This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.

1. 1
Security Issues in Cloud Computing
B. S. PANDA1*
, Rahul Abhishek2
, Pratik3
, Binay Ranjan4
1
Asst. Professor, MITS Engineering College, Rayagada, Orissa.
2
Student, Dept. of Information Technology. MITS, Rayagada, Orissa.
3
Student, Dept. of Information Technology. MITS, Rayagada, Orissa.
4
Student, Dept. of Computer Science & Engg. MITS, Rayagada, Orissa.
E-mail: bspanda@sify.com
E-mail: rahulmithu.abhishek@gmail.com
Abstract:
In this paper, we discuss cloud computing security and its security issues. In particular, we discuss a
scheme for secure publications of documents in a cloud. It will converse secure federated query
processing, and discuss the use of secure co-processors for cloud computing. Cloud computing is a
general term for anything that involves delivering hosted services over the Internet. These services are
broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and
Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that's often
used to represent the Internet in flowcharts and diagrams. There is a critical need to securely store,
manage, share and analyze massive amounts of complex(e.g., semi-structured and unstructured) data to
determine patterns and trends in order to improve the quality of healthcare, better safeguard the nation
and explore alternative energy. Because of the critical nature of the applications, it is important that
clouds be secure. The emerging cloud computing model attempts to address the explosive growth of web-
connected devices, and handle massive amount of data.
Key Words: IaaS, PaaS, SaaS , Cloud Module ,Data Encryption ,security concerns , Data security.
1. Introduction
As a metaphor for the Internet, "the cloud" is a
familiar cliché, but when combined with
"computing," the meaning gets bigger and fuzzier.
Some analysts and vendors define cloud
computing narrowly as an updated version of
utility computing: basically virtual servers
available over the Internet (figure 1). Others go
very broad, arguing anything you consume outside
the firewall is "in the cloud," including
conventional outsourcing.
Cloud computing is a new consumption and
delivery model for IT services. The concept of
cloud computing represents a shift in thought, in
those end users need not know the details of a
specific technology. The service is fully managed
by the provider. Users can consume services at a
rate that is set by their particular needs. This on-
demand service can be provided at any time.
Fig1. Cloud Computing
Data security involves encrypting the data as well
as ensuring that appropriate policies are enforced
for data sharing. In addition, resource allocation
and memory management algorithms have to be
secure. Finally, data mining techniques may be
applicable to malware detection in clouds. We
have extended the technologies and concepts we

2. 2
have developed for secure grid to a secure cloud.
We have defined a layered framework for assured
cloud computing consisting of the secure virtual
machine layer, secure cloud storage layer, secure
cloud data layer, and the secure virtual network
monitor layer (Figure 2). Cross cutting services
are provided by the policy layer, the cloud
monitoring layer, the reliability layer and the risk
analysis layer. For the Secure Virtual Machine
(VM) Monitor we are combining both hardware
and software solutions in virtual machines to
handle problems such as key logger examining
XEN developed at the University of Cambridge
and exploring security to meet the needs of our
applications (e.g., secure distributed storage and
data management). For Secure Cloud Storage
Management, we are developing a storage
infrastructure which integrates resources from
multiple providers to form a massive virtual
storage system.
Figure2. Layered framework for assured cloud
2. Cloud Computing Models
Cloud computing models can be broken into three
basic designs, which are shown here and
described below(Figure 3).
Figure3. Cloud Computing Models
2.1 Infrastructure-as-a-Service (IaaS) – As the
name implies, you are buying infrastructure. You
own the software and are purchasing virtual power
to execute as needed. This is much like running a
virtual server on your own equipment, except you
are now running a virtual server on a virtual disk.
This model is similar to a utility company model,
as you pay for what you use. An example is
Amazon Web Services at http://aws.amazon.com.
2.2 Platform-as-a-Service (PaaS) – In this model
of cloud computing, the provider provides a
platform for your use. Services provided by this
model include all phases of the system
development life cycle (SDLC) and can use
application program interface (APIs), website
portals, or gateway software. Buyers do need to
look closely at specific solutions, because some
providers do not allow software created by their
customers to be moved off the provider’s
platform. An example of PaaS is GoogleApps.
2.3 Software-as-a-Service (SaaS) – This model is
designed to provide everything and simply rent
out the software to the user. The service is usually
provided through some type of front end or web
portal. While the end user is free to use the service
from anywhere, the company pays a per use fee.
Salesforce.com offers this type of service.
3. Cloud Computing Attacks
As more companies move to cloud computing,
look for hackers to follow. Some of the potential
attack vectors criminals may attempt include:
3.1 Denial of Service (DoS) attacks - Some
security professionals have argued that the cloud
is more vulnerable to DoS attacks, because it is
shared by many users, which makes DoS attacks
much more damaging. Twitter suffered a
devastating DoS attack during 2009.
3.2 Side Channel attacks – An attacker could
attempt to compromise the cloud by placing a
malicious virtual machine in close proximity to a
target cloud server and then launching a side
channel attack.
3.3 Authentication attacks – Authentication is a
weak point in hosted and virtual services and is
frequently targeted. There are many different
ways to authenticate users; for example, based on

3. 3
what a person knows, has, or is. The mechanisms
used to secure the authentication process and the
methods used are a frequent target of attackers.
3.4 Man-in-the-middle cryptographic attacks –
This attack is carried out when an attacker places
himself between two users. Anytime attackers can
place themselves in the communication’s path,
there is the possibility that they can intercept and
modify communications.
4. Security Concerns of Cloud Computing
While cost and ease of use are two great benefits
of cloud computing, there are significant security
concerns that need to be addressed when
considering moving critical applications and
sensitive data to public and shared cloud
environments. To address these concerns, the
cloud provider must develop sufficient controls to
provide the same or a greater level of security than
the organization would have if the cloud were not
used. Listed here are ten items to review when
considering cloud computing.
5. Secure Data Publication Applied To Cloud
Cloud computing facilitates storage of data at a
remote site to maximize resource utilization.
As a result, it is critical that this data be protected
and only given to authorized individuals. This
essentially amounts to secure publication of data
that is necessary for data outsourcing, as well as
external publications. We have developed
techniques for publication of data in a secure
manner. We assume that the data is represented as
an XML document. This is a valid assumption as
many of the documents on the web are now
represented as XML documents. In the access
control framework proposed in Bertino (2002),
security policy is specified depending on user
roles and credentials Users must possess the
credentials to access XML documents.
Security could improve due to centralization of
data, increased security-focused resources, etc.,
but concerns can persist about loss of control over
certain sensitive data, and the lack of security for
stored kernels. Security is often as good as or
better than under traditional systems, in part
because providers are able to devote resources to
solving security issues that many customers
cannot afford. However, the complexity of
security is greatly increased when data is
distributed over a wider area or greater number of
devices and in multi-tenant systems that are being
shared by unrelated users. In addition, user access
to security audit logs may be difficult or
impossible. Private cloud installations are in part
motivated by users' desire to retain control over
the infrastructure and avoid losing control of
information security. This essentially amounts to
secure publication of data that is necessary for
data outsourcing, as well as external publications.
Since data in the cloud will be placed anywhere, it
is important that the data is encrypted. We are
using secure co-processor as part of the cloud
infrastructure to enable efficient encrypted storage
of sensitive data.
Security is needed at server access internet access
database access data privacy program access.
Security concerns arising because both customer
data and program are residing in provider
premises.
Security is used to save data and program from
disrupts services, theft of information, loss of
privacy, hostile program, hostile people giving
instructions to good programs, bad guys
corrupting or eavesdropping on communications.
6. Summary and Conclusion
In this paper, we first discussed cloud computing
then cloud module and its expansion secondly
security issues for cloud. These issues include
storage security, middleware security, data
security, network security and application
security. The main goal is to securely store and
manage data that is not controlled by the owner of
the data. We discussed how we may secure
documents that may be published. There are
several other security challenges including
security aspects of virtualization. We believe that
due to the complexity of the cloud, it will be
difficult to achieve end-to-end security.
However, the challenge we have is to ensure more
secure operations even if some parts of the cloud
fail.

4. 4
For many applications, we not only need
information assurance but also mission assurance.
Figure2. Case study of Worldwide Spending
Cloud
Reference
1. Andy BechtolsheimChairman & Co-
founder, Arista Networks.
November 12th, 2008
2. Encrypted Storage and Key Management
for the cloud. Cryptoclarity.com. 2009-
07-30.
3. http://www.cryptoclarity.com/CryptoClar
ityLLC/Welcome/Entries/2009/7/23_Enc
rypted_Storage_and_Key_Management_
for_the_cloud.html. Retrieved 2010-08-
22
4. Mills, Elinor (2009-01-27). "Cloud
computing security forecast: Clear
skies". CNET.
5. Michael Gregg, Global Knowledge
Instructor, CISA, CISSP, CISM, MCSE,
CTT+, CGEIT, A+, N+, Security+,
CNA, CCNA, CIW Security Analyst,
CEH, CHFI, CEI, DCNP, ES Dragon
IDS, ES Advanced Dragon IDS, and
SSCP.
6. Ashwin Alfred Pinto, Shvetank Verma,
Satyam Singh, Prashant Srivastava,
Rahul Gupta, and Vijay Chourasia.
Proceedings of the World Congress on
Engineering 2011
7. Vol I WCE 2011, July 6 - 8, 2011,
London, U.K.
8. www.cloudbook.net/resources.
9. "Service-Oriented Computing and Cloud
Computing: Challenges and
Opportunities". IEEE Internet
Computing. Retrieved 2010-12-04.
10. "The NIST Definition of Cloud
Computing (Draft)". National Institute of
Science and Technology. Retrieved 24
July 2011.