Professional Documents
Culture Documents
1.0 Introduction
considered Cloud Computing as the first among the top 10 most important
organizations.
applications, and services) that can be rapidly provisioned and released with minimal
architecture and its main objective is to provide secure, quick, convenient data
storage and net computing service, with all computing resources visualized as
services and delivered over the Internet [Zhao G, Liu J, Tang Y:2011, Zhang S, Zhang
and provides potential for cost reduction through optimized and efficient computing
online through web browsers to satisfy the computing needs of users, while their
software and data are stored on the servers [Marinos A, Briscoe G:2009:p93]. In
some respects, Cloud Computing represents the maturing of these technologies and is
a marketing term to represent that maturity and the services they provide [Centre for
Although there are many benefits to adopting Cloud Computing, there are also some
security, followed by issues regarding compliance, privacy and legal matters [8].
great deal of uncertainty about how security at all levels (e.g., network, host,
application, and data levels) can be achieved and how applications security is moved
has consistently led information executives to state that security is their number one
Security concerns relate to risk areas such as external data storage, dependency on the
“public” internet, lack of control, multi-tenancy and integration with internal security.
Compared to traditional technologies, the cloud has many specific features, such as
its large scale and the fact that resources belonging to cloud providers are completely
such as identity, authentication, and authorization are no longer enough for clouds in
their current form [Li W, Ping L:2009:p45]. Security controls in Cloud Computing
are, for the most part, no different than security controls in any IT environment.
However, because of the cloud service models employed, the operational models, and
the technologies used to enable cloud services, Cloud Computing may present
integrating security into these solutions is often perceived as making them more rigid
great concern for those corporations that are moving beyond their data center’s
network under their control. To alleviate these concerns, a cloud solution provider
must ensure that customers will continue to have the same security and privacy
controls over their applications and services, provide evidence to customers that their
organization are secure and they can meet their service-level agreements, and that
the so-called SPI model (SaaS, PaaS and IaaS), identifying the main vulnerabilities in
this kind of systems and the most important threats found in the literature related to
Cloud Computing and its environment. A threat is a potential attack that may lead to a
misuse of information or resources, and the term vulnerability refers to the flaws in a
system that allows an attack to be successful. There are some surveys where they
focus on one service model, or they focus on listing cloud security issues in general
vulnerabilities and threats, and we also indicate what cloud service models can be
perform an attack, and also present some countermeasures related to these threats
The remainder of the paper is organized as follows: Section 2 presents the results
obtained from our systematic review. Next, in Section 3 we define in depth the most
important security aspects for each layer of the Cloud model. Later, we will analyze
the security issues in Cloud Computing identifying the main vulnerabilities for
clouds, the most important threats in clouds, and all available countermeasures for
Several trends are opening up the era of Cloud Computing, which is an Internet-based
development and use of computer technology. The ever cheaper and more powerful
processors, together with the software as a service (SaaS) computing architecture, are
transforming data centers into pools of computing service on a huge scale. The
increasing network bandwidth and reliable yet flexible network connections make it
even possible that users can now subscribe high quality services from data and
Moving data into the cloud offers great convenience to users since they don’t have to
care about the complexities of direct hardware management. The pioneer of Cloud
Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic
Compute Cloud (EC2) are both well known examples. While these internet-based
responsibility of local machines for data maintenance at the same time. As a result,
users are at the mercy of their cloud service providers for the availability and
the perspective of data security, which has always been an important aspect of quality
of service, Cloud Computing inevitably poses new challenging security threats for
data security protection can not be directly adopted due to the users’ loss control of
data under Cloud Computing. Therefore, verification of correct data storage in the
cloud must be conducted without explicit knowledge of the whole data. Considering
various kinds of data for each user stored in the cloud and the demand of long term
continuous assurance of their data safety, the problem of verifying correctness of data
storage in the cloud becomes even more challenging. Secondly, Cloud Computing is
not just a third party data warehouse. The data stored in the cloud may be frequently
reordering, etc. To ensure storage correctness under dynamic data update is hence of
integrity insurance techniques futile and entails new solutions. Last but not the least,
redundantly stored in multiple physical locations to further reduce the data integrity
most importance in achieving a robust and secure cloud data storage system in the
real world. However, such important area remains to be fully explored in the
literature.
Cloud computing has become a social phenomenon used by most people every day.
As with every important social phenomenon there are issues that limit its widespread
adoption.
Most issues start from the fact that the user loses control of his or her data, because it
is stored on a computer belonging to someone else (the cloud provider). This happens
when the owner of the remote servers is a person or organization other than the user;
as their interests may point in different directions (for example, the user may wish
that his or her information is kept private, but the owner of the remote servers may
Due to the issue of security and privacy on cloud computer the researcher objectives
1. Design an encryption system attached to the system that will enable any user
2. Device a means of sharing data in a more secure and reliable manner over the
cloud system.
3. Create the awareness of the security threats in cloud computer to the people so
1.4 Motivation
The question focus was to identify the most relevant issues in Cloud Computing
for Cloud Computing. This question had to be related with the aim of this work; that
is to identify and relate vulnerabilities and threats with possible solutions. Therefore,
the research question addressed by our research was the following: What security
vulnerabilities and threats are the most important in Cloud Computing which have to
be studied in depth with the purpose of handling them? The keywords and related
concepts that make up this question and that were used during the review execution
are: secure Cloud systems, Cloud security, delivery models security, SPI security,
SaaS security, Paas security, IaaS security, Cloud threats, Cloud vulnerabilities, Cloud
recommendations, best practices in Cloud. This lead into this research work by the
researcher.
Enlighten the people, the users of cloud computer on the security challenges and how
to resolve this issues. Enhance the use and the effectiveness of the cloud computing
among the people. Remove the fear of using cloud computing from the people since
the research will come up with a new design that will solve the issue of privacy and
third party
1.6 Abbreviation/Definition