International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org

Volume 3, Issue 5, September-October 2014

ISSN 2278-6856

Cloud Computing: Security Issues and Solutions

1

Vinayak Shukla, 2Shobhit Srivastava,3Nidheesh Sharma

Dr. K.N.Modi Institute Of Engineering & Technology,
Modinagar, Ghaziabad U.P. India

ABSTRACT

2. RELATED WORK

Cloud computing is environment which enables the

convenient, effective, on-demand network access to a
shared pool of configurable computing resources. In this
paper we discuss security issues of cloud computing
(including network security, interfaces, data security,
virtualization, governance, compliance and legal issues)
because the cloud computing services are speeding up the
rate in which organizations utilize their computational
services or selling their idle computational resources for
cloud computing and also the major issue in cloud
computing.
Keywords:- Virtualization, Hypervisor, Data Security,
Governance, Interfaces, Network Security, Legal Issues.

2.1. Technical Components of Cloud Computing-

1. INTRODUCTION
Cloud computing is an architecture for providing
computing services via internet on demand and pay per use
access to a pool of shared resources namely networks,
storage, servers, services and applications, without
physically acquiring them. So it saves managing cost and
time for organizations.Many industries such as banking,
healthcare, educations and individuals are moving towards
the cloud due to efficiency of services provided by the pay
per use pattern based on the resources such as processing
power used, transactions carried out, data transferred or
storage space occupied. Cloud computing is a completely
internet dependent technology where client data stored and
maintain in the data centre of a cloud provider like Google,
Amazon, Microsoft and Apple etc. As security is
considered a key requirement for cloud computing as a
robust and feasible multipurpose solution. This viewpoint
is shared by many distinct groups, including academic
researchers, business decision makers and government
organizations. The many similarities in this perspective
indicate a grave concern on crucial security and legal
obstacles for cloud computing, including service
availability and data confidentiality. These concerns have
their origin not only on existing problems, directly
inherited from the adopted technologies, but also related
to new issues derived from the composition of essential
cloud computing features like scalability, resource sharing
and virtualization i.e. data leakage and hypervisor
vulnerabilities. The main goal of this article is to identify,
classify, organize and quantify the main security concerns
and solutions associated to cloud computing, helping in the
task of pinpointing the concerns that remain unanswered.
Aiming to organize this information into a useful tool for
comparing, relating and classifying already identified
concerns and solutions as well as future ones.

Volume 3, Issue 5, September-October 2014

As shown in the Figure 1 , key functions of a cloud

management system is divided into four layers,
respectively the Resources & Network Layer, Services
Layer, Access Layer, and User Layer. Each layer includes
a set of functions:
The Resources & Network Layer manages the physical
and virtual resources.
The Services Layer includes the main categories of
cloud services, namely, Naas,IaaS, PaaS, SaaS/CaaS,
the service orchestration function and thecloud
operational function.
The Access Layer includes API termination function,
and Inter-Cloud peering and federation function.
The User Layer includes End-user function, Partner
function and Administration function.

Other functions like Management, Security & Privacy, etc.

are considered as cross layer functions that covers all the
layers. The main principle of this architecture is that all
these layers are supposed to be optional. This means that a
cloud provider who wants to use the reference architecture
may select and implement only a subset of these layers.
However, from the security perspective, the principal of
separation requires each layer to take charge of certain
responsibilities. In event the security controls of one layer
are by passed (e.g. access layer), other security functions
could compensate and thus should be implemented either
in other layers or as cross-layer functions.
2.2 Cloud Computing Security
Security and compliance in cloud computingSecurity Stack in cloud computing

Page 137

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 3, Issue 5, September-October 2014

Figure 2: Security Stack in cloud computing

Lower down the stack the cloud vendor provides, the more
security issues the consumer has to provide.
2.3. Security Issues in SaaS
(a) Data Security
(b) Network Security
(c) Data locality
(d) Data integrity
(e) Data access
(f) Availability
(g) Authorization and Authentication
(h) Data Confidentiality
2.4. Security Issues in PaaS
1. In PaaS, the provider might give some control to the
people to build applications on top of the platform.
2. Hackers are likely to attack visible code, including but
not limited to code running in user context. They are likely
to attack the infrastructure and perform extensive black
box testing. The vulnerabilities of cloud are not only
associated with the web applications but also
vulnerabilities associated with the machine-to-machine
Service Oriented Architecture (SOA) applications.
2.5. Security Issues in IaaS
Taking virtual machines, which contain critical
applications
and
sensitive
data,
off
premise to public and shared cloud environments creates
security
challenges
for
organizations that have relied on network perimeter
defence as the main method to protect their data centre
2.6. General Issues
While aiming to concentrate and organize information
related to cloud security and to facilitate future studies, in
this section we identify the main problems in the area and
group them into a model composed of seven categories.
Namely the categories are:
2.6.1.Network Security
Problems associated with network communications and
configurations regarding cloud are
(a) Transfer Security:
Distributed architecture and massive resource sharing
imply more data in transit in the cloud, thus requiring
protecting the system against sniffing, spoofing and attack
on the data.
(b) Firewalling:
It protects the internal cloud infrastructure against insiders
and outsiders. They also enables VM isolation.
(c) Security Configuration:
Setting protocols, systems and technologies to provide the
required level of security and privacy without
compromising performance and efficiency.

Volume 3, Issue 5, September-October 2014

ISSN 2278-6856

2.6.2. Interfaces:
Concentrates all issues related to users, administrative and
programming interfaces for using and controlling cloud.
(a)API:
Programming interfaces for accessing virtualized
resources and systems must be protected in order toprevent
malicious use.
(b) User Interface:
End user interface for exploring the provided resources
and tools implying the need of adopting for securing the
environment.
(c) Authentication:
Mechanism required to enable access the cloud. Most of
the services rely on regular accounts being susceptible to a
plethora of attacks whose consequences are boosted by the
resource sharing.
2.6.3.Data Security
Protection of data in terms of confidentiality, availability,
and integrity.
(a) Cryptography:
Most employed practice to secure the sensitive data.
(b) Redundancy:
Essential to avoid data loss.
2.6.4. Virtualization:
Isolation between VMs, hypervisor vulnerabilities and
other problems associated to the use of virtualization
technologies.
(a) Isolation:
Although logically isolated, all VMs share the same
hardware and consequently the same resources, allowing
malicious entities exploit data leaks and cross VM attacks.
(b) Hypervisor Vulnerabilities:
The hypervisor is the main software component of
virtualization. Even though there are known security
vulnerabilities for hypervisors, solutions are still scare and
demand further studies to harden these security aspects.
(c) Data leakage:
Exploit hypervisor vulnerabilities and lack of isolation
controls in order to leak data from virtualized
infrastructures, obtaining sensitive data and affecting
confidentiality.
(d) Cross VM attacks:
It includes attempt to estimate provider traffic rates in
order to steal cryptographic keys and increase and increase
chance of VM placement attacks.
2.6.4. Governance:
Issues related to losing administrative and security controls
in cloud computing. It includes moving data to the cloud
means losing control over redundancy, location, and file
system.
2.6.5.Compliance:
Includes requirements related to service availability and
service level agreements.
2.6.6. Legal issues:
Aspects related to judicial requirements and laws, such as
multiple data location, provider privilege (malicious
activities of provider insiders are threat to confidentiality,
availability) and legislation.

Page 138

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 3, Issue 5, September-October 2014

ISSN 2278-6856

materials related to cloud computing security, including

ENISA, CSA, NIST, and CPNI.
The four distinct security technologies firewall, intrusion
detection
and prevention, integrity monitoring and log
inspectionthat
can
be
deployed
as
software on virtual machines to increase protection and
maintain
compliance
integrity of servers and applications.

Figure 3: Security Problem with Grouped Categories

3. PROPOSED WORK
3.1. Security SolutionsDuring our study we observe that the number of citations
covering security problems related to legal issues,
compliance and governance is high, however the same also
happens when we consider the number of references
proposing solutions for those issues. In other words, these
concerns are highly relevant but a large solutions are
available for tackling them. The situation is completely
different when we analyse technical aspects such as
virtualization, isolation and data leakage. Indeed,
virtualization amounts for 12% of problem references and
only 3% for solutions. Isolation is a perfect example of
such discrepancy. We noted that for this specific issue,
special care has been taken when the most popular virtual
machines solution providers (e.g. XEN, VMWARE and
KVM) aiming to verify their concerns and available
solutions. This indicates the need of evaluating potential
areas still to be developed in order to provide better
security conditions when migrating data and processes in
cloud.

Figure 4: Security Solution with Grouped Categories

Security frameworks concentrate information on security
and privacy aiming to provide a compilation of risks,
vulnerability and best practices to avoid or migrate them.
There are several entities that are constantly publishing

Volume 3, Issue 5, September-October 2014

4. Consideration and future worksSecurity is a crucial aspect of cloud computing for

providing a reliable environment and then enable the use
of application in the cloud and for moving data and
business processes to virtualized infrastructure. Many of
the security identified are observed in other computing
environments: authentication, network security and legal
requirements. Effective and secure virtualization
represents a new challenge in such a context with high
distribution of complex services and web based
applications,
thus
requiring more sophisticated
approaches. It is strategic to develop new mechanism that
provide the required security by isolating virtual machines
and the associated resources while following best practice
in terms of legal regulations and compliances to SLAs.
Among other requirements, such solutions should employ
virtual machine identification, provide an adequate
separation of dedicated resources combined with a constant
observation of shared ones and examine cross VM and
data leakage. A secure cloud computing environment
depends upon several security solutions working together.
In our studies we did not identify any security solutions
provider owning the facilities necessary to get high level of
security conformity for clouds.

5.COMPARISION
MECHANISMS

WITH

PREVIOUS

We noted that quite a bit of research had been done in the

areas of: data centre capacity planning (provider
perspective), data centre scheduling (provider perspective),
and provider matching and migration planning (broker
perspective). On the other hand, other areas have not yet
received much attention: pricing (provider perspective),
intrusion detection and prevention (provider perspective),
and capacity reverse auctions (broker perspective).Our
research conclude that we should be more carefulabout the
security concerns while putting our data on a cloud. There
are openresearch challenges in cloud computing security
which demand constant and intensive research.The
security model should be made secured. Security as a
Service should beprovided to the cloud users. We suggest
other researchers to focus more on the security issues
related to virtualization rather than legal issues,
governance, interfaces, data security as we have tried to the
most of our capabilities and knowledge.

6. CONCLUSION
Considering the points raised in the above discussions, a
straight forward conclusion is that cloud security includes

Page 139

International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)

Web Site: www.ijettcs.org Email: editor@ijettcs.org
Volume 3, Issue 5, September-October 2014
old and well known issues such as network and other
infrastructural vulnerabilities, user access, authentication
and privacy and also a novel concerns derived from new
technologies adopted to offer the adequate resources,
services and auxiliary tools. These problems are
summarized by isolation and hypervisor vulnerabilities,
data location and e-discovery and loss of governance over
data, security and even decision making. Another point
observed is that, even though adopting a cloud service or
provider may be easy, migrating to another is not. After
moving local data and processes to the cloud, the lack of
standards for protocols and formats directly affects
attempts to migrate to a different provider even if this is
motivated by legitimate reasons such as non- fulfilment of
SLAs, outages or provider bankruptcy. So SLAs are not
perfect and service outages happen at the same pace that
resources sharing, multi-tenancy and scalability are not fail
proof. Finally, the analysis of current trends for cloud
computing reveals that there is a considerable number of
well-studied security concerns, for which plenty solutions
and best practices have been developed, such as those
related to legal and administrative concerns but still many
issues still require further research effort, especially those
related to secure virtualization.

ISSN 2278-6856

[17] Lyle M (2011) Redundancy in data storage.

[18] Bosch J (2009) Google accounts attacked by phishing
scam.
[19] Amazon (2011) Elastic compute cloud.
[20] Salesforce (2011) Security implementation guide.
[21] Anand N (2010) The legal issues around cloud
computing.
[22] Yuong E (2009) Cloud Computing.
[23] Salesforce (2011) Salesforce security statement

AUTHOR
Vinayak Shukla is currently pursing B.Tech
fromDr. K. N. Modi Institute of Engineering
& Technology, Modinagar, Ghaziabad, U.P.
India

7.ACKNOWLEDGEMENT
This project is developed under the guidance of Mr.
Nidheesh Sharma, Assistant professor at Dr.K.N. Modi
Institute of Engineering and Technology, Modinagar,
Ghaziabad, U.P. India.

REFERENCES
[1]

Top
threats
to
Cloud
Computing
htps://cloudsecurityalliance.org/topthreats.
[2] SaaS ,PaaS and IaaS: A security checklist for Cloud
Models-http://www.cssonline.com.
[3] http://pds.ewi.tudelft.nl/~iosup/research_cloud.html
[4] www.cloudreadsecurity.com
[5] www.programmableweb.com
[6] Hunter S (2011) Ascending to the cloud creates
negligible
e-discovery
risks.
www.ediscovery.quarles.com
[7] Sharon D, Nelson JWS (2011) Virtualization and cloud
computing www.slaw.ca
[8] e-discovery risks. www.ediscovery.quarles.com
[9] Sharon D, Nelson JWS (2011) Virtualization and cloud
computing www.slaw.ca
[10] Dinoor S (2010) ten steps to securing a cloud based
enterprise www.cloudcomputing.sys-con.com
[11] Rarnireddy S, Chakraborthy R (2010) Privacy and
Security practices in the arena of cloud computing.
[12] Olstrik j (2010) Information security, virtualization,
and the journey to the cloud.
[13] Linthicum D (2009) Defining the cloud computing
framework.
[14] www.cloudsecurityalliance.org
[15]
Shankland S (2009) HPs hurd dings cloud
computing, IBM.
[16] CSA (2009) Security guidance for critical areas of
focus in cloud computing.

Volume 3, Issue 5, September-October 2014

Page 140