Professional Documents
Culture Documents
Cloudcomputing
Cloudcomputing
REPORT TITLE
Prepared by
Table of content
Abstract 2
Introduction 2
Motivation 4
Related work 6
Methodology 13
Results Analysis 14
Limitation: 15
References 16
Abstract
Computing on cloud has advanced rapidly in the last decade as a novel method.
Nevertheless, given the significant effects that safety matters have had on the growth
and acceptance of computing on cloud, it is important to recognise their significance
and pressing nature. Such an article discusses the current state of computing on cloud
security, examines its primary security issues, and develops a structure for
computing on cloud security that can successfully address these issues. It also
illustrates the claim that computing on cloud can continue to grow and find more
applications if security issues are resolved.
Introduction
The idea of computing on cloud is fresh in the age of technology. This idea gives
computing science new paradigms, methods, and strategies. In the cloud, users build
and maintain software online, and only that programme, platform, or infrastructure
is used to access the software and data [1]. Prior to 2005, customers had the idea of
renting tools, data, and software to run, maintain, and improve their hardware and
software. This fantasy is already a reality because it is currently feasible to rent
whatever resources you choose. Cloud generally contains four fundamental traits:
2
roles and degrees of abstraction, Infrastructure as a Service (IaaS) and
Platform as a Service (PaaS) are used to analyse scalability difficulties [5].
b. Availability: Anytime, everywhere access is possible to the services, platform,
and data. Computing on cloud might be more vulnerable to software security
risks, especially if it is built on the Internet rather than an organization's own
platform [6].
c. Automated Backup: Many electronic device makers rely on the Computing
on cloud paradigm and are increasingly including it in their products since it
delivers the features of communication and automatic backup of the
information [7].
d. enhancing the user experience and providing extra features, such as the ability
to synchronise information amongst friends who have the same identities
registered on phones and social networking sites like Facebook [8].
Currently, the academic world demands linking applications and other resources
both inside and across organisations, exchanging, disseminating, integrating, and
modifying information [9]. Software security becomes a critical concern because of
openness, virtualization, & distribution connectivity in order to guarantee the
integrity, confidentiality, & authenticity of digital data in Clouds [1-3].
Several of the trendiest subjects in the digital world, computing on cloud is a novel
tools built on parallel computing, distributed processing, and grid calculating.
Authorities, businesses, and academic institutions have all given it careful
consideration [1].
SaaS, PaaS, and IaaS are the three primary components of computing on cloud
(infrastructure as a service). according to Figure 1. In most cases, a SaaS hosts
provider and operates a specific request in their own centre of data and creates it
3
accessible to several occupants and users online. SaaS firms utilise the PaaS or IaaS
service offerings of another cloud provider. Salesforce.com and Oracle's CRM on
Demand are two SaaS instances. An technology and deploying framework known as
PaaS is made available to developers as a service through the Internet. It provides all
the amenities needed to provision the complete life cycle of structure and bringing
applications and services of web that are completely accessible from the Internet,
making it easier to develop and deploy requests deprived of the expense and
difficulty of purchasing and handling the fundamental organization. The
infrastructure software that makes up this platform generally comprises of a store,
middleware, and growth tools.
Motivation
4
To manage, store, and process data, computing on cloud is a networked system of
remote computers housed on the Internet. Utilizing current advances in digital
technology, computer services are available on demand through the Internet to
promote corporate innovation, agility, and expansion.
Having a single integrated solution that supports the necessary security primitives,
such as secrecy, authentication, and integrity, is one of the main goals when
providing cloud security. Because private data is moved from local devices to global
or dispersed systems for storage, processing, and computing, cloud security cannot
be handled using traditional IT security techniques. An all-encompassing approach
to cloud security is necessary, as opposed to a requirement-based approach to issue
solutions. According to [2, 17], the major concerns to be addressed for a sustainable
and scalable cloud are confidentiality-enabled computing, user-defined
authentication and access control, and atomic data integrity. The goal of this study
is to find an integrated cloud security solution that meets the requirements for
confidentiality, integrity and authentication.
The security layers, design, and organisation of the platform, tools, software,
infrastructure, and best practises that are part of a cloud security solution comprise a
cloud security architecture. A cloud security architecture provides a written and
visual model to define how to configure and secure cloud-based activities and
operations, including things like identity and access management, techniques and
controls to safeguard applications and data, methods for gaining and maintaining
5
visibility into compliance, threat posture, and overall security, processes for
incorporating security principles into the creation and operation of cloud services,
policies and governance.
Related work
Computing on cloud security standards are currently in their early stages and do not
yet have a full set of security requirements. In order to improve interoperability and
security, decrease repetitive investment or repetitive innovation, and create
additional standard organizations, security on computing on cloud standards are
being developed. For instance, the DMTF and the Cloud Security Alliance (CSA)
have already started working on computing on cloud standards and achieved
headway [3]. The capabilities of cloud service providers and user security goals are
measured by computing on cloud security standards. With the unchanging standard,
the handler may select through the authentication standard cloud service, creating
confidence, and shall instantly understand accountability once an accident occurs.
6
attacks, usage attacks, and fake news attacks [10]. Computing on cloud has the
following unique traits: Huge user information resources, high levels of
centralization, and complex management make them more vulnerable to hacking.
Hackers will likely target the entire computing on cloud services via a handler, and
the resulting loss and damage will be more clear than in a old enterprise nets claim
setting.
Attack using Secure Sockets Layer (SSL): Many cloud providers use SSL to provide
cloud security. SSL is an encryption technique that offers protection for network
communication. In contrast to the typical method of network assault, many hackers
and groups are currently researching SSL. Although atacks of SSL are still
infrequent, it is a concern for security for computing on cloud.
Location of data: When using services for computing on cloud, consumers are
unaware of the location of the data on the servers, including the nation in which they
are located [4]. Due to the varied laws in these nations, providers could be compelled
to disclose data when those governments need to look into those data, making it
impossible for them to ensure the confidentiality of user data.
7
security, and a failed decryption attempt might result in data loss [9]. The inability
to use data by users and cloud services diminishes data efficiency and wastes
resources.
Data backup: Valuable data cannot be recovered if cloud services do not back up
their files. This is true whether the data was lost due to server issues or user error.
There is a need to design a framework for computing on cloud security and actively
pursue its essential technical research since computing on cloud now faces several
security issues that are impeding its growth and adoption. Here, we offer a paradigm
for computing on cloud security, which is illustrated in Figure 2.
8
internal threats to the security of cloud apps into account. In order to increase
the security of user accounts, cloud providers should also offer high strength
passwords, reset them on schedule, base password length on the degree of data
sensitivity, and avoid using features like obsolete passwords.Preventing
common network attacks: DDOS attack providers can utilise a variety of
techniques depending on the assault means, but generally they should depend
on on the current, established network outbreak self-protective actions. For
instance, ending superfluous services of TCP/IP, setting a firewall to prevent
request on Internet, blocking ICMP, and any other unknown protocol.
Providers can timely install software fixes and monitor the TCP service for
usage type attacks. Traditional network attacks have been researched for a
very long period, and highly mature solutions may be used. Cloud providers
can fully utilise these products to assure the security of the computing clouds
[6].
9
Fig. 2. Framework for security for computing on cloud
c. PaaS is the intermediary layer in computing on cloud, and there are two
components to security measures: Application of virtual machine technology:
Providers can build up virtual machines in current operating systems by
utilising the benefits of virtual machine technology. While access limitations
are in place, regular users can only operate computer hardware by advertising
operational rights. This clearly distinguishes between administrators and
regular users; even if a user is attacked, the server will not be harmed.
d. SSL attack defence: The user has to increase their preventative measures in
case an SSL attack occurs. To help users patch for the first time and ensure
that the SSL patch can be applied promptly, providers should offer the
appropriate patch and protective measures. In addition, enhancing
10
management authority, preventing simple access to security certificates, and
employing the firewall to block particular ports are all effective defence
strategies [7].
e. IaaS is often invisible to regular users, management, and maintenance are
totally handled by cloud providers, and data storage security is of utmost
importance. Users should be informed by cloud service providers about the
nation in where their servers are located and that it is legal to use their data
without breaking any local laws in that nation. Providers must segregate
customer data stored in distinct data servers because combining diverse user
data makes data encryption not only unreliable but also less efficient [8]. Data
separation chaos may be avoided by separating the user data storage.
Important and private data should be backed up for data backup in order to
readily restore it in the event of a hardware breakdown.
f. A cohesive protection standard authenticator for cloud services is presently
missing, but numerous organizations were formed to meet certain standards.
A full set of cloud security framework needs to have a standardized form so
that the authenticity, functionality, and security of a framework can be
evaluated in accordance with the standards. The technique relies on the growth
of the universal computing on cloud safety standard, that, as previously said,
is a collection of comprehensive security authentication standards designed to
address all current security issues in computing on cloud.
According to the paper [] "Enabling Public Verifiability and Data Dynamics for
Storage Security in Computing on cloud," computing on cloud has been envisioned
as the next-generation IT enterprise architecture. It transfers the databases and
application software to centralised, massive data centres, where the administration
of the information and services could not be completely reliable. Many new security
11
concerns are presented by this distinct paradigm, many of which are poorly
understood. In this piece, the issue of preserving data integrity while using
computing on cloud is examined. We first discuss the challenges and security issues
that might arise from direct extensions with completely dynamic data updates in
previous efforts, and then we demonstrate how to create a beautiful verification
scheme for the smooth integration of these two crucial aspects in our protocol.
The goal of the document is to give security professionals a thorough road map for
being proactive in establishing a good and secure relationship with cloud providers.
The cloud provider may use a lot of this advice to enhance the reliability and security
of their service offerings. As with any new endeavour, there will undoubtedly be
areas where we can make improvements. The number of domains and the emphasis
of particular areas of interest will probably vary.
12
The article [] "Controlling Data on the Cloud: Outsourcing Computation without
Outsourcing Control" describes the issues and how they affect adoption. We also
discuss how the combination of current research directions has the ability to allay
many of the worries preventing adoption, which is equally essential. In particular,
we propose that living in the cloud might be preferable from a business intelligence
aspect to the isolated alternative that is more prevalent now with ongoing research
improvements in trustworthy computing and computation-supporting encryption.
The 2010 article "Security Concerns for Computing on cloud" addresses these
issues, presents a tiered design for safe clouds, and then focuses on the storage layer
and the data layer. The writers specifically go through a plan for safe cloud
publishing of content to other parties. The presentation will next cover the usage of
safe co-processors for computing on cloud and secure federated query processing
with MapReduce and Hadoop. The authors conclude by talking about how XACML
is implemented for Hadoop and by expressing their opinion that a key component of
safe computing on cloud will be creating trustworthy applications from untrusted
components.
Methodology
Customers engage with cloud services using APIs, which must include safe
verification, access control, and encryption techniques for secure processing,
particularly as third parties begin to build on them. In order to achieve this, we must
examine [4] at risk of being taken or stolen. We must:
13
• Strategies for provider backup and preservation must be established.
Results Analysis
The client device is often thin in a computing on cloud environment, and system of
cloud must process MoS every second. Every transaction includes registering of
services and data secure transfer; thus, the cost of such computation is crucial when
offering service of security, especially when billing the verification provision. delay
of several key-based registering procedures is measured here.
The quantity of cloud resources, such as bandwidth, used while providing security
services is another crucial aspect that must be taken into account. Client gets charged
in accordance with that criteria.
14
realised, more people and companies need to get involved in the field of computing
on cloud security research. Computing on cloud is accompanied by development
opportunities and challenges, and as the security issue is gradually resolved and
computing on cloud expands, so will the range of its applications. At the same time,
computing on cloud security is not just a technical problem; it also involves
standardisation, supervising mode, laws and regulations, and many other aspects.
Limitation:
We have examined the issue of computing on cloud security in this study. In order
to secure the computing on cloud infrastructure, this article describes the security
architecture and relevant support approaches. The following issues are
presumptively addressed: ensuring application independent single sign-on (SSO)
kind of authentication, enabling cloud information integrity, and providing data
confidentiality for clients and cloud users.
The problem of network security or security of data in transit can be managed by the
current state-of-the-art technology, but the focus should be placed more on data
security. Our first goal should be to highlight the issues with data privacy, data
integrity, and data authentication. Additionally, we should be concerned about
security from the standpoint of cloud users.
We must remember that with computing on cloud, cloud users or customers are the
most exposed to various security risks. There are no answers to these concerns for
safeguarding cloud users' data when it is transferred with the cloud service provider
(and processed at the cloud service provider), between other cloud service providers,
and between other cloud users. "Security-as-a-Service" should also be utilised as a
horizontal service model to serve the security requirements of other service models
such as IaaS and PaaS.
15
However, it should be noted that research into cloud security has only just begun,
and there is still a long way to go before it can guarantee full-fledged cloud security.
For instance, computation on encrypted data is very necessary to allow calculation
while maintaining data secrecy from cloud security provider. Homotopy encryption
[6 -7] is an excellent contender to provide such a functionality. Fully homomorphic
encryption, however, has a large computational cost and cannot be implemented
using the most recent cloud technology. The potential for developing a lightweight
homomorphic encryption method is enormous.
References
1. Dikaiakos, M.D., Katsaros, D., Mehra, P., et al.: Computing on cloud: Distributed
InternetComputing for IT and Scientific Research 13, 10–13 (2009)
5. Bikram, B.: Safe on the Cloud. A Perspective into the Security Concerns of
CloudComputing 4, 34–35 (2009)
6. Boss, G., Malladi, P., Quan, D., et al.: IBM Computing on cloud White
Book,http://www-01.ibm.com/software/cn/Tivoli/ao/reg.html
16
8. Zhang, S., Zhang, S., Chen, X.: Computing on cloud Research and Development
Trend. In:Second International Conference on Future Networks, ICFN 2010, p. 93
(2010)
9. Shen, Z., Tong, Q.: The security of computing on cloud system enabled by trusted
computingtechnology. In: 2nd International Conference on Signal Processing
Systems (ICSPS 2010),vol. 2, pp. 2–11 (2010)
10. Somani, U., Lakhani, K., Mundra, M.: Implementing digital signature with RSA
encryption algorithm to enhance the Data Security of cloud in Computing on cloud.
In: 1st International Conference on Parallel Distributed and Grid Computing (PDGC
2010), p.211 (2010)
11. Conner, W., Iyengar, A., Mikalsen, T. Rouvellou, I., &Nahrstedt K, (2009) “A
Trust Management Framework for Service-Oriented Environments”, WWW
Conference, pp891- 900.
12. Friedman, A. A., & West D. M, (Oct. 2010) “Privacy and Security in Computing
on cloud,” Issues in Tech. Innovation.
13. Ristenpart, T. Tromer, E. Shacham, H., & Savage S, (2009) “Hey, you, get off
of my cloud: exploring information leakage in third-party compute clouds,” 16th
ACM Conference on Computer and Communications Security, pp199 – 212.
14. Yan, L., Rong, C., & Zhao G, (2009) “Strengthen Computing on cloud Security
with Federal Identity Management Using Hierarchical Identity-Based
Cryptography,”CloudCom, pp167–177.
15. Yau, S., S., & Ho G, (2010) “Protection of users' data confidentiality in
computing on cloud,”2nd Asia-Pacific Symposium on Internetware.
17
16. Rivest, R. L., Adleman, L., &Dertouzos, M L, (1978) “On data banks and privacy
homomorphisms,” Foundations of Secure Computation.
17. Gentry C (2009), “Fully Homomorphic Encryption Using Ideal Lattices,” 41st
ACM Symposium on Theory of Computing, pp169 – 178.
20. Keleta, Y., Eloff, J. H. P., & Venter, H S, (2005) “Proposing a Secure XACML
Architecture Ensuring Privacy and Trust,” Research in Progress Paper, University
of Pretoria, http://icsa.cs.up.ac.za/issa/2005/Proceedings/Research/093_Article.pdf
(accessed on 24 Aug, 2012)
18