Azeefa

Data Security and Privacy Protection Issues in
Cloud Computing
By
Azeefa Tahir
Roll No.432503
Session 2018-2020
Department of Computer Science Government

College University Faisalabad
Dedication
Urge this article is the most important to me. I never expected to reach this point in
my life in a million years. I also dedicated it to God and my parents. For all their love,
patience, kindness and support. Finally, all the hard work and respect teacher.
I
Declaration
I hereby declare that the work on which this dissertation/dissertation is based is based
on my actual work, and I have not submitted all or any part of it, and there is no proof
of him or any other degree from other university.
II
Acknowledgment
First of all, praise and thank Almighty God for blessing my entire research work, so
as to successfully complete the research work. University, heritage, gave me the
opportunity to conduct research and provided valuable guidance during the research
process. Their actions, vision, sincerity and enthusiasm left a deep impression on
me. They taught me how to conduct research and gave a clear introduction to the
research jobs possible. It is a great honor and honor to learn sand under his
guidance.
Azeefa Tahir
III
Abstract
Data security has always been a major issue in data innovation. In the case of the cloud, this
is especially true based on the fact that the data is available in better locations around the
world. Data security and security insurance consumers‘ attention to cloud innovation are the
two main innovations. Although many cloud computing disciplines have been studied in two
academic research institutions and joint ventures, data security and security insurance are
becoming more and more important for governments, industries and enterprises to improve
future cloud computing innovations.Data security and protection insurance issues apply to
devices and software in cloud designs. This The purpose of this test is to investigate specific
security policies and challenges in the context of software and tools to ensure data in the
cloud and change the security of the data. Reliability and climate; we investigated the current
exploration of data security and security insurance methods used in cloud computing.
Keywords: access control, cloud computing, cloud computing security

Data separation, data security, privacy protection
IV
Table of Contents
Chapter No 1 ............................................................................................................................ 1
Introduction .............................................................................................................................. 1
1.1 Objectives ............................................................................................................... 3
1.2 History .................................................................................................................... 4
1.3 Background of the Study ...................................................................................... 5
1.4 The Scope of Cloud Computing ........................................................................... 7
1.5 Problem Statement ................................................................................................ 8
1.6 Proposed Solution.................................................................................................. 8

Chapter No 2 ............................................................................................................................ 9
Literature Review .................................................................................................................... 9
Chapter No 3 .......................................................................................................................... 12
Methodology ........................................................................................................................... 12
3.1 Research Methods ............................................................................................... 12
3.2 Exact Literature Review (SLR) ......................................................................... 12
3.3 Major Techniques ............................................................................................... 12

3.3.1 Data Integrity ....................................................................................................... 12
3.3.2 Data privacy ........................................................................................................... 13
3.3.3 Homeopathic Encryption ...................................................................................... 14
3.3.4 Hybrid Technology ................................................................................................ 14
3.3.5 Hide Information ................................................................................................... 14
3.3.6 Confirm Deletion ................................................................................................... 15
3.3.7 Distributed Storage................................................................................................ 15
3.3.8 Encrypted Search and Database .......................................................................... 15
3.4 Cloud Computing Overview ............................................................................... 16

3.4.1 Cloud Computing and Grid Computing ............................................................. 16
3.4.2 Cloud Computing VS Traditional Computing ................................................... 19
V
3.4.3 Cloud Computing VS Utility Computing ............................................................ 22
Chapter No 4 .......................................................................................................................... 23
Cloud Computing Architecture ............................................................................................ 23
4.1 Basic Functions of Cloud Computing ................................................................ 24

4.1.1 On-Demand Self-Service ....................................................................................... 24
4.1.2 Resource Pooling.................................................................................................... 25
4.1.3 Fast Flexibility........................................................................................................ 25
4.1.4 Measured Service .................................................................................................. 25
4.1.5 Broad Network Access .......................................................................................... 25
4.2 Cloud Deployment Model ................................................................................... 26

4.2.1 Public Cloud ........................................................................................................... 26
4.2.2 Private Cloud ......................................................................................................... 27
4.2.3 Community Cloud ................................................................................................. 27
4.2.4 Hybrid Cloud ......................................................................................................... 27
4.3 Cloud Computing Service Model ....................................................................... 27

4.3.1 Software as a Service (SaaS) ................................................................................. 27
4.3.2 Platform as a Service (PaaS)................................................................................. 28
4.3.3 Basic Service as a Service (IaaS) .......................................................................... 29
4.4 Execution and Cost Factor ................................................................................. 30

Chapter No 5 .......................................................................................................................... 32
Security Issues in Cloud Computing .................................................................................... 32
5.1 Significance Security in Cloud Computing ....................................................... 35
5.2 Cloud Computing Security Category ................................................................ 35
5.3 Issues: Vulnerabilities, Threats and Attacks ................................................ 40

5.3.1 Cloud Malware Injection Attack.......................................................................... 41
5.3.2 Insider Attacks ....................................................................................................... 41
5.3.3 Buffer Overflow Attack......................................................................................... 43
VI
5.3.4 Verification Attack ................................................................................................ 44
5.3.5 Animal Power ......................................................................................................... 44
5.3.6 Brute Force Attack ................................................................................................ 45
5.3.7 MITM Attacks ....................................................................................................... 46
5.3.8 Man-Prevent Attack .............................................................................................. 46
5.3.9 Certificate Theft Attack ........................................................................................ 48
5.3.10 Denial of Service Attack ...................................................................................... 49
5.3.11 Dictionary Attack ................................................................................................ 52
5.3.12 Malicious Insider attack ...................................................................................... 52
5.3.13 Cloud API Vulnerability ..................................................................................... 53
5.4 Cloud computing security protection technology ............................................. 54

Chapter No 6 .......................................................................................................................... 58
Privacy Issues in Cloud Computing ..................................................................................... 58
6.1 The Importance of Privacy and Confidentiality in the Cloud ........................ 58
6.2 Cloud Computing Privacy Overview ................................................................ 59
6.3 Problems: Vulnerabilities Threats and Attacks ............................................... 62

6.3.1 Damaged endorsement and compromise certificates ......................................... 63
6.3.2 Data Breaches ........................................................................................................ 64
6.3.3 Data Space Issues ................................................................................................... 65
6.3.4 Virtualization Problems ........................................................................................ 66
Chapter No 7 .......................................................................................................................... 71
Mutual Security and Privacy Issues in Cloud Computing ................................................. 71
7.1 Damaged Sharing Platform ................................................................................ 72
7.2 Natural Disasters ................................................................................................. 72
7.3 Permanent Data Loss .......................................................................................... 73
7.4 Virtual Machine Transfer Attack ...................................................................... 73
VII
7.5 Internet Security and other Privacy Issues ....................................................... 73
7.5.1 Case Study 1: Account Hijacking......................................................................... 74
7.5.2 Case Study 2: Network-based Attack .................................................................. 74
7.6 Data Life Cycle .................................................................................................... 75

7.6.1 Cloud Computing Life Cycle Issues ..................................................................... 78
Chapter No 8 .......................................................................................................................... 81
Security of Cloud Computing ............................................................................................... 81
8.1 Control Hardware-Based Attacks ..................................................................... 81
8.2 Control Hypersensitivity Attacks ...................................................................... 82
8.3 Control through Cloud Audit ............................................................................ 83
8.4 Effective Encryption Control ............................................................................. 83
8.5 Trust Management Control................................................................................ 84
8.6 Identity Management Control............................................................................ 85

Chapter No 9 .......................................................................................................................... 87
Conclusion .............................................................................................................................. 87
Contribution .............................................................................................................. 87
Refrences ................................................................................................................................... 0
VIII
List of Figures
Sr.No Particular Page
.1 Figure 1.1: History of Cloud Computing 4
.2 Figure 3.1: Cloud Computing 13
.3 Figure 3.2: Grid Computing VS Cloud Computing 17
.4 Figure 3.3: Traditional Data Center VS Cloud Computing 20
.5 Figure 4.2: Cloud Deployment Model 26
.6 Figure 4.3: Cloud Computing Service Model 27
.7 Figure 5.1: Cloud Security 32
.8 Figure 5.2: Cloud Computing Security Model 36
.9 Figure 5.3: Cloud Malware Injection Attack 41
.11 Figure 5.4: Insider Attack 42
.11 Figure 5.5 : Buffer Overflow Attack 43
.12 Figure 5.6: Brute Force Attack 45
.13 Figure 5.6: Middle in the Man Attack 48
.14 Figure 5.6: Certificate Theft Attack 49
.15 Figure 5.7: Denial of Service Attack 50
.16 Figure 5.8: Dictionary Attack 52
.17 Figure 6.1: Security-only Privacy and Mutual Security and Privacy 60
Matters in CC
.18 Figure 7.1: Internal Security and Privacy Issues in Cloud Computing 71
.19 Figure 7.2: Data Life Cycle 75
.21 Figure 8.1: Cloud Computing Security Control 81
IX
Chapter No 1
Introduction
From the initial concept work to the current global delivery, cloud computing is constantly
evolving. Today, many associations, especially small and medium-sized enterprises (SMB)
companies are gradually submitting their applications and benefits are realizing the benefits
accumulated in the cloud. The choice of cloud computing can increase productivity and
creativity, and save the cost of product purchase and maintenance frameworks. "Cloud
computing is a model that can be used to support on-demand networks. Perform processing.
Assets (such as networks, employees, inventory), applications, and authorities) can quickly
create and provide this information, but cooperation is not important Based on management
work or professional collaboration, the cloud model improves receiving capabilities,
including five basic attributes, three auxiliary models, and four network models. The cloud
computing model described by NIS includes three help models and four transmission models.
Three management models, also known as SPI models.
As a service (SaaS) software
As a service (PaaS) platform
Infrastructure as a Service (IaaS)
Cloud software is handled like the cloud:
This means that it can help you connect to the Internet through a network other than all the
PC devices and software in the work area or somewhere in the network. The exact way in
which tools and software meet and how you perform all operations is irrelevant to the client-
the Internet is just a vague "cloud". Smoke can be confined to a single association (carrying
small objects or visiting multiple associations (public cloud)), and cloud computing relies on
asset sharing to supplement intelligence and economies of scale.Proponents of public and
hybrid mistresses pointed out that cloud computing allows the network to cut or limit the cost
of IT frameworks. Advocates also guarantee that cloud computing can make their
applications run better, with better reasons and less maintenance, and that the IT team can
move assets so quickly that they have the power to change.Fluctuations and extreme needs so
that sudden bursts can be detected. Examples of next-generation cloud computing:
Cloud computing is considered an innovative accounting method. In a cloud computing
environment, administrator applications and assets will be concentrated on the Internet. The
cloud server farm has a wealth of tools and software, which can support various networks or
1
the Internet to meet the needs of users. According to data from the National Institute of
Standards and Technology (NIST), cloud computing enables sequential processing of assets
(for example, enhancing networks, employees, storage, applications, and management.) Fast
delivery and delivery of key arrangements and expert network communication. As the
explanation points out, cloud computing provides a useful network of online applications in a
mutual pool of configuration assets. Asset detection applications, network assets, phases,
software management, virtual staff and processing instructions.Cloud computing has been
strongly recognized, but it is not yet synonymous with network numbers. Matrix processing
integrates adjacent assets, and controls assets through a work framework to provide better
data management, while integrating cloud computing.Different working frameworks can
provide various types of support with the help of registration and capacity assets, for
example, customers with unlimited data storage and elite processing capabilities. The overall
situation of network detection through cloud computing has changed data distribution is
another method of inconsistent and fraudulent processing of cloud computing.Cloud
computing will enable management to perform effective records as needed. Cloud computing
has the following functions, such as on-demand self-management, extensive network access,
non-territorial asset polling, real-time asset flexibility, usage-based estimation, and risk-
tolerant transactions. These advantages of cloud computing are supported by the modern
world and the world of educational discovery. Innovation in cloud computing is changing the
way we work together on the planet. Data security has always been a major issue in the IT
field. Data protection is especially important in a cloud computing environment, because data
is distributed on different computers and functional gadgets, including workers, PCs and
various mobile phones, such as remote sensor networks and PDAs. Data security in cloud
computing is more embodied than data security in traditional data frameworks. In order to
connect cloud computing to the client and work, the cloud must first rely on the cloud
environment to correct the client's security issues. For customers, a reliable atmosphere is
essential, and they must believe in this innovation.Cloud computing supports two basic types
of environments: processing and filling data lists. In the cloud computing environment, cloud
management shoppers do not need to worry about anything, they can verify their data and
complete their identification through the Internet network.. During data entry and
registration, the user does not know the machine that deletes the data, and the task is checked.
Data assurance and security are important factors for data storage, customer trust, and
effective use of cloud innovation. Guarantee all kinds of data and Different working
2
frameworks can provide various types of support with the help of registration and capacity
assets, for example, customers with unlimited data storage and elite processing capabilities.
The overall situation of network detection through cloud computing has changed. Data
distribution is another method of inconsistent and fraudulent processing of cloud computing.
Cloud computing will enable management to perform effective records as needed. Cloud
computing has the following functions, such as on-demand self-management, extensive
network access, non-territorial asset polling, real-time asset flexibility, usage-based
estimation, and risk-tolerant transactions. These advantages of cloud computing are supported
by the modern world and the world of educational exploration. Innovations in cloud
computing are changing the way we work together on the planet.Data security has always
been a major issue in the IT field. Data security is especially important in a cloud computing
environment, because data is distributed on different computers and functional gadgets,
including workers, PCs and various mobile phones, such as remote sensor networks and
PDAs. Data security in cloud computing is more embodied than data security in traditional
data frameworks. In order to connect cloud computing to the client and work, the cloud must
first rely on the cloud environment to correct the client's security issues. For customers, a
reliable atmosphere is essential, and they must believe in this innovation.Cloud computing
supports two basic types of environments: processing and filling data lists. In the cloud
computing environment, cloud management shoppers don't need to worry about anything,
they can verify their data and complete their identification through the Internet network.
During data entry and registration, the user does not know the machine that deletes the data
and checks the work. Data assurance and security are important factors for data storage,
customer trust, and effective use of cloud innovation. Guarantee all kinds of data and Shield
Postal Service information from unapproved access, divulgence, adjustment, and checking...
1.1 Objectives
 The world's leading IT technology and high-quality international services
 Service skills provided by our well-trained professionals
 Quality control implementation services from project imitation to production jobs
 Talents of working standards it. Strengthening our business relationships between IT
suppliers, manufacturers, sellers and distributors is also the central point of our business.
 Shield data assets from gracefully chain dangers. ...
 Forestall unapproved admittance to cloud computing framework assets. Issues related to
3
information security that raised by cloud computing with Traditional computing. To do
this, these issues was masterminded into arrangements:
 Information security issues identified with information security attributes (protection,
decency and availability).
1.2 History
This is not true at all. The cloud concept has existed for many years. Come and i will
take you back now we must jump into the scope of his experiment.
Figure 1.1: History of Cloud Computing

This is a gradual development process that began with mainframe computing in 1950.
Many users can access the host through the silent terminal, and the only function of the silent
terminal is to provide access to the mainframe. Because of the high cost of buying and
maintaining large computers, every employee must own it. Ordinary users do not need the
large (now) storage capacity and processing power provided by mainframes. Providing
shared access to individual resources is a solution that increases the economic significance of
this advanced technology. Buying and selling online is Using virtualization software such as
VMware, one or more operating systems can be implemented simultaneously in an isolated
environment. A complete computer (virtual) can be hung on physical hardware that can run a
completely different operating system.The virtual machine (VM) operating system took the
universal access mainframes of the 1950s to a new level, forcing many specific computing
environments to fit into a single physical environment. Virtualization promotes the
development of technology and is an important catalyst for its development.impractical In the
1990s, telecommunications companies provided virtualized private network
4
connections.Provide and deliver in a timely manner through an unmanaged network of
management or work experts.
Communication and Data: Historically, telecommunications companies have only provided a
dedicated point-to-point data connection. The quality of service is the same as the dedicated
service in the newly launched virtual private network
connection, but the cost is lower. Telecommunications companies can now establish ways
that users can share access to the same physical infrastructure without having to establish a
physical infrastructure to allow more The following list summarizes the development of
cloud computing.
Get rid of grid computing: solve the main problem of parallel computing Practical
computing: Introduce computing resources as instrument services
SAS: Purchasing based on the application network Cloud computing: dynamically provide IT
service resources anytime, anywhere users to communicate.
1.3 Background of the Study

Background Data on the Cloud:The traditional computing model is an important asset for
data association and personnel. Their management is the main threat and guarantees the
integrity of the data .For a long time, the association and people have been using PC
hardware (such as hard drives, DVDs, CDs, rings, and floppy disks) to store their data. The
introduction of the database framework has upgraded the execution data and made it more
feasible. In recent years, there has been a phenomenon of real-time data development, in
which data can be effectively processed through the Internet during large-scale open
processing and capacity stages. Advances in database frameworks and system management
(Internet counting) have facilitated the development of new registration models. This includes
network processing developed in the mid-1990s. Just like utility registration and cloud
computing, it was created around 2005.Cloud computing (CC) can be built as a model to
increase access to the network of useful applications in the pool of potential processing
assets.Cloud computing involves managing and using IT Foundation as an electronically
accessible management on the Internet, these steps, and any applications. Only one or two
examples of using cloud management include: online record storage, informal
communication spaces, web mail, and online business applications.As people gradually
recognize new strategies to promote network development, the application of Flood has
shifted to arrangements where data frameworks can be used cheaply (in terms of foundation
5
and work). Allow it to enter expenses. This has led to the rapid development of cloud
computing, which is much more successful than previous arrangements With the
development of modern development, the influence of compass and cloud computing
continues to grow. When things go wrong, when the association redistributes appropriate data
and business applications to CC vendors (outside of them), security risks become a top
priority.
Virtualization in cloud computing: Virtualization is a major breakthrough for cloud
computing management departments, offices, and various individual frameworks that enable
the collection of data assets in a single equipment phase (for example, network, CPU,
memory, storage). Enhance the ability of virtualization through dialogue with the device,
which obscures the complexity of the transaction. Reset the original registration stage and the
volatility of lost assets. This is achieved through hypersensitivity. The hypervisor is
responsible for isolating virtual machines (VMs) to place them directly on other VMs to
receive applications on virtual circles, memory or similar hosts. Virtualization provides
perseverance and diversity (the last time the product application separately served different
customers. These two functions are the key functions of CC, and asset sharing can improve
professional knowledge and their motivation, thereby reducing adaptability And upgrade
business.The actual part of virtualization faces difficulties in settings, system management,
and measurement of cloud frameworks. In cloud virtualization, it is a basic system to specify
the provision of cloud supplier assets for customers.At this time, when cloud providers ask
users to provide applications, it is important to create an appropriate number of virtual
machines (VMs) and allocate assets to help. The cycle is guided in some unique ways: early
delivery, dynamic delivery and customer self-delivery. The dynamic delivery and
management of cloud assets faces various difficulties, such as ideal virtual machine settings
and CPU, restoration, looping, and virtual machine number and function distribution
limitations in network data transmission [12]. A network of cloud experts is working together
to ensure or minimize vulnerabilities, threats and attacks on virtualized devices.
Cloud Security and Privacy Background Data: Definition of Security and Privacy:Security is
about protecting data, and privacy is about protecting user identities.In a similar
comprehensive way, we can describe the security function as follows: "Privacy is the only
option to release data." Similarly, Rocha8 regards security as a specific control for "self"
access. Election control refers to the period in which people cooperate with others and control
data transactions. To keep them safe, people try to get the consent of others. Pearson
6
explained that people‘s perseverance is controlled. The relationship between them and the
cost of data shaping . Protection can often be described as a dynamic cycle in which people
pass on their perseverance to others.The ideal "CIA" security triad. During the game, the
CIA has determined the ideal meaning of security (in terms of its basic characteristics). The
acronym "CIA" stands for privacy, integrity and availability. Three key requirements of any
security framework. Its characteristics are as follows.
Privacy: This is the ability to hide data from people who don‘t have the right to view it. It is
the foundation of many security tools to ensure the security of data and various assets.
Completeness: There is scope to ensure that the data is a clear and unregistered representation
of the first data.
Availability: This ensures that assets are immediately available to approved customers based
on customer needs.
This model covers the entire security check topic from the user's Internet history to security.
Use code data on the Internet.
Security and privacy in the cloud. Over time, various analysts have considered and studied
security issues under cloud conditions. Faced with these problems and their connections,
innovation analysts and experts make full use of many possibilities. Model to form a
complete impression. Groska and others. It is recommended to show the security environment
related to the three cloud framework members: managing opportunities, managing customers
and cloud providers. In addition, they classified the attacks as:
a) customer support, b) customer to management, c) customer to cloud, d) customer to cloud,
and) cloud management, and f) cloud help. Although cloud computing is concerned with
different security. In this proposal, we separate cloud computing security issues from security
issues.
1.4 The Scope of Cloud Computing

Scope and career development:
Cloud computing is becoming an indispensable part of today's IT world. Along with large
enterprises, small organizations have deployed the cloud to the best of their ability. If IT
professionals know how to use the "cloud," they will be hired.Those interested in cloud
computing can choose from various professional approaches, such as cloud engineers,
architects, developers, and security experts.The above forecasts demonstrate that the extent of
development for cloud computing is massive. Need for more and more associations organize
7
the utilization of this innovation. Truth be told, they have to rebuild and put resources into
coding norms that can uphold consistent relocation into the cloud. Additionally, cloud
computing is emphatically connected with ideas like the web of things. . The main restriction
would be the speed of the network, which controls the movement at which data is
accumulated and prepared. On the off chance that the network is quick, everything else about
the utilization of cloud computing will fall set up. La‗Quata Sumter et al. [2] says: The rise
in the scope of ―cloud computing‖ has brought fear about the ―Internet Security‖ and the
threat of security in ―cloud computing‖ is continuously increasing. Consumers of the cloud
computing services have serious concerns about the availability of their data when required.
Users have server concern about the security and access mechanism in cloud computing
environment. To assure users that there information is secure, safe not accessible to
unauthorized people, they have proposed the design of a system that will capture the
movement and processing of the information kept on the cloud. They have identified there is
need of security capture device on the cloud, which will definitely ensure users that their
information is secure and safe from security threats and attacks. The proposed
implementation is based on a case study and is implemented in a small cloud computing
environment. They have claimed that there proposed security model for cloud computing is a
practical model cloud computing.
1.5 Problem Statement

Now a days, there are many issues regarding the security of data on internet. This issue can
be resolved through the cloud computing architecture. People are prone towards using the
internet for sharing the large data. The personal data is also included in the data which can be
hacked and misused. This problem can be resolved using the cloud computing protection.
1.6 Proposed Solution

This problem can be solved through comparative research and analysis of existing research
work, which applies the technology used in cloud computing through data security (including
data security, privacy, and availability). Since data privacy is traditionally associated with
data security, data privacy issues and technologies have been studied in the cloud.
Comparative research on data security and privacy can help build user confidence by
protecting data in a cloud computing environment.
8
Chapter No 2
Literature Review
Chow et al. (2015) reviewed the security and privacy of cloud-based IoT: challenges. Many
interesting public challenges were raised in this search to obtain relevant ideas to mobilize
further research in this emerging field.
Diane Chen et al. (2010) Researched and explained the importance of protecting data
security and privacy in cloud computing.
Gonju Yan et al. (2012) examined the security challenges in vehicle cloud computing. The
search provides a safe solution to many challenges
Gartner et al. (2012) found that although the hype grew rapidly in 2008 and has continued
since then, it is clear that the cloud computing model has changed dramatically and the
benefits are huge.
However, Suraj Ali (2016) researched that data security has always been an important issue
in information technology. This is especially serious in a cloud computing environment,
because data is available in different parts of the world. Data security and privacy protection
are the two most important factors for users to pay attention to cloud technology. Although
many cloud computing technologies have been studied in academia and industry, data
protection and privacy protection are becoming more and more important for the future
development of cloud computing technologies. In government, industry and commerce.
Hui Stall (2013) studied security and privacy in mobile cloud computing. Discuss security
and privacy issues from three perspectives: mobile terminals, mobile networks and clouds.
We will address security and privacy issues from a general perspective.
Isa M. Khalil et al. (2014) studied cloud computing as an emerging technology model that
transfers existing technologies and computing concepts to solutions, such as the integration of
hydropower systems. Cloud brings many benefits, including configurable computing
resources, economic savings, and service flexibility. However, barriers to security and
privacy issues have been identified in the cloud.
Jian Wang et al. (2010) studied the provision of security and privacy in cloud computing.
Search provides some privacy techniques used in cloud computing services.
Kevin Hayman et al. (2010) studied how to introduce a single-layer framework for cloud
security issues and a secure cloud for cloud computing, and then focused on the two layers of
9
storage and data. In particular, the author discussed a scheme for securely publishing third-
party documents in the cloud.
Next, this article will discuss the use of HUDP map reduction and the security issues raised
by FedEx and the use of secure shared processors in cloud computing. Finally, the authors
discussed the implementation of XACML for Hadoop and their belief that building trusted
applications from unreliable components will be an important aspect of secure cloud
computing.
Koi Yuba" (2012) studied the security challenges brought by the cloud. The search outlines
many security challenges and calls for further research on security solutions for environments
that can deceive public trust.
Lolita is alone. (2011) House inspection is safer than flying! Consumers worry about the
privacy of cloud storage. Our findings from this study indicate that cultural differences have a
profound impact on consumer attitudes and beliefs, such as their willingness to store sensitive
data in the cloud and law enforcement agencies‘ willingness to provide consumers with this
willingness and willingness Accept the willingness as a monitoring account.
Latin et al. (2009) studied how cloud computing changes the way data technology (IT) is
managed, resulting in higher cost-effectiveness, faster innovation, faster time to market and
on-demand. expansion of applications ability accepted.
Monkeys, etc., 2010) Check whether cloud computing is safe and private. This discovery
claims that once these security and privacy issues are resolved, the prosperity of the cloud
computing literature will be realized.
Pearson ET (2010) studied the security, safety and reliability of private information
developed through cloud computing. This research explores how security, trust, and privacy
issues arise in cloud computing environments, and discusses ways to solve these issues.
Rigidity (2013) studied the use of error cache exchange and EES encryption algorithms for
digital signatures to enhance data security in cloud computing. It protects the data stored in
the cloud.
Rabia Latif et al. (2013), "Cloud Computing Risk Assessment: A Systematic Literature
Review", this research will help future research, cloud users/enterprise networks to assess the
risk factors in the cloud environment. And use this technology to quickly map your local
needs. June 28.
10
Suleiman Iqbal et al. (2016) studied whether cloud computing represents the current business
trend of information technology and refers to the virtualization of computing resources
available on demand. Cloud computing can save costs and time for enterprises.
Samira Abdul Rahman Aladdin and 2010 (2010) studied cloud computing security
management. Search will not only solve the security challenges of cloud computing including
identity and juice management (IAM), but it will also provide state-of-the-art authentication,
authorization and user access audits. Emerging IAM protocols and standards and the cloud.
Sayani Pearson et al. (2009) studied the need to consider privacy when designing cloud
computing services, reviewed the production environment, and focused on key design
principles. Here are some suggestions.
Takbi et al. (2010) studied the security and privacy challenges in the cloud computing
environment. The research explored obstacles and solutions to provide a reliable environment
for cloud computing.
Wesong Shi It (2016) examines the prospects of edge computing. This search can solve some
problems, such as the delay of edge computing, the limited battery life of mobile devices,
bandwidth costs, security and privacy.
Yanchuan Sunat. (2014) conducted research on data security and privacy in cloud computing,
and compared and studied the current research work on data security and privacy protection
technologies used in cloud computing.
11
Chapter No 3
Methodology
3.1 Research Methods

Research method is a method of deliberately monitoring and supervising inspection items.
To accomplish the objectives of examination we can utilize various strategies and procedures.
For tending to the examination questions and goals, the exploratory methodology Used.
Research testing is a way to develop new experiences and clarify problems.
3.2 Exact Literature Review (SLR)

System Literary Review (SLR) has the ability to distinguish, evaluate, and interpret works
related to specific themes or miracles. Experts should work hard to determine work to
investigate cloud test results. SLR is mainly used to connect the best products in the current
similar products, and to determine the vulnerabilities.
This article contains logic papers, online resources, diaries, etc. In order to find important
papers, we usually check the attached databases:( IEEEL) and (ACM) Digital Library and
Science Direct. The buzzwords we searched are the article titles, abstracts or time stamps of
"cloud computing", "cloud security", "cloud protection" and "cloud security and security".
This is the result of our hunting structure. We learned to combine experience with the
advantages of different mixed languages to test the equivalent language used in writing and
cover the layout of cloud security terminology and security terminology concepts. After
careful review, it was found that the following partial references were banned because they
were: (a) CC is not important to safety. Or (c) Copy data from different papers. In order to
expand the scope of references, we also conducted a reverse reference search and a forward
reference search. A retrogressive hunt includes recognizing articles refered to in a given
distribution.
3.3 Major Techniques
3.3.1 Data Integrity
Data integrity is a key component of any data framework. . In most cases, data integrity
means protecting data from unauthorized deletion, adjustment or creation.The inclusion of
elements and the explicit efforts to deal with asset rights ensure that critical data and
management will not be manipulated, abused or obtained from it. Data integrity can be easily
12
achieved in an independent framework with a single data set. In an independent framework,
data integrity is maintained through database requirements and exchanges, usually packaged
by a data set management framework (DBMS). Before conversion, ACID functions (basic,
consistent, disconnected and flexible) must be paid attention to to ensure data integrity. Most
databases maintain ACID conversion and can maintain data reliability. Approve the input of
control data. This is the tool used by the framework, which states that the framework must
ensure the level of access to the limited assets that a particular authenticated client should
have access to. Data integrity in the cloud framework means data integrity protection.
Unauthorized customers must not lose or change data. Cloud computing is the basis for data
integrity management (such as SaaS, PaaS, and IaaS). In addition to storing large amounts of
data, cloud computing can also manually provide climate data processing and management.
Data integrity can be achieved in a variety of ways, such as RAID-like systems and advanced
marking.
3.3.2 Data privacy
Authentication and access control technologies are used to ensure the confidentiality of data.
In cloud computing, data privacy, authentication, and access control issues may cause
unstable quality and reliability in the cloud.
Figure 3.1: Cloud Computing
13
3.3.3 Homeopathic Encryption
Same-origin encryption is a recommended encryption framework. This can ensure that the
result of the mathematical activity of the code text is stable, and the activity after the encrypt
result cannot be recognized. In addition, there is no need to decode the data throughout the
cycle.
3.3.4 Hybrid Technology
A hybrid technology using shared sharing and identity verification technology has been
proposed to protect the confidentiality and integrity of data [33]. Through the use of powerful
key sharing and identity verification processes, communications between users and cloud
service providers can be made more secure. The RSA public key algorithm can be used to
securely distribute keys between users and cloud service providers.Proposed a three-layer
data security technology [34]: the first layer is used for a single element Cloud user
authentication or two-factor authentication. The second layer is used for single-element
authentication or two-element authentication. To ensure this, the second layer encrypts user
data Protection and privacy; the third layer speeds up data retrieval through a fast decryption
process. Trust Draw recommends the use of cloud methods [35] to separate critical data,
which is a transparent and secure extension of the cloud, which combines virtual machine
introspection (VMI) and reliable computing (TC).
3.3.5 Hide Information
Hiding data can also be used to maintain the privacy of data in the cloud. Delettre et al. [36]
introduced the hidden concept of database security. Collect visual error data to correct actual
data by hiding the data. However, authorized users can easily distinguish between
counterfeiting and artificial fraud Statistics from actual data. Data hiding technology
increases the total amount of real data, but provides Improved the security of private data.
The purpose of hiding data is to ensure the security of real data and protect it from malicious
users and attackers. The watermark method can be used as the key to real data. Only
authorized users can use the watermark key, so the user authentication key can ensure the key
state so that the correct user can access the correct .
14
3.3.6 Confirm Deletion
Delete confirmation means that the user cannot retrieve the data when the data is deleted after
the deletion.The authentication problem is very serious because there are multiple copies in
the cloud that can be used for data retrieval and protection. When users delete data through
authentication, they want to delete all copies of the data immediately. However, certain data
recovery techniques can recover data deleted from the user's hard drive. Therefore, cloud
storage providers should ensure that deleted user data cannot be retrieved and used by other
unauthenticated users. One possible way to recover data and avoid unused state is to encrypt
data before uploading it to cloud storage space. The mask system is based on technologies
such as Efimizer. In the system, the data is encrypted before uploading to cloud storage.
When a user decides to delete his data, the system can only write new data to change the
deletion process to use a specific strategy on all storage spaces.
3.3.7 Distributed Storage
The concept of data distribution on the cloud. Because each piece of data is encrypted and
distributed in a separate cloud database, it can provide better security against various attacks.
According to The Mystic et al. [32], the distribution of cloud computing resources is
described on the basis of actual measurement. The measurement technology developed is
based on network design and according to specific routing and user needs, gradually change
resources to incoming resources Outgoing traffic. The accurate measurement depends on
computing resources and storage resources. Due to the variability of the network, based on
the design function method, resource allocation will not be limited to a specific time.
Resources may increase or decrease, so the system will need to be offline or online to change
user needs and improve connectivity.
3.3.8 Encrypted Search and Database
Since unified encryption calculations have been lost, analysts are considering using unified
encryption calculations that are limited to cloud climates. Searching for codes is a common
method to protect and protect critical data in unstructured cloud environments, and a method
to encrypt N-memory storage databases is proposed. Owner and owner are the synchronizers
between customer search data input. The user will need the key provided by the synchronizer
to decode the encoded shared data from the financial technology. Synchronization for
independent storage of shared data and keys.The disadvantage of this method is that it
15
eliminates the delay caused by the additional correspondence with Focus Synchronizer. In
both cases, there is a complete digestive tract, which can be accomplished by restricting the
correspondence between the group and the center.An in-memory database encryption strategy
has been proposed to protect and protect unreliable cloud climate data. Synchronization will
be found between data entry owners Limited liability company and users. The user will need
to sync to remove the fake shared data from the owner. Synchronization is used to freely
store associated shared data and keys. The disadvantage of this strategy is that the delay is
due to the additional correspondence with Focus Synchronizer. However, this limitation can
be overcome by adding group encryption and restricting the correspondence and coordination
between centers.
3.4 Cloud Computing Overview
3.4.1 Cloud Computing and Grid Computing
Grid computing is a network of asset allocation. It can distribute equipment and software
offices to a large number of customers, and may have different associations (dissimilar to a
cloud claimed by a solitary proprietor). Clients are obliged to give their equipment and
software to different clients on a timetable oversaw by the framework administrators.IT is the
company who maintains the servers, maintains the crashing of the server and takes care of it.
The company also buys the software and the licenses for the operation of their business. All
these things maintain by the monthly fee which they are expecting from the firms they are
serving.They are so much focused on providing quality service as if they fail to do so they
will be behind in the competition. This web-based platform can only access through the
internet.Cloud Computing has numerous amounts of benefits which are helping both hosts as
well as the customer. A host consists of various benefits too which benefit the
customers.There are myriads of security feature which is a positive point along with it the
access time is very low and one can easily upload and download data quickly. The company
nowadays is in great need of the data storage facility and the Big Data companies provide
them very easily. Grid computing and cloud computing are conceptually the same, which is
easy to confuse. These concepts are very similar, and they all share the same vision of serving
consumers through shared resources. Both networks are based on technology and have
multitasking capabilities, which means that users can access one or more applications to
perform different tasks. He said: "Grid computing involves virtualizing computing resources
to store large amounts of data, while cloud computing is a space."Applications cannot
16
directly access resources, but access resources through Internet services.
Figure 3.2:Grid Computing VS Cloud Computing
On the contrary, grid computing is a computing technology that combines computing

resources across different domains to achieve a common goal. Computers on the network can
work together, and each computer can complete this work. Access all other computer
resources in the network. In short, grid computing is a group of interconnected computers that
work together to process large amounts of data.
Similarities : Cloud computing and network registration have a certain degree of
compatibility. Hypothetically, the idea is to mobilize these two models by combining
different model assets and dividing their capabilities into effective frameworks to achieve at
least one complex route, that is, using the same asset may be painful or difficult. The
registered assets of grid computing may include manufacturing cycles, storage space,
network, printers, scanners, software licenses, remote gadgets, etc. The purpose of this is to
find areas focused on computing faster and cheaper.In the business model, each user enters
the network with the supplier to use the network's assets by studying their tests and making a
small suggestion based on their expected actions important assets. The point of advancement
of network registering was to encourage clients to distantly use inactive figuring power inside
17
other processing communities when the neighborhood one is occupied or incapable to play
out the undertaking alone.
Contrasts: Grid assets are commonly free for utilizing the registering assets however rather
shouldconsent to profit their own figuring assets to be utilized by others whenever required.
In contrast, economists provide cloud computing to public-use associations at reasonable
prices, and these associations are unwilling (or may unwilling) to create and process their
processing arrangements (but due to monetary factors). From a specific professional point of
view, the driving force behind grid computing is to create a unified asset pool of assets
composed of different associations, which can provide a range of processing that is difficult
to handle in isolation. These associations are distributed in the form of pictures and have their
own privileges when deciding on their asset traders.. The focus of cloud computing is to
divide assets into smaller parts and then deliver them to customers as needed.
Conversely, cloud assets are generally had or worked by a solitary association and genuinely,
they are brought together inside a similar processing/server farm and appropriated over
different registering focuses.Grid computing uses grid middleware, which is a special type of
software that is important for protecting the basic nerves and functions of nature, but it has
not yet provided any special help.The central management provided by the middleware
includes data management, security management, data committee and chief management.
Accurate data management refreshed data on all assets or administrations in a framework
climate. Security administrations are sent to guarantee secure cross-hierarchical asset access,
and ensure correspondence and infringement of neighborhood regulatory arrangements. Data
the board gives helpful instruments to data access, data development, data replication and
data joining. Leader the executives is utilized to achieve an undertaking utilizing the
resources.Interestingly, cloud computing provides a variety of self-services through cloud
products. According to the type of cloud management provided, cloud products are provided
to different groups. Cloud product features include the ability to maintain accessible asset
data. Create and monitor virtual machines based on client requirements. Application
management, design and execution; and executive executives, and protect this book . In order
to register assets correctly, according to the client, certain calculations or methods are used to
determine where to build the virtual machine and when to start and stop the VM.
The importance of the client executive lies in how to receive client requests and make
decisions about the use of assets and the actual use of programs. The board of a cloud is
simple on the grounds that more often than not there is just a single regulatory area engaged
18
with it.Conversely, cloud assets are generally had or worked by a solitary association and
truly, they are concentrated inside a similar processing/server farm and dispersed over various
figuring habitats.
3.4.2 Cloud Computing VS Traditional Computing
The functions of traditional and cloud data center security solutions are different. In either
case, the client will state his performance. The difference between traditional data centers and
cloud data centers is what the equipment and software categories should do and what they
intend to do. In a traditional data center, the rest of the rk has its own protection framework,
and it is relatively easy to maintain this limited interconnection foundation. The original
framework promotes forest linkages between different management, registration and different
customer competence levels.Cloud Computing: As the name implies, cloud computing is a
combination of configuration system resources and advanced services, which can be quickly
delivered over the Internet. It is easy to provide lower power costs, no capital expenditures,
no redundancy, lower personnel costs, enhanced cooperation, etc. It provides us with higher
efficiency, higher security and greater flexibility.Traditional Computing: As the name
suggests, traditional computing uses physical data centers to store digital assets and run
complete network systems for daily operations. In this case, access to user data, software or
storage is limited to the device or government network to which they are connected. In this
calculation, the user can only access the data of the system where the data is stored.
Traditional security issues are still present in cloud computing environments. But as
enterprise boundaries have been extended to the cloud, traditional security mechanisms are
no longer suitable for applications and data in cloud. Due to the openness and multi-tenant
characteristic of the cloud, cloud computing is bringing tremendous impact on information
security field: (1) Due to dynamic scalability, service abstraction, and location transparency
features of cloud computing models, all kinds of applications and data on the cloud platform
have no fixed infrastructure and security boundaries. In the event of security breach, it‘s
difficult to isolate a particular physical resource that has a threat or has been compromised.
(2) According to the service delivery models of cloud computing, resources cloud services
based on may be owned by multiple providers. As there is a conflict of interest, it isdifficult
to deploy a unified security measures; (3) As the openness of cloud and sharing virtualized
resources by multi-tenant, user data may be accessed by other unauthorized users. (4) As the
cloud platform has to deal with massive information storage and to deliver a fast access,
19
cloud security measures have to meet the need of massive information processing.
This paper describes data security and privacy protection Traditional security issues are still
present in cloud computing environments. But as enterprise boundaries have been extended
to the cloud, traditional security mechanisms are no longer suitable for applications and data
in cloud. Due to the openness and multi-tenant characteristic of the cloud, cloud computing is
bringing tremendous impact on information security field:
(1) Due to dynamic scalability, service abstraction, and location transparency features of
cloud computing models, all kinds of applications and data on the cloud platform have no
fixed infrastructure and security boundaries. In the event of security breach, it‘s difficult to
isolate a particular physical resource that has a threat or has been compromised.
(2) According to the service delivery models of cloud computing, resources cloud services
based on may be owned by multiple providers. As there is a conflict of interest, it is difficult
to deploy a unified security measures;
(3) As the openness of cloud and sharing virtualized resources by multi-tenant, user data may
be accessed by other unauthorized users.
(4) As the cloud platform has to deal with massive information storage and to deliver a fast
access, cloud security measures have to meet the need of massive information processing.
Figure 3.3:Traditional Data Center VS Cloud Computing
Persistent and Elastic: If you are searching something that is determined and steady totally
and would not betray you at that point cloud computing is the appropriate response. As far as
strength and flexibility, nothing can coordinate an old fashioned cloud worker. Assume that
20
because of some explanation the worker that holds all the significant data for your business or
your site is down then cloud innovation would promptly move every last bit of it to a totally
different worker that is going that is the reason you won't feel that something was surely off-
base. This is the means by determined With respect to the traditional, you would need to
supplant the dead parts, add additional equipment, and acquire more expenses for the
administration of your server farm to keep it running easily day in and day out. It is adaptable
yet just as far as possible and not in the least determined.
Automation is the key to success: Automation is the genuine pith of accomplishment in any
business, in the event that you have stability to mechanize quite a bit of your cycles with no
human info then you have just accomplish the correct way to progress. Automation gets the
solace of consistency, opportune up-degree, security, cost-adequacy, and over the clock
easily running activities. Without mechanization you don't have anything, that is the reason
numerous tech-based networks make an honest effort to computerize the same number of
cycles and frameworks as they can to accomplish a specific degree of tech satiety.Cloud
computing has everything running easily and being constrained by the cloud suppliers which
implies over the clock chances for robotization, scaling here and there as you see fit and less
expenses brought about. While then again in the customary registering world all that
requirements to happen physically and there is less likelihood of the network actually going
towards accomplishing mechanization. That is the reason the cloud is superior to traditional
computing.
Costs Incurred: Each business works with a set equation in their psyche about the spending
they can save for this undertaking. They can just go a little above on the number however not
completely through, no brilliant plan of action would be founded on going through cash in a
free fall model. In the realm of cloud computing, you just compensation for the assets you
use; you don't need to pay even a solitary dime over it. Likewise, the administration, fix, and
up-degree costs are not charged to you as the cloud supplier would be dealing with them.
Thus, eventually, cloud computing is savvy, cloud computing is more sensible, no big
surprise why every one of those networks are promptly embracing cloud
computing.Traditional computing, then again, causes more costs like fixes, up gradations, and
support pulling in. Consistently million dollar worth of equipment is tossed out and is
supplanted with another and updated variant of it. In this day and age just effectively settled
and prospering networks or networks can manage the cost of their own server farms, new
companies can't and to eliminate any confusion air those huge networks and networks don't
21
either utilize their own server farms.
Security: In this last round, cloud computing is by all accounts prowling behind as the security
measurements of a cloud-based office are not all that promising as one would might suspect.
The principle explanation behind this methodology is on the grounds that anybody with a
web association and conceivable admittance to your cloud with legitimate accreditations can
take the regions in their grasp accordingly bargaining your essence on the web and alongside
it the data that you so unequivocally depend on. Times New Roman However, in the
substance of the traditional computing system, you are answer able for the capacity just as
security of your data. You can play it safe, for example, restricting the quantity of individuals
that approach that specific office just as ensuring that you keep on changing the security
sidestep frameworks all the more regularly to secure your actual presence and your data. On
the off chance that you need to mortar your profession onto the mass of achievement, at that
point it is suggested that you learn cloud computing and itemized data about the connected
situation immediately to build your odds of turning your vocation around.
3.4.3 Cloud Computing VS Utility Computing
Cloud computing can do all the things that utility computing can do, and can do more. Cloud
computing is not limited to a specific network, it can also be accessed through the Internet. In
the case of cloud computing, the benefits and reliability of resource virtualization and its
expansion are more obvious.
Utility computing can be realized without cloud computing. Utility computing can be thought
of as a supercomputer that provides processing time for different users. Users will pay for the
resources they use.
Cloud computing is a broad concept related to the architecture on which the service is
designed. Cloud computing can be difficult to define. This is basically the theory of driving
applications on the cloud. IT developers and operations staff use cloud computing because it
can help them develop, run, and run applications that can be easily expanded, improved
performance, and never fail. All of this can be done without worrying about the actual
location of the infrastructure.Utility computing requires a cloud-like structure, but its main
focus is the business model on which the computing service is based. Fundamentally
speaking, this is a type where customers get computing resources from service providers and
they pay as much as they eat. The main advantage of using utility computing is its better
economy. computing companies
22
Chapter No 4
Cloud Computing Architecture
Cloud Computing Architecture is also called as ―Layered computing model‖ [1 Cloud

computing architecture can be divided into four layers: hardware layer, infrastructure layer,
platform layer, application layer, cloud computing architecture is also called "layered
computing model" [1]. Cloud computing architecture can be divided into four layers:
hardware layer, infrastructure layer, platform layer, and application layer. These components
jointly developed the cloud computing architecture. Cloud computing resources are retrieved
through Internet-based tools and applications that allow users to work remotely because the
cloud can be used as the "Internet". Therefore, it is not processes as traditional outsourcing.
It is also called Massive Computing. In this the allocation of application must be dynamic.
There is no need to install any type of hardware and software. The target of cloud
computing is to permit the users to access
4.1: Cloud Computing Architecture

the data from all the technologies, applications without any deep knowledge about
them[11 In the cloud computing
a. Cloud Consumer: A person or organization that starts and keeps a business association
23
with and requires services from suppliers of cloud services
b. Cloud Provider: A person, organization engaged in supplying cloud computing
services to interested persons or organizations.
c. Cloud Auditor: An organization in charge of conducting independent evaluation of
cloud computing, and determining the systems effectiveness and security.
d. Cloud Broker: A third-party organization or individual that serves as an intermediary
between cloud consumers and cloud providers. He/she is useful for negotiating terms and
conditions of the contract for the purchase of cloud services.
e. Cloud Carrier: An intermediary person, organization or entity that provides
connectivity and transport of cloud services from cloud provider to cloud consumers.
The diagram showing interactions between the actors in cloud computing in [7] describes
the relationship amongst actors in cloud computing. Highlighting the relevance of each party
in actualizing the delivery, use and maintenance of cloud services. In addition, NIST also
provides five characteristics of the cloud [11] architecture, high-power computers are not
required to run Web-based applications. In the cloud computing architecture, applications,
data, and services are stored in the cloud through the Internet, and software resources are
provided to run applications and stored data. On-demand service
4.1 Basic Functions of Cloud Computing

The function of cloud computing is different from other processing standards or models.
These functions are divided into basic attributes and basic qualities. Gong et al.
The following are five main functions:
4.1.1 On-Demand Self-Service
This enables the client to centrally manage processing time and processing power like a
network repository. This is understandable, and there is no need for manual unity with each
expert participant. Customers can access the processing assets in the second part according to
their needs.This refers to the situation where the client on the network can access the
processing power. Customers can access cloud assets through a standard system that enables
them to use multiple steps, for example, they can access cloud assets through mobile phones,
PCs, and PCs. In this way, customers do not need to perform cloud-based management in a
blank area. With a large number of IP organizations, cloud-based management can be
accessed from anywhere, anytime.
24
4.1.2 Resource Pooling
Service suppliers pool together processing assets to fulfill registering requirements of various
clients through various physical and virtual assets. The pooled assets, (for example, workers,
stockpiling gadgets, .and so forth) Rap Shared by many customers. In order to simplify the
nature of supply management, the cloud selects which assets from the pool to determine the
rest of the work of each cloud buyer. Sharing encourages cost reduction, because sharing
enables services to provide services on cloud input devices that far exceed those required to
process assets.
4.1.3 Fast Flexibility
This shows that the L-scale data function can be managed faster and more flexibly, thereby
achieving faster measurement speed and faster scale delivery. The function provided to the
buyer is (by the client perspective) limitless and can be bought in any amount whenever.
Flexibly builds administration limit during occupied periods, and lessens limit during clients'
off-top periods, empowering cloud purchasers to limit costs while living up to their
administration quality desires.
4.1.4 Measured Service
This management ultimately controls and simplifies the use of assets. This is done to some
extent through some form of reflection (such as CC help). It enables people to observe,
control and describe the use of trademark assets and reasonable assistance in subsequent
purchases. Usage and procedures. Given that there is usually no single management area, the
cloud director is simple.Extensive network access to cloud capabilities means that a variety of
clients (such as Windows PC or Android Mobile) can be used to access the service from
multiple locations (such as company offices or homes).
4.1.5 Broad Network Access
 Conditions and Cloud Comparison

Let's compare it with traditional solutions. For example, a small company installed a mail
server, database server, and web server at its headquarters.They also have other branch
offices and remote employees, so they need to connect to a wider area network. There may be
an MPLS or virtual private network between the branch and the main site on the Internet, or it
may be leased directly between the two offices..In Branch Office, users are merging
25
Windows PC, Linux and Mac. No matter which desktop computer they use, they can access
the server on the main site of the company's data center.Teleworkers usually work at home or
in hotels, and they can work on laptops, tablets or mobile phones. Again, it doesn't matter, as
long as the applications running on the main site support different types of clients, and as
long as we have network connections everywhere, everything will run smoothly.Cloud
computing architecture is also called broadband network.
Broad network access . Capabilities are available over the network and accessed through
standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g.,
mobile phones, tablets, laptops, and workstations). ... Examples of resources include storage,
processing, memory, and network bandwidth.
4.2 Cloud Deployment Model
Figure 4.2: Cloud Deployment Model
There are four cloud deployment models
4.2.1 Public Cloud
In the public cloud, assets are provided on the Internet through Web application management
to achieve better governance and self-management. Users can quickly acquire these assets
and only repay operating assets. By distributing assets through multiple clients, the main
threats to the public cloud are security, management stability and service quality.
26
4.2.2 Private Cloud
In a private cloud, computing resources are used and forced to go through private use. In a
private cloud, access to assets is limited to customers who have space with the organization
that owns the cloud. The main advantage of this model is that data protection and security are
greatly affected due to the sustainability of the project.
4.2.3 Community Cloud
The cloud of the people should not be mistaken for the cloud of the people. In a group of
people, different people or groups with common interests can access assets instead of public
clouds where customers have no common interests. The registered foundation may not be
there. Cloud assets are monitored and monitored by at least one partner in the network instead
of a public cloud where a single vendor/owner claims and monitors .
4.2.4 Hybrid Cloud
Hybrid cloud is a collection of multiple deployment models. There is a management system

to ensure that things look like clouds. For security, cost, and implementation specific
requirements, hybrid clouds may be required.
4.3 Cloud Computing Service Model
Figure 4.3: Cloud Computing Service Model
4.3.1 Software as a Service (SaaS)
In (SaaS) the benefits of applying business application software to the client are explained.
. Since customers obtain and use software parts from various suppliers, so the primary issue is
27
herethat data dealt with by these formed administrations is to be all around secured.
Examples of( SaaS) suppliers are Google App and so on
a. Email and Office Productivity: Email applications, word editors and processors,
spreadsheets applications, presentations applications are typical examples in this category.
b. Billing: There are applications designed to monitor and manage customer billing. This
is determined by users‘ system usage and subscriptions to products and services.
c. Customer Relationship Management (CRM): CRM are typical call-centre
applications.
d. Financials: These are applications useful for tracking and reporting financial activities
including processing of expenditure, generating invoices, payroll, and managing taxes.
SaaS Characteristics: The software supports remote workers and can be used permanently on
the Internet through an Internet browser.
Monitor applications from key areas. Application customers do not need to emphasize
equipment or software (refresh, patch, etc.) Any processing with external applicants through
API.
Suitable for seasoning: Apps that accelerate or drop fundamentally. For example, in the
recording season, the software responsible for evaluation is becoming more and more
popular, in some seasons, housing reservations are increasing, and so on. Applications that
require internet, such as portable access. The model includes keyboard software and CRM
framework. Short-term expansion requires concerted efforts. The only cost-effective model is
that it needs to quickly establish a synchronized climate and quickly shut it down.
4.3.2 Platform as a Service (PaaS)
Pass provides an application or development stage where customers can submit applications
that will run in the cloud.Google App Engine are instances of( PaaS )suppliers.
a.Business Intelligence.
b.Database.
c.Development and Testing.
d.Integration.
e.Application Deployment
PaaS Characteristics: Regarding interests, and distinguish them down/down.Improve
application development and change application implementation management to encourage
the development, testing, management and simplification of software applications in an
28
integrated development environment Share a similar development environment with different
users.Integrated Web management and database.Monitor billing and membership through CC
equipment.
Applicable to PaaS: Applicable to users who come with PaaS
Virtualization innovation on top of PaaS gives you access to assets .Multiple engineers
promote the same project, or dismantle outdoor components participating in the improvement
cycle; PaaS has discovered speed and adaptability during the improvement cycle.
The network behind the agile program to make software improvements; prevent the
challenges and rapid turnaround associated with PAS applications.
The network that wants to increase its capital. With the development and implementation of
applications, PAS reduced the cost of the foundation.
4.3.3 Basic Service as a Service (IaaS)
(IaaS) is the supply and support of (PC) equipment (such as staffing, innovation management,
storage and server farm space). Similarly, work frameworks and virtualization innovations
can be added to manage assets. International Accounting Standards
Examples of( IaaS): Examples of IaaS include Amazon Web Services (AWS)
a.Content Delivery Networks (CDNs): CDNs record user content and files to improve the
system performance such as speed and the cost associated with the delivery content for web-
based systems. This is useful for handling diverse kinds of content for delivery to any website
or mobile app.
b.Backup and Recovery: This provides ability for seamless backup and restoration of files.
c.Compute: This involves server requirements for maintaining cloud systems that can be
configured and provisioned dynamically.
d.Storage: Highly scalable storage ability useful for recording activities of applications, file
backups and recovery and storing files are also available.
Characteristics: There are multiple customers on a single product.
Resources as support. Dynamic expansion capability-cost fluctuates according to the
commitment of the foundation. Suitable for (IaaS): Suitable for users who come with (IaaS)
For high-performance applications, unrestricted monitoring of the product's network is
required.Start-ups and small organizations that don't want to spend cash and energy to buy
equipment and software.
The qualities of( IaaS) incorporate:
29
Growing organizations are not yet sure what applications they will need or want to grow at a
rapid rate, so they will not want to focus on a clear basis. Services that experience unstable
requests – where exceptionally unique scaling up ordown in a state of harmony with traffic
spikes or valleys—is basic. The barriers to choosing and disabling cloud computing over the
network are.
Internal resistance: The advantage of cloud processing is to reduce the amount of
organizational work that has been completed on the back-end IT framework. With these
letters, it enables the employees of the organization to work harder on the next application.
With these letters, it can greatly reduce the number of IT office staff after that, IT office
experts in the organization may see cloud computing as a threat. These people worry about
overcoming their status or important framework.
Security and privacy challenges: Security and security issues related to cloud computing are
not a problem for some organizations. Half-heartedly, some organizations view security
challenges as insurmountable obstacles and have not responded strongly. Such organizations
have not considered accepting the benefits of innovation.
Reliable quality and trust: The cloud has been tested by providers such as Google and
Amazon are reporting and advertising. It has brought notoriety to potential organizations
considering entering the cloud computing environment. Cloud computing is an innovation
based on trust and lack of trust will hinder its choice.
Integration and interoperability: Enterprises need API and cloud interface criteria: s,
interoperability standards and related special rules that allow interoperability (private to
small, public to private, etc.).
4.4 Execution and Cost Factor

The advantages of cloud computing may be limited by presentation methods and cost factors,
including:
Security: Security improves the productivity and implementation of any cloud framework,
which is a beneficial part of framework insurance.
Data recovery: Errors, frustrations or misfortunes caused by various reasons may depend on
the data being clouded or monitored. The capacity and time required for data retrieval will be
affected Service level agreement: The buyer agrees to assist in level management (SLA)
before using Cloud Assets. Understand customer requirements, supplier capabilities, fines,
fees, etc.
30
Network bandwidth: If the transmission speed is too low and the required management is
considered within the specified time, the visibility of the cloud will be reduced.
Fault tolerance: This refers to the ability of people who provide various kinds of assistance
when faced with dependency or safety issues under any circumstances. A high degree of
adaptation to internal failures can achieve high cloud performance.
Other factors: Other variables that may affect cloud performance include adaptability,
inactivity, maximization, balance, and processor power consumption issues.
31
Chapter No 5
Security Issues in Cloud Computing
Cloud computing security includes practices, improvements, controls, and applications used
to ensure cloud computing conditions. These security measures are designed to protect the
data, management, applications, and connection foundations in the cloud from internal and
external hazards.These security measures are designed to protect the data, management,
applications, and connection foundations in the cloud from internal and external hazards,
while protecting the protection of customers and authorizing and maintaining consistency
with each relevant principle and guideline. Although cloud computing security requirements
usually vary from enterprise to enterprise, the basic goal is data insurance and access control
to the As an ever increasing number of
Figure 5.1: Cloud Security data.
As an ever increasing number of organizations exploit cloud computing and appreciate the
decreased expense of working together, expanded nimbleness, and the capacity to rapidly
scale, they should guarantee that they consider security directly as it so happens and pick the
correct sort and level of security to effectively forestall data misfortune and spillage. Security
is viewed as a composite notion, namely ―the combination of confidentiality, the prevention
of the unauthorized disclosure of information, integrity, the prevention of the unauthorized
amendment or deletion of information, and availability, the prevention of the unauthorized
withholding of information‖[13]. Security is the absence of unauthorized access to, or
32
handling of, the system state. The main dimensions of security are availability, confidentiality
and integrity. Security is one of the most obstacles for opening up the new era of the long
dreamed vision of computing as a utility. Security issues in cloud computing environments
can be divided into six sub-categories [5] [6] [7] [11][14], which include: (a) how to provide
safety mechanisms, so that to monitor or trace the cloud server, (b) how to keep data
confidentiality for all the individual and sensitive information, (c) how to avoid malicious
insiders illegal operation under the general lack of transparency into provider process and
procedure environments, (d) how to avoid service hijacking, where phishing, fraud and
exploitation are well known issues in IT, (e) how to management multi-instance in multi-
tenancy virtual environments,which assume all instance are completely isolated from each
other. However, this assumption can sometime break down, allowing attackers to cross
virtual machines side channel, escape the boundaries of the sandboxed environment and have
full access to the host, and (f) how to develop appropriate law and implement legal
jurisdiction, so that users have a chain against their pr Wikipedia [3] defines Cloud
Computing Security as ―Cloud computing security (sometimes referred to simply as "cloud
security") is an evolving sub-domain of computer security, network security, and, more
broadly, information security. It refers to a broad set of policies, technologies, and controls
deployed to protect data, applications, and the associated infrastructure of cloud computing.‖
Note that cloud computing security referred to here is not cloud-based security software
products such as cloud-based anti-virus, anti-spam, anti-DDOS, and so on. There are many
security issues associated with cloud computing and they can be grouped into any number of
dimensions. According to Gartner [4], before making a choice of cloud vendors, users should
ask the vendors for seven specific safety aviders if need. S. Subashini and V. Kavitha made
an investigation of cloud computing security issues from the cloud computing service
delivery models (SPI model) and give a detailed analysis and assessment method description
for each security issue [8]. Mohamed Al Morsy, John Grundy and Ingo Müller explored the
cloud computing security issues from different perspectives, including security issues
associated with cloud computing architecture, service delivery models, cloud characteristics
and cloud stakeholders [9]. Yanpei Chen, Vern Paxson and Randy H. Katz believed that two
aspects are to some degree new and essential to cloud: the complexities of multi-party trust
considerations, and the ensuing need for mutual auditability. They also point out some new
opportunities in cloud computing security [10]. Data security is a common concern to all
technologies. However, it becomes a major challenge when applied to an uncontrolled
33
environment like Cloud Computing. It is important to distinguish between the security risks
associated with all IT infrastructures and those introduced by the use of Cloud Computing.
These risks are generally associated with open, shared and distributed environments.
Therefore, when analyzing the risks, it is important to separate existing problems from those
raised by Cloud Computing. In this paper, we deal only with issues introduced by the Cloud,
and related to data. Data outsourced to Cloud infrastructure is more vulnerable than that
stored on a traditional infrastructure, mainly for three reasons: (1) data is stored on the service
provider‘s infrastructure; (2) data of different users shares the same physical infrastructure;
(3) data is accessible via internet. Although there are many possible classifications for data
security issues, we have chosen to classify them according to three dimensions: single Cloud
characteristics, Cloud data life cycle and data security attributes, Our objective is to highlight
the impacts of these dimensions on data security as well as the common and distinct data
security implications associated to these categories.
 Data Issues According to Cloud Characteristics
We are interested, in this section, to data security issues raised by characteristics of Cloud
infrastructure compared to traditional proprietary infrastructure. Indeed, Cloud infrastructure
is different from traditional infrastructure. This differences offer many Data security issues
classification According to Cloud characteristics According to Cloud data life cycle
According to data security attributes Data security issues classification benefits but also
introduce numerous inconvenient, which may affect security. The main characteristics and
theirs direct benefits and inconvenient are the following
 Leased infrastructure Cloud infrastructure no longer belongs to user but to service
provider. Instead of purchasing dedicated hardware, users lease its use from a service
provider. Principal advantage: cost saving. Principal inconvenient: loss of control.
 Open infrastructure:
Cloud infrastructure is, generally, accessible via internet. Principal advantage: ubiquitous
access to services. Principal inconvenient: multiple entry points.
 Shared infrastructure
Unlike dedicate traditional infrastructure, Cloud infrastructure is shared among service
user. Principal advantage: cost saving. Principal inconvenient: Isolation failure risks
between users.
 Elastic infrastructure
Users Cloud can scale up/down the resources according to their need. Therefore, unlike
34
to the traditional infrastructure that depends on peak of demand, Cloud infrastructure
scale to current demand. Principal advantage: resource use optimization. Principal
inconvenient: resource reallocation risks.
 Virtualized infrastructure
Virtualization is the basic concept behind the Cloud. We no longer refer to the physical
machine but rather to the virtual machine. Principal advantage: infrastructure optimization.
Principal inconvenient: Classical problems associated with virtualization.
 Distributed infrastructure
Cloud infrastructure is distributed geographically around the world. Principal advantage:
Increase Computing and storage capacity. Principal inconvenient: Management
and maintenance of infrastructure.
5.1 Significance Security in Cloud Computing

Despite these benefits, the organization appreciates the cloud for receiving it .In the wake of
embracing CC, the critical duty regarding data the executives and insurance has a place with
the specialist organization. Wasim et al. eliminate the misfortune of data and its control from
independent sources by providing a secure processing environment, which can be used as a
framework for controlling data storage and use. The secure data environment reduces the
damage to the original registry gadgets, which can lead to malware The cost of using cloud
management in a secure environment must be reduced. Improve security execution and
minimize damage to data, software and hardware,
5.2 Cloud Computing Security Category

Cloud computing requires a security model that adapts to the prerequisites of trust and
promotes multiple uses. Since cloud computing involves the polling of assets, different
clients may approach them, so data stored in the cloud or over-monitored may face security
issues.When places with their characteristics, graphics and frameworks migrate to the cloud
computing environment, they should be in a state of restlessness to some extent .
Organizations should rely on their CC framework, and vendors can also choose to test cloud
cycles and opportunities. The foundation of trust and identity verification is control, data
security, perseverance and opportunity execution.
CC services and tools include: identity verification, approval, data encryption, data protection
and long-term services. Table 1 shows the links between cloud security requirements .gap,
cloud management and equipment. These needs must be met with honesty and integrity.The
35
cloud framework CC security level appears in six forms, including: personality, data,
foundation, organization, and software security. This is how we talk about them. Computing
and security are factors that hinder the acceptance of innovation.
Cloud security : Cloud security aims to prevent cloud computing platforms from misusing,
leaking and deleting online data. Cloud security is a type of network security. "Because cloud
service providers live or die by keeping their clients' data safe, most have very strong
security. In fact, the precautions taken by cloud services are often much ."Companies tend to
be unsure about cloud security because they don't understand how it works. Always ask your
cloud provider to explain their security procedures thoroughly. If you have an IT you can
consult too, that's even better."
Figure 5.2: Cloud Computing Security Model
 Identity Protection
It has security and business principles, "so that the ideal person can access the ideal asset at
the right time and for the right reason. This ensures the integrity and confidentiality of data
and applications, while increasing access to the right users. Because cloud computing
requires character security verification, it must go beyond usernames and passwords.
Personal protection may need to receive standard IT, which includes Conduct observations,
current issues and various issues to strengthen the assessment of customer demand risk levels.
The verification function should remain stable throughout the cloud framework and data life
cycle. Cloud computing requires more off-the-ground capabilities, especially when dealing
with Cloud security is to protect the data stored online from being misappropriated, leaked
and deleted by the cloud computing platform Methods of providing cloud security include
firewalls, intrusion testing, terrorism, tokenization, virtual private networks (VPN) and
avoiding public Internet connections. Cloud security is a data and stability requirement that is
36
vital to network security and information security.
 Information Security
In traditional data centers, they control physical access, access to hardware and software, and
identification of data security. In the cloud, the security barriers that protect the infrastructure
are eliminated. Data requires its own security and [5], [14]: Data isolation: When multiple
users use shared resources, the data should be stored securely in a multi-tenant environment.
Virtualization, encryption and access control will enable companies, stakeholders and
consumers to achieve varying degrees of isolation. Cloud Infrastructure Security 145
powerful data protection: the current data center environment.In most cases, because the
information is still under the control of the company, role-based access control at the user
group level is acceptable. Meet the assurance and compliance requirements for information in
the cloud. Effective data classification: Companies will need to know what kind of data is
important and where it is important to ensure cost-effectiveness and focus.The most
important area in terms of how to avoid data loss. Information rights management: usually
regarded as part of the identity that users can access. Strong data-centric security requires
policies, policies, and control mechanisms to store and access information so that it can be
related to the information itself.
Governance and compliance: An important requirement for corporate information
governance and compliance is to create information related to management and verification-
use the login function to monitor and audit the information security status. The cloud
computing infrastructure should be able to verify whether data is being managed through
appropriate controls, log collection, and reporting in accordance with applicable local and
international regulations.
 Infrastructure Security
The IAAS application provider treats the application under "Customer Virtual Sample" as a
black box ,therefore, it is completely independent of the process and management of
customer requests. The runtime application of the client application on the client server and
the provider's infrastructure run on top of it and are managed by the client. Therefore, it must
be noted that users must take full responsibility for ensuring the security of their cloud-linked
applications. Specification-specific applications should be designed for the Internet risk
model. Web design should be Standard security measures have been used to protect it from
common vulnerabilities on the Web. Application users are responsible for keeping their
applications up-to-date, so they must be protected from malware and hacker scanning in order
37
to gain unauthorized access to data in the cloud. Users should not try to use authenticated
authentication, authorization and custom implementations, because if implemented
incorrectly, they will be attacked. Whether it is a private cloud or a public cloud or SaaS,
PaaS or IaaS services, the cloud infrastructure should be Nature protection requires surface
protection of some components: cloud protection, nature-protected components used to build
the cloud, deploy and safely enhance the functions, interfaces and security support of other
components. Vulnerability assessment and change management processes can ensure
management information and service levels, thereby building trust. Strong interface security:
A strong security strategy and control are required to ensure the consistency and
responsibility of the communication system (user to network, server to application). It is
important to seize this important process to build trust. Infrastructure can be protected It is
tested, tested and implemented according to the building level (i.e network, host and
application level).
Infrastructure Components and Policies : Basic management expectations you must contact
the virtual machine supervisor. The additional management stack will be moved to other
virtual machines that have nothing to do with the processing base. The security of the
framework should be guaranteed so that attackers cannot access all the frameworks of the
organization through the entrance.There additionally is a need to keep segments independent.
Partition of the executives segments empowers network drivers to forestall simple admittance
to capacity formation of certainty that the framework is dependable. Driver or encryption
key. By separating the policy authority from the application location, such a compartment can
be easily created to drive and control the holder's ideas through a set of views within the
foundation. The holder has functions that do not require an application to run the software.
Allocating review space from application space can flip and change review records. The
authentication framework gives people confidence in authorized institutions.
Data Security: It is characterized as "a bunch of techniques for dealing with the cycles,
instruments and arrangements important to forestall, recognize, record and counter dangers to
computerized and non-advanced data .The actual access, equipment and software, and access
control controls are all focused on data insurance. The defense barriers to ensure data security
in the cloud are scattered. Data in the cloud requires its own security, including data that
ensures separate data. Separate the data. The fluctuation of the data separation level can be
achieved through virtualization, encryption and access control. This ensures the reliability of
unauthorized data. This is necessary in a multi-dimensional cloud environment. In this
38
environment, there may be multiple clients or multiple clients that cannot view or share each
other's data, but they share assets or applications in the implementation environment. Do
Advanced computing technology is used to build trust on a multi-purpose basis and contact
them to help with virtualization. Virtualization is used in cloud computing to test and
illustrate the reputation of a particular virtual machine. Through virtualization and
registration, various standards have been used to improve data security in Cloud foundation.
The search base is trusted. Separate administrative departments; distribute policy options
from the application location; and distribute policy execution from the application location.
The complexity and different parts of the code may lead to bugs responsible for the bug. As a
result, the size of the encoding code needs to be reduced: with simple code and fewer lines of
code, fewer errors will be displayed.
 Foundation Security: Proving that virtual and real cloud frameworks can be
trusted is a test. The confirmation of the basic business plan in the outsider
(TTP) is not enough. It is important that the organization has the authority to
verify business requirements to ensure that the hidden framework is secure.
Trusted by the foundation, software should be limited to maintaining
independence and overseeing
 Network security: Network security is the basic requirement of cloud
computing.
Network-level problems can directly affect cloud systems, mainly affecting bandwidth and
increasing system congestion. Many cloud users in mobile platforms use smart phones to
access SaaS cloud applications and services. Mobile devices sometimes produce not only
harmful malware, but also vulnerabilities. There are many obstacles to cloud network security
design. For example, the TCP connection It is handled by the firewall. Assume that the
virtual machine is outside the firewall and can be accessed by external users.
If the VM is moving to another location in the cloud, this will change the path of firewall
security. In this case, malware can spread from one network to another Multi-tenant cloud
Software Security.While there is an expansive scope of software advancement endeavors
regarding degree and trouble, every one of N requires security verification. Since there is
certainly no concept of complete security, the goal is to create security software that has well-
planned security, not based on the ability to think. With these letters, you can build software
with strict guarantees against attacks .Security The software should start with careful
consideration of the product, and outline the planning and use steps to shape the security test
39
pattern. In each case, despite the obstacles we could hardly imagine, they seized the
opportunity. "Engineers must adopt techniques to improve security software, including the
creation of security projects with legal inspection and separation authority, and the ability to
supervise the planning and implementation of appropriate security matters. The application
improvement team must create log insights with recorded insights. Usually, these logs are
used for investigation and trouble shooting yet an outside framework may be important to
join a few log occasions to deliver a security occasion. A superior log stream incorporates
greater security-important subtleties on customary occasions and those created by implanting
security controls.Cloud computing presents different dangers the organization that received it.
Through the cloud management agreement model and the delivery model, cloud security
issues can be significantly resolved. High cloud computing brings various threats to
enterprises embraced it. The cloud security problem has been incredibly solved through the
cloud management agreement model and the sender model. At a higher security level, it is
easier to perform small things [40], record or manage commands and endangered
configuration files in private places rather than in smaller open areas. The following sections
will discuss security components in cloud computing
5.3 Issues: Vulnerabilities, Threats and Attacks

However, understanding the least common troubles will help cloud developers design more
secure solutions. The following lists ten common types of cyber attacks against cloud users.
La‗Quata Sumter et al. [2] says: The rise in the scope of ―cloud computing‖ has brought fear
about the ―Internet Security‖ and the threat of security in ―cloud computing‖ is
continuously increasing. Consumers of the cloud computing services have serious concerns
about the availability of their data when required. Users have server concern about the
security and access mechanism in cloud computing environment. To assure users that there
information is secure, safe not accessible to unauthorized people, they have proposed the
design of a system that will capture the movement and processing of the information kept on
the cloud. They have identified there is need of security capture device on the cloud, which
will definitely ensure users that their information is secure and safe from security threats and
attacks. The proposed implementation is based on a case study and is implemented in a small
cloud computing environment. They have claimed that there proposed security model for
cloud computing is a practical model cloud computing.
40
The advantage of their work is assurance of security to the end users of cloud. The limitation
of this study is there proposed framework is not feasible for large scale cloud computing
environments.
5.3.1 Cloud Malware Injection Attack
Control user information attack malware injection in the cloud. If the cloud system is
successfully tricked, it will send the cloud user's request to the hacker's module or instan and
Figure 5.3: Cloud Malware Injection Attack
The most common forms of malware injection attacks are cross-site scripting attacks and
MySQL injection attacks. During the cross-site scripting attack, hackers added malicious
scripts (Flash, JavaScript, etc.) to malicious web pages.
5.3.2 Insider Attacks
Internal attacks are executed by legitimate users who deliberately violate security policies. In
a cloud environment, the attacker may be an administrator of the cloud provider or an
employee of a client company with extensive privileges. To prevent this malicious activity,
cloud developers should design a security architecture that should include different levels of
access to cloud services.There are internal threats: threatening users, unethical users, and
ugly users. Note the different types of internal hazards.
 Harmful employees or shopkeepers: The employee or store owner faces the most
important internal risk you face. This is because neither of you knows that they are
compromising. This can happen if an employee clicks on a phishing link in an email to
gain access from an attacker. These are the most common types of internal hazards.
41
 Stop employees: Careless employees or shop owners may be attacked. Keep the computer
or terminal turned on for a few minutes. Can visit Allowing ordinary users (or worse,
using software system accounts) to run IT is also an example of an insider threat .Most
security tools in use today try to prevent legitimate users from being compromised. These
include firewalls, end-scanning and anti-phishing tools. They are also common types of
violations, so this is understandable, and a lot of effort has been made to prevent them,
which is understandable .The other two types of configuration files are not easy to handle.
Because of careless behavior, almost It is impossible to know which event system is
correct. Network and security administrators may not know the background of this
request, so they will not be suspicious unless it is too late. Similarly, for malicious
attackers, they will understand the company's security system and related information.
Provides a great opportunity to escape without being discovered.
The most important issues in detecting insider threats are:
Legal users: This makes it difficult to stop the nature of the threat. When the actual login
profile of the participant is used, the alert is not activated immediately. Daily access to large
files or databases may be a legitimate part of their daily needs.
Figure 5.4: Insider Attack
Signs of Insider Attack

The attack can still be detected. Some signs are easy to find and take measures.
The most common indicators of internal hazards are:
 Unclear financial gains
 Abuse through service accounts
42
 Multiple login failures
 Invalid software access requestBig data or file transfer
5.3.3 Buffer Overflow Attack
Attackers exploit the buffer overflow problem by overwriting the memory of the application.
This will change the way the program works, resulting in file damage or disclosure of private
information. For example, an attacker may introduce other code by sending new instructions
to the application to access the IT system.If the attacker knows the memory configuration of
the program, they can deliberately provide un buffered input and cover the area where the
code is executed, and then return it with the code. For example, an attacker can jump over a
pointer (pointing to another area in memory) to gain control.
Figure 5.5 : Buffer Overflow Attack
How to stop the buffered stream?

Developers can avoid the risk of buffer overflow by using security measures in the code or
using internal protection languages. In addition, modern operating systems also have runtime
protection features. These are three common problems.Address Space Randomization
(ASLR)-Move in the address space of the data area. Often, information about buffer overflow
attacks is needed, and the location of the executable code and the random shape of the
address space actually make it impossible.Stop data processing: mark the memory part as
undeclared or undeclared Tools that can prevent attacks by running code in potential areas.
Structured Execution Handler Coverage Protection (SEHOP) is a built-in system that handles
hardware and software privileges to prevent malicious code from intruding into Structure
43
Acquisition Processing (SEH). This prevents the attackerEnable exploit techniques to use
SHE buffer overflow attacks
5.3.4 Verification Attack
Research shows that any authentication method related to web applications and the cloud
should support a more secure, easy-to-use interface and user mobility. Consumers prefer to
access their applications from a variety of locations and locations, such as desktops, laptops,
PDAs, smartphones,Their needs such as mobile phones are important requirements for
protecting applications. The introduction of large-scale attack vectors required by various
users in the cloud makes the security of cloud applications a problem. Cloud service
providers need to ensure that only legitimate users can access their services. This shows that
strong customers require authentication methods, but there are many attacks on this
authentication method. Therefore, the most secure authentication is fixed when the user
acceptability is the highest. Method is an important challenge. The context of cloud
computing. Therefore, the same technology should be studied in depth to ensure its
authenticity and prevent attacks.
The authentication method of the cloud environment: The authenticity and follow-up sections
provide a detailed description of the attack and possible solutions The easiest way to access a
site or server (or password-protected content) is through a brute force attack. Before logging
in, it will repeatedly try different combinations of username and password. This repeated
operation is like attacking a fortress.
5.3.5 Animal Power
The longer the password, the more combinations that need to be checked. Strong animal
attacks can be devastating If you use methods such as data retrieval, it can be difficult,
timeconsuming, and sometimes impossible. However, if the password is weak, it may take a
few seconds after only a few attempts. The targets of compulsory attacks include: Theft of
personal information (such as passwords, passwords and other information used to acces
online accounts and online resources) prompts users to send phishing links or spread fake
44
5.3.6 Brute Force Attack
A Brute force also known as force Cracking is the cyber attack equivalent of trying every
key on your key ring.Brute force are simple and reliable .Attackers let a computer do the
work trying different combinations of usernames and passwords .For example until they find
one that works .catching and neutralizing a brute force attack in progress is the best counter
.once attackers have access to the network they are much harder to catch.
Figure 5.6: Brute Force Attack
Moderate attack: Including an attacker who enters as a relay or proxy for self-release,
legitimate conversation or data transmission don‘t check the real-time nature of conversation
and data transmission Allow attackers to block confidential data Allows attackers to insert
invalid data and links in a way that cannot be separated from legitimate data One kind of
session is hijacking.
The targets of compulsory attacks include: Theft of personal information (such as passwords,
passwords and other information used to access online accounts and online resources)
prompts users to send phishing links or spread fake content exposing the website and other
information in the public domain may damage the reputation of the organization, and
transferring the domain to a website that contains malicious content may also have a positive
effect. Many IT professionals use this attack method to test network security, especially the
encryption functions used on the network.
Types of Mandatory Attacks:
There are different types of barbaric attacks, each of which has the above-mentioned purpose.
Mixed Animal Attacks: You may have heard of dictionary attacks. This is a common form of
brute force attack, which uses a list of words in a dictionary to crack the password. Other
45
types of attacks can use a list of commonly used passwords. For example, if Power Revice
Bret Attack anti-bracket attack does not target a specific username, but instead uses a set of
shared passwords or a set of passwords instead of a list of possible username.
Credential Filling: Once the attacker has determined a pair of username and password, they
can use this information to access various information, websites and network resources. The
next step is the password "password", your password will be a few seconds after the forced
activation Disappeared within the clock. For example, two-factor authentication for each
network resource and the use of different passwords help prevent reliable attacks.
How to stop Animal Attackers?
Low-purpose attacks usually rely on weak passwords and strong network management.
Fortunately, these two aspects can be easily improved to avoid these risks. Finally, it is
important to make the organization aware of the importance of password strength and
conventional information protection methods. Even with strong passwords, if security is not
an important part of your culture, employees may still face insider threats. Learn more about
force point's internal risk planning products.
5.3.7 MITM Attacks
Although the main idea of preventing the ongoing migration is the same, there are several
different ways that an attacker can attack among humans
5.3.8 Man-Prevent Attack
Intermediate attacks are sleep attacks, in which the attacker interrupts the current session or
data transmission. After inserting themselves in the "middle" of the transition, the attackers
pretend to be legitimate participants. This allows the attacker to intercept the information and
data of both parties while sending malicious links or other information to two legitimate
partners in a way that thinks it is too late.You can think of this attack as a phone game in
which one person‘s words are circulated between partners .This has changed since the time of
the last person. In a human-centered attack, a man in the middle manipulates an anonymous
conversation with one of two legitimate partners to obtain intelligence and cause harm in
other ways.Common abbreviations for middle attack, including MITM, MIM, and MIM.
Important Ideas of People in the Eastern Invasion:
Option 1: Withholding Data
The attacker installed a packet sniffer to analyze network traffic for insecure
46
communication.When a user logs into the site, the attacker will retrieve their user information
and send it to a fake site that mimics the original information.The attacker‘s fake site collects
data from the user. After that, the attacker can access the target information on the real site.
In this case, the attacker will stop transmitting data between the client and the server By
deceiving the client, he believes that he is still in conversation with the server and the server
thinking that he is still receiving information from the client, so data is retained from the
attacker and in the future, and wrong information can be injected into the server.
Option 2: Get Funding
The attackers set up a fake chat service that mimics popular banks.
The attacker used the information in the data intercepted in the first case, pretended to be a
banker and started chatting with the target.Then, the attacker initiates a chat on the real bank
site, pretends to be a target, and forwards the information needed to access the target account.
In this case, the attacker interrupted the conversation and allowed some parts of the
discussion to be passed on to the two participants.Attacking MITM in the real world
The Dutch registrar website DJ Notar was violated, allowing a dangerous actor to access 500
certificates from websites such as Google and Skype. By accessing these certificates, an
attacker can act as a legitimate website in a MITM attack and steal the password by entering
the password on the mirror site, thereby slandering the user's data. Due to the violation, DJ
Notar finally filed for bankruptcy.credit scoring company Aquifax removed its apps from
Google and Apple due to personal data leaks. Find a researcher The application does not use
HTTPS permanently, allowing an attacker to block the data because the user has already
gained access to his account.
Dialogues sensitive to MITM attacks: Any type of communication error between the two
parties, whether it is the data transmission between the client and the server or the
communication between two people on the Internet messaging system, may be an internal
intermediary attack.Login and identity verification on financial sites, connections protected
by public or private keys, and any other situations in which ongoing transactions may allow
attackers to access confidential information are sensitive.
47
Figure 5.6 : Middle in the Man Attack
5.3.9 Certificate Theft Attack
Certificate theft is a type of cybercrime that involves the theft of the victim's identity
certificate. Once the burglary is successful, the attacker will get the same benefits as the
victim. This is the first step: Reputation theft allows criminals to reset passwords, lock
victims from accounts, download private data, access other computers on the network, or
delete victims‘ data and backups. Cybercriminals can also use it to gain remote access to
third-party services (such as Drop box, Document Sign, Microsoft Office 365, and other
services that the organization typically uses for business operations services) and log in with
a valid password.For large and small organizations, reputation theft, reuse, and follow-up
measures for suspicious login names should all be top priorities. Stolen files are the largest
and most expensive source of data breaches, including Aquifax, Off American Affairs and
Yahoo Hack. Industrial control systems and other documents can be extracted in the form of
hashes, receipts or even plain text passwords. Attackers often use cheap and effective
phishing to deceive employees. Phishing is based on human-computer interaction, rather than
malware and exploits. It relies on unstable factors in security defenses.
48
Figure 5.6:Certificate Theft Attack
There are other ways to disclose credentials, including speculation, animal attacks, or
reputation leaks. Important infrastructure is also affected.
When stealing company credentials, attackers will condemn social media sites to obtain
contact information for users whose credentials will provide access to important data and
information. Phishing emails and websites used to steal company credentials are much better
than phishing emails and websites used to steal user credentials. Attackers treat emails and
websites as real company applications and communications.
How to prevent certificate theft The following are the best security measures: change
passwords regularly, and use multi-factor authentication when possible to prevent theft of
credentials.Replacing single-factor authentication (SFA) with two-factor authentication
(2FA) may reduce the likelihood of fish accounts. Train employees on how to create strong
passwords and detect phishing or fraud Follow pre-access management (PAM) best practices
to restrict company credentials to approved applications to prevent access to unexpected or
unknown applications and websites. Keep the operating system and equipment up to date.
Take permanent risks.
5.3.10 Denial of Service Attack
Website resources are vulnerable to "denial of service" or DOS attacks, so users who need to
access the website may not be able to do so. Many large companies have been the focus of
DOS attacks. Since DOS can easily attack from anywhere, it is difficult to find the person
responsible.
49
Figure 5.7 : Denial of Service Attack
Brief historical record: DOS was first attacked by 13-year-old David Dennis in 1974. Dennis
used an "external" or "external" command to write a program that caused some computers in
a nearby university's research laboratory to shut down.DOS attacks are becoming more and
more complex, so "Denial of Service" (DDOS) and status are becoming more and more
complex. Country Details of denial of service attacks .MOD attacks usually take one of the
following two forms. They overwhelm or crash Web services.
Flood attack: The most common form of flooding is an attack on DOS. This happens when
the attacker's system is exposed to a large amount of traffic that the server cannot handle.
ICMP flood. This is also called ping flooding, and it is an attack of the State Department that
uses fake computer network equipment to send misleading information packets to every
computer in the target network.SYN flooding is a change that takes advantage of the risks in
the TCP connection configuration. This is usually called a handshake connection with the
host and server. It works as follows:The target server receives a request to initiate the
handshake. However, in the SYN flood, there was a handshake .Ports that have never
completed a connection continue to send more and more requests to shut down the server,
ignoring all open ports.
Crash attack: When cybercriminals spread vulnerabilities that exploit vulnerabilities in the
target system, crash attacks are rare. result?
Crash attacks and flood attacks prevent legitimate users from accessing online services, such
as websites, gaming websites, emails, and bank accounts. Ready and cannot be used to
process other requests. As a result, the system eventually stops. DOS works differently from
50
viruses or malware, DOS can do it Don't rely on a specific program to launch an attack.
Instead, it takes advantage of the inherent weaknesses of computer network
communications.In a DOS attack, the computer is designed to send hundreds or thousands of
people to the server instead of "introducing." The server (which can't tell if the content of the
introduction is false) will return its usual response, waiting for one minute in each case before
listening. If no response is received, the server will close the connection and shut down your
computer, and send a short message: "OK, are you real?"The State Department‘s attack was
mainly about how organizations operate in an interconnected world. For consumers, their
service is a barrier to access to the service. How to help prevent DOS attacks If you rely on a
website for business, you can learn how to prevent DOS attacks.General rule: The sooner the
attack is carried out, the sooner the damage occurs. You can perform the following
operations.
Method 1: Get help to identify the attack
Companies often use technology or anti-DDOS services to defend or assist in defense. They
can provide you with more information. Determine the difference between a significant
increase in Network Traffic and a DDOS Attack.
Method 2: Contact your Internet service provider
If you find that your company is under attack, you should notify your Internet service
provider as soon as possible to determine if your traffic can be regenerated. It is also a good
idea to have a backup ISP. Also, consider services that can distribute large amounts of DDoS
traffic between server networks. This can help combat attacks.
Method 3: Research black hole routing
Internet service providers can use "black hole routing." This will result in redundant traffic,
sometimes called a black hole. The disadvantage is that both legal and illegal traffic are
restored in the same way.
Method 4: Configure Firewall and Router
Install firewalls and routers to eliminate forged traffic. Update routers and firewalls with the
latest security patches.
Method 5: Consider the Front-end Hardware
The front-end hardware of networked applications helps to analyze and filter data packets
before the traffic reaches the server. When the hardware enters the system, the data will be
classified as priority data, regular data or critical data. It can also help avoid data risks.
51
5.3.11 Dictionary Attack
Vocabulary attack is a very powerful method in which the attacker can give regular words
and impressions, such as creating dictionary words and password statistics. The fact that
individuals often use simple and clear passwords in multiple records suggests that vocabulary
attacks can be effective when fewer assets need to be implemented Cybercriminals use
automated software to test a large number of possible combinations to test passwords,
personal identification numbers (PIN) and other forms of login data for decoding and error
attacks. Serving In dictionary attacks, programs will enter words as a way to access systems,
accounts or confidential documents. Dictionaries can be attacked both online and offline.In
an online attack, the attacker attempts to log in permanently or log in like other clients. If the
programmer can enter the password, this type of attack would be better. In this case, if the
attack time is too long, it can be viewed by the system administrator or the actual
client.However, during offline attacks, there are no obstacles to the frequency of password
detection.To do this, programmers need to obtain password storage files from their
framework, so this is more criminal than online attack.
Figure 5.8: Dictionary Attack
5.3.12 Malicious Insider attack
Insider attacks are carried out by legitimate users who deliberately violate security policies.
52
In a cloud environment, the attacker may be a cloud provider administrator or an employee of
a client company with extensive privileges. To prevent this malicious activity, cloud
developers should design a security architecture with different levels of cloud service access
rights.
There are three types of insider threats: threatening users, rure users and malicious users.Be
aware of the different types of internal hazards
 Harm employees or shopkeepers
Allowing employees or shop owners to compromise is the most important internal risk you
face. This is because neither of you knows that they are compromising. This can happen if an
employee clicks on a phishing link in an email to provide access to an attacker. These are the
most common types of internal hazards.
5.3.13 Cloud API Vulnerability
The weakness of the API will seriously affect the security of cloud architecture, management,
delivery, and monitoring. Cloud developers need to have strong control over APIs.
Rough sketch: Although cloud providers use encryption algorithms to store data in storage,
they usually use limited entropy (such as time) to automatically encrypt data and
automatically create random numbers. For example, a virtual Linux-based computer will
generate a random key within a few milliseconds. For strong data encryption, this still has a
long way to go, but attackers also use sophisticated encryption methods to attack information.
Therefore, cloud developers should consider how to save data before entering the cloud.
How can you save your cloud?
For example, in an IaaS application, an attempt involves a virtual private cloud, and its own
association will interfere with the entire segment, leading to the synchronization of its
application. The data reaches the threshold. If the upgrade leaves the port (S3 or its PC and
cloud experts) open, the company needs to make sure it is not open so that someone can find
it and misunderstand it. The Association‘s Commitment This requires users to plan their
settings correctly and make sure Lu and human error will not destroy their friendship. A large
part of the security issues in the news is the misallocation of resources at stages such as
AWS-so when AWS does a lot of work for security agencies, consumers must admit that
AWS is a new business Terms. If individuals can usually obtain their qualifications and have
customer records, the consequences can be very serious.In the case where the internal
application of the user is not secure and is open to the public in any way, there is an open
53
attack method. People can go online, move records, or be attracted by any application
running in the work system itself. It aims to gain access to basic resources, such as company
and customer data, other relevant information indicators or whatever they have.
Although there are definitely risks associated with cloud computing, a large number of them
can be dealt with by adopting recognized technologies. Regardless of the broader verification,
Cloud Access Security Broker (such as CASB using McAfee Movies Cloud) allows McAfee
Moving Cloud Associations to control its data in the cloud .
View and control its data in the cloud: This is the only thing that depends on your (SaaS)
application, (IaaS) conditions and several shadow IT implementation points. With permanent
cloud protection on all cloud organizations, you can keep in mind the speed of cloud
accumulation in the association and simplify your business. Stepping into McAfee Immunity
Cloud can also benefit from it-people who rely on the need for permanent rules (people who
work in government associations or financial ideas such as Adventure or financial
organizations). M Vision Cloud further assists in meeting the internal procedures for data
verification so that it is not restricted by the association's security system. Research security
issues related to cloud conditions-and how to help stop them.
5.4 Cloud computing security protection technology

The technical protection of cloud data security is mainly for data encryption, data protection
and data. Backup, storage isolation platform, terminal operation and virtual host data
application Added polling and through virtualization, security risks will gradually increase.
The purpose of cloud computing security, We must first establish a reliable cloud computing
environment, data security level, etc.Security level Application security level and security
level virtualization.
Data Security Level
 Data Transmission Security
When using public clouds, if you do not use encryption algorithms for the data contained in
the transmission the main risk of data transmission over the Internet is the protocol to ensure
data integrity. You need to use encrypted data and security protocols to ensure data
transmission
Security in cloud computing.
 Data isolation
54
The basic technology of cloud computing is virtual, which means that different user data can
be combined. Safe in shared physical storage. For shared memory, it is necessary to achieve
instability by using virtual resources to limit applications that abuse unreliable applications.
 data encryption
Encrypting data is designed to prevent others from retrieving data after data theft. These files
are original files.
Data Encryption Application Form in Cloud Computing: Use private key to encrypt data.The
user uploads to the cloud computing environment, and then uses it in real time.When
decrypting, please avoid storing the data in any physical media. There are many types of
expiration dates .Data encryption algorithm, such as balance encryption, public key
encryption.In the cloud computing environment, there are some methods and data separation
and encryption of data usage is to spread the encrypted client data, and then spread it to many
different parts. Therefore, on top of cloud services, it is impossible for any service provider to
obtain even complete data. The power of animals, data is not available.
Application security level:
Cancel user protection In order for cloud service users to be able to use it, you must ensure
computer security. Deploy security Take the necessary steps to ensure the implementation of
all available software on user terminals, including anti-malware, anti-virus, personal firewall
and IPS software, and the security of end-to-end securityapplications, including cloud
technology platforms to deploy computing at the user level Platform application to improve
its securityIn a Cloud environment, users are usually only responsible for the security
function operation layer, including users, and access management requires cloud computing
service providers to ensure maximum availability. Security, such as client requests and
components .Cloud providers will virtualize application clients, just like black boxes in
virtual machines.The supplier does not know how to handle and deal with customer requests.
Therefore, the application and Engine users need to process operations no matter what
platform they are on Cloud computing platform. Therefore, cloud computing applications
require layered devices Extraordinary traffic monitoring, flow cleaning system and flow
tracking system and other safety equipment Deploy and implement cloud computing security.
Virtual security level
 Virtualization software security
Virtualization software is essential to ensure the implementation of virtual machine users
Mutual isolation in a multi-tenant environment enables client computer security In order to
55
run multiple operating systems at the same time, we must strictly prevent any unauthorized
access.The security arrangement of the virtualization software layer cloud service provider
Virtualization elements, such as password authentication and access control mode restrictions
Physical and logical access level 2 virtual server security The security of the virtual server
system needs to be strengthened and restricted regularly, and Allow other servers to load the
system to run patches, patches, open application services and ports Etc.. At the same time,
strictly control the number of virtual services running on the physical host and run other
network services are limited to physical hosts and use encryption for transmission. Between
virtual machines, and closely monitor virtual machine .
 Data Security Issues Solutions
Cloud Computing is used in a variety of service models:( SaaS, PaaS, IaaS): and deployment
models: private, public, hybrid, community. Therefore, the risks are different depending on
the level of cloud used; indeed, if the security control on a private Cloud is logically high
since mastered, the level of control over a public Cloud is substantially lower. Likewise,
whether the user depends on a software, platform or infrastructure, the level of control is
different and thus the security management will be different. IaaS provides an infrastructure
to host PaaS, which in turn provides a platform for developing and deploying SaaS
applications; therefore, there is a security
dependency between these layers. Moreover, Data in the Cloud can be in various states: at-
rest, in-use, in-transit. The data do not have the same level of security requirements. Data
being processed can not be protected with the same means as data in transit or at rest. The
primary method used to protect the transmitted and stored data is encryption. This method is
still valid today for Cloud environment. Yet, this solution is not always possible as regard
data-at-rest; In fact, a simple data encryption in an IaaS service is possible. However, data
encrypting in a PaaS or SaaS application is not always possible. Data-at-rest used by Cloud
applications is usually unencrypted because encryption prevents data indexing and searching.
This is the case for data-in use that must be in a clear form for many applications [5, 7, 18,
25]. In 2009, IBM announced the development of complete homomorphic encryption that
allows data to be processed by applications without their decrypting. The major inconvenient
of this technique is his cost and computational complexity.
Concerning data-in-transit, the use of encryption alone is not sufficient to secure this type of
data; Indeed, encryption guarantees confidentiality but not integrity [18].Therefore,
encryption algorithms are generally coupled with security protocols as well as network
56
security equipment [5, 14, 18, 22]. Moreover, encryption techniques for data-at-rest and the
data-in-transit may be different. For example, the encryption keys for the data in transit may
be of short duration, while the keys for the data-at-rest may be preserved during a longer
period [31]. Otherwise, data security solutions depend on other parameters such as: data size
and data type. Indeed, the conventional solutions for securing a small set of data may be not
suitable for large volume of data, like encryption and anonymization. Regarding data type,
for example, sensitive data require confidentiality while personnel data require privacy; the
information that must be protected in sensitive data is the content of data that were generally
achieved by encryption techniques. Information that must be protected in personnel data is
the user identity which generally achieved by anonymization techniques. All data type
require more or less availability and integrity. We summarized in Table 2 the common
solutions used to secure data in Cloud Computing according to the parameters mentioned
above. Our objective being to highlight the relationship between the different categories
belonging to our classification and the influence of security on each other. We can conclude
from this table that Cloud characteristics have an impact on the data-at-rest, data-in-use and
data-in-transit. This impact may affect their confidentiality, integrity as well as availability.
The solutions mentioned in the table are not exhaustive; we focus only on the most known
and widely used. We have established a classification of common security techniques
according to
data security attributes,. The most important of them (The basic techniques) have been
extracted and summarized from different literature works These techniques, which are based
for the most on simple encryption (symmetric and asymmetric), are often combined and
adapted to form other models in order to meet the security requirements. Trust and legal
issues are another important concerns in the cloud. Trust is one of the most difficult aspects
to achieve. Leaving data to a third party is difficult to accept for users, especially, when data
is sensitive [8, 15, 19]. Security measures appear insufficient in the absence of trust. Trust
can be enhanced by security policies, provider transparency and introduction of a trusted third
party in organization;
57
Chapter No 6
Privacy Issues in Cloud Computing
Privacy is a fundamental human right, enshrined in the United Nations Universal Declaration
of Human Rights and the European Convention on Human Rights. There are various forms of
privacy, including ‗the right to be left alone‘ and ‗control of information about ourselves‘ [7].
A taxonomy of privacy has been produced that focuses on the harms that arise from privacy
violations [8], and this can provide a helpful basis on which to develop a risk/benefit analysis.
Privacy is the ability of an individual or group to seclude themselves or information about
themselvesand thereby reveal themselves selectively, and it is include when: a subject may
be more concerned about her current or future information being revealed than information
from the past, (b) how:a user may be comfortable if friends can manually request his
information, but may not want alerts sent automatically, (c) extent: a user may rather have her
information reported as an ambiguous region rather than a precise point. In the commercial,
consumer context and privacy needs the protection and appropriate use of the information
about customers and meeting the expectations of customers about its use. In the
organizations, privacy entails the application of laws, mechanisms, standards and processes
by which personally identifiable information is managed [8].The privacy issues differ
according to different cloud scenario, and can be divided into four subcategories[5] [6] [8],
which include: how to make users remain control over their data when it is stored and
processed in cloud, and avoid theft, nefarious use and unauthorized resale, (b) how to
guarantee data replications in a jurisdiction and consistent state, where replicating user data to
multiple suitable locations is an usually choice, and avoid data loss, leakage and unauthorized
modification or fabrication,which party is responsible for ensuring legal requirements for
personal information. what extent cloud sub-contractors involved in processing can be
properly identified, checked .
6.1 The Importance of Privacy and Confidentiality in the Cloud

In addition to the cost-effectiveness of cloud computing, another asset that can be guaranteed
can increase the use of cloud organizations that ensure consumer data insurance. Taking all
factors into consideration, consumers believe that CC providers ensure the security of their
data increases their confidence in CC organizations and marks an improvement in the use of
58
these organizations.
Security versus Protection: The terms mystery and security are solidly associated; they are
over and over used inappropriately, also erroneously considered reciprocals. Protection can
be Related to protecting personal information or controlling intimate information. Therefore,
it involves two recipients: the social program is responsible for preventing access to the other
party's information In the final analysis, social workers accept the other party‘s assurance that
the other party will ensure its critical or private data to prevent it from being introduced
against the wishes of the data owner. In addition to these letters, the mystery also includes
external forces that prevent unauthorized persons from gaining security .In the picture shown
in the introduction, only natural and specific options that respond to personal information are
added. Ensuring privacy: The most basic part of security is to ensure its safety, which
prevents toxic users from obtaining information that could ignite basic problems in life.
Reports of intrusion mysterious incidents prevent users from using the benefits of fog,
because the benefits of fog are the need to take care of their key information or use their
management or cloud.Both cloud providers and customers can benefit from receiving orders.
When the provider promises not to introduce customer information, the provider will benefit
from the increase in revenue as the organization's usage rate increases. Protecting user
information requires knowing which data can refer to which components (users, applications,
systems, etc.), that is, to ensure that insurance cloud users should cover the correct
information. One of many common requirements is to choose risks to keep information
secure.
6.2 Cloud Computing Privacy Overview

Since cloud computing involves multiple residences and information exchange, the risk of
intrusion assurance and mystery is high. When users enter data into the public What are their
positions and commitments?
 Where is the data stored?
 How to simulate data?
When there are two pairs of information, the scope and disclosure of the user information
disclosed to the provider [100] is legal, then the security rights, responsibilities, and the status
of the information and the customer may change. The status and consequences of the legal
choice are as follows Ways to store or retrieve information on the Internet
59
Figure 6.1 : Security-only Privacy and Mutual Security and Privacy Matters in CC
Interesting eight. In this battle, the information field in the cloud determines the security and
privacy issues, as well as the insurance liability of the personnel handling this information. In
any situation If the law requires the cloud provider to provide information about a specific
user, you can enter the information and secrets contained in the cloud. Express's Subha shini
is responsible for designing and understanding providers, ensuring that their customer
information will not be passed on to others, or ensuring that they will not interact with other
people or interact with them. In addition, the customer has a promise to protect himself.
Control their practices and activities in the cloud, which may increase security threats.
Maintaining the levels of protection of data and privacy required by current legislation in
cloud computing infrastructure is a new challenge, as is meeting the restrictions on cross-
border data transfer. This is not just a compliance issue. As cloud services process users‘ data
on machines that the users do not own or operate, this introduces privacy issues and can
lessen users‘ control. Privacy issues are central to user concerns about adoption of cloud
computing, and unless technological mechanisms to allay users‘ concerns are introduced, this
may prove fatal to many different types of cloud services. For example, cloud services users
report high levels of concern when presented with scenarios in which companies may put
their data to uses of which they may not be aware [1]. Users‘ fears of leakage of
commercially sensitive data and loss of data privacy may be justified: in 2007 the cloud
service provider Salesforce.com sent a letter to a million subscribers describing how
customer emails and addresses had been stolen by cybercriminals [2]. Top database vendors
60
are adding cloud support for their databases (Oracle for example now can run directly on
Amazon‘s cloud service platform (EC2)),and so more data is moving into the cloud. Privacy
concerns will continue to grow, because these databases often contain sensitive and personal
information related to companies and/or individuals. Hence, there is a key challenge for
software engineers to design cloud services in such a way as to decrease privacy risk. As with
security, it is necessary to design in privacy from the outset, and not just bolon privacy
mechanisms at a later stage. There is an increasing awareness for the need for design for
privacy from both companies and governmental organisations [5,6]. Furthermore, there are
opportunities for the provision of a new range of ‗privacy services‘ that offer a cloud
computing infrastructure with assurances as to the degree of privacy offered, and related
opportunities for new accountability-related services to provide certification and audit for
these assurances (analogous, for example, to privacy seal provision for web services [3] and
mechanisms for privacy assurance on the service provider side [4]). The theme of proposed
Privacy Manager Tool is to ensure on privacy when cloud computing services are accessed
on client machine. The premium aspect of Privacy Manager Software is providing
obfuscation & de-obfuscation Service. This feature helps reducing critical user information
placed on the cloud and fields of data are obfuscated prior to sending data on the cloud server
for further action. Once data is obfuscated the output is de-obfuscated in the cloud. This
process of obfuscation and de-obfuscation uses a key selected by the user of cloud services
and selected key is not publicized. Even service providers are not aware of the key used.
Further, the Privacy Manager also facilitates End users to customize privacy of their personal
information, using multiple qualities, it also enables end users to reassess and then rectify
their private information that is stored inside cloud. The features of privacy manager software
like Obfuscation, Preference setting, Data access, Feedback and Personae are discussed in
detail. They claim that privacy of users can be assured by simply minimizing the quantity of
confidential data sent off to the cloud. The strength of their work is that their proposed
privacy manager tools is providing data minimization, access control, Purpose limitation,
user-centric design and feedback facility to the consumer of cloud services. The drawback of
their work is that it is not generalized and it cannot be implemented in all scenarios.
In this paper security concerns that occur in cloud computing services from user point of
view are discussed briefly.
61
 Privacy issues specific to cloud computing
Key aspects of cloud computing are that there is an infrastructure shared between
organisations that is offpremise. Therefore, there are threats associated with the fact that the
data is stored and processed remotely, and because there is an increased usage of
virtualisation and sharing of platforms between users. Protection of personal, confidential and
sensitive data stored in the cloud is therefore extremely important. Another feature of cloud
computing is that it is a dynamic environment, in that for example service interactions can be
created in a more dynamic way than traditional e-commerce scenarios. Services can
potentially be aggregated and changed dynamically by customers, and service providers can
change the provisioning of services. In such scenarios, personal and sensitive data may move
around within organization and/or across organizational boundaries, so adequate protection of
this information and legal compliance must be maintained despite the changes. There are
concerns that the speed and flexibility of adjustment to vendor offerings that benefits
business and provides a strong motivation for the use of cloud computing might come at the
cost of compromise to the safety of data. This is a big issue: safety of data in the cloud is a
key consumer concern, particularly for financial and health data. Rapid changes to cloud
environments challenge enterprises‘ ability for maintaining consistent security standards, and
providing appropriate business continuity and back-up. In particular, cloud computing
enables new services to be made available in the cloud (without a great deal of expertise
needed to do this) by combining other services: for example, a ‗print on demand‘ service
could be provided by combining a printing service with a storage service. This procedure of
service combination is typically under less control than previous service combinations carried
out within traditional multi-party enterprise scenarios. There might well be differing degrees
of security and privacy practices and controls in each of the component services. On the other
hand, the service provision might necessarily involve collection, storage and/or disclosure of
personal and sensitive information, and this information might need to flow across service
providers‘ boundaries. Furthermore, it is very likely to be the case that new risks to privacy
arise as usage of cloud computing increases: for example, new services that collect and
exploit personal or financial details.
6.3 Problems: Vulnerabilities Threats and Attacks

Privacy threats and risks for cloud computing In this section we consider privacy concerns
specific to cloud computing (beyond those considered in the previous two sections), analyses
62
differing cloud computing scenarios to illustrate how the privacy requirements for each may
differ, and provide an overall assessment of privacy risks for cloud computing Privacy issues
specific to cloud computing Key aspects of cloud computing are that there is an infrastructure
shared between organizations that is of premise. Therefore, there are threats associated with
the fact that the data is stored and processed remotely, and because there is an increased
usage of virtualization and sharing of platforms between users. Protection of personal,
confidential and sensitive data stored in the cloud is therefore extremely important. Another
feature of cloud computing is that it is a dynamic environment, in that for example service
interactions can be created in a more dynamic way than traditional e-commerce scenarios.
Services can potentially be aggregated and changed dynamically by customers, and service
providers can change the provisioning of services. In such scenarios, personal and sensitive
data may move around within an organization and/or across organizational boundaries, so
adequate protection of this information and legal compliance must be maintained despite the
changes. There are concerns that the speed and flexibility of adjustment to vendor offerings
that benefits business and provides a strong motivation for the use of cloud computing might
come at the cost of compromise to the safety of data. This is a big issue: safety of data in the
cloud is a key consumer concern, particularly for financial and health data. Rapid changes to
cloud environments challenge enterprises‘ ability for maintaining consistent security
standards, and providing appropriate business continuity and back-up. In particular, cloud
computing enables new services to be made available in the cloud (without a great dealof
expertise needed to do this) by combining other services: for example, a ‗print on demand‘
service could be provided by combining a printing service with a storage service. This
procedure of service combination is typically under less control than previous service
combinations carried out within traditional multi-party enterprise scenarios. There might well
be differing degrees of security and privacy practices and controls in each of the component
services. On the other hand, the service provision might necessarily involve collection,
storage and/or disclosure of personal and sensitive information, and this information might
need to flow across service providers‘ boundaries. Furthermore, it is very likely to be the case
that new risks to privacy arise as usage of cloud computing increases: for example, new
services that collect and exploit personal or financial details.
6.3.1 Damaged endorsement and compromise certificates
It may lead to security intrusions to different users of the cloud organization. A broken check
63
indicates a lack of tools to verify the customer's identity (in special circumstances, the
identity verification will ensure the user's character). When the provider cannot insist on
requiring authenticated users to add data in the cloud, it may lead to security intrusions to
different users of the cloud organization. Check and access control are convincing simply in
sure handling structures. Inadequacy or nonattendance of security controls in CC conditions
is among the explanations behind bartered accreditation. It is the capacity of providers to
ensure that there is a compelling affirmation structure to damaged endorsement and
compromise certificates.A broken check indicates a lack of tools to verify the customer's
identity (in special circumstances, the identity verification will ensure the user's character).
When the provider cannot insist on requiring authenticated users to add data in the cloud.
6.3.2 Data Breaches
Data disruption is where the cloud user‘s data is critical or where unauthorized personnel
view, obtain, or use it. The data disruption has a major impact on consumers, cloud
organization providers, and government offices.Relative to the data interval (including data
and estimated politeness) in the cloud phase, the required handling of security pressures is
dispersed. Clifton, more importantly, data courtesy includes a lot of consumer information
about cloud workers. In view of all circumstances, it must be confirmed that any data is
destroyed, such as data errors or transactions.At that point, estimation reliability includes the
execution of activities with no sort of bending. In any case, customer data remains frail
against bendings related with threatening customers, cloud Providers and malicious software
need to be disclosed immediately.In the formal registration, the application will be collected
as a help. Obviously, the staff will store a lot of information, which can be obtained under
special circumstances. Bell is here. Shows that cloud workers must be constrained by cloud
security and stability. This indicates that customer data may be changed due to errors, errors,
or threatening methods. As shown by Ateniese et al. The association‘s order has contributed
to the hard work of strengthening and restoring, moving data, and changing investments on
P2P infrastructure. In addition, the enemy can abuse the insufficient control power of the data
owner to carry out serious attacks on its own structure and data. At the same time, in the case
of considering the calculation, the choice whether to consider politeness first. Considering
that the nuances of estimates will never be clear to cloud customers, cloud workers may work
unreasonably, and Current registration result. In other words, they can ignore the semi-
authoritative model. For example, a pair of estimates requires a very critical proportion of
64
listed resources, which is provided by cat farmers to make the structure "dilapidated." In any
case, when following the semi-realistic model, problems such as late-stage cloud penetration,
weak code, miss configured organizations or projects, or late-stage intrusion systems with
root user rights may occur. The statistical data of fraudsters, risks, legal status issues, and the
impact of unreasonable expenditures in response to public and consumer fines, stabilize wage
losses. Data gaps can lead to smart data theft, misconduct and harassment, foolish use of the
Internet or data theft. The provider used to ensure the security of customer data and security
review can increase the data interval in the same way. When cloud computing organizations
need persuasive arrangements, approved personnel will provide cloud computing to helpful
users. Measures to help check their systems, log in quickly and block them.
6.3.3 Data Space Issues
The data location is the most well-known association faced by the association after adopting
cloud computing. Within the framework of internal registration, an association develops its
climate environment and uses these letters, the area of data put away and the measures set up
to secure the data. Nonetheless, in cloud computing, an association's data is put away
repetitively in variousactual areas and no nitty gritty data about the area of the data is given to
the association. In this way, it is hard to learn whether sufficient measures have been set up
to ensure the data. Besides, the administration buyers can't be certain whether lawful or
administrative necessities have been met by the suppliers. This commitment will require
cloud computing providers and cyclists to explicitly store data in locations and comply with
security regulations in these areas. Data may be discarded on the coast of a country, causing
other special and legal issues. Laws, security and administrative structures vary from country
to country. In the United States, if a crime is suspected, legal experts can use sensitive data
about useful purchasers without the approval of legal experts. Most European countries have
guidelines to ensure that consumer data is appropriately secured. Trans-outskirt travel of
delicate data just as the assurance estimates actualized to shield the data public and local
Security and protection issues. Laws within the region where the data is collected may allow
or deny the flow of information across suburban areas. There are some questions about
whether the law for collecting information still applies after the information crosses the edge.
The purpose of the information may bring security risks or advantages to the information.
Privileges can be intrusive. For example, some cloud providers (as information providers)
have the right to divorce, while other cloud providers are related to data ownership and
65
content disclosure.Another major security issue caused by cloud computing is the issue of
information access. When the client puts its information on the cloud management,
information security may be compromised. In addition, customers run the risk of losing their
information ownership, such as the right of cloud experts to divorce. Proprietary, privileged
due to the deletion of the first information, regardless of its legal ownership don't. At the
point when a CC specialist co-op authoritatively turns into the information proprietors just as
the information overseer, a security issue arises. Indeed, even with antiquated IT benefits, the
best practice is to isolate obligations, in which an alternate element possesses the information
while another remaining parts the central caretaker of that information. All things being
equal, with cloud computing, This view of the world has changed, and all the information that
is informed or informed to experts in various ways through its cloud is owned and monitored.
Such Practice ignoring responsibility and ignoring the central standard of the professional
revolution, which is an important principle in the generally accepted method of information
protection.
6.3.4 Virtualization Problems
Familiarity encourages the sharing of very expensive assets between different application
terms. It enables the association to communicate more effectively with its IT assets and
consider important uses. Virtualization inventions are rapidly evolving into standard
innovations used in IT associations.Asset virtualization is done with the help of a hypervisor,
which enables virtual machines (VM) to perform powerful asset allocation. Encryption for
virtual With virtualization A cloud framework used to bind information in a cloud path in a
private path, but the information must be unfounded in memory. This will create an
advertisement through which security can be entered, because virtualization can directly
improve the storage page of events and can obtain Information.still does not audit access for
it, file access history and data provide complete transparency or functionality, while using
physical servers and virtual servers at the same time. Currently, users can monitor their best
virtual hardware performance indicators, and the service system is very busy in event
logging. Cloud computing research community, especially cloud computing. The Security
Alliance has acknowledged this Cloud computing faces risks for the first time.
This is a list of seven major threats to cloud computing.
 Abuse and abuse of cloud computing
 Insecure application programming interfaces are harmful internally
66
 Weaknesses of shared technology
 As an unknown risk of data loss or leakage, a method to increase the accountability and
auditability of cloud service providers, for example, tracking the history of file access will
be promoted.
Minimize five of the above seven risks
 Establish an immediate accountability system and discuss the research field of auditing
capabilities;
 Because of the possibility of cloud computing, the complexity of achieving
accountability, and flexible resources, confidence in cloud computing is established,
 Promote the theoretical basis of system design to thoroughly solve all stages and abstract
layers of cloud accountability.
 Discuss relevant and further concerns
 Account, service and traffic hijacking
Interoperability: Interoperability can be defined as a measure of the degree to which different
systems or components can work together. More formally, IEE and ISO have defined
interoperability as two or more functions. Use more systems or applications to share
information and share information .In the context of cloud computing, exchange should be
regarded as an interoperability function. Enterprise public cloud services, private cloud
services, and various other systems can understand each other's applications and service
interfaces, configurations, authentication forms, etc. Collaborate with author authority, data
format, etc. another. In cloud computing, the most important component in communication is
the component of cloud customer service that interacts with the component of the cloud
service provider. Natural interaction is a network connection using a specific interface or
(API). Usually there Separate interface handles different aspects of each cloud service. For
example, Self-enabled cloud service interface, authentication and authorization interface,
interface Cloud service management and business interfaces for bills and invoices. Ideal
Interoperability is that interfaces are standardized in some way-that is, they are cooperative-
therefore Some (SaaS) providers specialize in providing( PaaS )platforms and their (SaaS)
services to allow customers Write and run customizable (SaaS) application code, and develop
and run new applications application. In this case, the code may also be included in the new
(SaaS) service of other providers Traffic problems. For more information on the impact of
mutual intervention and portability, see (PaaS) in this section.The aspects of cloud service
collaboration are mainly related to the three interfaces between customers. System and cloud
67
services interact with users and users of the environment .The functions, management and
business interfaces provided by cloud services. It is important to understand that the three
interfaces can be independent of each other, and the interaction of one interface cannot
guarantee the interaction of other interfaces. Interactive considerations the important thing is
mother-in-law Application function interface compatibility-specifically, the user interface is
introduced Eliminate users and any APIs available to users. This may be unrealistic Suppose
the user interface is the same as Cloud Service A and Cloud Service B, but It can be
reasonably expected that similar activities will be greatly reduced in the same way.
Interactive considerations: There are differences between the two cloud service providers.
The important thing is mother-in-law Application function interface compatibility-
specifically, the user interface is introduced Eliminate users and any APIs available to users.
This may be unrealistic Suppose the user interface is the same as Cloud Service A and Cloud
Service B, but It can be reasonably expected that similar activities will be greatly reduced in
the same way The cost and effort of training end users. Some (SaaS) providers specialize in
providing( PaaS )platforms and their (SaaS) services to allow customers Write and run
customizable( SaaS) application code, and develop and run new applications application. In
this case, the code may also be included in the new (SaaS) service of other providers Traffic
problems. For more information on the impact of mutual intervention and portability, see
(PaaS) in this section. For (IaaS) and (PaaS ) services, there is no problem with any practical
interface provided through collaboration. When the application moves from provider A to
provider B when requested and owned by the user Activity Interface. Similarly, the user
interface for the end user is likely will not be directly affected by application responsibilities
and direct cloud services. Until in The application can be ported, and then the user interface
will also be ported and will be available when using the cloud Service B. However, the cloud
service API is used for upload, deployment and control using tools used by customer
operations staff may interfere with cloud services These APIs and this tool need to be
connected to Cloud Service a first, and then to Cloud Service B Migration (for example, the
automated tools discussed earlier).To connect one cloud service to another cloud service, the
second cloud service must have a well-defined API, and the first cloud service can be used
remotely. Assuming cloud service SOA technologies (such as REST interfaces, stateless
communication) can simplify applications. Due to network interruption, performance
variables should affect API usage after consideration.The categories of the two cloud services
will affect the nature of the communication between the two Service When the first cloud
68
service is an IaaS or PaaS service, the application code is running his service belongs to users
of cloud services, and the main concern is whether the code can run successfully. Use another
cloud service (API). May enable (IaaS) or (PaaS) platforms Remote service (API) support
request.
 Privacy risks for cloud computing
In summary, the main privacy risks are: • for the cloud service user: being forced or
persuaded to be tracked or give personal information against their will, or in a way in which
they feel uncomfortable. • for the organization using the cloud service: non compliance to
enterprise policies and legislation, loss of reputation and credibility • for implementers of
cloud platforms: exposure of sensitive information stored on the platforms (potentially for
fraudulentpurposes), legal liability, loss of reputation and credibility, lack of user trust and
take-up • for providers of applications on top of cloud platforms: legal non compliance, loss
of reputation, ‗function creep‘ using the personal information stored on the cloud, i.e. it might
later be used for purposes other than the original cloud service intention • for the data subject:
exposure of personal information.
What types of information need to be protected?
‗Personal information‘ is a term that may be used in a slightly different manner by different
people, but in this document, we mean by this term privacy sensitiveinformation that includes
the following:
- Personally identifiable information (PII): any information that could be used to identify or
locate an individual (e.g. name, address) or information that can be correlated with other
information to identify an individual (e.g. credit card number, postal code, Internet Protocol
(IP) address).
- Sensitive information: information on religion or race, health, sexual orientation, union
membership or other information that is considered private. Such information requires
additional safeguards. Other information that may be considered sensitive includes personal
financial information and job performance information.
- Information considered to be sensitive PII, e.g. biometric information or collections of
surveillance camera images in public places.
- Usage data: Usage data collected from computer devices such as printers; behavioural
information such as viewing habits for digital content, users' recently visited websites or
product usage history.
- Unique device identities: Other types of information that might be uniquely traceable to a
69
user device, e.g. IP addresses, Radio Frequency Identity (RFID) tags, unique hardware
identities.
 Protect personal information in the cloud
Personal information must be protected from loss or theft. To do this, security safeguards
should be used that prevent unauthorized access, disclosure, copying,use or modification of
personal information. Tamperresistant hardware might be used during transfer and storage to
protect data via hardware-based encryption and provide further assurance about the integrity
of the process. Personal information must be protected by setting up access controls
governing access to it. In addition, personal information must be transferred and stored
according to privacy laws, using cryptographic mechanisms and possibly protected storage
depending on the level of security required. If data is encrypted,this also allows deletion of
large amounts of personal info that is no longer needed, by destroying the corresponding
decryption kePrivacy challenges for cloud computingThe privacy challenge for software
engineers is to design cloud services in such a way as to decrease privacy risk, and to ensure
legal compliance. Laws placing geographical and other restrictions on the collection,
processing and transfer of personally identifiable and sensitive information limit usage of
cloud services as currently designed. For example, a UK business storing data about
individual customers with the prominent cloud service provider Salesforce.com could find
itself in breach of UK data protection law [9]. Customers may be able to sue enterprises if
their privacy rights are violated, and in any case the enterprises may face damage to their
reputation. There have been a number of high-profile privacy breaches in the news recently.
It is also important to allay users‘ fears about usage of cloud services. Concerns arise when it
is not clear to individuals why their personal information is requested or how it will be used
or passed on to other parties: this lack of control leads to suspicion and ultimately distrust
[10]. There are also security-related concerns about whether the personal data in the cloud
will be adequately protected
70
Chapter No 7
Mutual Security and Privacy Issues in Cloud Computing
According to several surveys, lack of trust in handing over sensitive information to cloud
computing service providers (CSP) is a major obstacle, and cloud computing has been
widely adopted. From the perspective of CSP, the long-term return on investment of cloud
infrastructure depends on whether this obstacle can be overcome. Encryption and
confidentiality can only solve certain problems with security technology: research is needed
to improve the CSP's sense of responsibility and responsibility. However, achieving cloud
accountability is a complex challenge. Consider the large virtual and physical distribution
server environment to be used now Track the location of the source and duplicate files in real
time,Record the life cycle of the file, and edit the content and record the history of access
permissions. This position paper addresses the research-related challenges, one of which is
the cloud accountability system and the cloud accountability system. Equally important is the
need for this preventive control Spy control improves transparency
Figure 7.1:Internal Security and Privacy Issues in Cloud Computing
services if it is an IaaS or PaaS service, the code belongs to it Customers and us

ers can control the API that provides the first service. Be the second the cloud service is a
SaaS service, and the API is configured by the cloud service provider. The thing is API is
provided using standard technology. Ideally, the description of the entire interface Standard,
but not a standard protocol under normal circumstances, the basic protocol should be a
71
standard protocol (for example, use) REST/JSON or REST/XML protocol and data format).
If the API is not standard, it is generally, there is a risk of locking customers to specific cloud
services and searching Going to another provider is difficult and expensive. An important
function of cloud computing is to extend its infrastructure to support multiple tenants sharing
this infrastructure. Hyperiser can run many virtual machines (VM). In addition, some
applications run directly on the CC hardware.You can use Hypervisor to access all virtual
machines on the same server from a virtual machine. An attacker can position SaaS as
accessing data from another application running on the same virtual machine. The content of
data security and privacy protection in cloud is similar to that of traditional data security and
privacy protection. It is also involved in every stage of the data life cycle. But because of
openness and multi-tenant characteristic of the cloud, the content of data security and privacy
protection in cloud has its particularities. The concept of privacy is very different in different
countries, cultures or jurisdictions. The definition adopted by Organization for Economic
Cooperation and Development (OECD) [11] is "any information relating to an identified or
definition provided by the American Institute of Certified
Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) in
the Generally Accepted Privacy Principles (GAPP) standard is ―The rights and obligations of
individuals and organizations with respect to the collection, use, retention, and disclosure of
personal information.‖ Generally speaking, privacy is associated with the collection, use,
disclosure, storage, and destruction of personal data (or personally identifiable information,
PII). Identification of private information depends on the specific application scenario and the
law, and is the primary task of privacy protection.
7.1 Damaged Sharing Platform

An important function of cloud computing is to extend its infrastructure to support multiple
tenants sharing this infrastructure. Hyperiser can run many virtual machines (VM). In
addition, some applications run directly on the CC hardware.
You can use Hyperviser to access all virtual machines on the same server from a virtual
machine. An attacker can position SaaS as accessing data from another application running
on the same virtual machine. The combined platform makes CC insecure because attacks can
be launched from any level.
7.2 Natural Disasters

Natural disasters are possible or unforeseen events. They can destroy landscape design and
72
even life. These are unavoidable phenomena, but their impact on cloud computing should be
minimized. Natural disasters usually interrupt power lines, turn off CC equipment, and
prevent consumers from using CC services.
7.3 Permanent Data Loss

Since data loss in cloud computing has a high impact on cloud users and providers, it will
bring serious risks. When malicious attackers access and delete data, data leakage may cause
permanent data loss. They can use the latest technologies and procedures that prevent data
recovery.Cloud users may accidentally delete their data their unethical behavior or
insufficient information about the use of cloud services and resources can complicate the
situation. If the cloud is accidentally deleted, the cloud service provider may lose data.
7.4 Virtual Machine Transfer Attack

VM Transfer is a management tool for load balancing, disaster recovery, server stability,
hardware management, etc. VM migration management adds another level of complexity to
the security process, especially when the VM is migrated to an insecure environment.When
the VM migration starts, after identifying the target physical host and communicating with
the target host, the migration will be requested. These steps are performed by the same VM.
Transfers should be protected to ensure this. Information about this process should not be
disclosed [61]. The lack of verification and accountability makes it easy to use migration to
control virtual machines and disrupt CC services. The attacker can direct the VM to a specific
managed computer, or destroy the VM by transmitting information about the wrong resource
.When attackers control the host system to which the virtual machine is directed, they can
easily gain control of the virtual machine and use it to infect other hosts and virtual machines
on the Internet.Attackers may also cause unplanned migration of VMs, thereby disrupting
cloud services. An attacker can manipulate the VM to obtain information about the cloud
infrastructure. Attackers can access data, manipulate, delete, steal or use users without
permission.
7.5 Internet Security and other Privacy Issues

Other problems faced by cloud computing include account or service hijacking, phishing,
fraud, and user account or service hijacking. Attackers can add information to user accounts,
and the cloud can lead users into insecure environments. Lack of rationality is another
73
challenge. This is because adult cloud users lack information. When consumers lack
information about the cloud environment and security practices, they will not be able to
respond effectively to the suspicion process.Cloud users need to understand how to
incorporate attackers into their vulnerabilities. Cloud users use a variety of different software
interfaces and APIs to access services. Some organizations and third parties develop
interfaces to provide value-added services to their customers without considering the
increased risk of attacks that bring more interfaces to customers.Case studies of common
security and privacy issues Another rising concern, exacerbated by Cambridge Analytica‘s
breach of Facebook data, centers on how bad actors access private data from social media
platforms and elsewhere and use it to manipulate opinions for the benefit of a few. For
example, the Russian operation Internet Research Agency is accused of interfering in the U.S.
7.5.1 Case Study 1: Account Hijacking
In July 2012, the CEO of Cloud Fair hijacked the account using stolen credentials after
closely monitoring online activities. The cookie group UG Niazi hijacked the account.
Cracker took advantage of a major error in Google's Gmail password recovery system and
AT&T's voice mail system. Due to a malfunction of the cracker, the AT&T system
transferred the victim's mobile phone to a fake voice mail box. There was confusion during
the Google account recovery process, which prevented the victim from verifying that he was
the rightful owner of the account. This allows the attacker to access the victim's Gmail
account and use their email address as a secondary email address. The victim no longer has
access to his account. The Google account recovery process allowed two-factor
authentication settings, so the affected people were rejected. By canceling the two-factor
maintenance system, administrative privileges solve the account security problem.
7.5.2 Case Study 2: Network-based Attack
Technical author Matt Hannan (Matt Hannan) became the target of a cyber-attack in August
2012. During the event, after deleting important information from computing devices such as
iPad, MacBook and iPod, his social life was completely destroyed. This attack marked the
breach of the authentication systems used by Amazon and Apple. The details of the victim
were posted online, and the attacker also used his @me.com address.
The attacker compromised Hunan's credentials and used it to change the log. Due to weak
permissions With the help of Amazon and Apple's authentication systems, the attacker was
74
able to change the credit card and email address associated with the Amazon account. After
changing the @me.com address of the victim, the attacker deleted all the information in the
Constitution, MacBook and iPod from the Apple I Cloud account in Henan.
7.6 Data Life Cycle

A. The data life cycle is the sequence of stages that a particular unit of data goes through
from its initial generation or capture to its eventual archival and/or deletion ... Data are
corporate assets with value beyond USGS's immediate need and should be manage
throughout the entire data lifecycle. Questions of documentation, storage, quality assurance,
and ownership need to be answered for each stage of the lifecycle.The whole process is called
data life cycle generation Used to destroy data. Data life cycle division See the following
seven-step diagram:
Figure 7.2: Data Life Cycle
B. Data Generation
Data production involves data ownership. Traditional IT environments usually own and
manage data by users or organizations. But if you want to move data to the cloud, this is it
,Data retention procedures should be considered. Data owners have the right to obtain
personal information, understand the personal information being collected, and in some cases
can prevent litigation, collection and use of personal information.
75
C. Transfer
In the enterprise, data is usually not encrypted, or only simple data transmission encrypted
measurement. The limited company transmits data throughout the enterprise. Limit the
confidentiality and integrity of data. In other words, data encryption is not enough. Data
integrity is also required. Therefore, in order to ensure that the transmission protocol provides
privacy and integrity, data transmission not only needs to be transmitted between enterprise
storage and cloud storage, but also privacy and integrity.The amount of data In these cases,
for example, a synchronous encryption algorithm is more suitable as a symmetric encryption
algorithm. The second important issue about data encryption is key management. Who is
responsible for management? Ideally,They have the data. But for now, because users usually
don't allocate too many skills to manage the key management keys of the cloud provider. As
a cloud provider
For a large number of users, the keys need to be retained, and key management will become
more complicated and difficult. In addition to data privacy, you also need to pay attention to
the integrity of the data. When How do users enter multiple GB to test (or more) data in data
integrity in cloud storage? Due to the rapid flexibility of cloud computing resources, users do
not know where their data is. Use the cloud user's network (bandwidth) and schedule. Some
cloud providers, such as Amazon, will require customers to pay transfer fees. How to directly
verify the integrity of no data in cloud storage, downloading the data and then uploading it is
a big challenge. Because data is active in cloud storage, traditional technologies cannot
effectively ensure data integrity.
D. Use
For the static data using a simple storage service, such as Amazon S3, data encryption is
feasible. However, for the static data used by cloud-based applications in( PaaS )or SaaS
model,data encryption in many cases is not feasible. Because data encryption will lead to
problems of indexing and query, the static data used by Cloud-based applications is generally
not encrypted. Not only in cloud, but also in traditional IT environment, the data being treated
is almost not encrypted for any program to deal with. Due to the multi-tenant feature of cloud
computing models, the data being processed by cloud based applications is stored together
with the data of other users. Unencrypted data in the process is a serious threat to data
security .regarding the use of private data, situations are more complicated. The owners of
private data need to focus on and ensure whether the use of personal information is consistent
76
with the purposes of information collection and whether personal information is being shared
with third parties, for example, cloud service providers.
E. Share
Data sharing is expanding the use range of the data and renders data permissions more
complex. The data owners can authorize the data access to one party, and in turn the party
can further share the data to another party without the consent of the data owners. Therefore,
during data sharing, especially when shared with a third party, the data owners need to
consider whether the third party continues to maintain the original protection measures and
usage restrictions. Regarding sharing of private data, in addition to authorization of data,
sharing granularity (all the data or partial data) and data transformation are also need to be
concerned about. The sharing granularity depends on the sharing policy and the division
granularity of content. The data transformation refers to isolating sensitive information from
the original data.This operation makes the data is not relevant with the data owners.
F. Storage
The data in the cloud may be divided into: (1) The data in (IaaS )environment, such as
Amazon's Simple Storage Service (2) The data in( PaaS )or (SaaS) environment related to
cloud based applications. The data stored in the cloud storages is similar with the
ones stored in other places and needs to consider three aspects of information security:
confidentiality, integrity and availability.The common solution for data confidentiality is data
encryption. In order to ensure the effective of encryption, there needs to consider the use of
both encryption algorithm and key strength. As the cloud computing environment involving
large amounts of data transmission, storage and handling, there also needs to consider
processing speed and computational. efficiency of encrypting large amounts of data. In this
case, for example, symmetric encryption algorithm is more suitable than a symmetric
encryption algorithm. Another key problem about data encryption is key management. Is who
responsible for key management? Ideally, it‘s the data owners. But at present, because the
users have not enough expertise to manage the keys, they usually entrust the key management
to the cloud providers. As the cloud providers need to maintain keys for a large number of
users, key management will become more complex and difficult.In addition to data
confidentiality, there also needs to be concerned about data integrity. When the users put
several GB (or more) data into the cloud storage, they how to check the integrity of the data?
As rapid elasticity feature of cloud computing resources, the users don‘t know where their
data is being stored. To migrate out of or into the cloud storage will consume the user's
77
network utilization (bandwidth) and an amount of time. And some cloud providers, such as
Amazon, will require users to pay transfer fees. How to directly verify the integrity of data in
cloud storage without having to first download the data and then upload the data is a great
challenge.As the data is dynamic in cloud storage, the traditional technologies to ensure data
integrity may not be effective.
In the traditional IT environment, the main threat of the data availability comes from external
attacks. In the cloud, however, in addition to external attacks, there areseveral other areas that
will threat the data availability: (1) The availability of cloud computing services; (2) Whether
the cloud providers would continue to operate in the future? (3) Whether the cloud storage
services provide backup?
G. Archival
Archiving for data focuses on the storage media, whether to provide off-site storage and
storage duration. If the data is stored on portable media and then the media is out of control,
the data are likely to take the risk of leakage. If the cloud service providers do not provide
off-site archiving, the availability of the data will be threatened. Again, whether storage
duration is consistent with archival requirements?
Otherwise, this may result in the availability or privacy threats. Archiving for data focuses on
the storage media, whether
H. Destruction
When the data is no longer needed, even if it is caused by the complete destruction of the
physical characteristics, the deleted data in the storage medium may still exist and can be
retrieved, and unintentional retrieval may reveal sensitive information.
7.6.1 Cloud Computing Life Cycle Issues
Any life that really exists is a risky business. If people put up many fences to deal with
various dangers, then life itself will be closed. The transition from the traditional IT server
environment to the cloud model brings new challenges and risks, and provides opportunities
for cost savings. IT organizations rely on the standards and guidelines of many organizations,
including the National Institute of Technology.Standards and Technology (NIST),
International Organization for Standardization (ISO), Open Web Application Security Project
(OWASP), Structured Information Standards Organization (OASIS) and European
Telecommunications Standards Institute (ETSI). These standards address life cycle issues,
including requirements, architecture, implementation, deployment, and security.In order to
78
gain recognition and trust, cloud computing standards need to be developed for cloud
environments. In addition, key aspects of cloud security, such as incident management and
response, Encryption, key management, and hardware and software elimination all need to be
addressed and integrated into the cloud computing process. This chapter covers these
important topics. Why do we need cloud computing solutions? There are many benefits to
using cloud computing solutions, some of which are as follows. Improved software and
hardware performance. With cloud computing solutions, it is easy to create the best software
and hardware specifications to achieve the best performance of cloud-based applications.
Flexibility and functionality-cloud computing provides customers with a variety of services
they can do Choose the best option for its application through various deployment models
and features. Cloud servicesare very affordable. Increase uptime and availability-This is a
highly available and good uptime that helps manage large amounts of traffic at a specific
time.Better collaboration through real-time sharing-cloud computing includes real-time
sharing. The life cycle of cloud computing solutions-building such a cloud platform takes a
lot of time.
Let's look at the steps or life cycle involved in a cloud computing solution.
Step 1: State the purpose
The application you want to run on the cloud. Next, you must decide whether you want to
make your cloud a public cloud, private cloud or hybrid cloud.
Step 2: Describe the Hardware
The most important consideration after this process is to determine the hardware required.
One must be very precise when making decisions. To do this, you need to choose a
computing service that provides the right assistance when resizing your computer to maintain
the application.
Step 3: Specify storage space
Every application needs to be stored properly so that its data can be stored safely. If you have
any requirements, The storage type that should be chosen carefully should choose storage
services so that they can back up and save data on the Internet.
Step 4: Describe the network
The network is the key to providing data to end users. Therefore, the network should be
designed to be sincere and flawless, so as not to destroy the intruder. Anyone in the network
should define a network that can securely provide data, video, and applications in a shorter
period of time and at a faster transmission speed.
79
Step 5: Explain security
Security is a key aspect of any application. Configure the security service so that the service
can authenticate users or restrict access to resources to specific users.
Step 6: Describe the management process and tools
Developers should have complete control over the resources and configurations there, and
introduce you to some management tools that monitor your cloud environment, the resources
used, and the client applications running on it.
Step 7: Process test
Inspection is another important part of any application deployment life cycle. All errors can
only be detected by testing.
Step 8: Analysis
Finally, use analysis services to analyze and visualize the data, where you can start asking for
data immediately before you can get the results. After the analysiBroadly speaking,
80
Chapter No 8
Security of Cloud Computing
guidelines for protecting the cloud environment. Cloud security control can help companies
respond, evaluate and implement cloud security. In cloud computing, cloud service providers
host applications on the company's own server and make them available on the Internet,
while the local software is located on the company's own server. Since cloud computing is
different from deployment anywhere, it is reasonable to expect that cloud security will also
be different. It is important for organizations to understand the differences between clouds
Security and data center security before migrating to the cloud. After the transition is
complete, the company must implement security controls, which is very important although
cloud service providers provide a series of cloud security tools and services to protect users'
networks and applications, the organization's administrators must enforce security controls.
In addition, when the company transfers sensitive data and applications to the cloud, user
access rights are also lost. Therefore, administrators must also implement cloud-based user
access control .To be more agile, the company divides its cloud-based applications and
sensitive data into multiple cloud services and deployment models.There are many measures
and controls to protect the cloud in terms of security and privacy
Figure 8.1: Cloud Computing Security Control
8.1 Control Hardware-Based Attacks

In any case, if the supply chairperson should have a clear and direct presence, this violates
the customer's classification and is simple and clear, while ignoring the physical security
81
system. In order to eliminate side-channel attacks, the code calculation steps can be modified
to change the storage and memory design. Attacks on the side channel may indicate
insufficient data.Intelligence is the control of device-based attacks. Including access control
and verification measures for others. Conventional sketching strategies include character-
based encryption and progressive personality-based encryption (HIDC). Etc. Personalized
encryption (IBC) is a public key innovation that allows the user's public identity to be used as
the user's public key. HIDC is a breakthrough of IDC because it aims to solve the problem of
IDE adaptation through the role of the administrator and HIDC in the cloud environment
through authentication and access control. Each cloud customer and staff has its own
personality and is gradually separated by a framework. Koroch consists of five accounts.
Root management, lower level management, extraction, encryption and chaos. The use of key
characters and multi-level personalized ciphers (HIBC) can ensure key distribution,
authentication and access control.
The following are some security control measures used to address device-based attacks [91]:
 Storage (PLC) using partitioned reserves and bolted land blocks: Cache allocation
involves the name of the storage block, and data splashing can not be avoided until a
completely certain cycle. The PLC authorized backup line contains basic information and
reduces execution damage.
 Disable access to the cache Sbox
 Avoid lookup tables
 Enter the candle activity
 Preheating.
8.2 Control Hypersensitivity Attacks

Similarly, part of the components that target device-based attacks are also forced to ensure
the security of hypersensitive programs. Device-assisted virtualization (HAV) is an effective
innovation to prevent hypersensitivity. The security of AVV Forestals threatens the integrity
of hypersensitive objects, and the framework is the separation of upgraded equipment assets.
Through HV, you can understand the virtualization of the actual memory of the device. The
memory address ranges from virtual visitors to physical visitors, and then to the physical
visitor frame.
This innovation provides an additional secure input-output memory management unit
(IOMMU), allowing virtual machines to directly access edge gadgets.
82
According to him, an attack from a deadly gadget could be a bargain for the integrity of
hypersensitivity. The programming-based security method can ensure that the resident virtual
machine is migrated to the most cutting-edge virtual machine. These methods can protect the
virtual machine from internal (operating system level) or external (hype wiser level)
infringement. This can be achieved by protecting the VMware super strategy: memory
isolation, gadget isolation, and organization isolation [5]
8.3 Control through Cloud Audit

Evaluate consistence, identification, stronghold, and security criminology k the safety plan,
organizational arrangements, functions, procedures and special controls, and In fact, standard
security reviews are fundamental, and accordingly, should zero in both on receptive reviews
when occurrences happen and on proactive reviews directed Evaluate security controls,
cycles, strategies and activities, efficiency and common sense to ensure immediate access to
customer resources.
Fettsey et al. highlighted two key issues of security review in CC. First, cloud expert
organizations need to simplify their security review techniques for customers. Second, when
considering many different and broader requests, a consensus must be reached on legal,
administrative, and approval requests to ensure safe participation. data resources, which the
cloud specialist organization directs. Inspecting security necessities inside a cloud climate can
be an altogether testing try. While trying to determine this issue, cloud specialist co-ops
endeavor to uphold straightforwardness while overseeing data security. They work side by
side with individuals, companies, and supplier review programs to improve trust and
relationships with these customers.
In terms of checking methods, functions, methods, and special controls, cloud providers face
great difficulties. They must straighten out their security check strategies and monitor them to
measure too much information. Because computerized gadgets contain digital errors and
misleading practices, criminal gangs may find it difficult to obtain cloud-related information
that is supervised by government courts.
8.4 Effective Encryption Control

To improve security, advanced encryption calculations can be applied to CC. These include:
(1) feature-based encryption calculation, (2) fully homographic encryption and (3)
synchronous encryption. Function-based encryption (ABE) data strategy consists of ABE or
key management ABE [120]. In CPABE, the secret agent is responsible for controlling entry
83
procedures. As unexpected features were added to this process, the public framework project
became more stressful, thereby protecting the framework. More disturbing. In encryption
based on the key policy attribute (KP-ABE), this attribute set is used to describe the private
key attached to the encrypted message and the escrow encoded message provided by the
client.Using Full Job Encryption (FHE) in cloud computing can directly calculate the
encoded information. Unexpectedly, the actual use of this technology is limited to the most
basic information preparation, that is, the explicit addition and copying of numbers. Balanced
encryption (SE) includes a type of encryption whose information encourages more secure
searches than encoded information. In order to improve the quality of queries, SEO arranged
Watchword files to safely execute client querie .These encryption techniques can be
improved with dynamic packs to give better security to information. Trust management is an
abstract system that usually uses symbolic representations of social trust to help automate the
decision-making process. Such a representation, for example in the form of a confidential
document, can be used as the result of a trust evaluation to summarize the trust management
system. Trust management is known for improving information security, especially the
accessibility of control policies.
8.5 Trust Management Control

The concept of trust management has been introduced by Matt Blaise to automatically verify
operations according to security policies. In this concept, if the operation reveals real
credentials, regardless of their real identity, the symbolic representation of trust can be
separated from the real person. Daily ticketing experience can better describe trust
management. You can purchase tickets that are eligible to use this ticket. Enter the stadium.
Tickets are a sign of confidence that the ticket holder has paid for the seat and has the right to
enter the venue. However, once the ticket is purchased, it can be transferred therefore,
another person conveys this trust symbolically. At the boarding gate, only the ticket will be
checked and the ticket holder will not be identified. Trust management can be seen as a
symbolic automation of social decision-making related to trust, [] enabling social agents to
instruct their technical representatives on how to comply with technical representatives of
other agents. Further automation of this process can automatically lead to a trust dialogue (for
example, technically Winslet Representatives use public credentials (as described by these
social agents) in exchange for selected credentials. The definition and methods of trust
management were expanded in 2000 to include the concepts of honesty, truthfulness,
84
competence, and trustworthiness, as well as the nature and context of trust relationships
beyond trust levels. WS Trust manages trust in the Web service environment. The basic
advice usually does not change: the web service (issuer) only accepts the application if it
contains a credential that complies with the web service policy. It is also possible to grant
technical proxy access control (TBAC), and its application has been studied in many different
application areas. trust each other. Encourage each other's behavior and respond accordingly,
thereby increasing or decreasing trust. Such systems are collectively referred to as trust.
8.6 Identity Management Control

Identity management in cloud computing is the next step in identity and juice management
(IAM) solutions. However, this is not just a simple single sign-on (SSO) solution for web
applications. This next-generation IAM solution is a comprehensive plan for a suitable cloud
identification provider.
 Features of Identity Management
It provides a permanent access control interface: applicable to all cloud platform services; the
Cloud IAM solution provides a clean and single access control interface It provides a high
level of security: if needed, we can easily define increased security levels for critical
applications.
It enables enterprises to access resources at multiple levels: users can clearly define and allow
users to access resources at various levels of granularity.
Why do I need Cloud IAM?
Identity management in cloud computing covers all types of user groups that can be used
with various solutions and specific devices.Innovative cloud identification and juice
management (IAM) solutions can help:
Securely connect professionals, employees, IT applications and equipment via the cloud or
cloud and embedded networks.Enables easy sharing of network functions with the entire user
grid connected to it through the directory service in the SaaS solution, it provides zero
management overhead, improved security levels, and easy management of different users. As
we all know, cloud-based services are provided, configured, and hosted by external providers.
In this case, it can also bring the least inconvenience to customers. As a result, many
organizations can use Cloud IAM to increase productivity.The SaaS protocol has been
developed and used as a hub to connect distributors, suppliers and partners across all virtual
networks.Business users can use Cloud Services to handle all services and programs in one
85
place, and can enable identity management by clicking on a single dashboard. Easily connect
to your cloud servers, which are actually hosted on Google Cloud, AWS, or any other
location behind existing LDAP or AD user storage.Extend your existing LDAP or AD
directory to the right side of the cloud Agree on Linux, Windows and Mac desktops, laptops
and servers in different locations.Connect different users to various applications that use
LDAP or SAML-based authentication.Use cloud RADIUS service to easily handle user
access control on Wi-Fi networks.Enable GPO-like functions on various Windows, Mac and
Linux devices.Provide system-based and application-level multi-factor authentication
86
Chapter No 9
Conclusion
Although there are many important facts in cloud computing, many practical
problems still need to be solved. As Gardner pointed out in his review of cloud computing
revenue, the market size of public cloud and hybrid cloud is 5.959 billion and is expected to
reach 14,149b by 2014, with an annual growth rate of 20 [22]. Revenue estimates show that
cloud computing is a promising industry. However, from another perspective, recent
vulnerabilities in the cloud model will increase the programmer's risk. Explain the basics of
information, such as management message model, management model and cloud computing.
Safety and assurance issues are important issues and should be resolved as soon as possible.
The message delivery model managed by SPI and all stages of the information life cycle have
information security issues. The challenge of ensuring security is to exchange information
while ensuring individual data. The required general framework for security insurance is the
online business framework, which can protect Mastercard and the healthcare framework by
having good information. The ability to control which data is to be found on the Internet and
who can access this data has become an issue of increasing concern. this problem This
includes whether outsiders can delete or use personal data without consent, or whether
outsiders can visit the website. Another question is whether the website collects, stores and
collects personal data about users. In the cloud environment, security insurance is a method
of distributing large amounts of information from non-essential information to encrypted
components. As the information security insurance survey above shows, coordination is
required.And complete the security response, solve the security problem from top to bottom
Regarding insurance, identifying and isolating safety information is crucial. These factors
should be considered when planning cloud-based applications
Contribution
Commitment of this Theory in Cloud Computing
 Security issues, security issues only, and proposals for international security
and security levels (as opposed to most security and security reviews).
 Identify security issues only through the cloud client, only security issues and
intermediate security The quotation selects the security arrangement of cloud
computing, only the security arrangement and security arrangement
87
Refrences
Abel Wick, "SSL Encryption-Protocol for Verification of Cloud Computing, [online
comluv.com/ssl-Encryption-A-Protocol-This Cloud of Cloud Computing, February 5, 2013.
Larry Seltzer, [Online] Spoofing Server Communication: How to Stop It.
Avenue, A, Lepre, J, Randall, B, Rand Howard, C. Basic concepts and classifications of trust
and secure computing IEE transaction trust and secure computing 2004 1 1 11 33 10.1109 /
TDSC.2004.2 2-s2.0 -12344308304 Google Scholar | | ISI.
Acquisti and R. Gross. Imaginary communities: awareness, data sharing and privacy on
facebook. Proceedings of the 6th Privacy Enhancement Technology Symposium (PET 2006),
2006 pages 36-58.K. Ashton, "Internet of Things", RFID J, Volume 1. No. 22, page 7. 97-
114, 2009.B. Sumatra and
M. Misbah-ud-Din, "General and Cloud Security Issues Investigation", Computing and
Communication Security, Computing and Data Science
KAA Chala, "Possible Solutions to Security Problems in Cloud Computing," Explanation,
Journal of Computer Science and Technology, Volume 2, Issue 1, March 2012.Behl, A.
Emerging Security Challenges in Cloud Computing: Data and Communication Technologies
on Cloud Security Challenges and Lowering Their Global Vision (World Congress),
December 2011 IEE 217 222 10.1109 / WICT 011.6141247 2-s2.0- 84857170570 Google
Scholar|.
Bowers, KD, Jewels, A, Opera, A Hell: Cloud Storage .The 16th ACM Computer and
Communication Security Conference was held in Chicago, USA in November 2009, ACM
187 198 10.1145 / 1653662.1653686 2-s2.Google Scholar.
Berman, F., Fox, G., Hey, A.J. Grid Computing: Implementing a Global e, Volume 2, 2003 .
Shah (Shah, M.) A, Swamiyathan, R, Baker, M. Privacy protection review and digital content
summary .
Bowers, KD, Joels, A, Opera, Proof of Recovery: Cloud Computing Security (CCSW '09)
November 2009 53 43 10.1145 / 1655008.1655015 2-s2.0-74049136395 Theory and ACM
Workshop Action Application Google Scholar .
Chen, D, Xiao, H Data security and privacy issues in cloud computing s2.0-84861072527
Google Scholar |
Cloud Computing Security Seminar (CCSW '10) and PC Seed Cloud ACM Seminar, by
Scoffman, J, Moir, T, Vijay Kumar, H, Jagger, T, McDaniel, Trust Anchors ACM 43 October
46, 2010 10.1145 / 1866835.1866843 2- s2.0 -78650083239 Google Scholar | .
Denmark Jamil and Hassan Zaki, "Security Measures and Countermeasures in Cloud
Computing", International Journal of Engineering Science and Technology (IJEST), Volume
3, Issue 4, 2011.
Emerging Intelligent Data and Web Technology Regarding Emerging Intelligent Data and
Web Technology (EIDWT '11), September 2011 IEE 49 54 10.1109 / EIDWT.2011.16 2-
s2.0-83055196683 Mahmoud, ZZ data location and security affairs, Action No. 2 The Second
International Conference (EIDWT '11).
Equality and R general concept community: awareness, data sharing and privacy on
Facebook. Proceedings of the 6th Privacy Enhancement Technology Symposium (PET 2006),
pp. 36-58, 2006.
of. Ashton, "Internet of Things", RFID J, Volume 1. 22 No. 7, pp. 97-114, 2009.
Hours Takbi, JBD Joshi, G. Ahan, "Secure Cloud: Towards a Comprehensive Security
Framework for Cloud Computing Environments",
Impreva (2013), Cookie Poison [WWW], available from the following website:
http://www.imperva.com/ressource/dictionary/cookie_position pollutes HTML 2013
Mark O'Neill, Blog: Connecting SOA to the Cloud, Friday, September 4, 2009, replay
attack:
In Proch, 38 HLV and Y Ho, "Analysis and Research on Security Strategies of Cloud
Computing". IEEE Information Science and Data Engineering Conference. Pages 214-216,
2011.
J. J. B. Harrigan, "Using Cloud Computing Applications and Services", Pew Internet and
American Life Project Memo, September 2008. Levitt, Ann. Is cloud computing really ready?
5 CSA (c1oud Security Alliance), "Security Guidelines for Key Fields of Cloud Computing",
http://www.cloudsecurityalliance.org/guided/csaguide.v3.0.pdf, 2011.
Mehmet Ercan Nergiz, Maurizio Atzori, Chris Clifton, "Hiding the Figures of Individuals in
Shared Databases", Proc. ACM Data Management (SIGMOD), pp. 665-676, 2007.
Pandey, A., Tignite, R. ; M. Tiwari (AK) Cloud Computing Network Data Security
Framework International Journal of Computer Engineering Technology 2013 4 1 178 181
Google Scholar.
Perk's W. Leo, "Cloud Computing Security Issues and Strategies Research". The 2nd IEEE
Consumer Electronics, Communication and Networking Conference, pages 1216-19, 2012.
Perk tons Hans Yi, M. Sabinhar. A. Medi H. Owen and R. Steinmeitz, "Threat as a Service?
The Impact of Virtualization on Cloud Security", ITP Professional, Volume 14, Issue 1,
Pages 32-37, 2011
Peter Mail and Tim Grans, "The Essential Definition of Cloud Computing", 15th edition, 10-
7-09, http://www.wheresmyserver.co.nz/storage/media/FAQ file/CloudDef -v15. pdf.
Security guidelines for key locations in cloud computing V2.1, [online]
P. P. Mail, T. Garnes, "Nested Definition of Cloud Computing", American Network Research
Institute. Science and Technology, 2011, available [online]: Mail, page 67. , Greens, T.
National Institute of Standards and Technology, 2009 Outstanding Definition of Cloud
Computing 53 6, 6, Article 50 Google Scholar.
Rebollo, then. , Milado, D: Military overview of data security governance framework in
cloud computing. General Computer Magazine SC 18 (6), 798–815 (2012).
See U&Kevin's "Data Life Cycle Agreeing" (2010) for a total of 42 views of Cloud Data
Security. IEEE Intel Conference on Computing Intelligence and Software Engineering, pages
1-4, 2010
In Perk 43, 39 meters are related to technical security issues in cloud computing, 39 meters.
IEEE International Cloud Computing Conference, pages 109-116, 2009
Sun, D, Chang, Ji, Sun, L, Wang, view and analyze security, privacy and trust issues in the
X-Cloud computing environment.
S. Sabashini and V. Kevitha, "Survey of Security Issues in Cloud Computing Service
Delivery Models", "Networks and Networks" Journal of Computer Applications, Volume 34,
Issue 1, Page 1.11, 2011.
S. Arif, S. O'Leary, J. Wang, Ji Yan, W. Yang, I. Khalil, "Airport Data Center: Time-Based
Parking Lock Occupancy Controversy", IEEE Trans. Parallel Distribution System, 2012,
available [online]:
Amma Somani, Kanika Lakhni, Manish Mandra at the "Parallel, Cloud and Grid
Computing" (PDGC-2010) 2010 IEE First International Conference, "Using RSA encryption
algorithm to implement digital signatures to enhance cloud data in cloud computing safety".
The "Cloud Security Alliance" that is about to pose a high threat to cloud computing. 1.0,
March 2010
Si Wang, "Forrester: Looking at Cloud Computing Security Issues",
Tuffler, "The Third Wave", 1984.Cloud computing security,
http://en.wikedia.org/wiki/Cloud_computing_security. Gartner: Seven cloud computing
security threats. Information world. 2008-07-02.
Younes, New York, 30 O, Security, Cloud Computing for Critical Infrastructure: 2013
Survey, Liverpool, United Kingdom, Liverpool, John Moore University, Google Scholar
Cloud Computing Technology and Science in the Process of Cloud Computing (Cloud Com
'13) Bristol's new security and privacy framework in cloud computing operations 2013.
Google Scholar UK.
William R. Clicomb, Alex Nicole, "Threats Inside Cloud Computing: Addressing New
Research Challenges" May 1, 39, 39, Larry Hardysti, "Stop Attacks on Smart", [online]
web.com/edito/news//2012, thwarting-eaversDPping-data-0501 .html, 2012
Nech, Cloud Security Consulting [WWW], URL: www.maventek.com/services/Cloud
Security Consulting, 2012.

Azeefa

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Azeefa

Uploaded by

Copyright:

Available Formats

Data Security and Privacy Protection Issues in

Department of Computer Science Government

Keywords: access control, cloud computing, cloud computing security

1.1 Objectives ............................................................................................................... 3

1.2 History .................................................................................................................... 4

1.3 Background of the Study ...................................................................................... 5

1.4 The Scope of Cloud Computing ........................................................................... 7

1.5 Problem Statement ................................................................................................ 8

1.6 Proposed Solution.................................................................................................. 8

Literature Review .................................................................................................................... 9

3.1 Research Methods ............................................................................................... 12

3.2 Exact Literature Review (SLR) ......................................................................... 12

3.3 Major Techniques ............................................................................................... 12

3.3.2 Data privacy ........................................................................................................... 13

3.3.3 Homeopathic Encryption ...................................................................................... 14

3.3.4 Hybrid Technology ................................................................................................ 14

3.3.5 Hide Information ................................................................................................... 14

3.3.6 Confirm Deletion ................................................................................................... 15

3.3.7 Distributed Storage................................................................................................ 15

3.3.8 Encrypted Search and Database .......................................................................... 15

3.4 Cloud Computing Overview ............................................................................... 16

3.4.2 Cloud Computing VS Traditional Computing ................................................... 19

Cloud Computing Architecture ............................................................................................ 23

4.1 Basic Functions of Cloud Computing ................................................................ 24

4.1.2 Resource Pooling.................................................................................................... 25

4.1.3 Fast Flexibility........................................................................................................ 25

4.1.4 Measured Service .................................................................................................. 25

4.1.5 Broad Network Access .......................................................................................... 25

4.2 Cloud Deployment Model ................................................................................... 26

4.2.2 Private Cloud ......................................................................................................... 27

4.2.3 Community Cloud ................................................................................................. 27

4.2.4 Hybrid Cloud ......................................................................................................... 27

4.3 Cloud Computing Service Model ....................................................................... 27

4.3.2 Platform as a Service (PaaS)................................................................................. 28

4.3.3 Basic Service as a Service (IaaS) .......................................................................... 29

4.4 Execution and Cost Factor ................................................................................. 30

Security Issues in Cloud Computing .................................................................................... 32

5.1 Significance Security in Cloud Computing ....................................................... 35

5.2 Cloud Computing Security Category ................................................................ 35

5.3 Issues: Vulnerabilities, Threats and Attacks ................................................ 40

5.3.2 Insider Attacks ....................................................................................................... 41

5.3.3 Buffer Overflow Attack......................................................................................... 43

5.3.5 Animal Power ......................................................................................................... 44

5.3.6 Brute Force Attack ................................................................................................ 45

5.3.7 MITM Attacks ....................................................................................................... 46

5.3.8 Man-Prevent Attack .............................................................................................. 46

5.3.9 Certificate Theft Attack ........................................................................................ 48

5.3.10 Denial of Service Attack ...................................................................................... 49

5.3.11 Dictionary Attack ................................................................................................ 52

5.3.12 Malicious Insider attack ...................................................................................... 52

5.3.13 Cloud API Vulnerability ..................................................................................... 53

5.4 Cloud computing security protection technology ............................................. 54

Privacy Issues in Cloud Computing ..................................................................................... 58

6.1 The Importance of Privacy and Confidentiality in the Cloud ........................ 58

6.2 Cloud Computing Privacy Overview ................................................................ 59

6.3 Problems: Vulnerabilities Threats and Attacks ............................................... 62

6.3.2 Data Breaches ........................................................................................................ 64

6.3.3 Data Space Issues ................................................................................................... 65

6.3.4 Virtualization Problems ........................................................................................ 66

Mutual Security and Privacy Issues in Cloud Computing ................................................. 71

7.1 Damaged Sharing Platform ................................................................................ 72

7.2 Natural Disasters ................................................................................................. 72

7.3 Permanent Data Loss .......................................................................................... 73