A Survey on Security and Privacy
in Cloud Computing
Mir Toornaw Islam
Virginia Commonwealth University
Department of Computer Science
Richmond, VA, USA
islammt@vcu.edu
Abstract—Cloud computing emerges as a new computing
paradigm that aims to deliver reliable, customized and quality of
service environments for cloud users. Applications and databases
are moved to the large, centralized datacenters called cloud. Due
to resource virtualization, global replication and migration, the
physical absence of data and machine in the cloud, the stored
data in the cloud and the computation results may not be well
organized and fully trusted by the cloud users. On one side, an
individual has full control on data and processes in his/her
computer. On the other side, we have the cloud computing where
the service and data maintenance are provided by some vendor
which leave the customer unaware of where the processes are
running or where the data is stored. So, the client has no control
over it. The cloud computing uses the internet as the chief
communication media. When we look at the security of data in
the cloud computing, the vendor has to provide some assurance
in service level agreements (SLA) to convince the client on
security and privacy issues. Moreover, released acts on privacy
are out of date to give protection to users’ private information in
the new environment. Multi located data storage and services in
the cloud make privacy issues even worse. So, security and
privacy issues present a strong barrier for users to adapt into
cloud computing. In this paper, a survey of the different security
risks and privacy issues that pose threats to the cloud are
presented. We have also discussed different solution approaches
that are being used extensively to get rid of these threats due to
security and privacy risks. Besides, we have investigated several
cloud computing system providers about their growing concerns
on cloud computing security and privacy issues. We have
discussed in this survey some other attributes as well like data
availability, data confidentiality, data integrity and access control
for cloud security and privacy.
Keywords—Cloud Computing, Cloud Security, Cloud Privacy,
Data Confidentiality, Data Integrity, Accountability, Availability,
Risk
I. INTRODUCTION
A cloud can be regarded as a large pool of resources which
are unified through virtualization or job scheduling techniques.
These resources can be organized to dynamically scale up to
match the load by using a pay-per resources business model.
Availability of these resources can be ensured through a new
cloud computing paradigm that is being increasingly adopted
by numerous organizations. The resources include hardware
and systems software on remote datacenters, along with the
services based upon these that are accessed through Internet.
Key features used are elasticity, multi-tenancy, maximal
resource utilization and pay-per-use. Large infrastructures like
data centers are leveraged through these exciting new features
with the help of virtualization or job management and resource
management, but these large pools of resources are not
necessarily located in the same country nor even on the same
continent. Moreover, the dynamic expansion or shrinkage of a
cloud makes it quite difficult to keep track of what resources
are used and in which country. Therefore, compliance with
regulations related to data handling is becoming difficult to
fulfill. Auditing is another challenging task due to the volatility
of the resources used. These new features make it hard – and
sometimes impossible to reuse traditional security, trust and
privacy mechanisms in the cloud. Furthermore, they raise
issues and concerns that need to be fully understood and
addressed. Cloud services used currently pose an inherent
challenge to data privacy. The reason is these services typically
result in data being present in unencrypted form on a machine
owned and operated by a different organization from the data
owner. There are threats of unauthorized uses of the data by
service providers as well as risks of theft of data from machines
in the cloud.
We have three types of cloud environments at present:
public, private and hybrid clouds. A public cloud is a standard
model which providers make several resources, such as
applications and storage, available to the public. Public cloud
services may be free or not. Private Cloud refers to internal
services of a business that is not available for ordinary people.
Essentially, private clouds are a marketing term for an
architecture that provides hosted services to a particular group
of people behind a firewall. Hybrid cloud is an environment
that a company provides and controls some resources
internally. In hybrid cloud, cloud provider has a service that
has private cloud part which is only accessible by certified staff
and is protected by firewalls from outside access and a public
cloud environment which external users can access.
Cloud computing can be considered as a new computing
archetype that can provide services to consumers on demand at
a minimal cost. Three well-known and commonly used service
models in the cloud paradigm are software as a service (SaaS),
platform as a service (PaaS), and infrastructure as a service
(IaaS). In SaaS, software with the related data is deployed by a
cloud service provider, and users can use it through the web
browsers. In PaaS, a service provider facilitates services to the
users with a set of software programs that can solve the specific
tasks. In IaaS, the cloud service provider facilitates services to
the users with virtual machines and storage to improve their
business capabilities [1].
Cloud computing is very promising for the IT applications.
However, there are still some problems that need to be solved
for personal users and enterprises to store data and deploy
applications in the cloud computing environment. One of the
most significant barriers is data security, which is accompanied
by issues including compliance, privacy, trust and legal matters
[2,3]. The role of institutions and institutional evolution is close
to privacy and security in cloud computing [4]. Data security
has consistently been a major issue in IT. Data security
becomes particularly serious in the cloud computing
environment, because data are scattered in different machines
and storage devices including servers, PCs, and various mobile
devices such as wireless sensor networks and smart phones.
Data security in the cloud computing is more complicated than
data security in the traditional information systems. To make
the cloud computing be adopted by users and enterprise, the
security concerns of users should be rectified first to make
cloud environment more trustworthy. The trustworthy
environment is the basic prerequisite to win confidence of users
to adopt such a technology. Latif et al. discussed the
assessment of cloud computing risks [5].
Even though cloud computing is reckoned as a promising
service platform for the Next Generation Internet [6], security
and privacy are the major challenges which inhibit the wide
acceptance of cloud computing in practice [7]. Different from
the traditional computing model in which users have full
control over data storage and computation, cloud computing
involves the management of physical data and machines that
are delegated to the cloud service providers while the users
only retain some control over the virtual machines. Thus, the
correctness of data storage and computation might be
compromised due to the lack of the control of data security for
data owners.
In the case of security, some cloud-computing applications
simply lack adequate security protection such as fine-grained
access control and user authentication. Since enterprises are
attracted to cloud computing due to potential savings in IT
outlay and management, it is necessary to understand the
business risks involved. If cloud computing is to be successful,
it must be trusted by its users. Therefore, we need to clarify
what the components of such trust are and how trust can be
achieved for security as well as for privacy.
Within the cloud computing world, the virtual environment
lets users access computing power that is exceeded within their
own physical worlds. To enter this virtual environment, it
requires to transfer data throughout the cloud. As a result,
several data storage concerns can arise. To ensure data
confidentiality, integrity, and availability (CIA), the storage
provider must offer capabilities that, at a minimum, include (1)
a tested encryption schema to ensure the safeguard of all data
within the shared storage environment; (2) stringent access
controls to prevent unauthorized access to the data; and (3)
scheduled data backup and safe storage of the backup media.
Security is implicit within these capabilities, but further
fundamental concerns exist that need attention. For example, is
security solely the storage provider’s responsibility, or is it also
necessary on the entity that leases the storage for its
applications and data? Moreover, legal issues arise, such as e-
discovery, regulatory compliance (including privacy), and
auditing. The range of these legal concerns reflects the range of
interests that are currently using or could use cloud computing.
These issues and their yet-to-be-determined answers provide
significant insight into how security plays a vital role in cloud
computing’s continued growth and development.
Security and privacy issues present a strong barrier for
consumers to adapt into cloud computing systems. According
to an IDC survey in August 2008, which was conducted among
244 IT executives and their business colleagues about their
companies’ use and views about cloud services, security was
regarded as the top challenge [8]. Moreover, users of cloud
computing services are worried about their business
information and critical IT resources in the cloud computing
systems which are vulnerable to be attacked. Furthermore,
cloud computing becomes a hot topic at the RSA security
conference in San Francisco in April 2009. Cisco CEO said
that cloud computing is inevitable, but it would shake-up the
way networks are secured. Besides, data protection, operational
integrity, vulnerability management, business continuity,
disaster recovery and identity management are top concerns of
security issues for cloud computing and privacy is another key
concern [9]. Therefore, security and privacy of cloud
computing systems become a key factor for clients to adapt
into it. Furthermore, many security and privacy incidents are
also seen in today’s cloud computing systems. For example:
Google Docs found a flaw that inadvertently shared users’ docs
in March 2009. A Salesforce.com employee fell victim to a
phishing attack and leaked a customer list that generated
further targeted phishing attacks in October 2007. In late 2010,
Microsoft experienced a breach within its Business
Productivity Online Suite. The problem allowed non-
authorized users of the cloud service to access employee
contact info in their offline address books. Apple suffered what
may be the largest high-profile cloud security breach due to the
victims involved. Jennifer Lawrence and other celebrities had
their private photos leaked online. So, we can say many cloud
computing systems in the real world have security and privacy
problems.
In this paper, we have investigated security and privacy
issues of current cloud computing systems. Since cloud
computing refers to both the applications delivered as services
over the internet and the infrastructures that provide those
services, we will present security and privacy concerns in terms
of the diverse applications and infrastructures. From our
investigation, we have found that security and privacy provided
by the cloud providers nowadays are not adequate. Therefore,
users find it difficult to adapt to the existing cloud computing
systems. So, concerns on security and privacy issues in terms
of data availability, data confidentiality, data integrity and
access control needs to be taken care of. New techniques can
be developed and deployed into cloud computing systems to
make them more secure. We have also shown a few such
techniques in this paper. The target audience for this survey is
composed of business professionals, students and researchers
interested in (or already working in) the field of privacy and
security protection for the cloud.
II. CLOUD COMPUTING SECURITY ISSUES
There are many security issues associated with cloud
computing and they can be grouped into a number of
dimensions. According to Gartner [10], before making a
choice of cloud vendors, users should ask the vendors for
seven specific safety issues: privileged user access, regulatory
compliance, data location, data segregation, data recovery,
investigative support and long-term viability. In 2009,
Forrester Research Inc. [11] evaluated security and privacy
practices of some of the leading cloud providers (such as
Salesforce.com, Amazon, Google, and Microsoft) in three
major aspects: security and privacy, compliance, and legal and
contractual issues. Cloud Security Alliance (CSA) [12] is
gathering solution providers, non-profits and individuals to
hold discussions about the current and future best practices for
information assurance in the cloud. The CSA has identified
thirteen domains of concerns on cloud computing security
[13]. Lifei Wei [14] proposed, SecCloud, a privacy-cheating
discouragement and secure-computation auditing protocol for
data security in the cloud. The authors claimed their work is
novel in a sense that they jointly consider both of data storage
security and computation auditing security in the cloud. They
defined the concepts of uncheatable cloud computation and
proposed SecCloud to achieve the security goals. Krešimir and
Željko [15] elaborated security in cloud computing in a way
that covers security issues and challenges, security standards
and security management models. They claimed that security
standards offer some kind of security templates which cloud
service providers (CSP) could obey. They found most
promising security standard for the future would be OVF
format which promises creation of new business models that
will allow companies to sell a single product on premises, on
demand, or in a hybrid deployment model. S. Subashini and
V. Kavitha made an investigation of cloud computing security
issues from the cloud computing service delivery models (SPI
model) and provide a detailed analysis and assessment method
for each security issue [16]. Mohamed Al Morsy, John Grundy
and Ingo Müller explored cloud computing security issues
from different perspectives, including security issues
associated with cloud computing architecture, service delivery
models, cloud characteristics and cloud stakeholders [17].
Yanpei Chen, Vern Paxson and Randy H. Katz believed that
two aspects are to some degree novel and indispensable to
cloud: the complexities of multi-party trust considerations, and
the ensuing need for mutual auditability. They also find out
some new opportunities in cloud computing security [18].
According to the SPI service delivery models, deployment
models and essential characteristics of cloud, there are security
issues in all aspects of the infrastructure including network
level, host level and application level.
Cloud computing becomes a successful and popular
business model due to its charming features. In addition to the
numerous benefits at hand, cloud systems also result in serious
cloud-specific security issues. The people, whose concern is
the cloud security, feel hesitant to transfer their business to
cloud. Security issues are becoming a dominant barrier of the
development and widespread use of cloud computing. Zhifeng
and Yang [19] claimed that there are three main challenges for
building a secure and trustworthy cloud system:
• Outsourcing – Outsourcing brings down both capital
expenditure (CapEx) and operational expenditure for cloud
customers. However, outsourcing also means that customers
physically lose control on their data and tasks. The loss of
control problem has become one of the root causes of cloud
insecurity. To address outsourcing security issues, first, the
cloud provider shall be trustworthy by providing trust and
secure computing and data storage; second, outsourced data
and computation shall be verifiable to customers in terms of
confidentiality, integrity, and other security services. In
addition, outsourcing will potentially incur privacy violations,
due to the fact that sensitive or classified data is out of the
owners’ control.
• Multi-tenancy – Multi-tenancy means that the cloud
platform is shared and utilized by multiple customers.
Moreover, in a virtualized environment, data belonging to
different customers may be placed on the same physical
machine by certain resource allocation policy. Adversaries
who may also be legitimate cloud customers may exploit the
co-residence issue. A series of security issues such as data
breach [20], [21], [22], computation breach [23], flooding
attack [24], etc., are incurred. Although Multi-tenancy is a
definite choice of cloud vendors due to its economic
efficiency, it provides new vulnerabilities to the cloud
platform. Without changing the multi-tenancy paradigm, it is
imperative to design new security mechanisms to deal with the
potential risks.
• Massive data and intense computation – Cloud computing
is capable of handling mass data storage and intense
computing tasks. Hence, traditional security mechanisms may
not be sufficient due to unbearable computation or
communication overhead. For example, to verify the integrity
of data that is remotely stored, it is impractical to hash the
entire data set. To this end, new strategies and protocols are
needed.
Security often tops the list of cloud user concerns. Cloud
computing presents different risks to organizations than
traditional IT solutions. There are a number of security issues
for cloud computing, some of which are new, some of which
are exacerbated by cloud models and others that are the same
as in traditional service provision models. The security risks
depend greatly upon the cloud service and deployment model.
[25]. For example, private clouds can, to a certain extent,
guarantee security levels, but the economic costs associated
with this approach are relatively high. At the network, host
and application levels, security challenges associated with
cloud computing are generally exacerbated by cloud
computing, but not specifically caused by it. Moreover, cloud
APIs are not yet standardized. Customer data security raises a
number of concerns, including the risk of loss, unauthorized
collection and usage of cloud data. There are a number of
different ways of categorizing security risks. Furthermore,
these fit into a broader model of cloud-related risks. For
example, according to the Cloud Security Alliance [26], the
top threats to cloud computing are abuse and nefarious use of
cloud computing, insecure interfaces and APIs, malicious
insiders, shared technology issues, data loss or leakage,
account or service hijacking and unknown risk profile. They
were unable to reach a consensus on ranking the degree of
severity of these risks.
Cloud applications are being run somewhere in the cloud
computing infrastructure through Internet. Consumers don’t
care about the data where they have been stored or services
where they have been provided. Cloud computing allows
providers to develop, deploy and run applications that can
evolve in scalability, work rapidly and never fail. The
penalties of obtaining these attributes of cloud computing are
to store private data on the other side of the Internet and get
service from cloud providers, and finally result in security and
privacy issues. Basically, cloud computing systems are secure
if users can depend on them in a way that the users actually
expect those systems to act. By convention, five goals or
objectives which are data availability, data confidentiality,
data integrity, access control and audit have to be met up in
order to achieve adequate security in cloud systems. These
five goals are integrated with each other in a systematic way
and none of them could be forfeited to earn sufficient security,
though very few cloud computing systems can attain these five
goals altogether nowadays.
A. Data Integrity
Data integrity is one of the most critical elements in any
information system. In general, data integrity is defined as
protecting data from unauthorized deletion, modification, or
fabrication. Managing entity’s admittance and rights to
specific enterprise resources ensures that valuable data and
services are not abused, misappropriated, or stolen. Data
integrity is easily achieved in a standalone system with a
single database [27]. Data integrity in the standalone system is
maintained via database constraints and transactions, which is
usually finished by a database management system (DBMS).
Transactions should follow ACID (atomicity, consistency,
isolation, and durability) properties to ensure data integrity.
Most databases support ACID transactions and can preserve
data integrity. Authorization is used to control the access of
data. It is the mechanism by which a system determines what
level of access a particular authenticated user should have to
secure resources controlled by the system.
Data integrity in the cloud system means preserving
information integrity. It is expected that data should not be lost
or modified by unauthorized users. Data integrity is the basis
to provide cloud computing service such as SaaS, PaaS, and
IaaS. Moreover, data storage of large-scaled data in cloud
computing environment usually provides data processing
service. Data integrity can be obtained by techniques such as
RAID-like strategies and digital signature [27]. Due to the
large quantity of entities and access points in a cloud
environment, authorization is crucial in assuring that only
authorized entities can interact with data. By avoiding
unauthorized access, organizations can achieve greater
confidence in data integrity. The monitoring mechanisms offer
greater visibility in determining who or what may have altered
data or system information, potentially affecting their
integrity. Cloud computing providers are responsible for
maintaining data integrity and accuracy. However, it is
necessary to build third party supervision mechanism along
with users and cloud service providers. Verifying the integrity
of data in the cloud remotely is the perquisite to deploy
applications. Bowers et al. proposed a theoretical framework
“Proofs of Retrievability” to realize the remote data integrity
checking by combining error correction code and spot-
checking [28]. The HAIL system uses POR mechanism to
check the storage of data in different clouds and it can ensure
the redundancy of different copies and realize the availability
and integrity checking [29]. Schiffman et al. proposed trusted
platform module (TPM) remote checking to check the data
integrity remotely [30].
Zetta [31] provides Zetta system for storage service on
demand mainly by considering data integrity. Here, data
integrity means that the system won’t corrupt or data won’t
lose, even at tremendous large scale and over long period of
time. Zetta implements RAIN-6 (Redundant Array of
independent Nodes - 6) in its Zetta system for primary data
hosting service. It is called RAIN – 6, because it has a similar
implementation like RAID – 6 and it eventually results in
similar capability for ensuring data integrity. RAIN – 6 is not
only capable of tolerating hard drive failure and bit errors, but
also capable of recovering from node failure and bit errors for
causes like network failure, power supply shortage, memory
or hard drive corruption etc. This data integrity attribute is
achieved by data placement in terms of node striping.
 System availability includes a system’s ability to carry out
operations even when some authorities misbehave. The system
must have the ability to continue operations even in the
possibility of a security breach. Availability refers to data,
software but also hardware being available to authorized users
upon demand. The network is now burdened with data
retrieval and processing. The cloud owner needs to guarantee
that information and information processing is available to
clients upon demand.

In simple terms, availability is the extent to which an

organization’s full set of computational resources is accessible
Figure 2. Zetta RAIN-6 system architecture
and usable. Availability can be affected temporarily or
permanently and a loss can be partial or complete. Denial of
Digital signature is a commonly used technique for data
service attacks, equipment outages, and natural disasters are
integrity testing. The widely adopted distributed file systems
all threats to availability. The concern is that most downtime is
like GFS [32], HDFS [33] etc. usually divide data of large
unplanned and can impact the mission of the organization.
volumes into a set of blocks each of which has a default size.
When a block of data is physically stored on, a digital
In a flooding attack that can cause Deny of Service (DoS),
signature is attached to it. This digital signature is useful for
a huge number of nonsensical requests are sent to a particular
future integrity testing and corruption recovery.
service to hinder it from working properly. In cloud
computing, there are two basic types [36] of flooding attacks:
Integrity checking on data is a long-term research topic.
However, traditional methods cannot be properly adopted to
• Direct DOS – the attacking target is determined and the
tackle the challenges of integrity checking presented in cloud
availability of the targeting cloud service will be fully lost.
storage. The main challenge of integrity checking is that
tremendous amounts of data are remotely stored on
• Indirect DOS – the meaning is twofold: 1) all services hosted
untrustworthy cloud servers. Therefore, methods that require
in the same physical machine with the target victim will be
hashing for the entire file become prohibitive. Besides, it is
affected; 2) the attack is initiated without a specific target.
not feasible to download the file from the server and perform
an integrity check due to the fact that it is computationally
The authors in [37] point out that one of the consequences
expensive as well as bandwidth consuming. Each of the
of a flooding attack is that if a certain cloud service is
former notions is not acceptable in cloud environments.
unavailable or the quality of service is degraded, the
Provable Data Possession, referred to as (PDP) [34], becomes
subscribers of all affected services may need to continue
employed through the process of checking the data integrity
paying the bill. However, the authors [38] have argued that
with cloud storage in order to answer the question” Is it
since cloud providers must have previously signed a Service
possible for customers to be sure that the outsourced data is
Level Agreement (SLA) with their clients, a responsible party
honestly stored in cloud?”
must be determined once the service level is degraded to some
threshold since clients will be aware of that degradation. The
For comparison purposes, a naive method is proposed in
most common abnormal behavior of untrusted storage is that
[35]. This idea consists of the client computing a hash value
the cloud service providers may discard part of the user’s
for file F with a key k (i.e., h (k, F)) and subsequently sending
update data, which is hard to be checked by only depending on
F to the server. Once the client finds a necessity to check the
the simple data encryption. Additionally, a good storage
file, it releases k and sends k to the server which is
agreement needs to support concurrent modification by
subsequently asked to re-compute the hash value based on the
multiple users. Mahajan et al. proposed Depot which can
F and k. After this, the server replies to the client with the hash
guarantee Fork-Join-Causal-Consistency and eventual
result for comparison. The client can initiate multiple checks
consistency [39]. It can effectively resist attacks such as
by keeping different keys and hash values. This approach
discarding and it can support the implementation of other
provides strong proof that the server still retains F. However,
safety protections in the trusted cloud storage environment
the negative aspect is the high overhead that is produced. This
(such as Amazon S3). Feldman et al. proposed SPORC [40],
overhead exists because each time of verification requires the
which can implement the safe and reliable real-time
server to run a hashing process over the entire file. The notion
interaction and collaboration for multiple users with the help
at this moment is computationally costly, even for lightweight
of the trusted cloud environment, and untrusted cloud servers
hashing operations.
can only access the encrypted data. However, operation types
B. Data Availability supported by reliable storage protocol support are limited, and
Availability refers to the property of a system being most of the calculations can only occur in the client side.
accessible and usable upon demand by an authorized entity.
 A DOS avoidance strategy called service migration [41]
has been developed to deal with the new flooding attack. A
monitoring agent located outside the cloud is set up to detect
whether there may be bandwidth starvation by constantly
probing the cloud applications. When bandwidth degradation
is detected, the monitoring agent will perform application
migration, which may stop the service temporarily and resume
it later. The migration will move the current application to
another subnet of which the attacker is unaware. Experimental
results show that it only takes a few seconds to migrate a
stateless web application from one subnet to another.
C. Confidentiality
Data confidentiality is important for users to store their
private or confidential data in the cloud. Authentication and
access control strategies are used to ensure data
confidentiality. The data confidentiality, authentication, and
access control issues in cloud computing could be addressed
by increasing the cloud reliability and trustworthiness [42].
Since the users do not trust the cloud providers and cloud
storage service providers are virtually impossible to eliminate
potential insider threat, it is very dangerous for users to store
their sensitive data in cloud storage directly. Simple
encryption is faced with the key management problem and
cannot support complex requirements such as query, parallel
modification and fine-grained authorization.
When dealing with cloud environments, confidentiality
implies that a customer’s data and computation tasks are to be
kept confidential from both the cloud provider and other
customers. Confidentiality remains as one of the greatest
concerns with regards to cloud computing. This is largely
because of the fact that customers outsource their data and
computation tasks on cloud servers, which are controlled and
managed by potentially untrustworthy cloud providers.
Ristenpart et al. [43] demonstrates the existence of Cross-VM
attacks in an Amazon EC2 platform. A Cross-VM attack
exploits the nature of multi-tenancy that enables the VMs
belonging to different customers may co-reside on the same
physical machine. Aviram et al. [44] regards timing side-
channels as an insidious threat to cloud computing security
due to the fact that a) the timing channels pervasively exist
and are hard to control due to the nature of massive
parallelism and shared infrastructure; b) malicious customers
are able to steal information from other ones without leaving a
trail or raising alarms. Attackers can easily exploit L2 cache,
due to its high bandwidth. Xu et al. has particularly explored
the L2 cache covert channel with quantitative assessment [45].
It has been demonstrated that even the channel bit rate is
higher than the former work, the channel’s ability to exfiltrate
useful information is still limited and it is only practical to
leak small secrets such as private keys. Okamura et al.
developed a new attack, which demonstrates that CPU load
can also be used as a covert channel to encode information
[46]. Memory disclosure attack [47] is another type of cross-
VM attack. In a virtualized environment, memory
deduplication is a technique to reduce the utilization of
physical memory by sharing the memory pages with same
contents. A memory disclosure attack is capable of detecting
the existence of an application or a file on a co-residing VM
by measuring the write access time that differs between
deduplicated pages and regular ones.
For diminishing the risk caused by shared infrastructure, a
few suggestions to defend the attack in each step are given in
[48]. For example, cloud providers may confuse co-residence
by having Dom0 not respond in traceroute, and/or by
randomly assigning internal IP addresses to launched VMs. In
order to diminish the success rate of placement, cloud
providers might let the users decide where to put their VMs.
However, this method does not prevent a brute-force strategy.
The final solution for cross-VM attack is to remove co-
residency. Cloud customers (especially enterprise clients) may
require physical isolation that can be written into the Service
Level Agreements (SLAs). However, cloud vendors may be
reluctant to abandon virtualization that is beneficial to cost
saving and resource utilization. One of the options is to share
the infrastructure only with friendly VMs which are owned by
the same customer or other trustworthy customers. To ensure
physical isolation, a customer should be enabled to verify its
VMs’ exclusive use of a physical machine. HomeAlone is a
system [49] that detects co-residency by employing a side-
channel (in the L2 memory cache) as a detection tool. The
idea is to silence the activity of friendly VMs in a selected
portion of L2 cache for a certain amount of time and then
measure the cache usage to check if there is any unexpected
activity which indicates that the physical machine is co-
resided by another customer.
D. Access Control
Access control mechanism is a tool to ensure that
authorized user can access and prevent unauthorized access to
information systems. Therefore, formal procedures should be
developed to control the allocation of access rights to
information systems and services. Such mechanisms should
cover all stages in the lifecycle of user access, from the initial
registration of new users to the final de-registration of users
who no longer require access to information systems and
services. Special attention should be given, where appropriate,
to the need to control the allocation of privileged access rights,
which allow users to override system controls. The following
are the six control statements that should be considered to
ensure proper access control management [49]: 1. Control
access to information 2. Manage user access rights 3.
Encourage good access practices 4. Control access to network
services 5. Control access to operating systems and 6. Control
access to applications and systems.
Decentralized information flow control and differential
privacy are integrated to render rigorous privacy and security
control in the computation for the individual data in the
MapReduce framework [50]. It is able to pay particular
attention to the division of labor between the MapReduce
framework, the distributed file system and the OS.

III. CLOUD COMPUTING PRIVACY ISSUES
Current cloud services pose an inherent threat to data
privacy, because they typically result in data being exposed in
an unencrypted form on a machine owned and operated by a
different organization from the data owner. The major privacy
issues relate to trust, uncertainty and compliance. When
considering privacy risks in the cloud, as considered already
within the introduction, context is very important as privacy
threats differ according to the type of cloud scenario. For
example, there are special laws concerning treatment of
sensitive data and data leakage. Besides, loss of privacy is of
particular concern to users when sensitive data is processed in
the cloud. Currently, this is so much of an issue that the public
cloud model would not normally be adopted for this type of
information. More generally, public cloud is the most dominant
architecture when cost reduction is concerned, but relying on a
cloud service provider to manage and hold one’s data in such
an environment raises big privacy concerns.
When we consider privacy risks in the cloud, context is
very important as privacy threats differ according to the type of
cloud scenario. Some cloud application areas and services
might face a very low privacy threat, for example, if the service
is to process information that is public. It is only if the service
handles personal information in the sense of collecting,
transferring, processing, sharing or storing it that there could be
a privacy risk and privacy needs to be taken into account.
However, services that are dynamically personalized based on
people’s location, preferences, calendar and social networks,
would require privacy to be taken into account a great deal as
the potential risk is very high.
In the cloud, the privacy means when users visit the
sensitive data, the cloud services can prevent potential
adversary from inferring the user’s behavior by the user’s visit
model. Researchers have focused on Oblivious RAM (ORAM)
technology. ORAM technology visits several copies of data to
hide the real visiting aims of users. ORAM has been widely
used in software protection and has been used in protecting the
privacy in the cloud as a promising technology. Stefanov et al.
proposed that a path ORAM algorithm is state-of-the-art
implementation [50].
User-centric control seems very incompatible with the
cloud: as soon as a SaaS environment is used, the service
provider becomes responsible for storage of data, in a way in
which visibility and control is limited. So, how can a consumer
take control over their data when it is stored and processed in
the cloud? This is a legal requirement and also something that
consumers want. It can even be necessary in some cases to
provide adequate trust for consumers to switch to cloud
services. In addition, people may have little understanding
about the privacy impact of decisions they make. Technology
in general worsens this problem as more employees are able to
trigger privacy consequences and these can be further-
reaching: instead of protecting data on a server to which very
few people have access, employees can now leave sensitive
information unencrypted on a laptop or expose confidential
information at a flick of a switch. In the case of cloud, it is
relatively quick and easy to go to a portal to request a service
that is instantly provided and it only takes a credit card if
public cloud services are used like those from Salesforce and
Google. Therefore, unless proper management procedures
exist, there is a danger that employees could switch to use
cloud computing services without considering the potential
consequences and risks for that particular situation.
User data may be abused by other users. Deduplication
technology has been widely used in the cloud storage, which
means that the same data often were stored once but shared by
multiple different users. This will reduce the storage space and
cost of cloud service providers, but attackers can access the
data by knowing the hash code of the stored files. Then, it is
possible to leak the sensitive data in the cloud. So, proof of
ownership approach has been proposed to check the
authentication of cloud users [51]. Attackers may lead to the
cost increase of cloud service. Fraudulent resource
consumption is a kind of attack on the payment for cloud
service. Attackers can consume the specific data to increase the
cost for cloud service payment. Idziorek et al. proposed this
question and researched on the detection and identification of
fraud resource consumption [52].
Cloud computing faces many of the same problems as
traditional outsourcing. Yet the dynamic nature of cloud makes
many existing provisions to address this in more static
environments which are obsolete or impractical to set up in
such a short timeframe. It is unclear which party is responsible
for ensuring legal requirements. Neither is it yet clear to what
extent cloud sub-contractors involved in processing can be
properly identified, checked and ascertained as being
trustworthy, particularly in a dynamic environment. It is also
unclear what rights in the data will be acquired by data
processors and their sub-contractors, and whether these are
transferable to other third parties upon bankruptcy, takeover, or
merger [53].
Pearson et al. ([54] and [55]) proposed privacy manager
that relies on obfuscation techniques. The privacy manager can
provide obfuscation and de-obfuscation service to reduce the
amount of sensitive information stored in the cloud. The main
idea is to only store the encrypted form of clients’ private data
in the cloud end. The data process is directly performed on the
encrypted data. One limitation is that cloud vendors may not be
willing to implement additional services for privacy protection.
Without provider’s cooperation, this scheme will not work.
Squicciarini et al. [56] explores a novel privacy issue that is
caused by data indexing. In order to tackle data indexing and to
prevent information leakage, the researchers propose a three-
tier data protection architecture to offer different levels of
privacy to cloud customers.
Sadeghi et al. [57] claims that pure cryptographic solutions
based on fully homomorphic and verifiable encryption suffer
high latency for offering practical secure outsourcing of
computation to a distrusted cloud service provider. They
propose to combine a trusted hardware token with Secure
Function Evaluation (SFE) in order to compute arbitrary
functions on data when it is still in encrypted form. The
computation leaks no information and it is verifiable. The focus
of this work is to minimize the computation latency to enable
efficient, secure outsourcing in cloud computing. A hardware
token is tamper-proof against physical attacks. If the token is
under the assumption of being trusty, the clients’ data
processing may be performed in the token that is attached to a
distrusted cloud server. The property of a token can guarantee
that the data computation is confidential as well as verifiable.
The solution presented in [58] only needs to deploy a
tamperproof token in the setup pre-processing phase. In the
follow-up online phase, only symmetric cryptographic
operations are performed in the cloud, without requiring further
interaction with the token.
IV. CONCLUSION
Cloud computing is a promising and emerging technology
for the next generation IT applications. The obstacle and
hurdles toward the rapid growth of cloud computing are data
security and privacy issues. Reducing data storage and
processing cost is an indispensable need for any organization,
while analysis of data and information is always the most
important tasks in all the organizations for decision making.
So, no organization can transfer their data or information to
the cloud until the trust is built between the cloud service
providers and consumers. A number of techniques have been
proposed by researchers for data protection and to attain
highest level of data security in the cloud. However, there are
still many gaps to be filled up by making these techniques
more resilient and effective. More work is needed in the area
of cloud computing to make it a viable solution to the cloud
service consumers. This paper surveyed different techniques
about data security and privacy, focusing on the data storage
and use in the cloud, for data protection in the cloud
computing environments to build trust between cloud service
providers and consumers.
As described in the paper, though there are extreme
advantages in using a cloud-based system, there are yet many
practical problems that need to be solved. Cloud computing is
a disruptive technology with profound implications not only
for internet services but also for the IT sector as a whole. Still,
several issues exist, particularly related to service-level
agreements (SLA), security and privacy and power efficiency.
As described in the paper, security has lot of loose ends which
scares away a lot of potential users nowadays. Until a proper
security module is not in place, potential users will not be able
to leverage the advantages of this technology. Every element
in the cloud should be analyzed at the macro and micro level
and an integrated solution must be designed and deployed in
the cloud to attract and enthrall the potential consumers.
REFERENCES
[1] Peter Mell, and Tim Grance, “The NIST Definition of Cloud
Computing,” Version 15, 10-7-09, http://www.wheresmyserver.co.nz/
storage/media/faq-files/cloud-def-v15.pdf. J. Clerk Maxwell, A Treatise
on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892,
pp.68-73.
[2] Muntés-Mulero V, Nin J. Privacy and anonymization for very large
datasets. In: Chen P, ed. Proc of the ACM 18th Int’l Conf. on
Information and Knowledge Management, CIKM 2009. New York:
Association for Computing Machinery, 2009. 2117.2118. [doi:
10.1145/1645953.1646333]
[3] Zetta, “Zetta: Enterprise cloud storage on demand,”
http://www.zetta.net/, 2008.
[4] M. McCarthy, “USA Patriot Act,” Harv. J. on Legis., vol. 39, p. 435,
2002.
[5] P. Parsons and R. Frieden, The cable and satellite television industries.
Allyn & Bacon, 1998
[6] Abrams, M. “A Perspective: Data Flow Governance in Asia Pacific &
APEC Framework” 2008.
[7] McKinley, P.K., Samimi, F.A., Shapiro, J.K., Chiping T.: Service
Clouds: A Distributed Infrastructure for Constructing Autonomic
Communication Services. Dependable, Autonomic and Secure
Computing, IEEE, pp.341-348, 2006.
[8] Nielsen, J., “Trust or Bust: Communicating Trustworthiness in Web
Design”, Jacob Nielsen’s Alertbox, 1999. Available via
http://www.useit.com/alertbox/990307.html.
[9] Pearson, S., P. Rao, T. Sander, A. Parry, A. Paull, S. Patruni, V.
Dandamudi-Ratnakar and P. Sharma, “Scalable, Accountable Privacy
Management for Large Organizations”, INSPEC 2009, IEEE, pp. 168-
175, September 2009.
[10] NEC Company Ltd and Information and Privacy Commissioner,
Ontorio, Canada, “Modelling cloud computing architecture without
compromising privacy: A privacy by design approach”, June 2010.
[11] Ristenpart, T., E. Tromer, H. Shacham, and S. Savage, ”Hey, You, Get
Off of My Cloud: Exploring Information Leakage in ThirdParty
Compute Clouds”, CCS’09, ACM, Chicago, Illinois, November 2009.
[12] W. Wei, J. Du, T. Yu, and X. Gu, “SecureMR: A Service Integrity
Assurance Framework for MapReduce,” Proc. 2009 Annual Computer
Security Applications Conference, 2009, pp. 73-82.
[13] ] P. Saripalli, B. Walters, “QUIRC: A Quantitative Impact and Risk
Assessment Framework for Cloud Security,” Cloud Computing, IEEE
International Conference on, pp. 280-288, 2010 IEEE 3rd International
Conference on Cloud Computing, 2010.
[14] ] F. Lombardi and R. Di Pietro, “Transparent security for cloud,” Proc.
2010 ACM Symposium on Applied Computing, 2010, pp. 414-415.
[15] S. Pearson, Y. Shen, and M. Mowbray, “A privacy manager for cloud
computing,” Cloud Computing, 2009, pp. 90-106.
[16] W. Itani, A. Kayssi, and A. Chehab, “Privacy as a Service:
PrivacyAware Data Storage and Processing in Cloud Computing
Architectures,” IEEE International Conference on Dependable,
Autonomic and Secure Computing, 2009, pp. 711-716.
[17] D. Lin and A. Squicciarini, “Data protection models for service
provisioning in the cloud,” Proceeding of the 15th ACM symposium on
Access control models and technologies, 2010, pp. 183-192.
[18] S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4-sale: Surviving
organized ddos attacks that mimic flash crowds,” In Proc. NSDI (2005).
[19] ] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public
auditing for data storage security in cloud computing,” IEEE INFOCOM
2010, San Diego, CA, March 2010.
[20] D. Walker and S. Latifi, “Partial Iris Recognition as a Viable Biometric
Scheme,” International J. Security and Networks, Vol. 6 Nos. 2-3, 2011,
pp. 147-152.
[21] K. Suzaki, K. Iijima, T. Yagi, and C. Artho, “Memory deduplication as a
threat to the guest OS,” in Proc. Fourth European Workshop on System
Security, New York, NY, USA, 2011, p. 1:1-1:6.
[22] M. J. Sharma and V. C. M. Leung, “Improved IP Multimedia Subsystem
Authentication Mechanism for 3G-WLAN Networks,” International J.
Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 90-100.
[23] Z. Wang and R. B. Lee, ”New cache designs for thwarting software
cache-based side channel attacks,” In 34th International Symposium on
Computer Architecture, pages 494-505,June 2007.
[24] L. Xu, S. Chen, X. Huang, and Y. Mu, “Bloom filter based secure and
anonymous DSR protocol in wireless ad hoc networks,” International J.
Security and Networks, Vol. 5, No.1 pp. 35 - 44, 2010.
[25] Y. Xiao, K. Meng, and D. Takahashi, “Accountability using Flow-net:
Design, Implementation, and Performance Evaluation,” (Wiley Journal
of) Security and Communication Networks, Vol.5, No. 1, pp. 29-49, Jan.
2012.
[26] R. Chow et al., Controlling Data in the Cloud: Outsourcing Computation
without Outsourcing Control, ACM Workshop on Cloud Computing
Security, Chicago, IL, November 2009
[27] S. King et al., SubVirt: Implementing Malware with Virtual Machines,
IEEE Symposium on Security and Privacy, Berkeley, California, May
2006
[28] D. Jacobs, S. Aulbach, Ruminations on Multi-Tenant Databases,
Fachtagung für Datenbanksysteme in Business, Technologie und Web,
March 2007, http://www.btw2007.de/paper/p514.pdf
[29] R. McMillan, Hackers Find a Home in Amazon's EC2 Cloud, Infoworld,
IDG News Network, December 10, 2009,
http://www.infoworld.com/d/cloud-computing/hackers-findhome-in-
amazons-ec2-cloud-742
[30] L. M. Vaquero1, L. Rodero-Merino1, J. Caceres, M. Lindner, A Break
in the Clouds: Towards a Cloud Definition, Computer Communication
Review, January 2009, http://ccr.sigcomm.org/online/files/p50-v39n1l-
vaqueroA.pdf
[31] J. Oberheide, E. Cooke, F. Jahanian, Empirical Exploitation of Live
Virtual Machine Migration, Black Hat Security Conference,
Washington, DC, February 2008
[32] N. Provos, M. A. Rajab, P. Mavrommatis, Cybercrime 2.0: When the
Cloud Turns Dark, Communications of the ACM, April 2009
[33] A. Shah, Kernel-based Virtualization with KVM, Linux Magazine, issue
86, January 2008,
http://www.linuxmagazine.com/w3/issue/86/Kernel_Based_Virtualizatio
n_Wi th_KVM.pdf
[34] S. Pearson, Taking Account of Privacy when Designing Cloud
Computing Services, ICSE Workshop on Software Engineering
Challenges of Cloud Computing, May 23, 2009, Vancouver, Canada
[35] N. Gruschka, L. L. Iacono, Vulnerable Cloud: SOAP Message Security
Validation Revisited, IEEE International Conference on Web Services,
Los Angeles, CA, July 2009
[36] W. Jansen, Directions in Security Metrics Research, Interagency Report
7564, National Institute of Standards and Technology (NIST), April
2009
[37] N. Leavitt. Is Cloud Computing Really Ready for Prime Time?, IEEE
Computer, January 2009
[38] T. Garfinkel, M. Rosenblum, When Virtual is Harder than Real,
HotOS’05, Santa Fe, NM, June 2005
[39] Y. Keleta, J. H. P. Eloff, H. S. Venter, Proposing a Secure XACML
Architecture Ensuring Privacy and Trust, Research in Progress Paper,
University of Pretoria, 2005,
http://icsa.cs.up.ac.za/issa/2005/Proceedings/Research/093_A rticle.pdf
[40] B. Krebs, Salesforce.com Acknowledges Data Loss, Security Fix, The
Washington Post, November 6, 2007
[41] T. Mather. (2011). Data Leakage Prevention and Cloud Computing.
Available: http://www.kpmg.com/Globa1/Pages/default.aspx
[42] S. K. Tim Mather, and Shahed Latif, Cloud Security and Privacy:
O'Reilly Media, Inc , 2009
[43] J. W.Rittinghouse and J. F.Ransome, Cloud Computing: Taylor and
Francis Group, LLC, 2010.
[44] J. Geelan. “Twenty one experts define cloud computing,” Virtualization,
August 2008. Electronic Mag., article available at http://
virtualization.sys-con.com/node/612375.
[45] S. Subashini, V.Kavitha. A survey on security issues in service delivery
models of cloud computing. Journal of Network and Computer
Applications 34(2011)1-11.
[46] S. Kardas¸, S. C¸ elik, M. A. Bingol, and A. Levi, “A new security ¨ and
privacy framework for RFID in cloud computing,” in Proceedings of the
5th IEEE International Conference on Cloud Computing Technology
and Science (CloudCom '13), Bristol , UK, 2013.
[47] K. D. Bowers, A. Juels, and A. Oprea, “HAIL: a high-availability and
integrity layer for cloud storage,” in Proceedings of the 16th ACM
conference on Computer and Communications Security, pp. 187–198,
ACM, Chicago, Ill, USA, November 2009.
[48] J. Krumm, “A survey of computational location privacy,” Personal and
Ubiquitous Computing, vol. 13, no. 6, pp. 391–399, 2009.
[49] A. Rao, “Centralized database security in cloud,” International Journal
of Advanced Research in Computer and Communication Engineering,
vol. 1, pp. 544–549, 2012.
[50] R. Neisse, D. Holling, and A. Pretschner, “Implementing trust in cloud
infrastructures,” in Proceedings of the 11th IEEE/ACM International
Symposium on Cluster, Cloud and Grid Computing (CCGrid ’11), pp.
524–533, IEEE Computer Society, May 2011.
[51] Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman, “Fade: secure
overlay cloud storage with file assured deletion,” in Security and Privacy
in Communication Networks, pp. 380–397, Springer, New York, NY,
USA, 2010.
[52] Z. Xiao, N. Kathiresshan, and Y. Xiao, “A Survey of Accountability in
Computer Networks and Distributed Systems,” (Wiley Journal of)
Security and Communication Networks, accepted.
[53] R. K¨onighofer, “A fast and cache-timing resistant implementation of
the AES,” in Proc. 2008 The Cryptopgraphers’ Track at the RSA
conference on Topics in cryptology, Berlin, Heidelberg, 2008, pp. 187-
202.
[54] Pearson, A. Blumberg, M. Walfish, “Toward practical and unconditional
verification of remote computations,” in the 13th Workshop on Hot
Topics in Operating Systems, Napa, CA, USA 2011.
[55] ] S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity
of interactive proof systems,” SIAM Journal on Comp., 18(1):186-208,
1989.
[56] Squicciarini, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “A
data outsourcing architecture combining cryptography and access
control,” Proc. 2007 ACM workshop on Computer security architecture,
2007, pp. 63-69.
[57] Sadeghi. Calore, Ma.gnolia Suffers Major Data Loss, Site Taken
Offline, Wired Magazine, January 30, 2009,
http://www.wired.com/epicenter/2009/01/magnolia-suffer/