Research Problem
Discuss about the cloud computing technology and its application.
Cloud Computing is a means to construct an IT services that improve the storage capacity and use an advance computational power. It is the emerging innovations of modern internet. Some of the major online technological leader offer cloud computing as a services. Cloud computing offer software, storage and many other services to those who have an online account which reduces the cost of large and small businesses. The infrastructure of the company can be simplifying through CRMS, telephony, contacts, accounting apps and databases. The need of hardware reduces with the system of cloud computing. The client does not need a fastest computer with a lot of memory. They can simply depend on cloud system to fulfil their needs. The idea of cloud computing crunch and process the data. The three different technologies use for cloud computing services are, software as a service (SaaS), infrastructure as a service (IaaS), platform as a service (PaaS). Of which SaaS has the fastest growth than comes IaaS and PaaS. However, in this report the problem statement will be provided on the issue found in the research done for security threats found in cloud computing.
The major issue of security in cloud computing includes:
Key management
Identity and access control
Virtual machine security
The main issues that is faced in cloud is the data security and integrity. It is the most difficult problem that could even limit the use of cloud computing. The key management and access control is in fact involve in the data security. In cloud, data security has been referring to data integrity, data confidentiality, traceability and data availability, in short in is written as (CIAT). These is the major problem in cloud computing.
To begin with the details about CIAT
Confidentiality: With the word confidentiality, it can be clearly understood that the data confidentiality about the information must be available or disclosed to only the entities, IT processes or to the authorized individual.
Integrity: The integrity of data ensures that the data are maintained in their original state. It has not been accidentally or intentionally been deleted or altered.
Availability: The Availability of data has ensured to access the data continuously no matter if there is an occurrence of made-man disaster or natural disaster or events such as power outages or fires.
Traceability: In the process of transaction, data traceability means having a genuine data and communications and the parties claim to be who they are.
Literature Review
Authentication: through Authentication method, system get validates and verifies the user identity who wish to access the system.
The security threats in hybrid cloud computing is describe and divided into five types:
- DDoS or DoS attack.
- Man-in-the-middle browser or Man-in-the-middle attack arising between authentication server on outside user and internal attack like the tablet, smart phone user.
- Weakness of Script attack through the inside attacker
- For the public cloud service, an Outside user authentication
- Threats of location certification, were mobile devices frequently move but for the certification, information of the mobile devices location is important.
- Research Justification
The CIAT requirements can be achieved for the data security that are critically challenge in the cloud are mentioned below:
Access Control
Checking of Remote Integrity
Searchable techniques used for encryption
Proof of Ownership
Key Management
It is required to understand the threats of security in the environment of hybrid cloud computing so that it can propose a system authentication that is suitable for a hybrid cloud services.
|
Attack |
Description |
|
Repudiation |
the claim or validity of the service or information may be refuse by the Attacker |
|
Replay Attack |
With the delay of the time, the packet information will be hold and resend by the Attacker |
|
Identity Spoofing |
The identity of sever, clients or node may be misuse or destroy by the Attacker |
|
Eavesdropping Information Disclosure |
The information may be read or listen by the Attacker |
|
Man-in-the-Middle Attack |
the involvement of the third party will be deployed and the communication will be intercept |
|
Virus and Worms |
to compromise certain source code may be used by the attacker that are bad |
Table 1: Security Threats in Cloud Computing
Source: (Malgey & Chauhan, 2018)
The review of the research identifies, analyse and focused on the list of vulnerabilities and threats that has occurred in cloud computing. With the study, the risk and threats are analysed and provided possible solutions and direct relation between the threats and vulnerabilities to solve the mechanism for the problems encountered in the environment of service provider.
Security issues of Software-as-a-service (SaaS): The users of SaaS has less control over the security which is a major concern of the application. The application of SaaS is typically delivered through Web browser. For the SaaS application, vulnerabilities might have created dur to the flaws in the web application. The user’s computers have compromise by the attacker with the use of web to perform malicious activities like stealing of sensitive information from the system. The Open Web Application Security Project (OWASP) has ten most critical web application of security threats. The applications of SaaS have grouped into the maturity models which has been determined by configurability, scalability through metadata and multi-tenancy. The model has certain drawbacks but the security issues are not bad. Data security has become the major challenge for SaaS users as they have to rely on the provider for security. The SaaS provider is responsible for data security that has processed and stored. In case of any disaster, backup of data is a critical aspect for recovery.
Security issues of Platform-as-a-service (PaaS): The deployment of cloud-based applications that has been facilitated by PaaS also has security issues like SaaS. With traditional programing language PaaS also offer components of web services through third-party like mashups. More than one source element is combine by Mashups to get a single integrated unit. The users of PaaS have to be dependent on third-party services and web-hosted development tools for security. The developers face complexity in building applications that are secure and are hosted in cloud. The change in the application affect both the System Development Life Cycle (SDLC) and the security. It is important that the developer frequently upgrade the PaaS applications.
Security issues in Infrastructure-as-a-service (IaaS): There are pool of resources in IaaS that provides storage, networks, servers and other resources of computing in the form of virtualized systems that are accessed through internet. It has been entitled to the users to run the software with full management and control on the allocated resources. The IaaS users have better control on security if it is compared with the other models. The users are responsible to control their running software in the virtual machine and configure the policies of the security correctly. The storage infrastructure, compute, and network is controlled by cloud providers. A substantial effort is undertaken by IaaS providers to secure the system threats resulting in monitoring, communication, creation, mobility and modification.
IaaS comprises of the physical assets that the user can touch, serve, and provide storage and network switches. At the level of IaaS, the basic storage capability and computing is provided by the cloud computing service provider. The basic unit that the IaaS provide is the storage, CPU, memory, system monitoring software and operating system. The provider of IaaS offer the cloud servers and resources associated with it via API or dashboard. The clients of IaaS can directly access to the servers and storage. The user could build and outsource the ‘virtual data centre’ in the cloud and get access to similar technologies and resource capabilities. They do not have to invest in physical maintenance and management or planning the capacity. The flexibility of IaaS model in cloud computing automate the server deployment, storage, networking, processing power. The IaaS uses mainly include development and deployment of PaaS, SaaS and web-scale applications.
The SaaS model provide access point to software that are running on servers. For consumers SaaS is the most common cloud service provider. The deployment and software managing task of SaaS moves to the third-party services. The most common application of SaaS is the Customer Relationship Management (CRM) like the Salesforce, Storage solutions like the Dropbox and Box, and productivity software suites like Google Apps. The application of software reduces the cost of licensing the software, managing, upgrading and installing the software.
The function of PaaS is lower than the SaaS, which typically provide a platform for the software to develop and deploy. The PaaS provider deals with server and the clients get an environment to take care of the network infrastructure, operating system and the server hardware and software. With this the user are free to focus on the scalability of the business, and application development of product or services. The table below provide the different technologies use in the services of cloud computing.
|
Service type |
IaaS |
SaaS |
PaaS |
|
Service Level Management |
Active arrangement of Physical Resources |
Active arrangement of application |
Active arrangements of Logical Resources |
|
Service category |
Online Storage, VM Rental |
Software and Application Rental |
Online Message queue, Online Operating Environment, Online Database |
|
Service monitoring |
Monitoring of Physical Resources |
Monitoring of Application |
Monitoring of Logical Resources |
|
Service Customization |
Template of Server |
Template of Application |
Template of Logical Resources |
|
Service resource optimization |
Storage Virtualization, Server Virtualization, Network Virtualization |
Middleware, Large-Scale System of Distributed File, Database |
|
|
Service integration and combination |
Balance of Load |
Mashup, SOA |
SOA |
|
Service provisioning |
Automation |
Automation |
Automation |
|
Service Security |
VM Isolation, Storage Isolation and Encryption, VLAN, SSH/SSL |
Isolation of Operating Environment, Data Isolation, SSL, Web Authorization and Authentication |
Isolation of Operating Environment, Data Isolation, SSL |
|
Service accessing and using |
Web 2.0, Remote Console |
Web 2.0 |
Debugging and Development is online, Offline Development Tools and Cloud Integration, |
Table 2: Technologies used in IaaS, SaaS and PaaS services
There are many technologies in the system of Cloud Computing among them the key technologies are data storage, data management, virtualization, programming model.
- Virtualization: The method of virtualization deploys the resources of computing. The level of the application system includes networking, storage, software, hardware and so on. It breaks in division in the servers, storage, networking, servers, data, data centre. The users are able to create copy, migrate, roll back and share virtual machines to run the applications. However, the attackers get an opportunity to attack because of the extra layer. The security of virtual machine is very important as the flaw in any one may affect the other. For a normal infrastructure, the environment of virtualization is vulnerable to the attacks and it adds more interconnection complexity and points of entry that has a greater challenge in security.
- Data Security: The users’ main concern in the protection of the data privacy and security. This is very important factor for the future development of the cloud computing technology in the business, government and industry. In the cloud architecture of hardware and software, the issues of data security and privacy protection is very much relevant. It is a common concern for any of the technology but a major challenge for the cloud computing service model users for proper security. The organizational data of cloud computing are stored in the cloud in the plaintext format. The service provider of cloud is mainly responsible for the data security to process and store data. The service provider can contact the third-party for backup. The compliance process in cloud computing is complex as data is located in the datacentres of the provider that has introduce a regulatory compliance issues in the data backup security, data recovery vulnerability and data privacy and integrity.
Data management: The data management technology of cloud computing analyses and process the need of mass and distributed data to manage the efficiency of large set of data. The two most used technology in the system of cloud computing are, HBase of Hadoop and BigTable of Google. BigTable is a multi-dimensional sparse map which is based on Lock Service, Scheduler, GFS and MapReduce. The basic elements of BigTable are Tablet, column, Row and timestamp. For the execution of BigTable, three components are required namely, database that link the clients, Tablet servers and master server.In the security issues of password recovery 90% of the user much use standard method of services while 10 % proffered to use Sophisticated techniques. In the mechanism of encryption, 40 % uses standard SSL encryption, while 20 % uses mechanism of encryption with an extra cost. 40 % uses advance HTTP access methods. For monitoring services, extra monitoring services are provided by 70% of the provider, automatic technique ate used by 10 % and 20 % are not open about monitoring service issue.
A comparative study has been done about the issues of security in cloud computing
|
Title |
Author |
Research |
Year |
Problem Domain |
|
Investigating the issues of security in Cloud Computing |
Jagdev Bhogal, Tumpe Moyo |
Explaining various cloud computing technology and cloud that are open source, quickly develop cloud and benefit over proprietary being provided |
2014 |
Issues of cloud security |
|
A trust management and an enhanced data security enabled framework for a system of cloud computing |
L.D. Dhinesh babu, Naguboynia Punya, Cindhamani, Rasha Ealaruvi |
Protection of data with the use of RSA and 128 bit encryption algorithm that follows some policy of security such as confidentiality, integrity and availability |
2014 |
cloud data security |
|
Data Security has a robust Mutual Authentication in Cloud Computing |
Chandra Sekhar Vorugunti, Mrudula Sarvabhatla |
a mutual authentication scheme has proposed to improve security and the major cryptographic attacks are resistant |
2015 |
data integrity, user authentication issues on security and attacks on cryptographic |
|
Cloud computing that are private: with the use of enhanced hybrid Algorithm, user Authentication is secure |
Pradnya Rane, hamsuddin S. Khan, Nikhil Gajra |
Hybrid encryption of Blowfish and AES, guarantees security on files over cloud and also on authentication to outsourced the data |
2014 |
unauthorized access on files, level in human risk |
Table 3: Comparative study of Cloud Computing
Source: (Malgey & Chauhan, 2018)
Based on the research the solution to the security of cloud computing is the use of Scrutinize Support were users store their data in the cloud provided to them to store the data regardless of where it is stored. Thus, the service provider of cloud must provide the user with audit tools to examine and regulate protected, stored, verify and used implementation policy. A helpful and safe recovery facility is provided by cloud provider. Thus, when data is loss or fragmented due to any reason than data has been recovered to manage the continuity of data. If in case natural disaster occur, it may harm or damage the physical devices which result in data loss. Thus to avoid this problem a backup of the information being provided by the user and assure about the services provided. Use of strong encryption technique is also beneficial.
Conclusion
From the research paper, it has concluded that cloud computing is an on demand service paradigm. When any organization decides to use cloud computing, the control over the data is lose. Thus, it results in major problem when security needs to be provided during the transmission of data and storing the data into the cloud. There are different possible threats that are considered with the emerging technology. In this paper, the various threats of security that has been presented is going to provide some benefit to the cloud users and give them an opportunity to have a proper choice. The cloud service providers will be able to efficiently handle the threats. Thus, observation shows that cloud security has explore and address the environment and requirement. Presently, there is a change in the cloud that had given a way to the user to work over the network. In terms of complexity and cost, the loads on the users has continuously reduced. The organization also feel it safe to transmit the data against fault interruptions and security breaches. The user is provided with robust server based on the service model.
References
Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1), 25.
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption framework: A security framework for business clouds. Future Generation Computer Systems, 57, 24-41.
Hussein, N. H., & Khalid, A. (2016). A survey of Cloud Computing Security challenges and solutions. International Journal of Computer Science and Information Security, 14(1), 52.
Islam, T., Manivannan, D., & Zeadally, S. (2016). A classification and characterization of security threats in cloud computing. Int. J. Next-Gener. Comput, 7(1).
Katyal, M., & Mishra, A. (2014). A comparative study of load balancing algorithms in cloud computing environment. arXiv preprint arXiv:1403.6918.
Liu, Y., Sun, Y., Ryoo, J., Rizvi, S., & Vasilakos, A. V. (2015). A survey of security and privacy challenges in cloud computing: solutions and future directions. Journal of Computing Science and Engineering, 9(3), 119-133.
Malgey, S., & Chauhan, P. (2018). A Review on Security Issues and their Impact on Cloud Computing Environment. Retrieved from https://www.ijarcce.com/upload/2016/june-16/IJARCCE%2053.pdf
Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.
Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges in mobile cloud computing: Survey and way ahead. Journal of Network and Computer Applications, 84, 38-54.
Puthal, D., Sahoo, B. P. S., Mishra, S., & Swain, S. (2015, January). Cloud computing features, issues, and challenges: a big picture. In Computational Intelligence and Networks (CINE), 2015 International Conference on (pp. 116-123). IEEE.
Puthal, D., Sahoo, B. P. S., Mishra, S., & Swain, S. (2015, January). Cloud computing features, issues, and challenges: a big picture. In Computational Intelligence and Networks (CINE), 2015 International Conference on (pp. 116-123). IEEE.
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, 204-209.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44-57.
Samarati, P., di Vimercati, S. D. C., Murugesan, S., & Bojanova, I. (2016). Cloud security: Issues and concerns. Encyclopedia on cloud computing, 1-14.
Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges, approaches and solutions. Procedia Computer Science, 37, 357-362.
Shaikh, R., & Sasikumar, M. (2015). Data Classification for achieving Security in cloud computing. Procedia computer science, 45, 493-498.
Sharma, R., & Trivedi, R. K. (2014). Literature review: cloud computing–security issues, solution and technologies. International Journal of Engineering Research, 3(4), 221-225.
Singh, S., Jeong, Y. S., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75, 200-222.
Yan, Q., & Yu, F. R. (2015). Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine, 53(4), 52-59.
Yi, S., Qin, Z., & Li, Q. (2015, August). Security and privacy issues of fog computing: A survey. In International Conference on Wireless Algorithms, Systems, and Applications (pp. 685-695). Springer, Cham.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
