COURSE NAME

REPORT TITLE
Prepared by

The Research and Design of Computing on cloud Security Framework

Table of content

Abstract 2

Introduction 2

Motivation 4

Related work 6

Problems with Computing on cloud Security 6

Lack of Consistent Security Standards in Computing on cloud 6

Computing on cloud Security Issues Network Layer 6

Data Security of Computing Clouds 7

Framework for computing on cloud security 8

Methodology 13

Results Analysis 14

Conclusion and future work 14

Limitation: 15

References 16
Abstract

Computing on cloud has advanced rapidly in the last decade as a novel method.
Nevertheless, given the significant effects that safety matters have had on the growth
and acceptance of computing on cloud, it is important to recognise their significance
and pressing nature. Such an article discusses the current state of computing on cloud
security, examines its primary security issues, and develops a structure for
computing on cloud security that can successfully address these issues. It also
illustrates the claim that computing on cloud can continue to grow and find more
applications if security issues are resolved.

Introduction

The idea of computing on cloud is fresh in the age of technology. This idea gives
computing science new paradigms, methods, and strategies. In the cloud, users build
and maintain software online, and only that programme, platform, or infrastructure
is used to access the software and data [1]. Prior to 2005, customers had the idea of
renting tools, data, and software to run, maintain, and improve their hardware and
software. This fantasy is already a reality because it is currently feasible to rent
whatever resources you choose. Cloud generally contains four fundamental traits:

a. Scalability: Scalable architecture is chosen by the cloud. Scalability refers to

the ability to add hardware to the Cloud system in order to increase its resource
capacity [2]. However, the software security is sacrificed for this
functionality. Scalability might make the Cloud easier to portray and
encourage thieves to get unauthorised access to cloud storage and datacenters
[3]. The goal of [4] was to familiarise the reader with this dispersed schemes
issue: user-oriented scalability service-level. Because they deal with distinct

2
 roles and degrees of abstraction, Infrastructure as a Service (IaaS) and
Platform as a Service (PaaS) are used to analyse scalability difficulties [5].
b. Availability: Anytime, everywhere access is possible to the services, platform,
and data. Computing on cloud might be more vulnerable to software security
risks, especially if it is built on the Internet rather than an organization's own
platform [6].
c. Automated Backup: Many electronic device makers rely on the Computing
on cloud paradigm and are increasingly including it in their products since it
delivers the features of communication and automatic backup of the
information [7].
d. enhancing the user experience and providing extra features, such as the ability
to synchronise information amongst friends who have the same identities
registered on phones and social networking sites like Facebook [8].

Currently, the academic world demands linking applications and other resources
both inside and across organisations, exchanging, disseminating, integrating, and
modifying information [9]. Software security becomes a critical concern because of
openness, virtualization, & distribution connectivity in order to guarantee the
integrity, confidentiality, & authenticity of digital data in Clouds [1-3].

Several of the trendiest subjects in the digital world, computing on cloud is a novel
tools built on parallel computing, distributed processing, and grid calculating.
Authorities, businesses, and academic institutions have all given it careful
consideration [1].

SaaS, PaaS, and IaaS are the three primary components of computing on cloud
(infrastructure as a service). according to Figure 1. In most cases, a SaaS hosts
provider and operates a specific request in their own centre of data and creates it

3
accessible to several occupants and users online. SaaS firms utilise the PaaS or IaaS
service offerings of another cloud provider. Salesforce.com and Oracle's CRM on
Demand are two SaaS instances. An technology and deploying framework known as
PaaS is made available to developers as a service through the Internet. It provides all
the amenities needed to provision the complete life cycle of structure and bringing
applications and services of web that are completely accessible from the Internet,
making it easier to develop and deploy requests deprived of the expense and
difficulty of purchasing and handling the fundamental organization. The
infrastructure software that makes up this platform generally comprises of a store,
middleware, and growth tools.

Fig. 1. The Computing on cloud main three aspects

Motivation

4
To manage, store, and process data, computing on cloud is a networked system of
remote computers housed on the Internet. Utilizing current advances in digital
technology, computer services are available on demand through the Internet to
promote corporate innovation, agility, and expansion.

The primary goal of computing on cloud is to make it possible for companies to

access data centres and handle work from a distance. Pay-as-you-go pricing is the
basis for computing on cloud, which lowers operational costs and improves
infrastructure management for enterprises.

Having a single integrated solution that supports the necessary security primitives,
such as secrecy, authentication, and integrity, is one of the main goals when
providing cloud security. Because private data is moved from local devices to global
or dispersed systems for storage, processing, and computing, cloud security cannot
be handled using traditional IT security techniques. An all-encompassing approach
to cloud security is necessary, as opposed to a requirement-based approach to issue
solutions. According to [2, 17], the major concerns to be addressed for a sustainable
and scalable cloud are confidentiality-enabled computing, user-defined
authentication and access control, and atomic data integrity. The goal of this study
is to find an integrated cloud security solution that meets the requirements for
confidentiality, integrity and authentication.

The security layers, design, and organisation of the platform, tools, software,
infrastructure, and best practises that are part of a cloud security solution comprise a
cloud security architecture. A cloud security architecture provides a written and
visual model to define how to configure and secure cloud-based activities and
operations, including things like identity and access management, techniques and
controls to safeguard applications and data, methods for gaining and maintaining

5
visibility into compliance, threat posture, and overall security, processes for
incorporating security principles into the creation and operation of cloud services,
policies and governance.

In general, cloud security relates to the safeguarding of data, platforms, applications,

and infrastructure that run or exist within the cloud. All computing on cloud
infrastructures, including public clouds, private clouds, and hybrid clouds, are
subject to cloud security. Cybersecurity includes cloud security.

Related work

Problems with Computing on cloud Security

Lack of Consistent Security Standards in Computing on cloud

Computing on cloud security standards are currently in their early stages and do not
yet have a full set of security requirements. In order to improve interoperability and
security, decrease repetitive investment or repetitive innovation, and create
additional standard organizations, security on computing on cloud standards are
being developed. For instance, the DMTF and the Cloud Security Alliance (CSA)
have already started working on computing on cloud standards and achieved
headway [3]. The capabilities of cloud service providers and user security goals are
measured by computing on cloud security standards. With the unchanging standard,
the handler may select through the authentication standard cloud service, creating
confidence, and shall instantly understand accountability once an accident occurs.

Computing on cloud Security Issues on layer of network

Conventional network assaults: Because computing on cloud relies on a structure of

network, these attacks pose a serious threat. They basically fall into the following
categories: distributed denial of service (DDOS) attacks, information collecting

6
attacks, usage attacks, and fake news attacks [10]. Computing on cloud has the
following unique traits: Huge user information resources, high levels of
centralization, and complex management make them more vulnerable to hacking.
Hackers will likely target the entire computing on cloud services via a handler, and
the resulting loss and damage will be more clear than in a old enterprise nets claim
setting.

Control of access by prominence: In general, services of cloud get access to data

before users do. As a result, customers can't always rely on the administrative staff
and other workers to keep their sensitive and vital data secure.

Attack using Secure Sockets Layer (SSL): Many cloud providers use SSL to provide
cloud security. SSL is an encryption technique that offers protection for network
communication. In contrast to the typical method of network assault, many hackers
and groups are currently researching SSL. Although atacks of SSL are still
infrequent, it is a concern for security for computing on cloud.

Computing Clouds Data Security

Location of data: When using services for computing on cloud, consumers are
unaware of the location of the data on the servers, including the nation in which they
are located [4]. Due to the varied laws in these nations, providers could be compelled
to disclose data when those governments need to look into those data, making it
impossible for them to ensure the confidentiality of user data.

Data separation: A lot of data od user used in services on computing on cloud is

shared in an environment. The internet protocol address of a handler may be use
again to additional by providers in order to cut costs. This practice frequently results
in data misuse, and data privacy is not always guaranteed. Data encryption is one
technique to assure data security, although encryption does not always ensure data

7
security, and a failed decryption attempt might result in data loss [9]. The inability
to use data by users and cloud services diminishes data efficiency and wastes
resources.

Data backup: Valuable data cannot be recovered if cloud services do not back up
their files. This is true whether the data was lost due to server issues or user error.

Framework for computing on cloud security

There is a need to design a framework for computing on cloud security and actively
pursue its essential technical research since computing on cloud now faces several
security issues that are impeding its growth and adoption. Here, we offer a paradigm
for computing on cloud security, which is illustrated in Figure 2.

a. The setup of a firewall may significantly improve security in computing on

cloud. Limiting the type of open port is the strategy. The Web server group
among them makes ports 80 and 443 (HTTP and HTTPS, respectively)
available to the public, while the application server group only makes port
8000 (special application service ports) available to the Web server group and
the database server group only makes port 3306 (MySQL port) available to
the application server group. The three sets of network servers simultaneously
open port 22 (the SSH port) for users and by default reject all other network
connections. This approach will significantly increase security [5].
b. SaaS providers should ensure the security of programmes and components
and give consumers complete applications and components in the cloud. The
proposed security features include two key components: Access control
approach with priority: SaaS providers offer user name and password-based
user identity authentication and access control functions. Users should be
familiar enough with the provider they have selected to be able to take any

8
 internal threats to the security of cloud apps into account. In order to increase
the security of user accounts, cloud providers should also offer high strength
passwords, reset them on schedule, base password length on the degree of data
sensitivity, and avoid using features like obsolete passwords.Preventing
common network attacks: DDOS attack providers can utilise a variety of
techniques depending on the assault means, but generally they should depend
on on the current, established network outbreak self-protective actions. For
instance, ending superfluous services of TCP/IP, setting a firewall to prevent
request on Internet, blocking ICMP, and any other unknown protocol.
Providers can timely install software fixes and monitor the TCP service for
usage type attacks. Traditional network attacks have been researched for a
very long period, and highly mature solutions may be used. Cloud providers
can fully utilise these products to assure the security of the computing clouds
[6].

9
 Fig. 2. Framework for security for computing on cloud

c. PaaS is the intermediary layer in computing on cloud, and there are two
components to security measures: Application of virtual machine technology:
Providers can build up virtual machines in current operating systems by
utilising the benefits of virtual machine technology. While access limitations
are in place, regular users can only operate computer hardware by advertising
operational rights. This clearly distinguishes between administrators and
regular users; even if a user is attacked, the server will not be harmed.
d. SSL attack defence: The user has to increase their preventative measures in
case an SSL attack occurs. To help users patch for the first time and ensure
that the SSL patch can be applied promptly, providers should offer the
appropriate patch and protective measures. In addition, enhancing

10
 management authority, preventing simple access to security certificates, and
employing the firewall to block particular ports are all effective defence
strategies [7].
e. IaaS is often invisible to regular users, management, and maintenance are
totally handled by cloud providers, and data storage security is of utmost
importance. Users should be informed by cloud service providers about the
nation in where their servers are located and that it is legal to use their data
without breaking any local laws in that nation. Providers must segregate
customer data stored in distinct data servers because combining diverse user
data makes data encryption not only unreliable but also less efficient [8]. Data
separation chaos may be avoided by separating the user data storage.
Important and private data should be backed up for data backup in order to
readily restore it in the event of a hardware breakdown.
f. A cohesive protection standard authenticator for cloud services is presently
missing, but numerous organizations were formed to meet certain standards.
A full set of cloud security framework needs to have a standardized form so
that the authenticity, functionality, and security of a framework can be
evaluated in accordance with the standards. The technique relies on the growth
of the universal computing on cloud safety standard, that, as previously said,
is a collection of comprehensive security authentication standards designed to
address all current security issues in computing on cloud.

According to the paper [] "Enabling Public Verifiability and Data Dynamics for
Storage Security in Computing on cloud," computing on cloud has been envisioned
as the next-generation IT enterprise architecture. It transfers the databases and
application software to centralised, massive data centres, where the administration
of the information and services could not be completely reliable. Many new security

11
concerns are presented by this distinct paradigm, many of which are poorly
understood. In this piece, the issue of preserving data integrity while using
computing on cloud is examined. We first discuss the challenges and security issues
that might arise from direct extensions with completely dynamic data updates in
previous efforts, and then we demonstrate how to create a beautiful verification
scheme for the smooth integration of these two crucial aspects in our protocol.

The March article [] "Data Management in the Cloud: Limitations and

Opportunities" focuses on the advantages and disadvantages of using data
management concerns on these new computing on cloud platforms. We predict that,
initially, operational, transactional database systems will not be as likely to use
computing on cloud platforms as large-scale data analysis jobs, decision support
systems, and application-specific data marts. We describe the characteristics that a
database management system (DBMS) built for large-scale data analytic jobs
operating on an Amazon-style service should have. We next go over the existing
open source and paid database solutions that may be utilised to carry out these
analysis activities, and we come to the conclusion that none of them, as they are now
architected, fit the necessary capabilities. Thus, we state the need for a new DBMS,
designed specifically for computing on cloud environments.

The goal of the document is to give security professionals a thorough road map for
being proactive in establishing a good and secure relationship with cloud providers.
The cloud provider may use a lot of this advice to enhance the reliability and security
of their service offerings. As with any new endeavour, there will undoubtedly be
areas where we can make improvements. The number of domains and the emphasis
of particular areas of interest will probably vary.

12
The article [] "Controlling Data on the Cloud: Outsourcing Computation without
Outsourcing Control" describes the issues and how they affect adoption. We also
discuss how the combination of current research directions has the ability to allay
many of the worries preventing adoption, which is equally essential. In particular,
we propose that living in the cloud might be preferable from a business intelligence
aspect to the isolated alternative that is more prevalent now with ongoing research
improvements in trustworthy computing and computation-supporting encryption.

The 2010 article "Security Concerns for Computing on cloud" addresses these
issues, presents a tiered design for safe clouds, and then focuses on the storage layer
and the data layer. The writers specifically go through a plan for safe cloud
publishing of content to other parties. The presentation will next cover the usage of
safe co-processors for computing on cloud and secure federated query processing
with MapReduce and Hadoop. The authors conclude by talking about how XACML
is implemented for Hadoop and by expressing their opinion that a key component of
safe computing on cloud will be creating trustworthy applications from untrusted
components.

Methodology

Customers engage with cloud services using APIs, which must include safe
verification, access control, and encryption techniques for secure processing,
particularly as third parties begin to build on them. In order to achieve this, we must
examine [4] at risk of being taken or stolen. We must:

• Implement fault-free API access control to offer a solution.

• The encryption and data protection mechanisms should be secure.

• Runtime and design-time data protection analyses.

13
• Strategies for provider backup and preservation must be established.

We concentrate on condensed information on what computing on cloud is, its several

representations for deployment and services, primary safety challenges, & to provide
a potential key which increase the safety of customer data which is now exist inside
the services for computing on cloud.

Results Analysis

The client device is often thin in a computing on cloud environment, and system of
cloud must process MoS every second. Every transaction includes registering of
services and data secure transfer; thus, the cost of such computation is crucial when
offering service of security, especially when billing the verification provision. delay
of several key-based registering procedures is measured here.

The quantity of cloud resources, such as bandwidth, used while providing security
services is another crucial aspect that must be taken into account. Client gets charged
in accordance with that criteria.

It is necessary to provide Saas elements such as registering services, benefit of cost

analyses, and analysis of requirements.

Conclusion and future work

We suggest that when high-level security is required, computing on cloud is a

technology that has been rapidly developing in recent years. However, security
issues have become challenges that must be overcome in order for computing on
cloud to become more widely used. The current state of computing on cloud
development and security issues were examined in this study, and a computing on
cloud security reference model was suggested. The model offered some answers to
the security issues that computing on cloud now faces, but for technology to be

14
realised, more people and companies need to get involved in the field of computing
on cloud security research. Computing on cloud is accompanied by development
opportunities and challenges, and as the security issue is gradually resolved and
computing on cloud expands, so will the range of its applications. At the same time,
computing on cloud security is not just a technical problem; it also involves
standardisation, supervising mode, laws and regulations, and many other aspects.

Limitation:

We have examined the issue of computing on cloud security in this study. In order
to secure the computing on cloud infrastructure, this article describes the security
architecture and relevant support approaches. The following issues are
presumptively addressed: ensuring application independent single sign-on (SSO)
kind of authentication, enabling cloud information integrity, and providing data
confidentiality for clients and cloud users.

The problem of network security or security of data in transit can be managed by the
current state-of-the-art technology, but the focus should be placed more on data
security. Our first goal should be to highlight the issues with data privacy, data
integrity, and data authentication. Additionally, we should be concerned about
security from the standpoint of cloud users.

We must remember that with computing on cloud, cloud users or customers are the
most exposed to various security risks. There are no answers to these concerns for
safeguarding cloud users' data when it is transferred with the cloud service provider
(and processed at the cloud service provider), between other cloud service providers,
and between other cloud users. "Security-as-a-Service" should also be utilised as a
horizontal service model to serve the security requirements of other service models
such as IaaS and PaaS.

15
However, it should be noted that research into cloud security has only just begun,
and there is still a long way to go before it can guarantee full-fledged cloud security.
For instance, computation on encrypted data is very necessary to allow calculation
while maintaining data secrecy from cloud security provider. Homotopy encryption
[6 -7] is an excellent contender to provide such a functionality. Fully homomorphic
encryption, however, has a large computational cost and cannot be implemented
using the most recent cloud technology. The potential for developing a lightweight
homomorphic encryption method is enormous.

References

1. Dikaiakos, M.D., Katsaros, D., Mehra, P., et al.: Computing on cloud: Distributed
InternetComputing for IT and Scientific Research 13, 10–13 (2009)

2. Amazon Web Services. Amazon Virtual private

Cloud,http://aws.amazon.com/vpc/

3. Catteddu, D.: Computing on cloud: Benefits, Risks and Recommendations for

InformationSecurity. CCIS, vol. 72, pp. 50–56 (2010)

4. Amazon Web Services. Overview of Security

Processes,http://aws.amazon.com/ec2/

5. Bikram, B.: Safe on the Cloud. A Perspective into the Security Concerns of
CloudComputing 4, 34–35 (2009)

6. Boss, G., Malladi, P., Quan, D., et al.: IBM Computing on cloud White
Book,http://www-01.ibm.com/software/cn/Tivoli/ao/reg.html

7. Jamil, D., Zaki, H.: Computing on cloud Security. International Journal of

EngineeringScience and Technology 3(4), 3478–3483 (2011)

16
8. Zhang, S., Zhang, S., Chen, X.: Computing on cloud Research and Development
Trend. In:Second International Conference on Future Networks, ICFN 2010, p. 93
(2010)

9. Shen, Z., Tong, Q.: The security of computing on cloud system enabled by trusted
computingtechnology. In: 2nd International Conference on Signal Processing
Systems (ICSPS 2010),vol. 2, pp. 2–11 (2010)

10. Somani, U., Lakhani, K., Mundra, M.: Implementing digital signature with RSA
encryption algorithm to enhance the Data Security of cloud in Computing on cloud.
In: 1st International Conference on Parallel Distributed and Grid Computing (PDGC
2010), p.211 (2010)

11. Conner, W., Iyengar, A., Mikalsen, T. Rouvellou, I., &Nahrstedt K, (2009) “A
Trust Management Framework for Service-Oriented Environments”, WWW
Conference, pp891- 900.

12. Friedman, A. A., & West D. M, (Oct. 2010) “Privacy and Security in Computing
on cloud,” Issues in Tech. Innovation.

13. Ristenpart, T. Tromer, E. Shacham, H., & Savage S, (2009) “Hey, you, get off
of my cloud: exploring information leakage in third-party compute clouds,” 16th
ACM Conference on Computer and Communications Security, pp199 – 212.

14. Yan, L., Rong, C., & Zhao G, (2009) “Strengthen Computing on cloud Security
with Federal Identity Management Using Hierarchical Identity-Based
Cryptography,”CloudCom, pp167–177.

15. Yau, S., S., & Ho G, (2010) “Protection of users' data confidentiality in
computing on cloud,”2nd Asia-Pacific Symposium on Internetware.

17
16. Rivest, R. L., Adleman, L., &Dertouzos, M L, (1978) “On data banks and privacy
homomorphisms,” Foundations of Secure Computation.

17. Gentry C (2009), “Fully Homomorphic Encryption Using Ideal Lattices,” 41st
ACM Symposium on Theory of Computing, pp169 – 178.

18. Leiba B, (2012) “OAuth Web Authorization Protocol,” IEEE Internet

Computing, pp74-77.

19. Ahmed, A.S, (2011) “OpenID authentication as a service in OpenStack,” 7th

International Conference on Information Assurance and Security, pp372-377.

20. Keleta, Y., Eloff, J. H. P., & Venter, H S, (2005) “Proposing a Secure XACML
Architecture Ensuring Privacy and Trust,” Research in Progress Paper, University
of Pretoria, http://icsa.cs.up.ac.za/issa/2005/Proceedings/Research/093_Article.pdf
(accessed on 24 Aug, 2012)

18