A Study On Threatened Risks For Cloud Computing Security How To Overcome These Risks

AIJREAS VOLUME 1, ISSUE 5 (2016, May) (ISSN-2455-6300) Online
AAnnvveesshhaannaa’’ss IInntteerrnnaattiioonnaall JJoouurrnnaall ooff RReesseeaarrcchh iinn EEnnggiinneeeerriinngg aanndd AApppplliieedd SScciieenncceess
A STUDY ON THREATENED RISKS FOR CLOUD COMPUTING

SECURITY & HOW TO OVERCOME THESE RISKS
Kranthi Kiran G Regonda Nagaraju V Malliah

Asst. Prof. CSE Dept. Asst. Prof. CSE Dept. Asst. Prof. CSE Dept.
CMR Technical Campus CMR Technical Campus CMR Technical Campus
Telangana, India Telangana, India Telangana, India
Email:nagcse01@gmail.com
Abstract
Cloud computing is a network based or internet
based technology, which gives dynamic resource
services for the customer on demands. It moves data
away from desktop & PCs into large data centers.
Cloud services are delivered from data centers
through the world .It is a totally internet based
service. It uses as a pay-per-use pattern through the
network. Cloud computing is a service of „Networks
of Networks‟. Third party involvements also present
there. So secure architecture is important to keep
Cloud computing data safe from the beginning cloud
computing, it provides better service, low-cost
services etc .Despite that there are several
threatened risks in cloud computing, the aim of this
paper is to study on “Threatened risks for cloud
computing security & how to overcome those risks”.
Keywords: Cloud computing; cloud security;

threatened risks; Mitigation process; security tools.
Fig 1: Stack of service (Cloud Computing)
I. INTRODUCTION
Cloud Computing is an on demand
service style. At present, it makes everything But for some threats cloud computing
simple and flexible. But Cloud architecture service is not safe it creates problems
is complex and is not easy to solve any between end user and providers. Our main
problem in short. There are three types of aim is to discuss most of the threats and
clouds is done, such as public, private and trying to discuss some overcoming process.
hybrid. cloud providers offered three types In chapter 2 given some related works, after
of Services like Platform as a Service (Peas), that in Chapter 3 explained some threatened
Software as a Service (Seas) and risks & mitigation process, chapter 4
Infrastructure as a Service (IaaS) [2].Cloud discussed some security tools, finally
computing is am most important service chapter 5 provides conclusion for the paper
system in nowadays. The word “Cloud” is
used as a market term [1]. II. RELATED WORKS
In [3] the authors describe the cloud

computing security issues. They basically
arose the security issues focused on
technical security in cloud services. They
discuss threatened risks presented in the
cloud service like VM-Level attacks,
EE--m
maaiill :: anveshanaindia@gmail.com , W Weebbssiittee :: www.anveshanaindia.com
1
compliance risks, isolation failure, III. THREATENED RISKS &

management interface compromise and their MITIGATION PROCESS
mitigation. They also presented cloud
security architecture, to protect themselves Cloud computing is an on-demand
against threats and attacks. They also find service system which provides services as
out the key points for this architecture like pay –per –use basis’ low cost and better
single-sign on, increased availability, single service provider. Security is the main fact
management console, VM protection, because the third party is involved here. So
defense in depth some necessary tool and process are
approach. discussed to solve that. But there are some
threats in cloud computing, and they are
In [4] the author discussed some explained here.
important threats to ensure a secure cloud
environment. This included some security A. Abuse and Nefarious Use of Cloud
securities (e.g., inside threats, system computing
portability ,access control), software and
hardware security (e.g., virtualization It is the top threat identified by the
technology, data encryption, host operating Cloud Security Alliance (CSA) [6] . It use
system, and guest operating system, backup, botnets to spread malware and spam. IaaS
firewall ,server location etc). The author providers provide some opportunity to their
shows an important issue for the future of customer like unlimited compute, network,
cloud security. Vendor lock-in and and storage capacity. Then attackers take the
incompatibility issue also discuss. The chance to attack its’ vendor.
author also believes that conventional
security concepts can be usefully applied Mitigation: Initial registration, credit card
because there are no security standards monitoring, network traffic monitoring are
specific to cloud computing. some process which can reduce this
problem.
In [5] the authors discussed some threats
in cloud computing, their characteristics and B. Insecure Interfaces
developing the method. The authors focused
on seven most important threats such as Insecure Interfaces is another threat or
Abuse and Nefarious Use of Cloud, Insecure cloud computing. The APIs must be secure
Interfaces and APIs, Malicious Insider, when it designed, its’ authentication, access
Virtualized Technology, Data Loss or control, the monitoring mechanism is
Leakage etc. and some vulnerabilities like important.
Session Riding and Hijacking, Insecure
Cryptography, Data Protection and Mitigation: Monitoring access control,
Portability etc. They also discussed that lack authentication is allowed strictly it designed.
of standard may lock-in the clients. Focused
on depth security technique & policy should C. Malicious Insiders
develop to get innovative technology in near
future. In malicious insider, it is very
important that which type standard or
employee is hired because there is no
EE--m
2
monitoring or reporting process show Another detection system is defense

their access data. federation [8].
Mitigation:Security breach notification G. Multi-tenancy natures

system, reporting system through chain
management . This threat attack service provider in
online, one provider give service to multiple
D. Data Loss & Leakage users according to on-demand service, so
the attack can happen normally through VM
Data loss and leakage is a threat which (virtual machine) this threat affects IaaS.
can happen for some reason, such as The same application is shared among
unreliable media, weak password, no different users having access to the virtual
encrypted data, and lack o secure backup machine through online
system hard drive failure etc.
Mitigation:Strong authentication and access
Mitigation: Encryption and decryption control can identify this threat.
system, monitoring, file backup, a strong
password must apply. H. Risk profiling
E. Account, Service & Traffic It is important for the users or consumers

Hijacking to know software versions, code updates,
and intrusion attempt security practices. The
Account service and traffic hijacking is user must know where the data or logs are a
another problem that cloud users need to be store. But risk profiling never does that [6].
aware of so that this not happened again.
These threats vary from man-in-the-middle Mitigation: Clear information about logs
attacks, phishing, and spam, to denial-of- and data, monitoring and alert system can
service attacks, reused password, fraud, prevent risk profiling.
software vulnerabilities .traffic hijacking is a
common thread in cloud computing. I. SQL injection attacks
Mitigation: Understand security policy, Malicious code is inserted into an exact
apply some rules between customer and SQL code and it cause a sensitive attack and
providers, an authentication process, provide show some unaccepted result. Unauthorized
some technique to secure network. access to a database sometimes faces this
attack.
F. Denial of Service Attacks
Mitigation: Filtering techniques can stop
Denial of Service Attacks makes the SQL injection, some proxy architecture
sense that authorized user are unavailable, should develop which dynamically detects
sometimes when anyone click on a website, and extracts users’ inputs for suspected SQL
then it show error page or page is not control [9]
available for Dos.
J. Cross Site Scripting (XSS) attacks
Mitigation: An Intrusion Detection System
(IDS) can be used to solve this problem [7].
EE--m
3
Various types of malicious scripts are Above we already discussed some risk and
added into the web in this kind of attack. It mitigation tools.
can happen 2 ways like Stored XSS and
Reflected XSS.One used permanently; one A. Qualys
is not permanently [10.]
It secure devices and web apps & or this
Mitigation:Provide or apply some error- no hardware and software are required. If
prone data sanitization mechanism, defense there is any malware found if fix problem,
mechanism both client -side and server - scan apps and safe web apps in cloud
side. security.
K. Man in the Middle attacks B. Okta
It is an attracting threat where an entity One of the most important tools, it

always tries to stay between a sender and a knows all employee who is accessing
receiver that means and always give also information. Identity management is its first
information between sender and client’s work. Main goal o Okta is to provide secure
they get the wrong information Single Sign-On (SSO) for all the cloud,
Mitigation: To solve this problem a service C. Cipher Cloud

security, separate endpoint, and server
security processes are needed. [11], network Cipher Cloud is another protecting tool,
topology can change its’ configuration. its’ work is to protect all services such as
such as Salesforce, Chatter, Box, Office
L. Identity theft 365, Gmail, Amazon Web Services, and
more. It protects that service model
It is another threat in cloud computing. through encryption, traffic monitoring,
Sometimes identity changes one fraud anti-virus scans, and more.
person stolen another person’s identity and
use all benefits, and or this the victims D. Bit glass
suffer long run
it provides transparent protection so that
Mitigation:Avoid this threat strong reduce loss, aims to reduce the risk of data
password should be used use loss and maintain data’s visibility, even
within the cloud, it can detect the usage of
IV. SECURITY TOOLS FOR CLOUD cloud applications.
COMPUTING
E. Skyhigh
There are some important tools which
are used for security. These products It can discover, analyzes and secures
promise to protect from malware, help to application which we use in the cloud. It has
keep track of who signs into the network, the capacity to find out or detect which
and monitor all others cloud applications cloud apps the employees are using.
such as Salesforce and Google Docs, and
more. These are discussed below [12].
EE--m
4
F. Antivirus [5] Mervat Adib Bamiah* et al. / (IJAEST)

INTERNATIONAL JOURNAL OF
Anti-virus is an old security tool in ADVANCED ENGINEERING SCIENCES
cloud computing. Kaspersky lab formula AND TECHNOLOGIES Vol No. 26, Issue
securing virtual machine. McAfee delivers No. 1, 012 – 015
email security.
[6] CSA, “Security Guidance for Critical
Areas of Focus in Cloud Computing V2.1”
Cloud Security Alliance, 2009, [Online],
V. CONCLUSION Available:
https://cloudsecurityalliance.org/topthreats/c
In this paper, the basic concepts of sathreats.v1.0.pdf
threatened risks are discussed & several
ways to overcome or handle these [7] K. Vieira, A. Schulter, C. B. Westphall,
threatened risks in cloud computing. and C. M. Westphall, “Intrusion detection
Actually, all of this tools and mitigation techniques for Grid and Cloud Computing
tools are most important for threatened risk. Environment”, IT Professional, IEEE
If these tools are used then almost many Computer Society, vol. 12, issue 4, pp. 38-
security problems can be solved. 43, 2010.
REFERENCES [8] Ruiping Lua and Kin Choong Yow,

“Mitigating DDoS Attacks with Transparent
[1] Qi Zhang, Lu Cheng, RaoufBoutaba. and Intelligent Fast-Flux Swarm Network”,
Cloud Computing: State-of-the-art and IEEE Network, vol. 25, no. 4, pp. 28-33,
research challenges. J Internet ServAppl July-August, 2011.
(2010).
[9] A. Liu, Y. Yuan, A Stavrou,
[2] Rabi Prasad Padhy, ManasRanjanPatra, “SQLProb: A Proxybased Architecture
Suresh Chandra Satyapathy. Cloud towards Preventing SQL Injection
Computing: Security Issues and Research Attacks”, SAC March 8-12, 2009
Challenges. IJCSITS Vol. 1, No. 2,
December 2011. [10] P. Vogt, F. Nentwich, N. Jovanovic, E.
Kirda, C. Kruegel, and G. Vigna, “Cross-
[3] A. Tripathi and A. Mishra, “Cloud Site Scripting Prevention with Dynamic
computing security considerations” IEEE Data Tainting and Static Analysis”,
Int. conference on signal processing, Proceedings of the Network and Distributed
communication and computing (ICSPCC), System
14-16 Sept., Xi'an, Shaanxi, China, 2011
[11] Eric Ogren, “Whitelists SaaS modify
[4] Mathisen, “Security Challenges and traditional security, tackle flaws”, Sep. 17,
Solutions in Cloud Computing” 5th IEEE 2009. [Eric Ogren is the founder and
International Conference on Digital principal security analyst at Ogren Group]
Ecosystems and Technologies (IEEE
DEST2011) , Daejeon, Korea, 31 May -3 [12] http://www.hongkiat.com/blog/cloud-
June 2011 security-tools/
EE--m
5
Author’s Profile
MALLAIAH VANGURI
presently working as Assistant professor in
KRANTHI KIRAN G presently CMR TECHICAL CAMPUS, Hyderabad,
working as a Assistant Professor in CMR Telangana, INDIA. He received M.TECH
Technical campus, Hyderabad, Telangana, (CSE) form MTIST JNTUH in 2013,
INDIA. He received his M.Tech (CSE) B.TECH (CSE) 2005 from TEC in JNTUH.
degree from Sphoorthy Engineering College His field of interest is networking.
in the year 2012.He received B.E. (CSE)
degree from M.V.S.R Engineering College,
in the year 2009. His fields of interests are
Cloud Computing, Machine learning,
Network Security, etc.
REGONDA NAGARAJU
presently working as a Assistant Professor in
CMR Technical campus, Hyderabad,
Telangana, INDIA. He received his M.Tech
(CSE) degree from JNTU Hyderabad in the
year 2011.He received B.Tech. (CSE)
degree from JNTU Hyderabad, in the year
2006. His fields of interests are Image
Processing, Machine learning, Network
Security, Cloud Computing, etc.
EE--m
6

A Study On Threatened Risks For Cloud Computing Security How To Overcome These Risks

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Study On Threatened Risks For Cloud Computing Security How To Overcome These Risks

Uploaded by

Copyright:

Available Formats

AIJREAS VOLUME 1, ISSUE 5 (2016, May) (ISSN-2455-6300) Online

A STUDY ON THREATENED RISKS FOR CLOUD COMPUTING

Kranthi Kiran G Regonda Nagaraju V Malliah

Keywords: Cloud computing; cloud security;

In [3] the authors describe the cloud

compliance risks, isolation failure, III. THREATENED RISKS &

monitoring or reporting process show Another detection system is defense

Mitigation:Security breach notification G. Multi-tenancy natures

E. Account, Service & Traffic It is important for the users or consumers

K. Man in the Middle attacks B. Okta

It is an attracting threat where an entity One of the most important tools, it

Mitigation: To solve this problem a service C. Cipher Cloud

F. Antivirus [5] Mervat Adib Bamiah* et al. / (IJAEST)

REFERENCES [8] Ruiping Lua and Kin Choong Yow,

You might also like