SlideShare a Scribd company logo

A017130104

IOSR Journals
IOSR Journals

This document identifies and categorizes various vulnerabilities and threats in cloud computing. It discusses 8 categories of threats: abuse of resources, insecure interfaces, technology sharing issues, data leakages, service hijacking, malicious insiders, data separation, and unknown risks. For each threat, it provides details on how attackers can exploit vulnerabilities as well as recommendations for cloud service providers to mitigate risks, such as implementing strong access controls, encryption, monitoring, and auditing. The conclusion states that while cloud computing is widely adopted, organizations must still be aware of security issues and work to address them.

Technology
1 of 4
Download to read offline
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. III (Jan – Feb. 2015), PP 01-04 www.iosrjournals.org DOI: 10.9790/0661-17130104 www.iosrjournals.org 1 | Page Identified Vulnerabilitis And Threats In Cloud Computing Mr.Amol R.Yadav Lecturer, Department of Computer Engineering, Shree Santkrupa Institute of Engineering & Technology(Polytechnic), Ghogaon, Karad-India Abstract: Nowadays Cloud computing becomes a popular research subject. Almost all types of organizations adopting cloud computing technology. Organizations use the Cloud as (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community. As cloud services are more efficient to the service providers and clients but some issues in case of security Is important, which we have to take in to account. These types of issues may be faced by service providers as well as clients. In this paper we will revise some cloud security threats. Keywords: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Application presentation Interfaces (APIs). I. Introduction The number and types of cloud computing service providers increases over the world. They offer the services as an applications, platforms as well as infrastructures in the illusion of unlimited networking resources to the users. But the issues related to the security and effectiveness of cloud services is important from the view of service providers as well as service users. The responsibility goes both the ways, however: the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures. In this document we try to assist the organizations to manage and control the calculated risks about the valuable data of client organizations. In addition this threat research document will be essential for implementing the security policies. The rise and rise of mobile usage and the Cloud have seen third party attackers change their approaches. Cloud services, social media websites and smartphone operating system devices have all become new targets, while traditional user data and website denial of service hacks remain popular. We categorized the analysis of threats in this document. When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially business sensitive and confidential data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the third biggest threat in cloud computing. Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity. In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a result there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation. II. Categories of Threats Fig-1. Categories of Threats
Identified Vulnerabilitis And Threats In Cloud Computing DOI: 10.9790/0661-17130104 www.iosrjournals.org 2 | Page A. Abuse of Resources Almost cloud service providers offer their services with frictionless and easy registration process. So anyone can get access with only credit card. Some providers offers free trial period also. By misusing this information the spammers, malicious code authors, and other criminals have been able to conduct their activities with relative impunity. PaaS providers usually face such type of attacks. Also the possibility is that hackers can attack the PaaS providers also by tracking the confidential information like password and usernames. For controlling the abuse of PaaS providers can controls operating systems, servers, and network infrastructure needed to run the SaaS application. The provider also controls what social media tools to download to the developer's mobile device. The provider sets the user, resource, data requests, and social media threshold levels. Also for access providers has to control logging capabilities by setting proper authorization. Also SaaS provider manages access controls by limiting the number of authorized users who can concurrently access the application as set forth in a user threshold policy. The provider limits the number of users who can use social media tools as set forth in a social media threshold policy. The provider controls operating systems, servers, and network infrastructure needed to run the SaaS application. The provider also controls what social media tools to download to the mobile device or to use with the device. B. Insecure Interfaces Cloud service providers use varieties of software interfaces and APIs that customers use to manage and interact with cloud service. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Since the APIs are accessible from anywhere on the Internet, malicious attackers can use them to compromise the confidentiality and integrity of the enterprise customers. An attacker gaining a token used by a customer to access the service through service API can use the same token to manipulate the customer’s data. Therefore it’s imperative that cloud services provide a secure API, rendering such attacks worthless. Attackers over the past three years have begun to actively target the digital keys used to secure the Internet infrastructure. C. Techology Shearing Issues Working of cloud computing is actually based on shearing of resources. Almost providers present their services in scalable way of shearing infrastructure which is not generally developed for working under multi- tenant architecture. To remove these types of obstacles a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. On the highest layer, there are various attacks on the SaaS where an attacker is able to get access to the data of another application running in the same virtual machine. The same is true for the lowest layers, where hypervisors can be exploited from virtual machines to gain access to all VMs on the same server (example of such an attack is Red/Blue Pill). All layers of shared technology can be attacked to gain unauthorized access to data, like: CPU, RAM, hypervisors, applications, etc. To enforce these type of problems service venders has to implement security best practices for installation/configuration, Monitor environment for unauthorized changes/activity, Enforce service level agreements for patching and vulnerability remediation, Conduct vulnerability scanning and configuration audits. D. Data Leakages Stored data on cloud may loss due to various reasons like hardware failure, drive failure, service vender accidently delete the data, attacker can alter the data, natural phenomenon, etc. Therefore better way to protect the data is to take backup of data time to time. Backup of data solves the problem of data loss. Unlinking the data may cause complexity to identify and recombining the data. These types of occurrences common in almost cloud systems. The confidentiality of data is maintained by venders by providing the encryption method. If there will be loss of any encryption key then there will be chances of data leakages. The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment. For recovering these types of threats the venders has to implement strong API access control, provide strong encryption algorithms and keys, analyzing the data protection all stages, and also implement strong backup alternative options. E. Service Hijacking This type of attacks occurs mostly on trial and error basis. The service is hacked by attempting the credentials and password provided by the venders to the service users for using the service for maintaining the confidentiality of valuable data. But attacker may attack this data by observing the sessions of users. These types of attacks are not new in market. There is possibility of users to provide the common or easy passwords for maintaining the privacy, but if an attacker gains access to user’s credentials, they can eavesdrop on user’s
Identified Vulnerabilitis And Threats In Cloud Computing DOI: 10.9790/0661-17130104 www.iosrjournals.org 3 | Page activities and transactions, manipulate data, return falsified information, and redirect user’s clients to illegitimate sites. User’s account or service instances may become a new base for the attacker. From here, they may leverage the power of user’s reputation to launch subsequent attacks. To prevent from such threats the venders has to prohibit the sharing of account credentials between users and services, use strong authentication techniques for maintaining the security, implement the methods for detecting the unauthorized access to the services in cloud. It is responsibility of cloud venders to explain the terms and policies of securities to the service users. F. Malicious Insiders The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. Some observable insider activities are clearly harmful to the organization—for instance, an insider deleting critical applications from the organization’s servers. However, not all insider activity is so blatantly malicious. A clever insider seeking to avoid detection will attempt to use authorized access to the target information systems, and do so in a manner unlikely to raise suspicion. In reviewing the literature, we find many novel proposals for detection of specific insider-related activity, but few that compares the proposed insider behavior to similar non-malicious behaviors, or even acknowledge the necessity of doing so. Few publicly available data sets exist that characterize normal user behavior in relation to indicators of insider threats, much less indicators related to cloud-based insiders. Researchers addressing the challenge of collecting and analyzing normal user behavior should be careful to include attributes useful for cloud-based research as well. Researchers should consider correlating access requests across multiple disparate systems, exploring how often and how much data users transfer from the organization to cloud-based systems (e.g., web-based mail), and how often cloud-based administrative tools are used. Collecting and sharing such information will greatly enhance the ability of other researchers to propose and validate indicators of malicious cloud-related insider behavior. For remediation I suggests to the venders to enforce strict supply chain management and conduct a comprehensive supplier assessment, Specify human resource requirements as part of legal contracts, require transparency into overall information security and management practices, as well as compliance reporting. G. Data Separation Every cloud-based service shares resources, namely space on the provider’s servers and other parts of the provider’s infrastructure. Hypervisor software is used to create virtual containers on the provider’s hardware for each of its customers. But CSA notes that “attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments.” So, investigate the compartmentalization techniques, such as data encryption, the provider uses to prevent access into your virtual container by other customers. Although you should address these security issues with the cloud provider before you entrust your data to its servers and applications, they shouldn’t be a deal breaker. Cloud computing offers small businesses too many benefits to dismiss out of hand. After all, you already met many of these security challenges the first time you connected your network to the Internet. H. Unknown Risks One of the tenets of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business strengths. This has clear financial and operational benefits, which must be weighed carefully against the contradictory security concerns complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security ramifications. Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all important factors for estimating your company’s security posture. Information about who is sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can result in unknown exposures. It may also impair the in-depth analysis required highly controlled or regulated operational areas.
Identified Vulnerabilitis And Threats In Cloud Computing DOI: 10.9790/0661-17130104 www.iosrjournals.org 4 | Page III. Conclusion At this stage as cloud computing is an important aspect in day to day life in networking world but side by side the threatening issues have to take in account and have to find an efficient way to overcome these issues. References [1]. Top threats to cloud computing V1.0,cloud security alliance,2010 [2]. K. Thejaswi, I. Sheeba, C. Bhuvana, P. Lavanya , Insight Of Cloud-Specific Culpabilities, Risks, Threats. [3]. Adam Swidler, seven security threats in cloud,2010. [4]. Shaikh, F.B., Haider, S. Dept. of Comput. & Technol., SZABIST, Islamabad, Pakistan (IOSRJEN)ISBN- 978-1-4577-0884-

Recommended

Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET Journal
 
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLAPPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
International Journal of Technical Research & Application
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
CSCJournals
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 

Recommended

Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET Journal
 
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROLAPPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
APPLICATION OF MOBILE AGENTS FOR SECURITY USING MULTILEVEL ACCESS CONTROL
International Journal of Technical Research & Application
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
CSCJournals
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
Leo TechnoSoft
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
Microsoft Österreich
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security Agent
International Journal of Engineering Inventions www.ijeijournal.com
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
bornresearcher
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018
sang yoo
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
What is Two Factor Authentication
What is Two Factor AuthenticationWhat is Two Factor Authentication
What is Two Factor Authentication
ArrayShield Technologies Private Limited
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of Value
Darktrace
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
Microsoft Österreich
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
phanleson
 
Study of Optical Property of Gel Grown Mercuric Iodate Crystals
Study of Optical Property of Gel Grown Mercuric Iodate CrystalsStudy of Optical Property of Gel Grown Mercuric Iodate Crystals
Study of Optical Property of Gel Grown Mercuric Iodate Crystals
IOSR Journals
 
E012252736
E012252736E012252736
E012252736
IOSR Journals
 
m - projective curvature tensor on a Lorentzian para – Sasakian manifolds
m - projective curvature tensor on a Lorentzian para – Sasakian manifoldsm - projective curvature tensor on a Lorentzian para – Sasakian manifolds
m - projective curvature tensor on a Lorentzian para – Sasakian manifolds
IOSR Journals
 
Development Of Public Administration Program Development System in Rural Serv...
Development Of Public Administration Program Development System in Rural Serv...Development Of Public Administration Program Development System in Rural Serv...
Development Of Public Administration Program Development System in Rural Serv...
IOSR Journals
 
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
IOSR Journals
 

More Related Content

What's hot

CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
Leo TechnoSoft
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
Microsoft Österreich
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security Agent
International Journal of Engineering Inventions www.ijeijournal.com
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
bornresearcher
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018
sang yoo
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
What is Two Factor Authentication
What is Two Factor AuthenticationWhat is Two Factor Authentication
What is Two Factor Authentication
ArrayShield Technologies Private Limited
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of Value
Darktrace
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
Microsoft Österreich
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
phanleson
 

What's hot (17)

CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security Agent
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 
What is Two Factor Authentication
What is Two Factor AuthenticationWhat is Two Factor Authentication
What is Two Factor Authentication
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of Value
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
 

Viewers also liked

Study of Optical Property of Gel Grown Mercuric Iodate Crystals
Study of Optical Property of Gel Grown Mercuric Iodate CrystalsStudy of Optical Property of Gel Grown Mercuric Iodate Crystals
Study of Optical Property of Gel Grown Mercuric Iodate Crystals
IOSR Journals
 
E012252736
E012252736E012252736
E012252736
IOSR Journals
 
m - projective curvature tensor on a Lorentzian para – Sasakian manifolds
m - projective curvature tensor on a Lorentzian para – Sasakian manifoldsm - projective curvature tensor on a Lorentzian para – Sasakian manifolds
m - projective curvature tensor on a Lorentzian para – Sasakian manifolds
IOSR Journals
 
Development Of Public Administration Program Development System in Rural Serv...
Development Of Public Administration Program Development System in Rural Serv...Development Of Public Administration Program Development System in Rural Serv...
Development Of Public Administration Program Development System in Rural Serv...
IOSR Journals
 
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
IOSR Journals
 
Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...
Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...
Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...
IOSR Journals
 
Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...
Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...
Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...
IOSR Journals
 
Non- Newtonian behavior of blood in very narrow vessels
Non- Newtonian behavior of blood in very narrow vesselsNon- Newtonian behavior of blood in very narrow vessels
Non- Newtonian behavior of blood in very narrow vessels
IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
IOSR Journals
 
Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...
Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...
Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...
IOSR Journals
 
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...
IOSR Journals
 
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...
IOSR Journals
 
I1103016569
I1103016569I1103016569
I1103016569
IOSR Journals
 
Influence of chimney effect on the radon effective dose of the lung simulated...
Influence of chimney effect on the radon effective dose of the lung simulated...Influence of chimney effect on the radon effective dose of the lung simulated...
Influence of chimney effect on the radon effective dose of the lung simulated...
IOSR Journals
 
F010433136
F010433136F010433136
F010433136
IOSR Journals
 
Ecological consequences of The Acid rain
Ecological consequences of The Acid rainEcological consequences of The Acid rain
Ecological consequences of The Acid rain
IOSR Journals
 
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review Article
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review ArticleSimple Thinking Makes Chemistry Metabolic and Interesting - A Review Article
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review Article
IOSR Journals
 
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...
IOSR Journals
 

Viewers also liked (20)

Study of Optical Property of Gel Grown Mercuric Iodate Crystals
Study of Optical Property of Gel Grown Mercuric Iodate CrystalsStudy of Optical Property of Gel Grown Mercuric Iodate Crystals
Study of Optical Property of Gel Grown Mercuric Iodate Crystals
 
E012252736
E012252736E012252736
E012252736
 
m - projective curvature tensor on a Lorentzian para – Sasakian manifolds
m - projective curvature tensor on a Lorentzian para – Sasakian manifoldsm - projective curvature tensor on a Lorentzian para – Sasakian manifolds
m - projective curvature tensor on a Lorentzian para – Sasakian manifolds
 
Development Of Public Administration Program Development System in Rural Serv...
Development Of Public Administration Program Development System in Rural Serv...Development Of Public Administration Program Development System in Rural Serv...
Development Of Public Administration Program Development System in Rural Serv...
 
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
Corporate Governance, Firm Size, and Earning Management: Evidence in Indonesi...
 
Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...
Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...
Spatial Laser Induced Fluorescence Imaging (SLIFIMG) Analysis to Assess Tissu...
 
C0741113
C0741113C0741113
C0741113
 
Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...
Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...
Assessment of Amcon’s Role in Resuscitating the Banking Sector during the Glo...
 
Non- Newtonian behavior of blood in very narrow vessels
Non- Newtonian behavior of blood in very narrow vesselsNon- Newtonian behavior of blood in very narrow vessels
Non- Newtonian behavior of blood in very narrow vessels
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...
Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...
Industry- Academia Collaboration through Cloud Computing: A Pathway for Susta...
 
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...
“Prevalent Clinical Entities Of Hilly Regions, Aetio-Pathogenesis Factors, An...
 
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...
Analysis of Multimedia Traffic Performance in a Multi-Class traffic environme...
 
L016136369
L016136369L016136369
L016136369
 
I1103016569
I1103016569I1103016569
I1103016569
 
Influence of chimney effect on the radon effective dose of the lung simulated...
Influence of chimney effect on the radon effective dose of the lung simulated...Influence of chimney effect on the radon effective dose of the lung simulated...
Influence of chimney effect on the radon effective dose of the lung simulated...
 
F010433136
F010433136F010433136
F010433136
 
Ecological consequences of The Acid rain
Ecological consequences of The Acid rainEcological consequences of The Acid rain
Ecological consequences of The Acid rain
 
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review Article
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review ArticleSimple Thinking Makes Chemistry Metabolic and Interesting - A Review Article
Simple Thinking Makes Chemistry Metabolic and Interesting - A Review Article
 
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...
The Protective Role Of High Dietary Protein On Arsenic Induced Hepatotoxicity...
 

Similar to A017130104

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 
Project 3
Project 3Project 3
Project 3
Priyanka Goswami
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
Editor IJCATR
 
N017259396
N017259396N017259396
N017259396
IOSR Journals
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
Excellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computingExcellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computing
Editor IJMTER
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Salam Shah
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
HTS Hosting
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
Revathiparamanathan
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
SALU18
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocol
Iaetsd Iaetsd
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functionsSecurity of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 

Similar to A017130104 (20)

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
 
Project 3
Project 3Project 3
Project 3
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
 
N017259396
N017259396N017259396
N017259396
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Excellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computingExcellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocol
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functionsSecurity of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 

More from IOSR Journals

A011140104
A011140104A011140104
A011140104
IOSR Journals
 
M0111397100
M0111397100M0111397100
M0111397100
IOSR Journals
 
L011138596
L011138596L011138596
L011138596
IOSR Journals
 
K011138084
K011138084K011138084
K011138084
IOSR Journals
 
J011137479
J011137479J011137479
J011137479
IOSR Journals
 
I011136673
I011136673I011136673
I011136673
IOSR Journals
 
G011134454
G011134454G011134454
G011134454
IOSR Journals
 
H011135565
H011135565H011135565
H011135565
IOSR Journals
 
F011134043
F011134043F011134043
F011134043
IOSR Journals
 
E011133639
E011133639E011133639
E011133639
IOSR Journals
 
D011132635
D011132635D011132635
D011132635
IOSR Journals
 
C011131925
C011131925C011131925
C011131925
IOSR Journals
 
B011130918
B011130918B011130918
B011130918
IOSR Journals
 
A011130108
A011130108A011130108
A011130108
IOSR Journals
 
I011125160
I011125160I011125160
I011125160
IOSR Journals
 
H011124050
H011124050H011124050
H011124050
IOSR Journals
 
G011123539
G011123539G011123539
G011123539
IOSR Journals
 
F011123134
F011123134F011123134
F011123134
IOSR Journals
 
E011122530
E011122530E011122530
E011122530
IOSR Journals
 
D011121524
D011121524D011121524
D011121524
IOSR Journals
 

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 

A017130104

  • 1. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. III (Jan – Feb. 2015), PP 01-04 www.iosrjournals.org DOI: 10.9790/0661-17130104 www.iosrjournals.org 1 | Page Identified Vulnerabilitis And Threats In Cloud Computing Mr.Amol R.Yadav Lecturer, Department of Computer Engineering, Shree Santkrupa Institute of Engineering & Technology(Polytechnic), Ghogaon, Karad-India Abstract: Nowadays Cloud computing becomes a popular research subject. Almost all types of organizations adopting cloud computing technology. Organizations use the Cloud as (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community. As cloud services are more efficient to the service providers and clients but some issues in case of security Is important, which we have to take in to account. These types of issues may be faced by service providers as well as clients. In this paper we will revise some cloud security threats. Keywords: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Application presentation Interfaces (APIs). I. Introduction The number and types of cloud computing service providers increases over the world. They offer the services as an applications, platforms as well as infrastructures in the illusion of unlimited networking resources to the users. But the issues related to the security and effectiveness of cloud services is important from the view of service providers as well as service users. The responsibility goes both the ways, however: the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures. In this document we try to assist the organizations to manage and control the calculated risks about the valuable data of client organizations. In addition this threat research document will be essential for implementing the security policies. The rise and rise of mobile usage and the Cloud have seen third party attackers change their approaches. Cloud services, social media websites and smartphone operating system devices have all become new targets, while traditional user data and website denial of service hacks remain popular. We categorized the analysis of threats in this document. When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially business sensitive and confidential data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the third biggest threat in cloud computing. Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity. In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a result there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation. II. Categories of Threats Fig-1. Categories of Threats
  • 2. Identified Vulnerabilitis And Threats In Cloud Computing DOI: 10.9790/0661-17130104 www.iosrjournals.org 2 | Page A. Abuse of Resources Almost cloud service providers offer their services with frictionless and easy registration process. So anyone can get access with only credit card. Some providers offers free trial period also. By misusing this information the spammers, malicious code authors, and other criminals have been able to conduct their activities with relative impunity. PaaS providers usually face such type of attacks. Also the possibility is that hackers can attack the PaaS providers also by tracking the confidential information like password and usernames. For controlling the abuse of PaaS providers can controls operating systems, servers, and network infrastructure needed to run the SaaS application. The provider also controls what social media tools to download to the developer's mobile device. The provider sets the user, resource, data requests, and social media threshold levels. Also for access providers has to control logging capabilities by setting proper authorization. Also SaaS provider manages access controls by limiting the number of authorized users who can concurrently access the application as set forth in a user threshold policy. The provider limits the number of users who can use social media tools as set forth in a social media threshold policy. The provider controls operating systems, servers, and network infrastructure needed to run the SaaS application. The provider also controls what social media tools to download to the mobile device or to use with the device. B. Insecure Interfaces Cloud service providers use varieties of software interfaces and APIs that customers use to manage and interact with cloud service. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Since the APIs are accessible from anywhere on the Internet, malicious attackers can use them to compromise the confidentiality and integrity of the enterprise customers. An attacker gaining a token used by a customer to access the service through service API can use the same token to manipulate the customer’s data. Therefore it’s imperative that cloud services provide a secure API, rendering such attacks worthless. Attackers over the past three years have begun to actively target the digital keys used to secure the Internet infrastructure. C. Techology Shearing Issues Working of cloud computing is actually based on shearing of resources. Almost providers present their services in scalable way of shearing infrastructure which is not generally developed for working under multi- tenant architecture. To remove these types of obstacles a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. On the highest layer, there are various attacks on the SaaS where an attacker is able to get access to the data of another application running in the same virtual machine. The same is true for the lowest layers, where hypervisors can be exploited from virtual machines to gain access to all VMs on the same server (example of such an attack is Red/Blue Pill). All layers of shared technology can be attacked to gain unauthorized access to data, like: CPU, RAM, hypervisors, applications, etc. To enforce these type of problems service venders has to implement security best practices for installation/configuration, Monitor environment for unauthorized changes/activity, Enforce service level agreements for patching and vulnerability remediation, Conduct vulnerability scanning and configuration audits. D. Data Leakages Stored data on cloud may loss due to various reasons like hardware failure, drive failure, service vender accidently delete the data, attacker can alter the data, natural phenomenon, etc. Therefore better way to protect the data is to take backup of data time to time. Backup of data solves the problem of data loss. Unlinking the data may cause complexity to identify and recombining the data. These types of occurrences common in almost cloud systems. The confidentiality of data is maintained by venders by providing the encryption method. If there will be loss of any encryption key then there will be chances of data leakages. The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment. For recovering these types of threats the venders has to implement strong API access control, provide strong encryption algorithms and keys, analyzing the data protection all stages, and also implement strong backup alternative options. E. Service Hijacking This type of attacks occurs mostly on trial and error basis. The service is hacked by attempting the credentials and password provided by the venders to the service users for using the service for maintaining the confidentiality of valuable data. But attacker may attack this data by observing the sessions of users. These types of attacks are not new in market. There is possibility of users to provide the common or easy passwords for maintaining the privacy, but if an attacker gains access to user’s credentials, they can eavesdrop on user’s
  • 3. Identified Vulnerabilitis And Threats In Cloud Computing DOI: 10.9790/0661-17130104 www.iosrjournals.org 3 | Page activities and transactions, manipulate data, return falsified information, and redirect user’s clients to illegitimate sites. User’s account or service instances may become a new base for the attacker. From here, they may leverage the power of user’s reputation to launch subsequent attacks. To prevent from such threats the venders has to prohibit the sharing of account credentials between users and services, use strong authentication techniques for maintaining the security, implement the methods for detecting the unauthorized access to the services in cloud. It is responsibility of cloud venders to explain the terms and policies of securities to the service users. F. Malicious Insiders The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. Some observable insider activities are clearly harmful to the organization—for instance, an insider deleting critical applications from the organization’s servers. However, not all insider activity is so blatantly malicious. A clever insider seeking to avoid detection will attempt to use authorized access to the target information systems, and do so in a manner unlikely to raise suspicion. In reviewing the literature, we find many novel proposals for detection of specific insider-related activity, but few that compares the proposed insider behavior to similar non-malicious behaviors, or even acknowledge the necessity of doing so. Few publicly available data sets exist that characterize normal user behavior in relation to indicators of insider threats, much less indicators related to cloud-based insiders. Researchers addressing the challenge of collecting and analyzing normal user behavior should be careful to include attributes useful for cloud-based research as well. Researchers should consider correlating access requests across multiple disparate systems, exploring how often and how much data users transfer from the organization to cloud-based systems (e.g., web-based mail), and how often cloud-based administrative tools are used. Collecting and sharing such information will greatly enhance the ability of other researchers to propose and validate indicators of malicious cloud-related insider behavior. For remediation I suggests to the venders to enforce strict supply chain management and conduct a comprehensive supplier assessment, Specify human resource requirements as part of legal contracts, require transparency into overall information security and management practices, as well as compliance reporting. G. Data Separation Every cloud-based service shares resources, namely space on the provider’s servers and other parts of the provider’s infrastructure. Hypervisor software is used to create virtual containers on the provider’s hardware for each of its customers. But CSA notes that “attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments.” So, investigate the compartmentalization techniques, such as data encryption, the provider uses to prevent access into your virtual container by other customers. Although you should address these security issues with the cloud provider before you entrust your data to its servers and applications, they shouldn’t be a deal breaker. Cloud computing offers small businesses too many benefits to dismiss out of hand. After all, you already met many of these security challenges the first time you connected your network to the Internet. H. Unknown Risks One of the tenets of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business strengths. This has clear financial and operational benefits, which must be weighed carefully against the contradictory security concerns complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security ramifications. Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all important factors for estimating your company’s security posture. Information about who is sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can result in unknown exposures. It may also impair the in-depth analysis required highly controlled or regulated operational areas.
  • 4. Identified Vulnerabilitis And Threats In Cloud Computing DOI: 10.9790/0661-17130104 www.iosrjournals.org 4 | Page III. Conclusion At this stage as cloud computing is an important aspect in day to day life in networking world but side by side the threatening issues have to take in account and have to find an efficient way to overcome these issues. References [1]. Top threats to cloud computing V1.0,cloud security alliance,2010 [2]. K. Thejaswi, I. Sheeba, C. Bhuvana, P. Lavanya , Insight Of Cloud-Specific Culpabilities, Risks, Threats. [3]. Adam Swidler, seven security threats in cloud,2010. [4]. Shaikh, F.B., Haider, S. Dept. of Comput. & Technol., SZABIST, Islamabad, Pakistan (IOSRJEN)ISBN- 978-1-4577-0884-