Académique Documents
Professionnel Documents
Culture Documents
l 2
Tunisha Saxena , Vaishali Chourey
!2
, Computer Science dept. Medi-Caps Institute of Technology and Management, Indore, India
2
I tunisha.I3saxena@gmail.com, vaishalichourey@yahoo.com
Abstract: Cloud Computing has transformed the software support Cloud computing applications are generally priced on a
for large systems from server to service oriented paradigm. This subscription model. The cloud-based services are not only
drift has evolved new challenges for design and delivery of services restricted to software applications (Software as a
over heterogeneous requirements and environments. This brings
about risks and challenges for systems. The system over internet are
vulnerable to performance and security risks. The performance is a
composite evaluation but risks that are related to privacy can be Deployment Models Essential Characteristics Service Models
handled at different levels of abstraction in cloud modeL This paper
6
addresses the security risks and challenges and analyzes the
On demand Self Service
EJ
available measures to handle
e
Keywords: Cloud Computing, Cloud security, Security challenges,
Network level security, Application level security.
I. INTRODUCTION
Resource Pooling
EJ
Cloud Computing is a computing model which has evolved
from distributed computing, virtualization technology, utility
8 Rapid Elasticity
Autonomic Computing
SOA, Web 2.0, Web
Data Center Automation
iv) Rapid elasticity: The capabilities provided by the cloud
Services and Mashups
can be elastically and rapidly released or provisioned.
Internet Technologies Systems Management Cloud computing gives an illusion of multiple
computing resources. These resources can be scaled up
Fig 1: Convergence of cloud computing and down.
High
1.2 Cloud Service models:
Cloning and Resource pooling Trusting data to people and processes Malicious insiders
Motility of data and data residuals Viability of cloud vendor Insufficient due diligence
Elastic perimeter
Deployment
Unencrypted data
Service
Service hijacking
Flooding attacks
Network
Locks in
DNS attacks
Sniffer attacks
Security concerns with Hypervisor A vailability and Reliability issues Data breaches
Denial of service attacks Protection and Confidentiality of data Account or service traffic hijacking
Application
CAPTCHA breaking
Dictionary attacks
Google hacking
3. J Information Security Principles: vulnerabilities. It involves audit trials to deal with
customer's existing problems.
There are certain principles which we need to abide by so as to
have a secure cloud communication. These principles are iii) Monitoring and Governance - It involves utilities that
referred as Information Security Principles. CIA Triad is a allow customers to monitor the security environment,
well known security model which deals with important aspects performance and reliability. With these utilities,
of IT security. It is used to identify security problems and customers can monitor these activities as they could in
provide its necessary solutions [6,7]. In the CIA Triad, C
their own data center. These utilities allow customers to
stands for Confidentiality, I for Integrity and A stands for take necessary actions on account of the security
Availability. These security principles are also discussed in information received from the cloud provider. These
[8]. actions may include shutting down the application itself.
Governance includes risk management.
i) Confidentiality - Confidentiality refers to protecting the
information from unauthorized users. Its aim is to ensure 3.3 Cloud Security Controls:
that information is hidden from unauthorized users to
access it. With the increase in number of applications Cloud Security Controls can be visualized as a three tiered
and equipments in cloud, threats also increases which model[9]. These three layers include Front End Security,
lead to an increased number of access points. Middle layer and Back End Security.
ii) Integrity - Integrity refers to the consistency and i) Front End Security deals with authorization and
accuracy of data. The data should not be modified by authentication.
any unauthorized user or in an unauthorized manner. It
ii) Middle layer deals with OS security, virtual machine
says that data should not be altered in transit.
security.
iii) Availability - The principle of availability says that the iii) Back End Security deals with data and database security,
information must be available whenever it is needed. It network security and storage security.
refers to the property that the system must be usable and
accessible when requested by the authorized users. 3.4 Security Architecture:
3.2 Cloud Security Requirements: The security architecture includes isolation , confidentiality
and access control which are the necessary requirements to
Before migrating the data to the cloud, security cannot be the protect data and applications of a company[9].
only requirement. Organizations not only need security, but
robust security that can be trusted and monitored. This brings i) Isolation - It ensures isolation within a multitenant
about three basic requirements of cloud security [9] - environment. its counter measure is the use of
'Hypervisors' which enables multiple data centers.
i) Robust Security - Robust security refers to moving
beyond the traditional modes of security. Even in a ii) Confidentiality Confidentiality is an important
shared multitenant environment, robust security ensures component of security architecture which provides
isolation of data. It ensures the protection of data at protecting the information from unauthorized access.
different layers in the cloud. It includes mechanisms to The counter measure for confidentiality is 'Encryption'.
provide access control and confidentiality. This involves
robust log management, encryption, key management iii) Access Control and Identity Management - Identity
etc. management ensures that only authorized users can
access the applications. This involves audit and log
ii) Trust and Assurance - In Trust and Assurance, the management. Identity management and access control is
organization maintains a confidence in the integrity of provided by 'federated identity management'. Along
the entire cloud infrastructure. This includes integrity of with authorization and authentication, validation
software, hardware, data centers, processes etc. The processes also ensures identity and access control.
cloud provider needs to establish an evidence based trust
architecture of the cloud environment which involves IV. CONCLUSION
monitoring and reporting capabilities which ensures the
customer about the transparency related to security With the advent of technology, cloud computing has become
an important computing paradigm and has been dominating
the IT market. More drift towards cloud computing can be International Journal of Advanced Computer Science
seen in the future because of its features and benefits. With and Applications (IJACSA), Vol. 4, No.1, 2013
this revolutionization of computing world by cloud, it is prone [4] Rohit Bhadauria, Rituparna Chaki, Nabendu Chaki,
to number of security challenges as well which may vary from Sugata Sanyal, "A Survey on Security Issues in Cloud
application to network level. These security risks must be Computing and Associated Mitigation", International
controlled. Even the data residing inside the cloud is Journal of Computer Applications (IJCA), June 2012,
vulnerable to attacks. In this paper, we presented various pp: 47 - 66.
aspects of security in cloud and the challenges associated on
[5] http://www.cloudsecurityalliance.org/topthreats.
different parts of cloud infrastructure.
[6] http://www.techrepublic.com/blog/it -security/the-cia
triadl
REFERENCES
[1] Wentao Liu, Research on Cloud Computing Security [7] http://www.slideshare.net/bharathraob/the-cia-triad-
Problem and Strategy, 978-1-4577-1415-31121 ©2012 28739772
IEEE [8] Mircea Georgescu, Natalia Suicirnezov, "Issues
[2] NIST defmition of Cloud. NIST 500-292 "NIST Cloud Regarding Security Principles In Cloud Computing",
Computing Reference Architecture" The USV Annals of Economics and Public
Administration Volume 12, Issue 2(16), 2012.
[3] Ms. Disha H. Parekh, Dr. R. Sridaran, "An Analysis of
Security Challenges in Cloud Computing", [9] http://www.cloudsecuritysoftware.comlcloud-
security.htm I