23-02-2013, 02:12 PM
Security Threats in Cloud Computing
Security Threats in Cloud Computing.pdf (Size: 606.9 KB / Downloads: 67)
Abstract—
Abstract— Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. General example of cloud services is Google apps, provided by Google and Microsoft SharePoint. The rapid growth in field of “cloud computing” also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data, and examining the utilization of cloud by the cloud computing vendors. The wide acceptance www has raised security risks along with the uncountable benefits, so is the case with cloud computing. The boom in cloud computing has brought lots of security challenges for the consumers and service providers. How the end users of cloud computing know that their information is not having any availability and security issues? Every one poses, Is their information secure? This study aims to identify the most vulnerable security threats in cloud computing, which will enable both end users and vendors to know about the key security threats associated with cloud computing. Our work will enable researchers and security professionals to know about users and vendors concerns and critical analysis about the different security models and tools proposed.
Keyword: Cloud Computing; Cloud Computing Security; Security Survey of Cloud Computing; Security threats; Secure
Cloud computing
INTRODUCTION
―Cloud computing‖ simply means ―Internet computing ―, generally the internet is seen as collection of clouds; thus the word cloud computing can be defined as utilizing the internet to provide technology enabled services to the people and organizations. Cloud computing enables consumers to access resources online through the internet, from anywhere at any time without worrying about technical/physical management and maintenance issues of the original resources. Besides, Resources of cloud computing are dynamic and scalable. Cloud computing is independent computing it is totally different from grid and utility computing. Google Apps is the paramount example of Cloud computing, it enables to access services via the browser and deployed on millions of machines over the Internet. Resources are accessible from the cloud atany time and from any place across the globe using the internet. Cloud computing is cheaper than other computing models; zero maintenance cost is involved since the service provider is responsible for the availability of services and clients are free from maintenance and management problems of the resource machines. Due to this feature, cloud computing is also known as utility computing, or ‗IT on demand‘. Scalability is key attribute of cloud computing and is achieved through server virtualization. This fresh, web-based generation of computing uses remote servers placed in extremely safe and secure data centers for storage of data and management, so organizations do not need to pay for and look after their internal IT solutions. After creation of a cloud, Deployment of cloud computing differs with reference to the requirements and for the purpose it will be used. The principal service models being deployed are:
Software as a Service (SaaS): Software‘s are provided as a service to the consumers according to their requirement, enables consumers to use the services that are hosted on the cloud server.
Platform as a Service (PaaS): Clients are provided platforms access, which enables them to put their own customized software‘s and other applications on the clouds.
Infrastructure as a Service (IaaS): Rent processing, storage, network capacity, and other basic computing resources are granted, enables consumers to manage the operating systems, applications, storage, and network connectivity.
LITERATURE REVIEW
Rongxing et al [1] in this paper gave a new security and provenance proposal for dataforensics and post examination in cloud computing. According to them their proposed system is typified, the proposed system can provide the privacy and security on secret documents/files that are piled up in the cloud. It also provides secure authentication mechanism to control unauthorized user access, and provides track mechanism to resolves disputes of data. Their proposed secure provenance scheme is working on the bilinear pairing method and they have claimed it as the necessary building blocks of data forensics and post examination in cloud computing environment. Using provable security techniques, they have formally verified that there proposed scheme is safe and sound in the standard model. There proposed secure 6th International Conference on Internet Technology and Secured Transactions, 11-14 December 2011, Abu Dhabi, United
Arab Emirates
provenance system for cloud computing includes five parts: [1] ―Setup, KGen, AnonyAuth, AuthAccess, and ProveTrack‖. Due to theample security features, the scheme proposed produces reliable facts for data forensics in cloud computing. They claim that their proposed system can be a cause to move forward for the wide recognition of cloud computing.
The strength of their work is the proposed secure provenance system and limitation of their work is that their proposed scheme is difficult to implement as it is based on complex mathematical model which is very difficult to understand.
La‘Quata Sumter et al. [2] says: The rise in the scope of ―cloud computing‖ has brought fear about the ―Internet Security‖ and the threat of security in ―cloud computing‖ is continuously increasing. Consumers of the cloud computing services have serious concerns about the availability of their data when required. Users have server concern about the security and access mechanism in cloud computing environment. To assure users that there information is secure, safe not accessible to unauthorized people, they have proposed the design of a system that will capture the movement and processing of the information kept on the cloud. They have identified there is need of security capture device on the cloud, which will definitely ensure users that their information is secure and safe from security threats and attacks. The proposed implementation is based on a case study and is implemented in a small cloud computing environment. They have claimed that there proposed security model for cloud computing is a practical model cloud computing.
The advantage of their work is assurance of security to the end users of cloud. The limitation of this study is there proposed framework is not feasible for large scale cloud computing environments.
Mladen [3] states that ―Cloud‖ computing is a recent field, which came into existence after Years of research in networking and different types of computing. It uses a SOA, that minimized the information technology operating and maintenance cost for the clients, it offers greater flexibility, reduces capital costs, provides required services are along with many other characteristics. This study discusses issues associated with cloud computing along with Virtualization, Cyber infrastructure; Service oriented Architecture and end users. Implementation, research and security issues are studied in detail and key concerns have been identified. The study ranked security as the primary challenge in cloud computing. It is being observed that the users of cloud computing services are not satisfied with the current security mechanism in cloud computing. Service providers must assure the availability and reliability of services to the consumers available anytime, anywhere using internet, plus security, safety, data protection and Privacy is also exercised. The study further emphasizes that further research on security of cloud computing is required.
The benefit of this study is the identification of issues related with security and implementation. The drawback of this work is the study is based on theoretical concepts nothing practical found in this study. This work could have contributed more if practical things were discussed.