A PROJECT REPORT

ON

“CLOUD COMPUTING SECURITY ISSUES AND THREATS IN

BUSINESS ENVIRONMENT”

Submitted in the partial fulfillment of the requirements for

The degree of

BACHELOR OF ENGINEERING IN COMPUTER ENGINEERING

By

1) NACHIKET JADHAV
2) ANIKET MATODKAR
3) ANISH MANDHARE

DEPARTMENT OF COMPUTER ENGINEERING

SARASWATI COLLEGE OF ENGINEERING,
SECTOR-5, KHARGHAR, NAVI MUMBAI-410210
UNIVERSITY OF MUMBAI

ACADEMIC YEAR 2020-2021

1
 CLOUD COMPUTING SECURITY ISSUES

ABSTRACT

Cloud computing is an emerging paradigm which has become today’s hottest research area due
its ability to reduce the costs associated with computing. In today’s era, it is most interesting
and enticing technology which is offering the services to its users on demand over the internet.
Since Cloud computing stores the data and disseminated resources in the open environment,
security has become the main obstacle which is hampering the deployment of Cloud
environments. Even though the Cloud Computing is promising and efficient, there are many
challenges for data security as there is no vicinity of the data for the Cloud user. In this report, I
with the help of related survey studied different research papers in the field of Cloud Security. I
identified different Issues, Vulnerabilities, Threads, Challenges and Risk associated to
Cloud Security. Some contribution and proposed techniques to Cloud Security by different
researchers are studied in-depth and mentioned in related work section

KEYWORDS: Cloud Computing, Service Models, Deployment Models, Security Issues

2
 Table of Content

SR NO TITLE PAGE NO

1 3
ABSTRACT
2 INTRODUCTION 4

3 Evolution of cloudcomputing 5

4 Cloud security challenges 6

4.1
Characteristic of cloud
7
computing
5 Need for security in cloud 8

5.1 9
Security & Privacy Attributes
5.3 10
Cloud Accountability

6 Security risk, threats 13

Vulnerability
7 Different approaches to cloud 15

computing
8 CONCLUSION 20

9 References 21

3
 Introduction

Cloud computing is an internet-based computing technology, where shared re-

sources such as software, platform, storage and information are provided to cus-
tomers on demand. Cloud computing is a computing platform for sharing
resourcesthat include infrastructures, software, applications, and business
processes. CloudComputing is a virtual pool of computing resources. It provides
computing resourcesin the pool for users through internet. Cloud computing, as an
emerging computingparadigm aiming to share storage, computation, and services
transparently among amassive users. The exact definition of cloud computing is A
large-scale distributedcomputing paradigm that is driven by economies of scale, in
which a pool of abstracted,virtualized, dynamically scalable, managed computing
power, storage, platforms, andservices are delivered on demand to external
customers over the Internet [3].

Current cloud computing systems pose serious limitation to protecting users

dataconfidentiality. Since users sensitive data is presented in unencrypted forms to
re-mote machines owned and operated by third party service providers, the risks
ofunauthorized disclosure of the users sensitive data by service providers may be
quitehigh. There are many techniques for protecting users data from outside
attackers.An approach is presented to protecting the confidentiality of users data
from ser-vice providers, and ensures service providers cannot collect users
confidential datawhile the data is processed and stored in cloud computing
systems. Cloud comput-ing systems provide various Internet based data storage
and services. Due to itsmany major benefits, including cost effectiveness and high
scalability and flexibility,cloud computing is gaining significant momentum
recently as a new paradigm ofdistributed computing for various applications,
especially for business applications.Along with the rapid growth of the Internet.
With the rise of the era of cloud comput-ing, concerns about Internet Security
continue to increase. To address this problemwe propose the design of a system
that will capture the movement of information onthe cloud. We will be identifying
whether there is a need for some type of securitycapture device/measure on the
cloud, which will allow users to know whether theirinformation is secure and safe
without comprising from threats and attacks.

4
 Evolution of cloud computing

Cloud computing began to get both awareness and popularity in the early
2000s.When the concept of cloud computing originally came to prominence most
people did not fully understand what role it fulfilled or how it helped an
organization. In some cases people still do not fully understand the concept of
cloud computing. Cloud computing can refer to business intelligence (BI),
complex event processing (CEP), service-oriented architecture (SOA), Software as
a Service (SaaS), Web-oriented architecture (WOA), and even Enterprise 2.0. With
the advent and growing acceptance of cloud-based applications like Gmail, Google
Calendar, Flickr, Google Docs, and Delicious, more and more individuals are now
open to using a cloud computing environment than ever before. As this need has
continued to grow so has the support and surrounding infrastructure needed to
support it. To meet those needs companies like Google, Microsoft, and Amazon
have started growing server farms in order to provide companies with the ability to
store, process, and retrieve data while generating income for themselves. To meet
this need Google has brought on-line more than a million servers in over 30 data
centers across its global network. Microsoft is also investing billions to grow its
own cloud infrastructure. Microsoft is currently adding an estimated 20,000 servers
a month. With this amount of process, storage and computing power coming
online, the concept of cloud computing is more of a reality than ever before. The
growth of cloud computing had the net effect of businesses migrating to a new way
of managing their data infrastructure. This growth of cloud computing capabilities
has been described as driving massive centralization at its deep center to take
advantage of economies of scale in computing power, energy
consumption,cooling,and administration

5
 Cloud security challenges

The world of computation has changed from centralized to distributed systems

andnow we are getting back to the virtual centralization which is the Cloud
Computing.Location of data and processes makes the difference in the realm of
computation.We have the cloud computing wherein, the service and data
maintenance is providedby some vendor which leaves the client/customer unaware
of where the processes arerunning or where the data is stored. So, logically
speaking, the client has no controlover it. The cloud computing uses the internet as
the communication media. Whenwe look at the security of data in the cloud
computing, the vendor has to providesome assurance in service level agreements
(SLA) to convince the customer on secu-rity issues. Organizations use cloud
computing as a service infrastructure, criticallylike to examine the security and
confidentiality issues for their business critical in-sensitive applications. What are
the security concerns that are preventing companiesfrom taking advantage of the
cloud? This section deals with the taxonomy of thesecurity concerns.Traditional
security issues are still present in cloud computing environments. But asenterprise
boundaries have been extended to the cloud, traditional security mecha-nisms are
no longer suitable for applications and data in cloud. Traditional concernsinvolve
computer and network intrusions or attacks that will be made possible or atleast
easier by moving to the cloud. Cloud providers respond to these concerns
byarguing that their security measures and processes are more mature and tested
thanthose of the average company. It could be easier to lock down information if
it’sadministered by a third party rather than in-house, if companies are worried
aboutinsider threats In addition, it may be easier to enforce security via contracts
withonline services providers than via internal controls. Due to the openness and
multi-tenant characteristic of the cloud, cloud computing is bringing tremendous
impacton information security field [1].Availability concerns center on critical
applications and data being available. Well-publicized incidents of cloud outages
include Gmail. As with the Traditional Securityconcerns, cloud providers argue
that their server uptime compares well with the avail-ability of the cloud users own
data centers. Cloud services are thought of as providingmore availability, but
perhaps not there are more single points of failure and attack.Third-party data
control the legal implications of data and applications being held by a third party
are complex and not well understood. There is also a potential lackof control and
transparency when a third party holds the data. Part of the hype ofcloud computing
is that the cloud can be implementation independent, but in realityregulatory
compliance requires transparency into the cloud [3], [4].

6
 CHARACTERISTICS OF CLOUD COMPUTING

Cloud services exhibit five essential characteristics that demonstrate their

relationto, and differences from, traditional computing approaches: [4]

•On-demand selfservice - A consumer can unilaterally provision computing

capabilities such as server time and network storage as needed automatically,
without requiring human interaction with a service provider.

•Broad network access - Capabilities are available over the network and ac-cessed
through standard mechanisms that promote use by heterogeneous thinor thick
client platforms (e.g., mobile phones, laptops, and PDAs) as well asother
traditional or cloud based software services.

•Resource pooling - The providers computing resources are pooled to

servemultiple consumers using a multi-tenant model, with different physical
andvirtual resources dynamically assigned and reassigned according to
consumerdemand. There is a degree of location independence in that the
customergenerally has no control or knowledge over the exact location of the
providedresources, but may be able to specify location at a higher level of
abstraction(e.g., country, state, or datacenter). Examples of resources include
storage,processing, memory, network bandwidth, and virtual machines. Even
privateclouds tend to pool resources between different parts of the same
organization.

•Rapid elasticity - Capabilities can be rapidly and elastically provisioned insome

cases automatically to quickly scale out; and rapidly released to quicklyscale in. To
the consumer, the capabilities available for provisioning oftenappear to be
unlimited and can be purchased in any quantity at any time.

•Measured service - Cloud systems automatically control and optimize re-source

usage by leveraging a metering capability at some level of abstraction6
appropriate to the type of service (e.g., storage, processing, bandwidth, or ac-tive
user accounts). Resource usage can be monitored, controlled, and
reportedproviding transparency for both the provider and consumer of the service.

7
 Need for security in cloud

A users dependence on cloud is analogous to a persons dependence on

publictransportation as it forces one to trust over which one have no control, limits
whatone can transport, and subjects us to rules and schedules that wouldn’t apply
ifone had their own vehicles. On the other hand, it is so economical that one
doesntrealistically have any alternative.Users of the cloud arent aware about the
locationof the data and ultimately have to rely on the cloud service provider for
exercisingappropriate security measures. Therefore cloud security issue is the most
importantand elicited topic among the IT professionals.Security in cloud
computing is of two types:

•Data security It focuses on protecting the software and hardware associatedwith

the cloud. It deals with choosing an apt location for data centers so asto protect it
from internal threats, different types of weather conditions, fireand even physical
attacks that might destroy the center physically and externalthreats avoiding
unauthorized access and break ins.

•Network security Protecting the network over which cloud is running fromvarious
attacks DOS, DDOS, IP Spoofing, ARP Spoofing and any novel attacksthat
intruders may device. Attack on data affects a single user whereas a suc-cessful
attack on Network has the potential to affect multiple users. Thereforenetwork
security is of foremost importance

8
 Security & Privacy Attributes

Five most representative security and privacy attributes are confidentiality,

integrity,availability, accountability, and privacy-preservability, which is shown in
figure 5.1.Within the enterprise boundaries, data transmission usually does not
require encryp-tion, or just have a simple data encryption measure. For data
transmission acrossenterprise boundaries, both data confidentiality and integrity
should be ensured inorder to prevent data from being tapped and tampered with by
unauthorized users.In other words, only the data encryption is not enough. Data
integrity is also needed

5.1 Security & privacy

to be ensured .Therefore it should ensure that transport protocols provide both con-
fidentiality and integrity. Confidentiality and integrity of data transmission need to
ensure not only between enterprise storage and cloud storage but also between
different cloud storage services.[1].Threats to these attributes and Defence
strategies are discussing below

9
Cloud accountability

Accountability implies that the capability of identifying a party, with undeniable

evidence, is responsible for specific events. When dealing with cloud
computing,there are multiple parties that may be involved; a cloud provider and its
customers are the two basic ones, and the public clients who use applications (e.g.,
a webapplication) outsourced by cloud customers may be another party. A fine-
grained identity, however, may be employed to identify a specific machine or even
the faulty/malicious program that is responsible.Threats to Cloud
accountability•SLA violation: the loss of data control is problematic when
something goes away. For instance, the following problems may possibly arise: 1)
The machines in the cloud can be mis-configured or defective and can
consequently corrupt the customers data or cause his computation to return
incorrect results; 2) The cloud provider can accidentally allocate insufficient
resources for the customer,an act which can degrade the performance of the
customers services and then violate the SLA; 3) An attacker can embed a bug into
the customers software in order to steal valuable data or to take over the customers
machines for spamming or DoS attacks; 4) The customer may not have access to
his data either because the cloud loses it or simply because the data is unavailable
at an inconvenient time

.• Dishonest MapReduce: MapReduce is a parallel computing paradigm that is

widely employed by major cloud providers (Google, Yahoo!, Facebook,
etc.).MapReduce splits a large data set into multiple blocks, each of which are sub-
sequently input into a single worker machine for processing. However, working
machines may be mis-configured or malicious, as a result, the processing results
returned by the cloud may be inaccurate

.• Hidden identity of adversaries: Due to privacy concerns, cloud providers should

not disclose cloud customer’s identity information. Anonymous accessis employed
to deal with this issue; although anonymity increases privacy, italso introduces
security problems. Full anonymity requires that a customers information must be
completely hidden from absolutely anyone or anything else. In this case, malicious
users can jeopardize the data integrity without being detected since it becomes
easier to hide their identities.

• Inaccurate billing of resource consumption: The pay-as-you-go model enables

customers to decide how to outsource their business based on their necessities as
well as the financial situations. However, it is quite difficult for customers to verify
the expenses of the resource consumption due to the black box and dynamic nature

10
of cloud computing. From the cloud vendors perspective, in or-der to achieve
maximum profitability, the cloud providers choose to multiplex applications
belonging to different customers to keep high utilization. The multiplexing may
cause providers to incorrectly attribute resource consumption to customers or
implicitly bear additional costs, therefore reducing their cost effectiveness. For
example, I/O time and internal network bandwidth are not metered, even though
each incurs non-trivial cost. Additionally, meteringsharing effects, such as shared
memory

Defence strategies

• Accountability on Service Level Agreement(SLA): To deal with this dispute ofan

SLA violation, a primitive AUDIT (A, S, t1, t2) is proposed in to allow
thecustomers to check whether the cloud provider has fulfilled the SLA (denotedby
A) for service S between time internal t1 and t2. AUDIT will return OK ifno fault
is detected; otherwise AUDIT will provide verifiable evidence to exposethe
responsible party.

• Accountable virtual machine (AVM): The intent of AVM is to enable users to

audit the software execution on remote machines. AVM is able to
1) detect faults,
2) identify faulty node,
3) provides verifiable evidence of a particularfault and point to the responsible
party. AVM is applicable to cloud comput-ing in which customers outsource their
data and software on distrusted cloudservers. AVM allows cloud users to verify the
correctness of their code in thecloud system. The approach is to wrap any running
software in a virtual ma-chine, which keeps a tamper-evident log to record the
entire execution of thesoftware.

• Collaborative monitoring: A solution that is similar to AVM was developed

bymaintaining an external state machine whose job is to validate the correctnessof
the data and the execution of business logic in a multi-tenancy environment.The
authors in define the service endpoint as the interface through which thecloud
services are delivered to its end users. It is assumed that the data mayonly be
accessed through endpoints that are specified according to the SLAbetween the
cloud provider and the users. The basic idea is to wrap eachendpoint with an
adapter that is able to capture the input/output of the end-point and record all the
operations performed through the endpoint. The logis subsequently sent to the
external state machine for authentication purposes.

11
• Accountable MapReduce(AMR): This problem has been addressed with Se-
cureMR, which adopts full task duplication to double check the processingresult.
SecureMR requires that twice two different machines, which will doublethe total
processing time, execute a task. Additionally, SecureMR suffers falsepositive when
an identical faulty program processes the duplicated tasks.

• Secure provenance: Secure provenance is introduced with an aim to ensure

that verifiable evidence might be provided to trace the real data owner and
therecords of data modification. Secure provenance is essential to improve
dataforensic and accountability in cloud systems. It is proposed a secure
provenancescheme based on bilinear paring techniques, first bringing provenance
problemsinto cloud computing. Considering a file stored in cloud, when there is
disputeon that file, the cloud can provide all provenance information with the
ability toplot all versions of the file and the users that modified it. With this
information,a specific user identity can be tracked.

• Verifiable Resource Accounting: It enables cloud customers to be assuredthat i)

their applications indeed consumed the resources they were charged forand ii) the
consumption was justified based on an agreed policy. The schemein considers three
roles: the customer C, the provider P, and the verifier V.First, C asks P to run task
T; then, P generates a report R describing whatresources P thinks that C consumes.
C then sends the report R and someadditional data to V who checks whether R is a
valid consumption report. Byimplementing a trusted hardware layer with other
existing technologies suchas offloading monitoring, sampling, and snapshot, it can
be ensured that a)the provider does not overcharge/undercharge customers and b)
the providercorrectly assigns the consumption of a resource to the principal

12
 Security Risk, Threats, Vulnerabilities

Vulnerability” refers to a software, hardware, or procedural weakness that

may provide an attacker the open door to enter a computer or network and
have unauthorized access to resources within the environment. Vulnerability
characterizes the absence or weakness of a safeguard that could be exploited.
“Threat” is any potential danger to information or systems. The threat is that
someone, or something, will identify a specific vulnerability and use it against
the company or individual. “Risk” is the likelihood of a threat agent taking
advantage of vulnerability and the corresponding business impact , here in this
paper researchers conduct a survey and indentified some Risks associated
with CC Security which are mentioned below in Fig.3 Information security
risks in Cloud Computing (CC) were subject for detailed analysis and assessment.
One of the best efforts in this direction was realized by the European Network
Information Systems Agency (ENISA) whom developed a comprehensive detailed
research in this regards. Other groups such as Cloud Security Alliance (CSA) who
specialize in cloud computing technology and information security matters also
have significant publications. ENISA classifies Cloud Computing (CC) risks
into three categories: Organizational, Technical and Legal. CSA threats model
avoids classifying CC’s risks but yet introduce a detailed list of considerable
issues that need to be properly addressed [3]. The organizational risks
classification includes all risks that may impact the structure of the organization or
the business as an entity. business reputation due to co-tenant activities and any
organizational change that can happen to the cloud provider (as a business
organization) including provider failure, termination or acquisition.

13
he technical risks classification includes problems or failures associated with the provided
services or technologies contacted from the cloud service provider. Examples of such risks
include, but not limited to, resource-sharing isolation problems, malicious (insiders or
outsiders) attacks on the cloud provider, and any possibility of data leakage on
download/upload through communication channels .

The legal risks classification refers to issues that surround data being exchanged across
multiple countries that have different laws and regulations concerning data traversal,
protection requirements and privacy laws. Examples of such risks include, but not limited to,
risks resulting from possible changes of jurisdiction and the liability or obligation of the
vendor in case of loss of data and/or business interruption.

Cloud Computing is based on a new utilization of technology and many risks that used to be
present in other technological implementations do still exist, and are realized as not cloud
specific. Risks like social engineering, physical security, lost or stolen backups, and loss or
compromise of security logs are just a few examples of such general security risks. The Cloud
Security Alliance (CSA) lists the following threats as the top risks associated with CC based
on their recent research: malicious insiders, data loss/leakage, abuse and nefarious use of CC
and shared technology vulnerabilities. Even though CSA prefers to prioritize risks, it easy to
see that each of the listed threats can be included in the ENISA categories or as non-cloud
specific, or general, security risk . Other researchers prefer to focus on
cloud specific vulnerabilities, without much focus on threats and risks. According to
such research, a particular vulnerability can be considered specific to cloud computing if it
meets any of the following criteria
It is intrinsic to or prevalent in a core technology of cloud computing, such as virtualization,
service-oriented architecture, and cryptography.

 It has its root cause in one of essential cloud characteristics, such as elasticity, resource
pooling, and pay-as-you-go model
 It is caused by cloud innovations making exiting (tried and tested) security controls hard
or impossible to implement; for example, management procedures that were created
initially for a fixed hardware structure do not port correctly to virtual machines.
 It is prevalent in established state-of-the-art cloud services.

To appropriately assess the risks that are introduced to an organization when using cloud
computing, these four categories based on the Economist's Business Risk model
(Managing Business Risks in the Information Age, 1998) can be used to identify possible risks:
access, availability, infrastructure, and integrity . In paper authors identified top seven security
threads to CC that are listed below:

 Abuse and Nefarious Use of Cloud Computing.

 Insecure Application Programming Interfaces.
 Malicious Insiders.
 Shared Technology Vulnerabilities.
 Data Loss/Leakage
 Account, Service & Traffic Hijacking.
 Unknown Risk Profile.
14
 Different approaches to cloud computing

Cloud computing has become a common term over the last decade, but the service
sometimes creates confusion. With all the new cloud options and the phrase “as a
service” seemingly tacked onto everything imaginable, it’s helpful to take a step
back and look at the differences between the main types of cloud deployment and
the different types of cloud computing services.

Cloud deployment describes the way a cloud platform is implemented, how it’s
hosted, and who has access to it. All cloud computing deployments operate on the
same principle by virtualizing the computing power of servers into segmented,
software-driven applications that provide processing and storage capabilities

15
Public Cloud
Some public cloud examples include those offered by Amazon, Microsoft, or
Google. These companies provide both services and infrastructure, which are
shared by all customers. Public clouds typically have massive amounts of available
space, which translates into easy scalability. A public cloud is often recommended
for software development and collaborative projects. Companies can design their
applications to be portable, so that a project that’s tested in the public cloud can be
moved to the private cloud for production. Most cloud providers package their
computing resources as part of a service. Public cloud examples range from access
to a completely virtualized infrastructure that provides little more than raw
processing power and storage (Infrastructure as a Service, or IaaS) to specialized
software programs that are easy to implement and use (Software as a Service, or
SaaS).

The great advantage of a public cloud is its versatility and “pay as you go”
structure that allows customers to provision more capacity on demand. On the
downside, the essential infrastructure and operating system of the public cloud
remain under full control of the cloud provider. Customers may continue to use the
platform under the terms and conditions laid out by the provider, but they may
have difficulty repatriating their assets if they want to change providers. Should the
provider go out of business or make significant changes to the platform, customers
could be forced to make significant infrastructure changes on short notice. There’s
also the risk of an unpatched security vulnerability in the cloud architecture
exposing customers to risk.

16
Private Cloud
Private clouds usually reside behind a firewall and are utilized by a single
organization. A completely on-premises cloud may be the preferred solution for
businesses with very tight regulatory requirements, though private clouds
implemented through a colocation provider are gaining in popularity. Authorized
users can access, utilize, and store data in the private cloud from anywhere, just
like they could with a public cloud. The difference is that no one else can access or
utilize those computing resources. Private cloud solutions offer both security and
control, but these benefits come at a cost. The company that owns the cloud is
responsible for both software and infrastructure, making this a less economical
model than the public cloud.

The additional control offered by a private cloud makes it easier to restrict access
to valuable assets and ensures that a company will be able to move its data and
applications where it wants, whenever it wants. Furthermore, since the private
cloud isn’t controlled by an outside vendor, there’s no risk of sudden changes
disrupting the company’s entire infrastructure. A private cloud solution will also
not be affected by a public cloud provider’s system downtime. But private clouds
also lack the versatility of public clouds. They can only be expanded by adding
more physical compute and storage capacity, making it difficult to scale operations
quickly should the business need arise.

17
Hybrid Cloud

Hybrid clouds combine public clouds with private clouds. They are designed to
allow the two platforms to interact seamlessly, with data and applications moving
smoothly from one to the other.

The primary advantage of a hybrid cloud model is its ability to provide the scalable
computing power of a public cloud with the security and control of a private cloud.
Data can be stored safely behind the firewalls and encryption protocols of the
private cloud, then moved securely into a public cloud environment when needed.
This is especially helpful in the age of big data analytics, when industries like
healthcare must adhere to strict data privacy regulations while also using
sophisticated algorithms powered by artificial intelligence (AI) to derive actionable
insights from huge masses of unstructured data.

There are two commonly used types of hybrid cloud architecture. Cloudbursting
uses a private cloud as its primary cloud, storing data and housing proprietary
applications in a secure environment. When service demands increase, however,
the private cloud’s infrastructure may not have the capacity to keep up. That’s
where the public cloud comes in. A cloudbursting model uses the public cloud’s
computing resources to supplement the private cloud, allowing the company to
handle increased traffic without having to purchase new servers or other
infrastructure.

The second type of hybrid cloud model also runs most applications and houses
data in a private cloud environment, but outsources non-critical applications to a
public cloud provider. This arrangement is common for organizations that need to
access specialized development tools (like Adobe Creative Cloud), basic
productivity software (like Microsoft Office 365), or CRM platforms (like
Salesforce). Multi-cloud architecture is often deployed here, incorporating multiple
cloud service providers to meet a variety of unique organizational needs.

18
Community Cloud

Although not as commonly used as the other three models, community clouds are a
collaborative, multi-tenant platform used by several distinct organizations to share
the same applications. The users are typically operating within the same industry
or field and share common concerns in terms of security, compliance, and
performance.

In essence, a community cloud is a private cloud that functions much like a public
cloud. The platform itself is managed privately, either in a data center or on-
premises. Authorized users are then segmented within that environment. These
deployments are commonly used by government agencies, healthcare
organizations, financial services firms, and other professional communities.

19
 CONCLUSION

Very new technology has its pros and cons, similar is the case with cloud
computing.
Although cloud computing provides easy data storage and access. But there are
several issues related to storing and managing data, that is not controlled by owner
of the data. This paper discussed security issues for cloud. These issues include
cloud
integrity, cloud confidentiality, cloud availability, cloud privacy. There are several
threats to cloud confidentiality including cross-VM attack and Malicious sysadmin.
On the other hand integrity of cloud is compromised due to data loss and dishonest
computation in remote servers. Denial of Service attack(Dos) is the most common
attack which is also possible in cloud computing network. This attack attempts to
prevent the data available to its intended users. The last issue is cloud privacy and
it is similar to cloud confidentiality. if cloud confidentiality is at risk, cloud privacy
will also be at risk

20
 References

Papers:

[1] H. Takabi, J. B. D. Joshi and G. J. Ahn, ”Security and Privacy Challenges in

CloudComputing Environments” , Security and Privacy, IEEE, vol.8 , no.6, pp.24-
31,Nov/Dec 2010

[2] K. Ren, C. Wang and Q. Wang, ”Security Challenges for the Public Cloud”,
InternetComputing, IEEE , vol.16, no.1, pp.69-73, Jan/Feb 2012.

[3] Z. Xiao and Y. Xiao, ”Security and Privacy in Cloud Computing ”,IEEE
Commun.Surveys and Tutorials, vol. 15, no.2, pp.843 - 859, Second quarter 2013.

[4] Cloud Security Alliance (CSA). Security Guidance for Critical Areasof Focus
in Cloud Computing V2.1, (Released December 17,
2009).(http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf. Accessed
Jan. 13,2011.)

21