IEEE - 33044

Cloud Computing and Its Security Issues - A

Review
Jitender Grover1, Shikha2, Mohit Sharma3
Department of Computer Science & Engineering, M. M. University, Sadopur, Ambala, India
1
jitendergrover0101@gmail.com, 2 shikha.vrgo@gmail.com, 3 mohitsharma2360@gmail.com

1, 2, 3

Abstract : Cloud Computing is one of the popular

techniques in distributed computing due to its ability
to minimize the cost of computing when scalability
and flexibility of computer process get increased.
Cloud Computing provides shared resources and
services via internet. Services are delivered through
data center. Cloud Computing allows an interesting
business proposal for IT industries to provide IT
services without any extra investment. Client is able
to perform heavy computer processes with low
capable device (like mobile) which has resource to
run the web browser. But cloud computing is crowded
with many security related issues. When client saves
his data to the companys cloud, there may be chance
of data breaching. So the purpose of this paper is to
search out various issues in cloud computing where
all computing is done on the server side and both data
& tasks are stored on the data centers.
Keywords- Cloud Computing, IaaS, PaaS, SaaS,
Types of clouds, DDOS.

I.

INTRODUCTION

In last few years, internet becomes an important part

of life. So the need of internet as well as computing is
increasing very rapidly which leads to the increase in
cost
of
hardware,
software
and
power
consumption.[1] So the new technique known as
cloud computing is a beam of hope to solve these
problems by giving service over the internet and
cutting down the cost of hardware and software.
Services offered in cloud computing has various
features like high scalability, reliability, flexibility and
dynamic property. User needs to increase the
resources in cloud system to improve the performance
of his task. Cloud computing is internet (network)
based distributed computing which emerged from grid
computing. [2] It is used to provide application as
services over the internet (network) and hardware by
using virtualization of data center or data server,
where responsibility of service availability is of
provider. Data center is the collection of servers
where all the applications used by user are collected.
For example, everyone has an email id in which a user
needs only an internet connection to access it. Cloud
computing working is very much similar to an email
client. All the data of a mail can be accessed anytime
and anywhere if a user has an internet connection
because data is not stored on a local computer system.
[3] Clients need not to worry about the maintenance

and management of the resources. On the basis of this

property, cloud computing is also known as utility
computing or IT on demand [4].
But cloud computing has much issues about security,
because all information of client is stored on server. If
cloud provider wants to misuse the client information,
it can do so and that means cloud is not fully safe for
sharing due to the chances of information leak or
theft. So this paper picks some emerging issues in
respect of security, privacy and its challenges.

II. CLOUD COMPUTING: ITS TYPES &

SERVICES
The cloud computing takes place when numerous
computers are using services which are distributed
over the network (internet) and connected to the data
center (private/public). Every service is loosely
attached. If one service gets failed then it will not
affect the other services. Cloud computing is
performed in two phase as frontend and back end. The
front end is a client who gets served by those services
which are provided by the back end which is the cloud
system. [8]

Fig 1: Cloud Computing Model

Definition of cloud computing according to The
National Institute of Standards and Technology
(NIST) is: Cloud computing is a way of enabling
convenient, on-demand network access to a shared
pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services)

5th ICCCNT - 2014

July 11 - 13, 2014, Hefei, China

IEEE - 33044

that can be rapidly provisioned and released with

minimal management effort or service provider
interaction.[7]
Wikipedia defines cloud computing as: The delivery
of computing as a service rather than a product,
whereby shared resources, software and information
are provided to computers and other devices. Cloud
computing provides computation, software, data
access, and storage services that do not require enduser knowledge of the physical location and
configuration of the system that delivers the services.
Some bunch of users needs a separation in computing
and service. So Cloud computing is divided into three
types of clouds [1] [11]:
x
x
x

Private Cloud
Public Cloud
Hybrid Cloud

Private Cloud: The cloud is deployed by the private

organization for own purpose. This type is limited to
the access for a specific group. Services are design for
private benefits called as private cloud that can be one
house, industry cloud.
Public Cloud: The cloud is implemented for general
purpose where rent basis services are provided to the
public. This can be accessed by any user. Charges are
applied to the client on behalf of service utilization.
Hybrid Cloud: The combination of the private cloud
and public cloud is called hybrid cloud. This is done
when private cloud needs some special service from
public cloud.

Software as a Service (SaaS): In this, provider

provides service to user for accessing the software to
develop application where software is provided on
monthly rent basis. More the user used it, more he
will be billed. For example goggle app software is
provided for a certain time to develop application. [5]
In this, a user has the least control over the cloud.
Platform as a Service (PaaS): It is developed above
the SaaS level and services are given to clients with
access to the operating system as well as basic
operating software to use software applications. It
provides all the resources needed to build an
application. For example for accessing database and
payment services there is no need to purchase or
maintain & manage the existing computing
infrastructure. Like as Google App Engine allows
clients to run their web applications (software that can
be accessed using a web browser such as goggle
chrome over the internet) [6] on Googles
infrastructure.
Infrastructure as a Service (IaaS): It offers an
infrastructure to the client. It allows clients with the
access to server hardware, storage, bandwidth and
other basic needs for computing resources. For
example, Amazon EC2 allows individuals and
businesses to rent machines preconfigured with
selected operating systems [6] to run their own
applications.
Figure 3 shows all the above three cloud providers in
different layers with the reources managed. Each layer
has its own importance to implement cloud computing
which are explained as below [7]:

Fig 2: Types of Clouds in Cloud Computing

In cloud computing, there are three types of cloud
services which give by cloud provider. These services
are root execution of cloud computing. So whenever
an user need to perform any processes, user able
select any services those mention follow:
x
x
x

Software as a service(SaaS)
Platform as a service (PaaS)
Infrastructure as a service (IaaS)

Fig 3: Layered Architecture of Cloud Services

x

Application Layer: Highest layer of the cloud,

where request for services and resources push to
the data centers. Here client use computing and
perform his task which is possible by using
application on cloud.

5th ICCCNT - 2014

July 11 - 13, 2014, Hefei, China

IEEE - 33044

Platform Layer: This layer consists of operating

system, application software and frameworks.
The main aim of platform layer is to reduce the
efforts for execution of application directly to the
virtual machine. Therefore an application
interfaces are used at this layer.
Infrastructure
Layer:
The
resource
virtualization creates on an infrastructure layer by
dividing
the
physical
resources
using
virtualization tools like VMware, Xen. The
dynamic resource and service allocation is also
done at this layer. Thus it can be say that
infrastructure layer is very important part of
cloud computing.
The hardware layer: This layer is responsible
for arranging the physical resources of the cloud
which have physical servers, routers, switches,
power and cooling systems. The hardware layer
is mostly applied in data centers.

III.

CHALLENGES IN CLOUD
COMPUTING

There are several challenges in cloud computing

which are necessary to keep in knowledge and be
aware about these. Some of the challenges are given
as follows [9] [14]:
x

Privileged User Access: If any sensitive data of

client is accessing outside the enterprise then
client needs to buy a new membership for
verification otherwise the risk of data leak is
increased.
Availability: Some clients of cloud computing
need to access the cloud services but the range of
the company is not available at every time and
place.

Regulatory Compliance: Cloud computing

provider never allows any external audits and
also refuses to install new security certificates to
network.

Data Location: When a client uses the cloud

computing then client doesnt know about the
location where his data is stored. And hosted
from where?

Investigative Support: If any inappropriate and

illegal activity takes place with client data in
cloud computing then the proper investigation
about this is impossible.

Data segregation: In cloud computing, the data

of client is available in a shared condition with
other clients of cloud that is using services in
parallel.

Recovery: If server or data center ruined due to

some natural problem or disaster, the cloud
provider informs the client about the status of his
data.

IV.

SECURITY RISK IN CLOUD

COMPUTING

Cloud computing is a way of accessing resources and

service for a particular organization. But hacker,
attacker and security researcher find out that cloud
computing is not fully secure. It has some issues
which are mentioned below [9] [13]:
x

Insecure Interface: Cloud service provider show

all the software interface and application which
are used to interact with cloud by client. Data
arrangement, identity management, monitor of
service all happen on the cloud. And
authentication and access control is monitored by
these interfaces too [12].

Data Loss or Leakage: When cloud computing

is being executed. There are two changes happen
to the client data. Firstly, data is stored far from
the client machine. Second, data is transmitted
from one execution mode to multi execution
mode. When these changes occur to information
place the security issue of data loss or leakage.

Malicious Insiders: At this time, cloud is served

by organization which hires employees for
providing service to its client. So those employee
can misused the information or can sell
information to other organization and this is
happen on internal level of a company and hard
to aware for clients or consumers.[2]

Shared Technology: components of working

under the cloud which make environment (virtual
memory, processor, caches etc) for computing
does not support strong isolation for multi
execution mode [12].

Flood Attacks: When any customer is using the

cloud computing services and he need to extend
size of service and initialization is happen due to
dependency on internal communication. And
attacker makes large false request to the server.
So server gets busy and unable to work properly.

IP Spoofing: IP spoofing is known as analysis of

network traffic. When any attacker send message
to a computer being a trusted user. Attacker
determines the IP address of a trusted system and
makes some modification to packet information
like packet header and sends that packet which
seems as packet is originating from trusted
system.[10]

DDOS Attacks: In DDOS (Distributed Denial of

Service) attack, attacker makes some spoofing
and sends large number of requests to the server.
So server gets busy and not able to response on
the valid and authentic request of customer. In
this way server deny for giving the service to
customer and DDOS take place [10].

5th ICCCNT - 2014

July 11 - 13, 2014, Hefei, China

IEEE - 33044

VM-Based Malware Attack: Security can be

break in virtual machines by some virus or
malware like VM based root kits which design to
harm both entity client and server system in
computing of cloud services. The root kits uses
cloaking technique, means client send some
message to server which take by the attacker and
send to server by attacker. Same process happen
when server send message to client. So this
malicious code hide some system information file
like registry keys, antivirus and security program.

implement because a client just needs a web browser

to experience cloud computing. But when security &
privacy comes into existence then so many challenges
and issues appeared according to hackers, crackers
and security researchers suggestion that cloud
computing is not hundred percent safe due to
information can be leak at any level of cloud. So this
paper tries to analyze various challenges and issues
related to the security of a cloud and need to work on
those issues to protect manipulation of information.

VII.
V.

PRIVACY ISSUES IN CLOUD

COMPUTING

Client uses all services which are server oriented and

all processes have to be complete on the server. Due
to server computing, all the data of client is saved at
server which can be called as data center. But some
issues may be arises in the regard of privacy. Some
privacy issues are explained in this paper as [1]:
x

Loss of Control: When a client is using cloud it

means he is using some applications in cloud and
makes some document and project under those
applications which stored on cloud. If client
needs to change cloud provider then he can be
threaten about manipulation or misuse of his
sensitive information which he already store on
the present cloud data centers.
Invalid Storage: The data may be stored on an
inappropriate space or secondary memory of the
cloud because if authentic storage is used then
cloud provider has to pay for use of storage
which reduces the profit of cloud provider. So
this may be a serious issue about data privacy in
cloud computing.

REFERENCES

[1]

Satveer Kaur and Amanpreet Singh, The

Concept of Cloud Computing and Issues
Regarding its Privacy and Security,
International Journal of Engineering Research &
Technology (IJERT), Vol. 1 Issue 3, May 2012.

[2]

Farzad Sabahi, Cloud Computing Security

Threats and Responses, 2011 IEEE 3rd
International Conference on Communication
Software and Network (ICCSN), pp. 245-249,
May 2011.

[3]

Alexa Huth and James Cebula,The Basics of

Cloud Computing Carnegie Mellon University.
Produced for US-CERT, 2011.

[4]

Farhan Bashir Shaikh and Sajjad Haider,

Security Threats in Cloud Computing, 6th
IEEE International Conference on Internet
Technology
and
Secured
Transactions,
December, pp: 214-219, Dec. 2011.

[5]

Kim
Kwang
Raymond
Choo, Cloud
computing: Challenges and Future Directions",
Trends & Issues in Crime and Criminal Justice
No. 400, Canberra: Australian Institute of
Criminology, pp. 381-400, October 2010.

Access Control: When client saves his complete

data to the server and he is not accessing it for a
long time due to any reason. An unauthorized
access will use that data illegally due to lack of
authorized rights of access control.

[6]

Hassan Takabi, James B.D. Joshi and Gail-Joon

Ahn, Security and Privacy Challenges in Cloud
Computing Environments, Copublished By
The IEEE Computer And Reliability Societies ,
Vol. 8 , No. 6, pp. 24-31, Dec. 2010.

Data Boundary: Cloud provider makes several

copies of data to provide at the location for client.
Wherever this data is required by a user, it is
available there for use. If any data present at the
data center is not used for a long time then it
deleted from data center. And multiple copies of
data for servers can be cause of information leak
or theft.

[7]

Qi Zhang, Lu Cheng, Raouf Boutaba,Cloud

Computing: State-of-The-Art and Research
Challenges, Journal of Internet Services and
Applications, Vol. 1, No. 1, pp 7-18, April 2010.

[8]

Wentao Liu, Research on Cloud Computing

Security Problem and Strategy,
2nd
International
Conference
on
Consumer
Electronics, Communications and Networks, pp.
1216-1219, April 2012.

[9]

Xiang Tana, Bo Aib, The Issues of Cloud

Computing Security in High-speed Railway,
IEEE International Conference on Electronic &
Mechanical Engineering and Information
Technology, Vol. 8, pp. 4358-4363, August
2011.

VI.

CONCLUSION

Cloud computing is a way of computing which

depletes the boundaries of hardware and software.
Each and every resource is available as a service to
the user. It means cloud computing is a long term
computing which will make IT technology more
successful. Computing becomes easy to use &

5th ICCCNT - 2014

July 11 - 13, 2014, Hefei, China

IEEE - 33044

[10] D. Kishore Kumar, G. Venkatewara Rao,

G.Srinivasa Rao, Cloud Computing: An
Analysis of Its Challenges & Security Issues,
International Journal of Computer Science and
Network (IJCSN), Vol. 1, No. 5, October 2012,
[11] Kuyoro S. O., Ibikunle F. and Awodele O.,
Cloud Computing Security Issues and
Challenges, International Journal of Computer
Networks (IJCN), Vol. 3, No. 5, pp. 247-255,
2011.
[12] Ruchi Bhatnagar, Proposal of Security
Schemes For Protecting Services In Cloud
Computing,
International
Journal
of
Engineering Research & Technology (IJERT),
Vol. 1, No. 3, May 2012.
[13] Kevin Hamlen, Murat Kantarcioglu, Latifur
Khan and Bhavani Thuraisingham, Security
Issues for Cloud Computing, International
Journal of Information Security and Privacy,
Vol. 4, No. 2, April-June 2010.
[14] Naveen Dogra and Harpreet Kaur, Cloud
Computing Security: Issues and Concerns,
International Journal of Emerging Technology
and Advanced Engineering, Vol. 3, No. 3,
March 2013.

5th ICCCNT - 2014

July 11 - 13, 2014, Hefei, China