Electronic voting (also known as e-voting) is a term encompassing several different types

of voting, embracing both electronic means of casting a vote and electronic means of counting votes. Electronic voting technology can include punched cards, optical scan voting systems and specialized voting kiosks (including self-contained direct-recording electronic voting systems, or DRE). It can also involve transmission of ballots and votes via telephones, private computer networks, or the Internet. In general, two main types of e-Voting can be identified:
[1][2]

e-voting which is physically supervised by representatives of governmental or independent electoral authorities (e.g. electronic voting machines located at polling stations); remote e-Voting where voting is performed within the voter's sole influence, and is not physically supervised by representatives of governmental authorities (e.g. voting from one's personal computer, mobile phone, television via the internet (also called i-voting)).

Electronic voting technology can speed the counting of ballots and can provide improved accessibility for disabled voters. However, there has been contention, especially in the United States, that electronic voting, especially DRE voting, could facilitate electoral fraud.

Overview
Electronic voting systems for electorates have been in use since the 1960s when punched card systems debuted. Their first widespread use was in the USA where 7 counties switched to this method for the [4] 1964 presidential election. The newer optical scan voting systems allow a computer to count a voter's mark on a ballot. DRE voting machineswhich collect and tabulate votes in a single machine, are used by all voters in all elections in Brazil and India, and also on a large scale in Venezuela and the United States. They have been used on a large scale in the Netherlands but have been decommissioned after public concerns. Internet voting systems have gained popularity and have been used for government elections and referendums in the United Kingdom, Estonia and Switzerland as well as municipal elections [5] in Canada and party primary elections in the United States and France. There are also hybrid systems that include an electronic ballot marking device (usually a touch screen system similar to a DRE) or other assistive technology to print a voter verified paper audit trail, then use a separate machine for electronic tabulation. [edit]Paper-based
[3]

electronic voting system

Sometimes called a "document ballot voting system", paper-based voting systems originated as a system where votes are cast and counted by hand, using paper ballots. With the advent of electronic tabulation came systems where paper cards or sheets could be marked by hand, but counted electronically. These systems included punched card voting,marksense and later digital pen voting systems.

Most recently, these systems can include an Electronic Ballot Marker (EBM), that allow voters to make their selections using an electronic input device, usually a touch screensystem similar to a DRE. Systems including a ballot marking device can incorporate different forms of assistive technology. [edit]Direct-recording

electronic (DRE) voting system

Further information: DRE voting machine

Electronic voting machine by Premier Election Solutions(formerly Diebold Election Systems) used in all Brazilianelections and plebiscites. Photo by Agncia Brasil

A direct-recording electronic (DRE) voting machine records votes by means of a ballot display provided with mechanical or electro-optical components that can be activated by the voter (typically buttons or a touchscreen); that processes data with computer software; and that records voting data and ballot images in memory components. After the election it produces a tabulation of the voting data stored in a removable memory component and as printed copy. The system may also provide a means for transmitting individual ballots or vote totals to a central location for consolidating and reporting results from precincts at the central location. These systems use a precinct count method that tabulates ballots at the polling place. They typically tabulate ballots as they are cast and print the results after the close of [6] polling. In 1996, after tests conducted on more than 50 municipalities, the Brazilian Electoral Justice has launched their "voting machine". Since 2000, all Brazilian voters are able to use the electronic ballot boxes to choose their candidates. In 2010 presidential election, which had more than 135 million voters, the result was defined 75 minutes after the end of voting. The electronic ballot box is made up of two micro-terminals (one located in the voting cabin and the other with the voting board representative) which are connected by a 5-meter cable. Externally, the micro-terminals have only a numerical keyboard, which does not accept any command executed by the simultaneous pressure of more than one key. In case of power failure, the internal battery provides the energy or it can be connected to an automotive battery. [7] The Brazilian electronic ballot box serves today as a model for other countries. In 2002, in the United States, the Help America Vote Act mandated that one handicapped accessible voting system be provided per polling place, which most jurisdictions have chosen to satisfy with the use of DRE voting machines, some switching entirely over to DRE. In 2004, 28.9% of the registered voters in [8] [9] the United States used some type of direct recording electronic voting system, up from 7.7% in 1996. In 2004, India had adopted Electronic Voting Machines (EVM) for its elections to the Parliament with 380 [citation needed] million voters had cast their ballots using more than a million voting machines. The Indian EVMs are designed and developed by two Government Owned Defense Equipment Manufacturing Units, Bharat Electronics Limited (BEL) andElectronics Corporation of India Limited (ECIL). Both systems are identical, and are developed to the specifications of Election Commission of India. The System is a set of two devices running on 6V batteries. One device, the Voting Unit is used by the Voter, and another

device called the Control Unit is operated by the Electoral Officer. Both units are connected by a 5 meter cable. The Voting unit has a Blue Button for every candidate, the unit can hold 16 candidates, but up to 4 units can be chained, to accommodate 64 candidates. The Control Units has Three buttons on the surface, namely, one button to release a single vote, one button to see the total number of vote cast till now, and one button to close the election process. The result button is hidden and sealed, It cannot be pressed unless the Close button is already pressed. [edit]Public

network DRE voting system

A public network DRE voting system is an election system that uses electronic ballots and transmits vote data from the polling place to another location over a public network. Vote data may be transmitted as individual ballots as they are cast, periodically as batches of ballots throughout the election day, or as one batch at the close of voting. This includes Internet voting as well as telephone voting. Public network DRE voting system can utilize either precinct count or central count method. The central count method tabulates ballots from multiple precincts at a central location. Internet voting can use remote locations (voting from any Internet capable computer) or can use traditional polling locations with voting booths consisting of Internet connected voting systems. Corporations and organizations routinely use Internet voting to elect officers and Board members and for other proxy elections. Internet voting systems have been used privately in many modern nations and publicly in the United States, the UK, Switzerland and Estonia. In Switzerland, where it is already an established part of local referendums, voters get their passwords to access the ballot through the postal service. Most voters in Estonia can cast their vote in local and parliamentary elections, if they want to, via the Internet, as most of those on the electoral roll have access to an e-voting system, the largest run by any European Union country. It has been made possible because most Estonians carry a national identity card equipped with a computer-readable microchip and it is these cards which they use to get access to the online ballot. All a voter needs is a computer, an electronic card reader, their ID card and its PIN, and they can vote from anywhere in the world. Estonian e-votes can only be cast during the days of advance voting. On election day itself people have to go to polling stations and fill in a paper ballot. [edit]Analysis

of electronic voting

ISG TopVoter, a machine designed specifically to be used by voters with disabilities.

Electronic voting systems may offer advantages compared to other voting techniques. An electronic voting system can be involved in any one of a number of steps in the setup, distributing, voting, collecting,

and counting of ballots, and thus may or may not introduce advantages into any of these steps. Potential disadvantages exist as well including the potential for flaws or weakness in any electronic component. Charles Stewart of the Massachusetts Institute of Technology estimates that 1 million more ballots were counted in the 2004 USA presidential election than in 2000 because electronic voting machines detected [10] votes that paper-based machines would have missed. In May 2004 the U.S. Government Accountability Office released a report titled "Electronic Voting Offers [11] Opportunities and Presents Challenges", analyzing both the benefits and concerns created by electronic voting. A second report was released in September 2005 detailing some of the concerns with electronic voting, and ongoing improvements, titled "Federal Efforts to Improve Security and Reliability of [12] Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed". It has been demonstrated that as voting systems become more complex and include software, different methods of election fraudbecome possible. Others also challenge the use of electronic voting from a theoretical point of view, arguing that humans are not equipped for verifying operations occurring within an electronic machine and that because people cannot verify these operations, the operations cannot be trusted. Furthermore, some computing experts have argued for the broader notion that people cannot [13] trust any programming they did not author. Critics of electronic voting, including security analyst Bruce Schneier, note that "computer security experts are unanimous on what to do (some voting experts disagree, but it is the computer security experts who need to be listened to; the problems here are with the computer, not with the fact that the computer is being used in a voting application)...DRE machines must have a voter-verifiable paper audit trails... [14] Software used on DRE machines must be open to public scrutiny" to ensure the accuracy of the voting system. Verifiable ballots are necessary because computers can and do malfunction, and because voting machines can be compromised. [edit]Electronic

ballots

Electronic voting systems may use electronic ballots to store votes in computer memory. Systems which use them exclusively are called DRE voting systems. When electronic ballots are used there is no risk of exhausting the supply of ballots. Additionally, these electronic ballots remove the need for printing of [15] paper ballots, a significant cost. When administering elections in which ballots are offered in multiple languages (in some areas of the United States, public elections are required by the National Voting Rights Act of 1965), electronic ballots can be programmed to provide ballots in multiple languages for a single machine. The advantage with respect to ballots in different languages appears to be unique to electronic voting. For example, King County, Washington's demographics require them under U.S. federal election law to provide ballot access in Chinese. With any type of paper ballot, the county has to decide how many Chinese-language ballots to print, how many to make available at each polling place, etc. Any strategy that can assure that Chinese-language ballots will be available at all polling places is certain, at [citation needed] the very least, to result in a significant number of wasted ballots. (The situation with lever machines would be even worse than with paper: the only apparent way to reliably meet the need would be to set up a Chinese-language lever machine at each polling place, few of which would be used at all.) Critics argue the need for extra ballots in any language can be mitigated by providing a process to print ballots at voting locations. They argue further, the cost of software validation, compiler trust validation, installation validation, delivery validation and validation of other steps related to electronic voting is complex and expensive, thus electronic ballots are not guaranteed to be less costly than printed ballots.

[edit]Accessibility

A Hart eSlate DRE voting machine with jelly buttons for people with manual dexterity disabilities.

Electronic voting machines can be made fully accessible for persons with disabilities. Punched card and optical scan machines are not fully accessible for the blind or visually impaired, and lever machines can [16] be difficult for voters with limited mobility and strength. Electronic machines can use headphones, sip and puff, foot pedals, joy sticks and other adaptive technology to provide the necessaryaccessibility. Organizations such as the Verified Voting Foundation have criticized the accessibility of electronic voting [17] machines and advocate alternatives. Some disabled voters (including the visually impaired) could use a tactile ballot, a ballot system using physical markers to indicate where a mark should be made, to vote a [18] secret paper ballot. These ballots can be designed identically to those used by other voters. However, other disabled voters (including voters with dexterity disabilities) could be unable to use these ballots. [edit]Cryptographic

verification

The concept of election verifiability through cryptographic solutions has emerged in the academic [19][20] literature to introduce transparency and trust in electronic voting systems. It allows voters and election observers to verify that votes have been recorded, tallied and declared correctly, in a manner independent from the hardware and software running the election. Three aspects of verifiability are [21] considered: individual, universal, and eligibility. Individual verifiability allows a voter to check that her own vote is included in the election outcome, universal verifiability allows voters or election observers to check that the election outcome corresponds to the votes cast, and eligibility verifiability allows voters and observers to check that each vote in the election outcome was cast by a uniquely registered voter. [edit]Voter

intent

Electronic voting machines are able to provide immediate feedback to the voter detecting such possible problems as undervoting andovervoting which may result in a spoiled ballot. This immediate feedback can be helpful in successfully determining voter intent.

[edit]Transparency It has been alleged by groups such as the UK-based Open Rights Group that a lack of testing, inadequate audit procedures, and insufficient attention given to system or process design with electronic voting leaves "elections open to error and fraud". In 2009, the Federal Constitutional Court of Germany found that when using voting machines the "verification of the result must be possible by the citizen reliably and without any specialist knowledge of the subject." The DRE Nedap-computers used till then did not fulfill that requirement. The decision did not ban electronic voting as such, but requires all essential steps in elections to be subject to public [24][25] examinability.
[22][23]

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Abstract
The idea, the concept, and the term, that is cloud computing, has recently passed into common currency and the academic lexicon in an ambiguous manner, as cloud dust is being sprinkled on an excess of emerging products. Exorcising complexity and protecting against the caprice of the moment, this paper explores the notion behind the hype of cloud computing and evaluates its relevance to electronic government and electronic voting information systems. This paper explores increasing participation and sophistication of electronic government services, through implementing a cloud computing architecture. From an Information and Communication Security perspective, a structured analysis is adopted to identify vulnerabilities, involved in the digitalization of government transactions and the electoral process, exploring the notion of trust and transparency within this context. In turn, adopting a cloud computing approach for electronic government and electronic voting solutions is investigated, reviewing the architecture within the previously described context. Taking a step further, this paper proposes a high level electronic governance and electronic voting solution, supported by cloud computing architecture and cryptographic technologies, additionally identifying issues that require further research.

Research Highlights
This paper explores the notion behind the term cloud computing. Evaluates its relevance to e-Government. and e-Voting information systems.

Keywords
Cloud computing; Electronic voting; Electronic government;

Information and communication security

Figures and tables from this article:

Fig. 1. Goals and objectives (soft goals) identified in the EU'09 initiative.

---------------------------------------------------------------------------------------------------------------------------------------

E-voting is an election system that allows a voter to record his or her secure and secret ballot electronically. In 2004, it's estimated that approximately 30 percent of the voting population in the United States used some form of e-voting technology, including direct electronic recording (DER) touch screen s or optical scanner s, to record their vote for President. Electronic votes are stored digitally in a storage medium such as a tape cartridge,diskette , or smart card before being sent to a centralized

location where tabulation programs compile and tabulate results. Advocates of e-voting point out that electronic voting can reduce election costs and increase civic participation by making the voting process more convenient. Critics maintain that without a paper trail, recounts are more difficult and electronic ballot manipulation, or even poorly-written programming code, could affect election results.

E-Voting Technology Glossary This glossary provides short definitions of the most common e-voting technologies, acronyms and concepts. Computerworld.com has posted a useful interactive map of voting technology state by state, including equipment, vendors and problem reports. access card An access card is an encrypted electronic smart card used to interact with a DRE machine. There are four types: security, supervisor, administrator and voter access cards. accessible voter-verified paper audit trails (AVVPAT) An AVVPAT is a physical record of the votes cast on a direct-recording electronic machine (DRE) that may be immediately verified by a voter and retained for later confirmation. ballot-marking device (BMD) A BMD is an electronic device that allows disabled users to vote independently. A BMS can be used in combination with paper ballots and PCOS machines to provide confidential voting access to the reading- or language-impaired, quadriplegics, blind or foreign language speakers. Ballot marking devices also provide accessibility for standard optical scanning machines. ballot definition file (BDF) A ballot definition file is a key component of DRE and optical scanning systems. A unique BDF is created for each election and contains all of the details for a given contest, including candidate names, affiliations and other ballot data. The DRE or optical scanner uses the BDF to determine what is displayed on a screen and how ballots are recorded on the system. The counting software on many e-voting systems use BDFs as a key to tally votes. Ballot definition files are often created by third-party vendors or programmers and have been identified as a potential area for human error to enter the system -- or vector for systematic hacking to occur. As a result, ballot definition audits have been the focus of critics of e-voting. VotersUnite.org provides more information in this PDF about ballot definition files.

direct-recording electronic machine (DRE) A direct-recording electronic machine is a device with software that records and tabulates votes. The voter interacts with a DRE using buttons or a touch screen. Election Assistance Commission (EAC) The U.S. Election Assistance Commission was created by HAVA in 2002. According toEAC.gov, EAC is "an independent, bipartisan commission charged with developing guidanceto meet HAVA requirements, adopting voluntary voting system guidelines, and serving as anational clearinghouse of information about election administration. EAC also accredits testing laboratories, certifies voting systems and audits the use of HAVA funds." end-to-end auditable voting systems (E2E) End-to-end auditable voting systems provide voters with a receipt that can be taken home. They are a form of VVPATs. The receipt does not allow voters to prove to others how they voted because such systems are unconstitutional in most states. Election Incident Reporting System (EIRS) The EIRS is a Web-based online reporting system that allows volunteers and officials to log reports of election problems. The EIRS is maintained by the Verified Voting Foundation. electronic ballot marker (EBM) An EBM, like a BMD, is a form of ballot-marking device that allows voters to make selections with an electronic input device, often using a touch screen system similar to a DRE. EBMs make e-voting systems accessible to disabled voters. e-voting (electronic voting) E-voting is an election system that allows a voter to record his or her secure and secret ballot electronically. E-voting technology includes direct-recording electronic machines (DREs) with touch screens and optical scanners. Electronic votes are stored digitally in voter access cards until they are sent to a centralized location where tabulation programs compile and tabulate results. Advocates of e-voting point out that electronic voting can reduce election costs and increase civic participation by making the voting process more convenient. Critics maintain that without a paper trail, recounts are more difficult and electronic ballot manipulation or poorly-written programming code could affect election results. Help America Vote Act of 2002 (HAVA) The Help America Vote Act of 2002 is a federal program that provided nearly three billion dollars to U.S. states to replace punch card voting systems, created the Election Assistance Commission (EAC) to assist in the administration of Federal elections, provided assistance with the administration of certain Federal election laws, and established minimum election administration standards. independent testing authority (ITA) An independent testing authority is a non-partisan organization in charge of verifying and

testing voting machines. The EAC has now taken over from NASED as the ITA for e-voting machines. NASED The National Association of State Election Directors. Formerly responsible for ITA (independent testing authority) examination of e-voting machines, a responsibility now handled by the EAC. NVRA The National Voter Registration Act of 1993, often called "the motor/voter" law because it promoted increasing voter-registration opportunities, allows a voter to register at the same time he or she receives or renewes a drivers' license. optical scan voting machine Optical scan voting machines use an electronic scanner to read marked paper ballots and tabulate the results. Many counties have been switching from touch screen systems to optical scanners in recent years due to concerns about DRE machines. precinct-counted optical scanner (PCOS) A PCOS counts votes directly at the polling place instead of at a central location. public network DRE voting system A public network DRE voting system (PNDREVS) is an network that registers electronic ballots and transmits the voting data back to a central location over a public network. Voting data come from optical scanners, DREs, Internet voting or telephone systems. Voters in Estonia, for instance, can vote in local and parliamentary elections via the Internet using a PNDREVS evoting system. Estonians use a national identity card with a computer-readable microchip to access an online balloting system using an electronic card reader and PIN. pull lever voting machines Pull lever voting machines, also known as direct-recording voting systems or lever machines, use mechanical systems to record votes. These machines were a fixture of big city elections throughout the 20th century. Today, only New York still uses pull lever machines. punch card voting system A punch card voting system is simply a stiff card and a mechanical device that punches holes to mark a voter's choices on a ballot. Punch card systems have been used for large-scale data collection since the 19th century, when the government used it for the 1890 U.S. Census. Herman Hollerith's Electric Tabulating System, the ancestor to computers as we know them today, used punch cards. statewide voter-registration system (SVRS) Every state was required to have an SVRS in place by HAVA, with the exception of North Dakota, which does not maintain such a database. The Pew Center on the States maintains a list of the status of SVRS installations for the 50 states.

vote by mail Vote by mail systems are being installed in states where touchscreen installations have been removed. Oregon is moving entirely to a vote by mail system, which effectively replaces polling centers with post offices and treats each registered voter as an absentee. voter access cards A voter access card is one of four types of encrypted smart cards used to authenticate, administer and operate DRE machines. Security experts identify these cards as a potential vulnerability, due to the possibility of loss, damage, forgery or the vector injection of malicious code. voter-verifiable paper audit trail (VVPAT) or (VVPT) Civil liberties, security and fraud experts all recommend DRE machines that include the capacity to print a physical record that may then be audited to confirm election results. The record may may then be visually verified by the voter and retained as a receipt and confirmation. Such records are of course then useful in the event of a recount or otherwise contested election. Dr. Rebecca Mercuri is credited as the creator of the VVPAT concept, in which e-voting is made auditable through visual verification of a paper facsimile before transferring it to a secure location. As as result, VVPAT is sometimes referred to as the "Mercuri method." voting machine vendors The top four providers of voting machine equipment are Election Systems & Software(ES&S), Premier Election Solutions (formerly Diebold), Sequoia Voting Systems and Hart InterCivic.

===================================================================================== =====================================================================================

Cloud computing:

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation. There are many types of public cloud computing:
[1]

Infrastructure as a service (IaaS) Platform as a service (PaaS) Software as a service (SaaS) Network as a service (NaaS) Storage as a service (STaaS) Security as a service (SECaaS) Data as a service (DaaS) Desktop as a service (DaaS - see above) Database as a service (DBaaS) Test environment as a service (TEaaS) API as a service (APIaaS) Backend as a service (BaaS) Integrated development environment as a service (IDEaaS) Integration platform as a service (IPaaS), see Cloud-based integration

In the business model using software as a service, users are provided access to application software and databases. The cloud providers manage the infrastructure and platforms on which the applications run. SaaS is sometimes referred to as on-demand software and is usually priced on a pay-per-use basis. SaaS providers generally price applications using a subscription fee. Proponents claim that the SaaS allows a business the potential to reduce IT operational costs by outsourcing hardware and software maintenance and support to the cloud provider. This enables the business to reallocate IT operations costs away from hardware/software spending and personnel expenses, towards meeting other IT goals. In addition, with applications hosted centrally, updates can be released without the need for users to install new software. One drawback of SaaS is that the users' data are stored on the cloud providers server. As a result, there could be unauthorized access to the data. End users access cloud-based applications through a web browser or a light-weight desktop or mobile app while the business software and user's data are stored on servers at a remote location. Proponents claim that cloud computing allows enterprises to get their applications up and running faster, with improved manageability and less maintenance, and enables IT to more rapidly adjust resources to meet [2][3] fluctuating and unpredictable business demand. Cloud computing relies on sharing of resources to achieve coherence and economies of scale similar to [4] a utility (like the electricity grid) over a network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services.

Characteristics
Cloud computing exhibits the following key characteristics: Agility improves with users' ability to re-provision technological infrastructure resources. Application programming interface (API) accessibility to software that enables machines to interact with cloud software in the same way the user interface facilitates interaction between humans and computers. Cloud computing systems typically use REST-based APIs. Cost is claimed to be reduced and in a public cloud delivery model capital expenditure is converted [27] to operational expenditure. This is purported to lower barriers to entry, as infrastructure is typically provided by a third-party and does not need to be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and [28] fewer IT skills are required for implementation (in-house). The e-FISCAL project's state of the art [29] repository contains several articles looking into cost aspects in more detail, most of them concluding that costs savings depend on the type of activities supported and the type of infrastructure available in-house. Device and location independence enable users to access systems using a web browser regardless of their location or what device they are using (e.g., PC, mobile phone). As infrastructure is off-site (typically provided by a third-party) and accessed via the Internet, users can connect from [28] anywhere.
[30]

Virtualization technology allows servers and storage devices to be shared and utilization be increased. Applications can be easily migrated from one physical server to another. Multitenancy enables sharing of resources and costs across a large pool of users thus allowing for: Centralization of infrastructure in locations with lower costs (such as real estate, electricity, etc.) Peak-load capacity increases (users need not engineer for highest possible load-levels) Utilisation and efficiency improvements for systems that are often only 1020% utilised.
[15]

Reliability is improved if multiple redundant sites are used, which makes well-designed cloud [31] computing suitable for business continuity and disaster recovery. Scalability and elasticity via dynamic ("on-demand") provisioning of resources on a fine-grained, [32] [33][34] self-service basis near real-time, without users having to engineer for peak loads. Performance is monitored, and consistent and loosely coupled architectures are constructed [28] using web services as the system interface. Security could improve due to centralization of data, increased security-focused resources, etc., but concerns can persist about loss of control over certain sensitive data, and the lack of security for [35] stored kernels. Security is often as good as or better than other traditional systems, in part because providers are able to devote resources to solving security issues that many customers [36] cannot afford. However, the complexity of security is greatly increased when data is distributed over a wider area or greater number of devices and in multi-tenant systems that are being shared by unrelated users. In addition, user access to security audit logs may be difficult or impossible. Private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security. Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer and can be accessed from different places.

The National Institute of Standards and Technology's definition of cloud computing identifies "five essential characteristics": On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Resource pooling. The providers computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. ... Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. National Institute of Standards and Technology [edit]On-demand
[4]

self-service

See also: Self-service provisioning for cloud computing services and Service catalogs for cloud computing services On-demand self-service allows users to obtain, configure and deploy cloud services themselves using [37][38] cloud service catalogues, without requiring the assistance of IT. This feature is listed by the National [4] Institute of Standards and Technology (NIST) as a characteristic of cloud computing. The self-service requirement of cloud computing prompts infrastructure vendors to create cloud computing templates, which are obtained from cloud service catalogues. Manufacturers of such templates or blueprints include Hewlett-Packard (HP), which names its templates as HP Cloud [39] [40] [41] Maps RightScale and Red Hat, which names its templates CloudForms. The templates contain predefined configurations used by consumers to set up cloud services. The [40] templates or blueprints provide the technical information necessary to build ready-to-use clouds. Each template includes specific configuration details for different cloud infrastructures, with information about [40] servers for specific tasks such as hosting applications, databases, websites and so on. The templates also include predefined Web service, the operating system, the database, security configurations and [41] load balancing. Cloud consumers use cloud templates to move applications between clouds through a self-service portal. The predefined blueprints define all that an application requires to run in different environments. For example, a template could define how the same application could be deployed in cloud platforms based [42] on Amazon Web Service, VMware or Red Hat. The user organization benefits from cloud templates because the technical aspects of cloud configurations reside in the templates, letting users to deploy [43][44] cloud services with a push of a button. Cloud templates can also be used by developers to create a [45] catalog of cloud services. [edit]Service

models
[4][46]

Cloud computing providers offer their services according to three fundamental models: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) where IaaS is the most basic and each higher model abstracts from the details of the lower models. In 2012 network as a service (NaaS) and communication as a service (CaaS) were officially included by ITU (International Telecommunication Union) as part of the basic cloud computing models, recognized service categories of [47] a telecommunication-centric cloud ecosystem.

[edit]Infrastructure

as a service (IaaS)

See also: Category:Cloud infrastructure In the most basic cloud-service model, providers of IaaS offer computers - physical or (more often) virtual machines - and other resources. (A hypervisor, such as Xen or KVM, runs the virtual machines as guests. Pools of hypervisors within the cloud operational support-system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.) IaaS clouds often offer additional resources such as images in a virtual-machine image-library, raw (block) and file-based storage, firewalls, load balancers, IP addresses, virtual local area [48] networks (VLANs), and software bundles. IaaS-cloud providers supply these resources on-demand from their large pools installed in data centers. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems [citation and the application software. Cloud providers typically bill IaaS services on a utility computing basis needed] : cost reflects the amount of resources allocated and consumed. Examples of IaaS providers include Amazon CloudFormation, Amazon EC2, Windows Azure Virtual Machines,DynDNS, Google Compute Engine, HP Cloud, iland, Joyent, Oracle Infrastructure as a Service, Rackspace Cloud,ReadySpace Cloud Services, SAVVIS, Terremark and NaviSite. [edit]Platform

as a service (PaaS)

Main article: Platform as a service See also: Category:Cloud platforms In the PaaS model, cloud providers deliver a computing platform typically including operating system, programming language execution environment, database, and web server. Application developers can

develop and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software layers. With some PaaS offers, the underlying computer and storage resources scale automatically to match application demand such that cloud user does not have to allocate resources manually. Examples of PaaS include: AWS Elastic Beanstalk, Cloud Foundry, Heroku, Force.com, EngineYard, Mendix, Google App Engine, Windows Azure Compute and OrangeScape. [edit]Software

as a service (SaaS)

Main article: Software as a service In the SaaS model, cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients. The cloud users do not manage the cloud infrastructure and platform on which the application is running. This eliminates the need to install and run the application on the cloud user's own computers simplifying maintenance and support. What makes a cloud application different from other applications is its scalability. This can be achieved by cloning tasks onto [49] multiple virtual machines at run-time to meet the changing work demand. Load balancers distribute the work over the set of virtual machines. This process is transparent to the cloud user who sees only a single access point. To accommodate a large number of cloud users, cloud applications can be multitenant, that is, any machine serves more than one cloud user organization. It is common to refer to special types of cloud based application software with a similar naming convention: desktop as a service, business process as a service, test environment as a service, communication as a service. The pricing model for SaaS applications is typically a monthly or yearly flat fee per user, [51] scalable and adjustable if users are added or removed at any point.
[50]

so price is

Examples of SaaS include: Google Apps, Microsoft Office 365, Onlive, GT Nexus, Marketo, and TradeCard. [edit]Network

as a service (NaaS)

Main article: Network as a service A category of cloud services where the capability provided to the cloud service user is to use [52] network/transport connectivity services and/or inter-cloud network connectivity services. NaaS involves the optimization of resource allocations by considering network and computing resources as a unified [53] whole. Traditional NaaS services include flexible and extended VPN, and bandwidth on demand. NaaS concept materialization also includes the provision of a virtual network service by the owners of the [54][55] network infrastructure to a third party (VNP VNO). [edit]Cloud
[52]

clients

See also: Category:Cloud clients Users access cloud computing using networked client devices, such as desktop computers, laptops, tablets and smartphones. Some of these devices - cloud clients - rely on cloud computing for all or a majority of their applications so as to be essentially useless without it. Examples

are thin clients and the browser-based Chromebook. Many cloud applications do not require specific software on the client and instead use a web browser to interact with the cloud application. With Ajax and HTML5 these Web user interfaces can achieve a similar or even better look and feel as native applications. Some cloud applications, however, support specific client software dedicated to these applications (e.g., virtual desktop clients and most email clients). Some legacy applications (line of business applications that until now have been prevalent in thin client Windows computing) are delivered via a screen-sharing technology. [edit]Deployment

models

Cloud computing types

[edit]Public

cloud

Public cloud applications, storage, and other resources are made available to the general public by a service provider. These services are free or offered on a pay-per-use model. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure and offer [28] access only via Internet (direct connectivity is not offered). [edit]Community

cloud

Community cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. The costs are spread over fewer users than a public cloud (but more [4] than a private cloud), so only some of the cost savings potential of cloud computing are realized. [edit]Hybrid

cloud

Hybrid cloud is a composition of two or more clouds (private, community or public) that remain unique [4] entities but are bound together, offering the benefits of multiple deployment models. By utilizing "hybrid cloud" architecture, companies and individuals are able to obtain degrees of fault tolerance combined with locally immediate usability without dependency on internet connectivity. Hybrid

cloud architecture requires both on-premises resources and off-site (remote) server-based cloud infrastructure. Hybrid clouds lack the flexibility, security and certainty of in-house applications. Hybrid cloud provides the flexibility of in house applications with the fault tolerance and scalability of cloud based services. [edit]Private
[56]

cloud

Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally [4] or by a third-party and hosted internally or externally. Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment, and it will require the organization to reevaluate decisions about existing resources. When it is done right, it can have a positive impact on a business, but every one of the steps in the project raises security issues that must be [57] addressed in order to avoid serious vulnerabilities. They have attracted criticism because users "still have to buy, build, and manage them" and thus do not [58] benefit from less hands-on management, essentially "[lacking] the economic model that makes cloud [59][60] computing such an intriguing concept". [edit]Architecture

Cloud computing sample architecture

Cloud architecture, the systems architecture of the software systems involved in the delivery of cloud computing, typically involves multiple cloud components communicating with each other over a loose coupling mechanism such as a messaging queue. Elastic provision implies intelligence in the use of tight or loose coupling as applied to mechanisms such as these and others. [edit]The

[61]

Intercloud
[62] [63][64]

Main article: Intercloud The Intercloud is an interconnected global "cloud of clouds" [65][66][67] "network of networks" on which it is based. [edit]Cloud and an extension of the Internet

engineering

Cloud engineering is the application of engineering disciplines to cloud computing. It brings a systematic approach to the high-level concerns of commercialisation, standardisation, and governance in conceiving, developing, operating and maintaining cloud computing systems. It is a multidisciplinary method encompassing contributions from diverse areas such as systems, software, web, performance, information, security, platform, risk, and quality engineering. [edit]Issues [edit]Privacy The cloud model has been criticized by privacy advocates for the greater ease in which the companies hosting the cloud services control, and thus, can monitor at will (whether permitted or not by their customers), the communication between the host company and the end user, as well as the user's stored data. Instances such as the secret NSA program, working with AT&T, and Verizon, which recorded over 10 million telephone calls between American citizens, causes uncertainty among privacy advocates, and [68] the greater powers it gives to telecommunication companies to monitor user activity. Using a cloud service provider (CSP) can complicate privacy of data because of the extent to which virtualization for [69] cloud processing (virtual machines) and cloud storage are used to implement cloud service. CSP operations, customer or tenant data may not remain on the same system, or in the same data center or even within the same provider's cloud; this can lead to legal concerns over jurisdiction. While there have been efforts (such as US-EU Safe Harbor) to "harmonise" the legal environment, providers such as Amazon still cater to major markets (typically the United States and the European Union) by deploying [70] local infrastructure and allowing customers to select "availability zones." Cloud computing poses privacy concerns because the service provider may access the data that is on the cloud at any point in [71] time. They could accidentally or deliberately alter or even delete information. Postage and delivery services company Pitney Bowes launched Volly, a cloud-based, digital mailbox service to leverage its communication management assets. They also faced the technical challenge of providing strong data security and privacy. However, they were able to address the same concern by [72] applying customized, application-level security, including encryption. [edit]Compliance In order to obtain compliance with regulations including FISMA, HIPAA, and SOX in the United States, the Data Protection Directive in the EU and the credit card industry's PCI DSS, users may have to adopt community or hybrid deployment modes that are typically more expensive and may offer restricted benefits. This is how Google is able to "manage and meet additional government policy requirements [73][74] [75] beyond FISMA" and Rackspace Cloud or QubeSpace are able to claim PCI compliance. Many providers also obtain a SAS 70 Type II audit, but this has been criticised on the grounds that the hand-picked set of goals and standards determined by the auditor and the auditee are often not disclosed [76] and can vary widely. Providers typically make this information available on request, under non[77][78] disclosure agreement. Customers in the EU contracting with cloud providers outside the EU/EEA have to adhere to the EU [79] regulations on export of personal data. U.S. Federal Agencies have been directed by the Office of Management and Budget to use a process called FedRAMP (Federal Risk and Authorization Management Program) to assess and authorize cloud

products and services. Federal CIO Steven VanRoekel issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Accreditation Board (JAB) consisting of Chief Information Officers from DoD, DHS and GSA. The JAB is responsible for establishing accreditation standards for 3rd party organizations who will perform the assessments of cloud solutions. The JAB will also review authorization packages and may grant provisional authorization (to operate). The federal agency consuming the service will still have the final [80] responsibility for final authority to operate. [edit]Legal As with other changes in the landscape of computing, certain legal issues arise with cloud computing, including trademark infringement, security concerns and sharing of proprietary data resources. The Electronic Frontier Foundation has criticized the United States government for considering during the Megaupload seizure process that people lose property rights by storing data on a cloud computing [81] service. One important but not often mentioned problem with cloud computing is the problem of whom is in "possession" of the data. If a cloud company is the possessor of the data, the possessor has certain legal rights. If the cloud company is the "custodian" of the data, then a different set of rights would apply. The next problem in the legalities of cloud computing is the problem of legal ownership of the data. Many [82] Terms of Service agreements are silent on the question of ownership. [edit]Open

source

See also: Category:Free software for cloud computing Open-source software has provided the foundation for many cloud computing implementations, prominent [83] [84] examples being the Hadoop framework and VMware's Cloud Foundry. In November 2007, the Free Software Foundation released the Affero General Public License, a version of GPLv3 intended to close a [85] perceived legal loopholeassociated with free software designed to be run over a network. [edit]Open

standards

See also: Category:Cloud standards Most cloud providers expose APIs that are typically well-documented (often under a Creative [86] Commons license ) but also unique to their implementation and thus not interoperable. Some vendors have adopted others' APIs and there are a number of open standards under development, with a view to [87] delivering interoperability and portability. As of November 2012, the Open Standard with broadest industry support is probably OpenStack, founded in 2010 by NASA and Rackspace, and now governed [88] by the OpenStack Foundation. OpenStack supporters include AMD, Intel, Canonical, SUSE Linux, Red [89] Hat, Cisco, Dell, HP, IBM, Yahoo and now VMware. [edit]Security Main article: Cloud computing security

As cloud computing is achieving increased popularity, concerns are being voiced about the security issues introduced through adoption of this new model. The effectiveness and efficiency of traditional protection mechanisms are being reconsidered as the characteristics of this innovative deployment model [90] can differ widely from those of traditional architectures. An alternative perspective on the topic of cloud security is that this is but another, although quite broad, case of "applied security" and that similar security [91] principles that apply in shared multi-user mainframe security models apply with cloud security. The relative security of cloud computing services is a contentious issue that may be delaying its [92] adoption. Physical control of the Private Cloud equipment is more secure than having the equipment off site and under someone elses control. Physical control and the ability to visually inspect the data links and access ports is required in order to ensure data links are not compromised. Issues barring the adoption of cloud computing are due in large part to the private and public sectors' unease surrounding the external management of security-based services. It is the very nature of cloud computing-based services, private or public, that promote external management of provided services. This delivers great incentive to cloud computing service providers to prioritize building and maintaining strong management [93] of secure services. Security issues have been categorised into sensitive data access, data segregation, privacy, bug exploitation, recovery, accountability, malicious insiders, management console security, account control, and multi-tenancy issues. Solutions to various cloud security issues vary, from cryptography, particularly public key infrastructure (PKI), to use of multiple cloud providers, [90][94][95] standardisation of APIs, and improving virtual machine support and legal support. Cloud computing offers many benefits, but it also is vulnerable to threats. As the uses of cloud computing increase, it is highly likely that more criminals will try to find new ways to exploit vulnerabilities in the system. There are many underlying challenges and risks in cloud computing that increase the threat of data being compromised. To help mitigate the threat, cloud computing stakeholders should invest heavily in risk assessment to ensure that the system encrypts to protect data; establishes trusted foundation to secure the platform and infrastructure; and builds higher assurance into auditing to strengthen compliance. Security concerns must be addressed in order to establish trust in cloud computing [citation needed] technology. [edit]Sustainability Although cloud computing is often assumed to be a form of "green computing", there is no published [96] study to substantiate this assumption. Citing the servers' affects on the environmental effects of cloud computing, in areas where climate favors natural cooling and renewable electricity is readily available, the environmental effects will be more moderate. (The same holds true for "traditional" data centers.) Thus [97] [98] countries with favorable conditions, such as Finland, Sweden and Switzerland, are trying to attract cloud computing data centers. Energy efficiency in cloud computing can result from energy[99] aware scheduling and server consolidation. However, in the case of distributed clouds over data centers with different source of energies including renewable source of energies, a small compromise on [100] energy consumption reduction could result in high carbon footprint reduction. [edit]Abuse As with privately purchased hardware, customers can purchase the services of cloud computing for nefarious purposes. This includes password cracking and launching attacks using the purchased [101] services. In 2009, a banking trojan illegally used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the

malware. Because information like passwords are stored on a server that is publicly accessible and linked to various others, hackers can access one account and use that information to invade the owners [103] other online accounts. [edit]IT

[102]

governance

Main article: Corporate governance of information technology The introduction of cloud computing requires an appropriate IT governance model to ensure a secured computing environment and to comply with all relevant organizational information technology [104][105] policies. As such, organizations need a set of capabilities that are essential when effectively implementing and managing cloud services, including demand management, relationship management, [106] data security management, application lifecycle management, risk and compliance management. A danger lies with the explosion of companies joining the growth in cloud computing by becoming providers. However, many of the infrastructural and logistical concerns regarding the operation of cloud computing [107] businesses are still unknown. This over-saturation may have ramifications for the industry as whole. [edit]Consumer

end storage

The increased use of cloud computing could lead to a reduction in demand for high storage capacity consumer end devices, due to cheaper low storage devices that stream all content via the cloud [citation needed] becoming more popular. In a Wired article, Jake Gardner explains that while unregulated usage is beneficial for IT and tech moguls like Amazon, the anonymous nature of the cost of consumption [107] of cloud usage makes it difficult for business to evaluate and incorporate it into their business plans. [edit]Ambiguity

of terminology

Outside of the information technology and software industry, the term "cloud" can be found to reference a wide range of services, some of which fall under the category of cloud computing, while others do not. The cloud is often used to refer to a product or service that is discovered, accessed and paid for over the Internet, but is not necessarily a computing resource. Examples of service that are sometimes referred to as "the cloud" include, but are not limited to, crowd sourcing, cloud printing, crowd funding, cloud [108][109] manufacturing.