
Security Attacks in Cloud:
 Denial of Service (DoS) attacks: Some security
professionals have argued that the cloud is more
vulnerable to DoS attacks, because it is shared by
many users, which makes DoS attacks much more
damaging.
 Side Channel attacks: An attacker could attempt to
compromise the cloud by placing a malicious virtual
machine in close proximity to a target cloud server
and then launching a side channel attack.
 Authentication attacks: Authentication is a weak point
in hosted and virtual services and is frequently
targeted. There are many different ways to
authenticate users; for example, based on what a
person knows, has, or is. The mechanisms used to
secure the authentication process and the methods
used are a frequent target of attackers.
 Man-in-the-middle cryptographic attacks: This attack
is carried out when an attacker places himself
between two users. Anytime attackers can place
themselves in the communication’s path, there is the
possibility that they can intercept and modify
communications.
 Network Security:
a) Network penetration and packet analysis.
b) Session management weaknesses
c) Insecure SSL trust configuration.[2]
Fig 5: Security issues in Cloud Models [10]
IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
__________________________________________________________________________________________
Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 66
7. CONCLUSIONS
The cloud providers give many options to its users by
increasing the ease of access to its resources by simply
connecting to the internet. However this ease of use is also
come up with drawbacks as you have less control over your
data and have little knowledge of where the data is kept. You
must be aware of the security risks of having data stored on the
cloud as the cloud is a big target for the attackers and it is
having the disadvantage that it can be accessed through an
unsecure internet connection.
Before starting with the cloud computing we should clearly
understand that what type of cloud will be best for our needs,
what type of provider will be most useful to our etc?
FUTURE WORK
Cloud computing has the potential to become a secure and
economically viable IT solution in future. We need much more
technical and non-technical solution to make the technology
work and become more secure in practical. This paper only
represents the basic concepts and some of security aspects of
cloud computing. We need more modification here. So, in
future we want to do more work on the security field of the
cloud computing paradigm.
ACKNOWLEDGEMENTS
We the authors are very graceful to our respected sir Ajoy
Kumar Khan of Assam University Silchar for inspiring and
guide us to complete this paper successfully and the
department of IT, Assam University for providing us such an
environment.
REFERENCES
[1] Ragib Hasan,” Security and Privacy in Cloud
Computing”, Johns Hopkins University, en.600.412
Spring 2010.
[2] Amar Gondaliya,” Security in Cloud Computing”,
Hasmukh Goswami College of Engineering,
Ahmedabad.
[3] Alexa Huth and James Cebula,” The Basics of Cloud
Computing”, US-CERT.
[4] Kuyoro S. O., Ibikunle F. & Awodele O. ,“Cloud
Computing Security Issues and Challenges”,
International Journal of Computer Networks (IJCN),
Volume (3) : Issue (5) : 2011
[5] F. A. Alvi1, Ψ, B.S Choudary2, N. Jaferry3, E.Pathan4,
“A review on cloud computing security issues &
challanges”.
[6] Paul Stryer, “Understanding Data Centers and Cloud
Computing”, Global Knowledge Training LLC.
[7] Article on Security Considerations for Platform as a
Service (PaaS)
http://social.technet.microsoft.com/wiki/contenco/articl
es/3809.security-considerations-for-platform-as-a-
service-paas.aspx
[8] Pankaj Arora, Rubal Chaudhry Wadhawan, Er. Satinder
Pal Ahuja “Cloud Computing Security Issues in
Infrastructure as a Service” International Journal of
Advanced Research in Computer Science and Software
Engineering.
[9] Article on SaaS, PaaS, and IaaS: A security checklist
for cloud models
http://www.csoonline.com/article/660065/saas-paas-
and-iaas-a-security-checklist-for-cloud-models
[10] Introduction to Google Docks
http://en.wikipedia.org/wiki/Google_Docs
[11] Charles Cheverance, “Google Application Engine
Introduction”, University of Mitchigan.
[12] Mike culver, Melody Ng, Jeson Chan “Introduction to
Amazon EC2 running IBM”, Amazon web services.
[13] Cloud Computing and types of cloud
http://cloudblog.8kmiles.com/2012/02/27/cloud-
computing-type/
[14] Barrie Sosinsky “Cloud Computing Bible”, Wiley India
Pvt Ltd (2011),ISBN-13-9788126529803,2nd edition
[15] George Reese “Cloud Application Architectures 1st
Edition”, Shroff/o'reilly (2009), ISBN-13
9788184047141, 1stEdition.

Recommandé

A survey on data security in cloud computing issues and mitigation techniques par
A survey on data security in cloud computing issues and mitigation techniquesA survey on data security in cloud computing issues and mitigation techniques
A survey on data security in cloud computing issues and mitigation techniqueseSAT Publishing House
403 vues5 diapositives
G033030035 par
G033030035G033030035
G033030035ijceronline
348 vues6 diapositives
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo... par
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...Sushil kumar Choudhary
429 vues12 diapositives
Paper id 27201433 par
Paper id 27201433Paper id 27201433
Paper id 27201433IJRAT
773 vues7 diapositives
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C... par
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...IRJET Journal
26 vues4 diapositives
Ijarcet vol-2-issue-3-1128-1131 par
Ijarcet vol-2-issue-3-1128-1131Ijarcet vol-2-issue-3-1128-1131
Ijarcet vol-2-issue-3-1128-1131Editor IJARCET
230 vues4 diapositives

Contenu connexe

Tendances

489 493 par
489 493489 493
489 493Editor IJARCET
527 vues5 diapositives
70 74 par
70 7470 74
70 74Editor IJARCET
551 vues5 diapositives
IRJET- Simultaneous ammunition for the multi-cloud computing simulation par
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET Journal
32 vues5 diapositives
Secure Cloud Hosting.paper par
Secure Cloud Hosting.paperSecure Cloud Hosting.paper
Secure Cloud Hosting.paperjagan339
486 vues21 diapositives
Enhancing Data Storage Security in Cloud Computing Through Steganography par
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through SteganographyIDES Editor
1.4K vues7 diapositives
IRJET - Importance of Edge Computing and Cloud Computing in IoT Technolog... par
IRJET -  	  Importance of Edge Computing and Cloud Computing in IoT Technolog...IRJET -  	  Importance of Edge Computing and Cloud Computing in IoT Technolog...
IRJET - Importance of Edge Computing and Cloud Computing in IoT Technolog...IRJET Journal
12 vues4 diapositives

Tendances(19)

IRJET- Simultaneous ammunition for the multi-cloud computing simulation par IRJET Journal
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET Journal32 vues
Secure Cloud Hosting.paper par jagan339
Secure Cloud Hosting.paperSecure Cloud Hosting.paper
Secure Cloud Hosting.paper
jagan339486 vues
Enhancing Data Storage Security in Cloud Computing Through Steganography par IDES Editor
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor1.4K vues
IRJET - Importance of Edge Computing and Cloud Computing in IoT Technolog... par IRJET Journal
IRJET -  	  Importance of Edge Computing and Cloud Computing in IoT Technolog...IRJET -  	  Importance of Edge Computing and Cloud Computing in IoT Technolog...
IRJET - Importance of Edge Computing and Cloud Computing in IoT Technolog...
IRJET Journal12 vues
Data Storage Issues in Cloud Computing par ijtsrd
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
ijtsrd87 vues
Comparison of data security in grid and cloud computing par eSAT Journals
Comparison of data security in grid and cloud computingComparison of data security in grid and cloud computing
Comparison of data security in grid and cloud computing
eSAT Journals179 vues
IJCER (www.ijceronline.com) International Journal of computational Engineerin... par ijceronline
IJCER (www.ijceronline.com) International Journal of computational Engineerin...IJCER (www.ijceronline.com) International Journal of computational Engineerin...
IJCER (www.ijceronline.com) International Journal of computational Engineerin...
ijceronline370 vues
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble... par IRJET Journal
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal32 vues
IRJET- An Overview on Cloud Computing and Challenges par IRJET Journal
IRJET-  	  An Overview on Cloud Computing and ChallengesIRJET-  	  An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and Challenges
IRJET Journal47 vues
Security & privacy issues of cloud & grid computing networks par ijcsa
Security & privacy issues of cloud & grid computing networksSecurity & privacy issues of cloud & grid computing networks
Security & privacy issues of cloud & grid computing networks
ijcsa504 vues
IRJET - Multitenancy using Cloud Computing Features par IRJET Journal
IRJET - Multitenancy using Cloud Computing FeaturesIRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing Features
IRJET Journal18 vues

En vedette

An optimal face recoginition tool par
An optimal face recoginition toolAn optimal face recoginition tool
An optimal face recoginition tooleSAT Publishing House
514 vues7 diapositives
Evaluvation of noise level and its adverse effect in metal die manufacuturing... par
Evaluvation of noise level and its adverse effect in metal die manufacuturing...Evaluvation of noise level and its adverse effect in metal die manufacuturing...
Evaluvation of noise level and its adverse effect in metal die manufacuturing...eSAT Publishing House
229 vues4 diapositives
Detection of skin diasease using curvlets par
Detection of skin diasease using curvletsDetection of skin diasease using curvlets
Detection of skin diasease using curvletseSAT Publishing House
329 vues5 diapositives
Ccag gossip based reliable multicast protocol par
Ccag gossip based reliable multicast protocolCcag gossip based reliable multicast protocol
Ccag gossip based reliable multicast protocoleSAT Publishing House
255 vues5 diapositives
Reliability assessment for a four cylinder diesel engine par
Reliability assessment for a four cylinder diesel engineReliability assessment for a four cylinder diesel engine
Reliability assessment for a four cylinder diesel engineeSAT Publishing House
361 vues6 diapositives
Traffic growth rate estimation using transport par
Traffic growth rate estimation using transportTraffic growth rate estimation using transport
Traffic growth rate estimation using transporteSAT Publishing House
315 vues6 diapositives

En vedette(20)

Evaluvation of noise level and its adverse effect in metal die manufacuturing... par eSAT Publishing House
Evaluvation of noise level and its adverse effect in metal die manufacuturing...Evaluvation of noise level and its adverse effect in metal die manufacuturing...
Evaluvation of noise level and its adverse effect in metal die manufacuturing...
Effect of fiber distance on various sac ocdma detection techniques par eSAT Publishing House
Effect of fiber distance on various sac ocdma detection techniquesEffect of fiber distance on various sac ocdma detection techniques
Effect of fiber distance on various sac ocdma detection techniques
Evaluating performance of centrifugal pump through cfd while modifying the su... par eSAT Publishing House
Evaluating performance of centrifugal pump through cfd while modifying the su...Evaluating performance of centrifugal pump through cfd while modifying the su...
Evaluating performance of centrifugal pump through cfd while modifying the su...
Behavior of self compacting concrete using ppc and opc with different proport... par eSAT Publishing House
Behavior of self compacting concrete using ppc and opc with different proport...Behavior of self compacting concrete using ppc and opc with different proport...
Behavior of self compacting concrete using ppc and opc with different proport...
Product aspect ranking using domain dependent and domain independent review par eSAT Publishing House
Product aspect ranking using domain dependent and domain independent reviewProduct aspect ranking using domain dependent and domain independent review
Product aspect ranking using domain dependent and domain independent review
Enhancement of power quality by unified power quality conditioner with fuzzy ... par eSAT Publishing House
Enhancement of power quality by unified power quality conditioner with fuzzy ...Enhancement of power quality by unified power quality conditioner with fuzzy ...
Enhancement of power quality by unified power quality conditioner with fuzzy ...
An algorithm for design of brick lining for irrigation channels par eSAT Publishing House
An algorithm for design of brick lining for irrigation channelsAn algorithm for design of brick lining for irrigation channels
An algorithm for design of brick lining for irrigation channels

Similaire à Cloud computing and its security aspects

Addressing the cloud computing security menace par
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menaceeSAT Publishing House
241 vues5 diapositives
Addressing the cloud computing security menace par
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menaceeSAT Journals
73 vues5 diapositives
Security in multi cloud data storage with sic par
Security in multi cloud data storage with sicSecurity in multi cloud data storage with sic
Security in multi cloud data storage with siceSAT Publishing House
353 vues4 diapositives
Security in multi cloud data storage with sic architecture par
Security in multi cloud data storage with sic architectureSecurity in multi cloud data storage with sic architecture
Security in multi cloud data storage with sic architectureeSAT Journals
136 vues4 diapositives
CLOUD STEGANOGRAPHY- A REVIEW par
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWJournal For Research
211 vues18 diapositives
Ant colony Optimization: A Solution of Load balancing in Cloud   par
Ant colony Optimization: A Solution of Load balancing in Cloud  Ant colony Optimization: A Solution of Load balancing in Cloud  
Ant colony Optimization: A Solution of Load balancing in Cloud  dannyijwest
6 vues18 diapositives

Similaire à Cloud computing and its security aspects(20)

Addressing the cloud computing security menace par eSAT Journals
Addressing the cloud computing security menaceAddressing the cloud computing security menace
Addressing the cloud computing security menace
eSAT Journals73 vues
Security in multi cloud data storage with sic architecture par eSAT Journals
Security in multi cloud data storage with sic architectureSecurity in multi cloud data storage with sic architecture
Security in multi cloud data storage with sic architecture
eSAT Journals136 vues
Ant colony Optimization: A Solution of Load balancing in Cloud   par dannyijwest
Ant colony Optimization: A Solution of Load balancing in Cloud  Ant colony Optimization: A Solution of Load balancing in Cloud  
Ant colony Optimization: A Solution of Load balancing in Cloud  
dannyijwest6 vues
Ensuring secure transfer, access and storage over the cloud storage par eSAT Journals
Ensuring secure transfer, access and storage over the cloud storageEnsuring secure transfer, access and storage over the cloud storage
Ensuring secure transfer, access and storage over the cloud storage
eSAT Journals139 vues
Ensuring secure transfer, access and storage over the cloud storage par eSAT Publishing House
Ensuring secure transfer, access and storage over the cloud storageEnsuring secure transfer, access and storage over the cloud storage
Ensuring secure transfer, access and storage over the cloud storage
Splendens Project Proposal by Slidesgo.pptx par ssuserea0dfe
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
ssuserea0dfe3 vues
Latest development of cloud computing technology, characteristics, challenge,... par sushil Choudhary
Latest development of cloud computing technology, characteristics, challenge,...Latest development of cloud computing technology, characteristics, challenge,...
Latest development of cloud computing technology, characteristics, challenge,...
Security Issues’ in Cloud Computing and its Solutions. par IJCERT JOURNAL
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL353 vues
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS par IJNSA Journal
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
IJNSA Journal36 vues
Load Balancing Tactics in Cloud Computing: A Systematic Study par Raman Gill
Load Balancing Tactics in Cloud Computing: A Systematic Study    Load Balancing Tactics in Cloud Computing: A Systematic Study
Load Balancing Tactics in Cloud Computing: A Systematic Study
Raman Gill455 vues
Basics of Cloud Computing par ijsrd.com
Basics of Cloud ComputingBasics of Cloud Computing
Basics of Cloud Computing
ijsrd.com212 vues
A Comprehensive Review On Cloud Computing And Cloud Security Issues par Daniel Wachtel
A Comprehensive Review On Cloud Computing And Cloud Security IssuesA Comprehensive Review On Cloud Computing And Cloud Security Issues
A Comprehensive Review On Cloud Computing And Cloud Security Issues
fog computing provide security to the data in cloud par priyanka reddy
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
priyanka reddy10.7K vues
A survey on cloud security issues and techniques par ijcsa
A survey on cloud security issues and techniquesA survey on cloud security issues and techniques
A survey on cloud security issues and techniques
ijcsa1.2K vues

Plus de eSAT Publishing House

Likely impacts of hudhud on the environment of visakhapatnam par
Likely impacts of hudhud on the environment of visakhapatnamLikely impacts of hudhud on the environment of visakhapatnam
Likely impacts of hudhud on the environment of visakhapatnameSAT Publishing House
1.9K vues3 diapositives
Impact of flood disaster in a drought prone area – case study of alampur vill... par
Impact of flood disaster in a drought prone area – case study of alampur vill...Impact of flood disaster in a drought prone area – case study of alampur vill...
Impact of flood disaster in a drought prone area – case study of alampur vill...eSAT Publishing House
1.5K vues5 diapositives
Hudhud cyclone – a severe disaster in visakhapatnam par
Hudhud cyclone – a severe disaster in visakhapatnamHudhud cyclone – a severe disaster in visakhapatnam
Hudhud cyclone – a severe disaster in visakhapatnameSAT Publishing House
2.3K vues8 diapositives
Groundwater investigation using geophysical methods a case study of pydibhim... par
Groundwater investigation using geophysical methods  a case study of pydibhim...Groundwater investigation using geophysical methods  a case study of pydibhim...
Groundwater investigation using geophysical methods a case study of pydibhim...eSAT Publishing House
1.5K vues5 diapositives
Flood related disasters concerned to urban flooding in bangalore, india par
Flood related disasters concerned to urban flooding in bangalore, indiaFlood related disasters concerned to urban flooding in bangalore, india
Flood related disasters concerned to urban flooding in bangalore, indiaeSAT Publishing House
1.7K vues8 diapositives
Enhancing post disaster recovery by optimal infrastructure capacity building par
Enhancing post disaster recovery by optimal infrastructure capacity buildingEnhancing post disaster recovery by optimal infrastructure capacity building
Enhancing post disaster recovery by optimal infrastructure capacity buildingeSAT Publishing House
1.2K vues8 diapositives

Plus de eSAT Publishing House(20)

Likely impacts of hudhud on the environment of visakhapatnam par eSAT Publishing House
Likely impacts of hudhud on the environment of visakhapatnamLikely impacts of hudhud on the environment of visakhapatnam
Likely impacts of hudhud on the environment of visakhapatnam
Impact of flood disaster in a drought prone area – case study of alampur vill... par eSAT Publishing House
Impact of flood disaster in a drought prone area – case study of alampur vill...Impact of flood disaster in a drought prone area – case study of alampur vill...
Impact of flood disaster in a drought prone area – case study of alampur vill...
Groundwater investigation using geophysical methods a case study of pydibhim... par eSAT Publishing House
Groundwater investigation using geophysical methods  a case study of pydibhim...Groundwater investigation using geophysical methods  a case study of pydibhim...
Groundwater investigation using geophysical methods a case study of pydibhim...
Flood related disasters concerned to urban flooding in bangalore, india par eSAT Publishing House
Flood related disasters concerned to urban flooding in bangalore, indiaFlood related disasters concerned to urban flooding in bangalore, india
Flood related disasters concerned to urban flooding in bangalore, india
Enhancing post disaster recovery by optimal infrastructure capacity building par eSAT Publishing House
Enhancing post disaster recovery by optimal infrastructure capacity buildingEnhancing post disaster recovery by optimal infrastructure capacity building
Enhancing post disaster recovery by optimal infrastructure capacity building
Effect of lintel and lintel band on the global performance of reinforced conc... par eSAT Publishing House
Effect of lintel and lintel band on the global performance of reinforced conc...Effect of lintel and lintel band on the global performance of reinforced conc...
Effect of lintel and lintel band on the global performance of reinforced conc...
Wind damage to trees in the gitam university campus at visakhapatnam by cyclo... par eSAT Publishing House
Wind damage to trees in the gitam university campus at visakhapatnam by cyclo...Wind damage to trees in the gitam university campus at visakhapatnam by cyclo...
Wind damage to trees in the gitam university campus at visakhapatnam by cyclo...
Wind damage to buildings, infrastrucuture and landscape elements along the be... par eSAT Publishing House
Wind damage to buildings, infrastrucuture and landscape elements along the be...Wind damage to buildings, infrastrucuture and landscape elements along the be...
Wind damage to buildings, infrastrucuture and landscape elements along the be...
Role of voluntary teams of professional engineers in dissater management – ex... par eSAT Publishing House
Role of voluntary teams of professional engineers in dissater management – ex...Role of voluntary teams of professional engineers in dissater management – ex...
Role of voluntary teams of professional engineers in dissater management – ex...
Review study on performance of seismically tested repaired shear walls par eSAT Publishing House
Review study on performance of seismically tested repaired shear wallsReview study on performance of seismically tested repaired shear walls
Review study on performance of seismically tested repaired shear walls
Monitoring and assessment of air quality with reference to dust particles (pm... par eSAT Publishing House
Monitoring and assessment of air quality with reference to dust particles (pm...Monitoring and assessment of air quality with reference to dust particles (pm...
Monitoring and assessment of air quality with reference to dust particles (pm...
Low cost wireless sensor networks and smartphone applications for disaster ma... par eSAT Publishing House
Low cost wireless sensor networks and smartphone applications for disaster ma...Low cost wireless sensor networks and smartphone applications for disaster ma...
Low cost wireless sensor networks and smartphone applications for disaster ma...
Coastal zones – seismic vulnerability an analysis from east coast of india par eSAT Publishing House
Coastal zones – seismic vulnerability an analysis from east coast of indiaCoastal zones – seismic vulnerability an analysis from east coast of india
Coastal zones – seismic vulnerability an analysis from east coast of india
Can fracture mechanics predict damage due disaster of structures par eSAT Publishing House
Can fracture mechanics predict damage due disaster of structuresCan fracture mechanics predict damage due disaster of structures
Can fracture mechanics predict damage due disaster of structures
A geophysical insight of earthquake occurred on 21 st may 2014 off paradip, b... par eSAT Publishing House
A geophysical insight of earthquake occurred on 21 st may 2014 off paradip, b...A geophysical insight of earthquake occurred on 21 st may 2014 off paradip, b...
A geophysical insight of earthquake occurred on 21 st may 2014 off paradip, b...
Effect of hudhud cyclone on the development of visakhapatnam as smart and gre... par eSAT Publishing House
Effect of hudhud cyclone on the development of visakhapatnam as smart and gre...Effect of hudhud cyclone on the development of visakhapatnam as smart and gre...
Effect of hudhud cyclone on the development of visakhapatnam as smart and gre...

Dernier

SWM L15-L28_drhasan (Part 2).pdf par
SWM L15-L28_drhasan (Part 2).pdfSWM L15-L28_drhasan (Part 2).pdf
SWM L15-L28_drhasan (Part 2).pdfMahmudHasan747870
28 vues93 diapositives
fakenews_DBDA_Mar23.pptx par
fakenews_DBDA_Mar23.pptxfakenews_DBDA_Mar23.pptx
fakenews_DBDA_Mar23.pptxdeepmitra8
12 vues34 diapositives
CHEMICAL KINETICS.pdf par
CHEMICAL KINETICS.pdfCHEMICAL KINETICS.pdf
CHEMICAL KINETICS.pdfAguedaGutirrez
8 vues337 diapositives
_MAKRIADI-FOTEINI_diploma thesis.pptx par
_MAKRIADI-FOTEINI_diploma thesis.pptx_MAKRIADI-FOTEINI_diploma thesis.pptx
_MAKRIADI-FOTEINI_diploma thesis.pptxfotinimakriadi
6 vues32 diapositives
SEMI CONDUCTORS par
SEMI CONDUCTORSSEMI CONDUCTORS
SEMI CONDUCTORSpavaniaalla2005
20 vues8 diapositives
SNMPx par
SNMPxSNMPx
SNMPxAmatullahbutt
14 vues12 diapositives

Dernier(20)

fakenews_DBDA_Mar23.pptx par deepmitra8
fakenews_DBDA_Mar23.pptxfakenews_DBDA_Mar23.pptx
fakenews_DBDA_Mar23.pptx
deepmitra812 vues
cloud computing-virtualization.pptx par RajaulKarim20
cloud computing-virtualization.pptxcloud computing-virtualization.pptx
cloud computing-virtualization.pptx
RajaulKarim2085 vues
Thermal aware task assignment for multicore processors using genetic algorithm par IJECEIAES
Thermal aware task assignment for multicore processors using genetic algorithm Thermal aware task assignment for multicore processors using genetic algorithm
Thermal aware task assignment for multicore processors using genetic algorithm
IJECEIAES30 vues
Informed search algorithms.pptx par Dr.Shweta
Informed search algorithms.pptxInformed search algorithms.pptx
Informed search algorithms.pptx
Dr.Shweta13 vues
7_DVD_Combinational_MOS_Logic_Circuits.pdf par Usha Mehta
7_DVD_Combinational_MOS_Logic_Circuits.pdf7_DVD_Combinational_MOS_Logic_Circuits.pdf
7_DVD_Combinational_MOS_Logic_Circuits.pdf
Usha Mehta59 vues
Machine Element II Course outline.pdf par odatadese1
Machine Element II Course outline.pdfMachine Element II Course outline.pdf
Machine Element II Course outline.pdf
odatadese17 vues
A multi-microcontroller-based hardware for deploying Tiny machine learning mo... par IJECEIAES
A multi-microcontroller-based hardware for deploying Tiny machine learning mo...A multi-microcontroller-based hardware for deploying Tiny machine learning mo...
A multi-microcontroller-based hardware for deploying Tiny machine learning mo...
IJECEIAES12 vues
Update 42 models(Diode/General ) in SPICE PARK(DEC2023) par Tsuyoshi Horigome
Update 42 models(Diode/General ) in SPICE PARK(DEC2023)Update 42 models(Diode/General ) in SPICE PARK(DEC2023)
Update 42 models(Diode/General ) in SPICE PARK(DEC2023)
An approach of ontology and knowledge base for railway maintenance par IJECEIAES
An approach of ontology and knowledge base for railway maintenanceAn approach of ontology and knowledge base for railway maintenance
An approach of ontology and knowledge base for railway maintenance
IJECEIAES12 vues

Cloud computing and its security aspects

  • 1. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308 __________________________________________________________________________________________ Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 62 CLOUD COMPUTING AND ITS SECURITY ASPECTS Subhash Basishtha1 , Saptarshi Boruah2 1 Department of Information Technology, Assam University, Silchar-788011, India 2 Department of Information Technology, Assam University, Silchar-788011, India Abstract Cloud computing is a new computing paradigm in the field of it that provides hosted services to a large number of user on demand basis over the internet. They are internet based network that has large numbers of servers. It allows to use the services only when you want and pay only for the amount what you have used. Since cloud computing share distributed resources over an open environment, so security becomes a major concern here. To improve the work performance different services are distributed on different servers but the security and safety aspects are remaining insufficient. Security is the one of major issues that hampers the growth of cloud. So, in this paper we first try to give an idea about cloud computing and then concentrate on the major security aspects of cloud computing paradigm. Keywords: Cloud Computing, IT, Infrastructure, cloud, Security. ----------------------------------------------------------------------***-------------------------------------------------------------------- 1. INTRODUCTION Cloud computing is the latest trend in the IT field. It is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. This technology has the capacity of allocating resources to its user on request over the network. In cloud computing we can obtain networked storage space and computer resources. With the help of cloud it is possible to access the information from anywhere at any time. The cloud removes the need of to be in the same physical location as the hardware. The cloud provider both own and house the hardware and software necessary to run your application. It is mainly developed to cut the operational and capital costs so that IT department can focus on strategic projects instead of keeping the datacenter running. In the last few years cloud computing becomes one of the fast growing technology in the IT industry. As more and more information of individual or companies are placed on the cloud, security becomes a major concern. Security issues play a significant role in slowing down its acceptance. One way of thinking cloud computing is to consider the experience with email. In case of email client, if it is Yahoo!, Gmail, Hotmail, and so on, takes care of housing all of the hardware and software necessary to support client personal email account. When you want to access your email you open your web browser, go to the email client, and log in. The most important requirement is having internet access. Your email is not housed on your physical computer; you access it through an internet connection, and you can access it anywhere. An email client is similar to how cloud computing works. Except instead of accessing just your email, you can choose what information you have access to within the cloud. [3] 2. SURVEY ON CLOUD SECURITY Fig 1: Ranking of security in cloud computing as surveyed by IDC. [5] The Fig: 1 shows the survey on security. This represents security as first rank according to IT executives. This information is collected from 263 IT professional by asking different question related to the cloud, and many of the executives are worried about security perspective of cloud. [5] 3. OVERVIEW The cloud is helpful for the businesses or companies that cannot afford the hardware or the storage space that they required. With the help of cloud they can store their information in the cloud and can the use the computer resources. Thus removing the cost of purchasing the memory devices and other hardware. They only have to pay the amount for the uses of the space over cloud and for the other services as well. Your company need not to pay for hardware and maintenance; the service provider will pay for hardware and maintenance.
  • 2. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308 __________________________________________________________________________________________ Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 63 That is, use as much or as less you need, use only when you want, and pay only what you uses. The only requirement to use the cloud is that to access the cloud you must have an internet connection. The term Cloud Computing was inspired by the cloud symbol that is often used to represent the Internet in flow charts and diagrams. Key benefits of cloud computing: [6]  Flexibility – There is the ability to update hardware and software quickly based on customer demands and updates in technology.  Savings – There is a reduction of capital expenditures and IT personnel.  Location & Hardware Independence – Users can access application from a web browser connected anywhere on the internet.  Multi-tenancy – Resources and cost are shared among many users, allowing overall cost reduction.  Reliability – Many cloud providers replicate their server environments in multiply data centers around the globe, which accounts for business continuity and disaster recovery.  Security – Centralization of sensitive data improves security by removing data from the users’ computers. Cloud providers also have the staff resources to maintain all the latest security features to help protect data.  Maintenance – Centralized applications are much easier to maintain than their distributed counterparts. All updates and changes are made in one centralized server instead of on each user’s computer. 4. CLOUD COMPONENTS In simple, cloud computing is made up of several components: the clients, the data centers and the distributed servers. Each element has a specific role in delivering a functional cloud based application.[14] Fig 2: Cloud Components 4.1 Clients The clients are the devices that the end users interact with to manage their information on the cloud. They are generally categorized into three types: a) Mobile: mobile devices include PDA or Smartphone. b) Thin: thin clients are computers that don’t have internal hard drives rather server do the entire task and then only display the information. c) Thick: thick clients are the regular computer that use web browser like Firefox or internet explorer to connect to the cloud. Among them thin clients are becoming popular because of the reason as mentioned below:  Thin clients are cheaper because they don’t contain much hardware.  Thin clients are managed at the server so there is less chance of failure.  Since all the processing is done by server and there is no hard drive therefore there is less number of security problems.  Since all the data are stored on the server so there is less chance of lost of data if client computer is crashed or stolen. 4.2 Data Centre Datacenter is the collection of servers where the applications are hosted so that clients can use them to operate on their business. The software and the data are stored on the server. This structure reduces capital expenditures, since the business only pays for the resources that they have used. 4.3 Distributed Server In cloud computing the servers are not kept at the same location they are distributed geographically at different location. This gives the service providers more flexibility in options and security. For instance in case of Amazon, their cloud is distributed in server all over the world. If something is happen to one site then it could be accessed through another site also. 5. TYPES OF CLOUD There are different types of clouds that you can subscribe depending on your needs. As a home user or small business owner, you will most likely use public cloud services. a) Public Cloud - A public cloud can be accessed by any subscriber with an internet connection and access to the cloud space. [3] It is typically based on a pay-per-use model. Public clouds are less secure than the other cloud models because it places an additional burden of ensuring all applications and data accessed on the public cloud are not subjected to malicious attacks. [8]
  • 3. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308 __________________________________________________________________________________________ Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 64 b) Private Cloud - A private cloud is established for a specific group or organization and limits access to just that group.[3] In the private cloud, scalable resources and virtual applications provided by the cloud vendor are pooled together and available for cloud users to share and use. It differs from the public cloud in that all the cloud resources and applications are managed by the organization itself, similar to Intranet functionality. Utilization on the private cloud can be much more secure than that of the public cloud because of its specified internal exposure. c) Hybrid Cloud - A hybrid cloud is essentially a combination of at least two clouds, where the clouds included are a mixture of public, private, or community. [3]It provides virtual IT solutions through a mix of both public and private clouds. Hybrid Cloud provides more secure control of the data and applications and allows various parties to access information over the Internet. It also has an open architecture that allows interfaces with other management systems. Hybrid cloud can describe configuration combining a local device, such as a Plug computer with cloud services. [4] Fig3: Cloud Computing Types 5.1 Choosing the Cloud Providers Each provider serves a specific function, giving users more or less control over their cloud depending on the type. When you choose a provider, compare your needs to the cloud services available. Your cloud needs will vary depending on how you intend to use the space and resources associated with the cloud. If it will be for personal home use, you will need a different cloud type and provider than if you will be using the cloud for business. Keep in mind that your cloud provider will be pay- as-you-go, meaning that if your technological needs change at any point you can purchase more storage space (or less for that matter) from your cloud provider. [3] There are three types of cloud providers that you can subscribe to. They are: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). [15] a) SaaS: A SaaS provider gives subscribers access to both resources and applications. SaaS makes it unnecessary for you to have a physical copy of software to install on your devices. SaaS also makes it easier to have the same software on all of your devices at once by accessing it on the cloud. In a SaaS agreement, you have the least control over the cloud. b) PaaS: A PaaS system goes a level above the Software as a Service setup. A PaaS provider gives subscribers access to the components that they require to develop and operate applications over the internet. c) IaaS: An IaaS agreement, as the name states, deals primarily with computational infrastructure. In an IaaS agreement, the subscriber completely outsources the storage and resources, such as hardware and software that they need. Fig 4: Cloud computing Architecture [13] SaaS, e.g., Google Docs [10] PaaS, e.g., Google AppEngine [11] IaaS, e.g., Amazon EC2 [12] 6. SECURITY ASPECTS Security plays the major role in cloud computing acceptance. There is a lot of personal information and potentially secure data that people store in the personal computers. When this information is transferred to cloud then there should be precautions to secure the data. Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks. Some of security issues are as follows: [1] a) Confidentiality:  There is always a fear whether the sensitive data remain confidential after transferring it to the cloud.  Will the cloud providers be honest and will not peek the data. b) Integrity:  How the clients will know that cloud provider is doing the computations correctly.
  • 4. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308 __________________________________________________________________________________________ Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 65  How the clients know that data are preserved without tampering it. c) Availability:  What happens if the cloud providers go out of business?  What happens if cloud providers are attacked in a denial of service attack? d) Privacy issues:  Cloud stores data from a large number of clients so privacy becomes a major concern. e) Additional attacks:  Entity outside the organisation can store and compute data so attackers can easily target the communication link between the cloud providers and the client. For resolving some cloud security issues we need to adapt well known techniques and should perform new research and innovate to make clouds secure. 6.1 Security Issues in SaaS Following key security element should be carefully considered as an Integral part of the SaaS deployment process: [2] a) Data Security b) Network Security c) Data locality d) Data integrity e) Data access f) Data Segregation g) Authorization and Authentication h) Data Confidentiality i) web Application security j) Availability k) Backup 6.2 Security Issues in PaaS  In PaaS, the provider might give some control to the people to build applications on top of the platform. But any security below the application level such as host and network intrusion prevention will still be in the scope of the provider.  Applications sufficiently complex to leverage an Enterprise Service Bus (ESB) need to secure the ESB directly, leveraging a protocol such as Web Service (WS) Security (Oracle, 2009).The ability to segment ESBs is not available in PaaS environments. Metrics should be in place to assess the electiveness of the application security programs.  Hackers are likely to attack visible code, including but not limited to code running in user context. They are likely to attack the infrastructure and perform extensive black box testing. The vulnerabilities of cloud are not only associated with the web applications but also vulnerabilities associated with the machine-to-machine Service Oriented Architecture (SOA) applications.[2] 6.3 Security Issues in IaaS Taking virtual machines, which contain critical applications and sensitive data, off premise to public and shared cloud environments creates security challenges for organizations that have relied on network perimeter defence as the main method to protect their datacenter. It may also revoke compliance and breach security policies. OS Security issues also alive in IaaS. Following are the points which are considered in IaaS. Security Attacks in Cloud:  Denial of Service (DoS) attacks: Some security professionals have argued that the cloud is more vulnerable to DoS attacks, because it is shared by many users, which makes DoS attacks much more damaging.  Side Channel attacks: An attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack.  Authentication attacks: Authentication is a weak point in hosted and virtual services and is frequently targeted. There are many different ways to authenticate users; for example, based on what a person knows, has, or is. The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers.  Man-in-the-middle cryptographic attacks: This attack is carried out when an attacker places himself between two users. Anytime attackers can place themselves in the communication’s path, there is the possibility that they can intercept and modify communications.  Network Security: a) Network penetration and packet analysis. b) Session management weaknesses c) Insecure SSL trust configuration.[2] Fig 5: Security issues in Cloud Models [10]
  • 5. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308 __________________________________________________________________________________________ Volume: 02 Special Issue: 02 | Dec-2013, Available @ http://www.ijret.org 66 7. CONCLUSIONS The cloud providers give many options to its users by increasing the ease of access to its resources by simply connecting to the internet. However this ease of use is also come up with drawbacks as you have less control over your data and have little knowledge of where the data is kept. You must be aware of the security risks of having data stored on the cloud as the cloud is a big target for the attackers and it is having the disadvantage that it can be accessed through an unsecure internet connection. Before starting with the cloud computing we should clearly understand that what type of cloud will be best for our needs, what type of provider will be most useful to our etc? FUTURE WORK Cloud computing has the potential to become a secure and economically viable IT solution in future. We need much more technical and non-technical solution to make the technology work and become more secure in practical. This paper only represents the basic concepts and some of security aspects of cloud computing. We need more modification here. So, in future we want to do more work on the security field of the cloud computing paradigm. ACKNOWLEDGEMENTS We the authors are very graceful to our respected sir Ajoy Kumar Khan of Assam University Silchar for inspiring and guide us to complete this paper successfully and the department of IT, Assam University for providing us such an environment. REFERENCES [1] Ragib Hasan,” Security and Privacy in Cloud Computing”, Johns Hopkins University, en.600.412 Spring 2010. [2] Amar Gondaliya,” Security in Cloud Computing”, Hasmukh Goswami College of Engineering, Ahmedabad. [3] Alexa Huth and James Cebula,” The Basics of Cloud Computing”, US-CERT. [4] Kuyoro S. O., Ibikunle F. & Awodele O. ,“Cloud Computing Security Issues and Challenges”, International Journal of Computer Networks (IJCN), Volume (3) : Issue (5) : 2011 [5] F. A. Alvi1, Ψ, B.S Choudary2, N. Jaferry3, E.Pathan4, “A review on cloud computing security issues & challanges”. [6] Paul Stryer, “Understanding Data Centers and Cloud Computing”, Global Knowledge Training LLC. [7] Article on Security Considerations for Platform as a Service (PaaS) http://social.technet.microsoft.com/wiki/contenco/articl es/3809.security-considerations-for-platform-as-a- service-paas.aspx [8] Pankaj Arora, Rubal Chaudhry Wadhawan, Er. Satinder Pal Ahuja “Cloud Computing Security Issues in Infrastructure as a Service” International Journal of Advanced Research in Computer Science and Software Engineering. [9] Article on SaaS, PaaS, and IaaS: A security checklist for cloud models http://www.csoonline.com/article/660065/saas-paas- and-iaas-a-security-checklist-for-cloud-models [10] Introduction to Google Docks http://en.wikipedia.org/wiki/Google_Docs [11] Charles Cheverance, “Google Application Engine Introduction”, University of Mitchigan. [12] Mike culver, Melody Ng, Jeson Chan “Introduction to Amazon EC2 running IBM”, Amazon web services. [13] Cloud Computing and types of cloud http://cloudblog.8kmiles.com/2012/02/27/cloud- computing-type/ [14] Barrie Sosinsky “Cloud Computing Bible”, Wiley India Pvt Ltd (2011),ISBN-13-9788126529803,2nd edition [15] George Reese “Cloud Application Architectures 1st Edition”, Shroff/o'reilly (2009), ISBN-13 9788184047141, 1stEdition.