SlideShare a Scribd company logo

Literature Review: Security on cloud computing

This is a literature survey about security issues and countermeasures on cloud computing. This paper discusses about an overview of cloud computing and security issues of cloud computing.

1 of 6
Download to read offline
Security Issues and countermeasures on Cloud Computing
Suranga Nisiwasala
University of Colombo School of Computing
Abstract
Cloud computing has quickly become one of the most significant field in the IT world due to its
revolutionary model of computing as a utility. It came with increasing flexibility, scalability, and reliability,
while decreasing operational and support cost. The development of cloud computing provide business
supporting technology in a more efficient way than ever before. The shift from server to service based
technology brought a significant change in computing technology. However these development have
created new security vulnerabilities, including security issues whose full impressions are still rising. This
paper reveals an overview and study of cloud computing including main service model of cloud computing,
the general deployment models, security issues, threats, vulnerabilities and challenges of cloud
computing. Main goal of publishing this paper is presenting about possible solutions for the preventing
security threats on Cloud computing
1. Introduction
Cloud computing, as defined by NIST, is a model for enabling always-on, convenient, on demand
networks access to a shared pool of configurable computing resources(e.g. storage, applications,
services etc.) that can be rapidly provisioned and released with minimal ,management effort or service
provider interaction[12]. At the core of cloud computing is a datacenter that uses virtualization to
isolate instance of application or services being hosted in “Cloud”.
2. Cloud Computing Service Models
 Software as a service (SaaS): The cloud provider provides the cloud consumer with capability to
deploy an application on a cloud infrastructure [12] and in a way it can be define as provide
business application services on demand such as email, conferencing software, and business
applications. SaaS makes it not necessary for the customer to have a physical copy of the software
installed on a pc, laptop or any other client device. SaaS can sometimes be referred to as service
or application clouds. Often it’s a kind of standard application software functionality offered
within a cloud.(e.g. Salesforce CRM, Google Docs, Google calendar, SAP business by design)
SaaS users have less control over security among the three fundamental delivery models in the
cloud. The adoption of SaaS applications may raise some security concerns.
 Application security: flaws in web application may create vulnerabilities for SaaS applications.
Steal sensitive data
 Multi-tenancy: single instance servers for all customer, data leakage (security policies are
needed to ensure customer’s data are kept separate from other customers)
 Data security: organizational data often processed in plain-text and store in cloud. And data
backup is critical in order to recovery process. So cloud providers subcontract the backup.
Data privacy there
 Accessibility: accessing application over the internet via web browser makes access from any
network device easier, including public computer and mobile devices. It exposes the services
to additional security risk. Mobile computing threats: Information stealing mobile malware,
insecure network (Wi-Fi), vulnerabilities found in the device operating system and official
application, insecure market places and proximity-based hacking.
 Platform as a Services (PaaS): the cloud provider provides the cloud consumer with the capability
to develop and deploy applications on a cloud infrastructure using tools, runtimes, and services
supported by the CSP [12]. The customer doesn’t have access to the underlying cloud
infrastructure including network, servers, operating systems, or storage, but has control over the
deployed tools/services and probably configuration settings for the application-hosting
environment. This provides a set of developer environment that a customer can use to build their
applications without having any clue about what is going on beneath the service. PaaS is a
platform where application can be developed, tested and used( e.g. Google App Engine,
Force.com, Microsoft Windows Azure, Java)
PaaS application security can merge to two sections which are security of the platform itself and
security of customer applications deployed on PaaS platform. PaaS providers are responsible for
securing the platform software stack that includes the runtime engine that runs the customer
applications. Same as SaaS, PaaS also bring data security issues that are describes as follows [1].
 Third-party relationships: PaaS doesn’t only provide the traditional programming languages
but also it offers third party web service components such as Mashups. Mashup combine
more than one source element into a single integrated unit. So PaaS models also inherit
security issues related to mashups such as data and network security.
 Underlying infrastructure security: generally In PaaS, developers don’t allow to access to the
underlying layers. So providers are responsible for securing that layer as application services.
 Infrastructure as a Service (IaaS): The cloud provider provides the cloud consumer with essentially
a virtual machine. The cloud consumer has the ability to deploy and run arbitrary software
supported by the operating systems run by the virtual machine [1]. It provides a pool of resources
such as servers, storage, networks and other computing resources in the form of virtualized
systems, which are accessed through the internet. It is the hardware and software that power the
cloud. The customer doesn’t have access to the underlying cloud infrastructure but has control
over operating systems, storage, and deployed applications, and probably limited control over
selected network components.(e.g. Amazon S3, Microsoft Windows Azure, Mosso)
Here are some security issues with related to IaaS
 Virtualization: this allows to users to create, share, copy, migrate and roll back virtual
machines, which may allow them to run a variety of applications. In this layer has two
boundaries which are virtual and physical, so any flaws in either are vulnerable to any type of
attack.
 Virtualization has ability to migrate virtual machines between physical servers for load
balancing, fault tolerance and maintaining. So using this ability attacker can transfer the
virtual machine into malicious servers.
 Virtual machine roll back: VM can rolled baked to the previous state if an error happen. But
rolling back makes another vulnerability which is attacker can patched or re-enable the
previously disabled passwords or accounts.
 Virtual network: earlier I have mentioned the VM vulnerabilities. So virtual network increase
the VMs connectivity. So through the virtual network there is possibility to perform attack
such as sniffing and spoofing virtual network.
3. Cloud Deployment Model[4]
 Public cloud: A public cloud is one based on the standard cloud computing model in which a
service provider makes resources, such as applications and storages, available to the general
public over the internet. This service may be free or offered on a pay-per usage model [4].
 Private cloud: private cloud (also called internal cloud or cooperate cloud) is a marketing term for
a proprietary computing architecture that provide hosted services to a limited number of people
behind a firewall [4].
 Community cloud: A community cloud may be established where several organizations have
similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud
computing [4].
 Hybrid cloud: A hybrid cloud is a cloud computing environment in which an organization provides
and, manages some resources in-house and has others provided externally. For an n example, an
organization might use a public cloud service, such as Amazon simple storage service (Amazon S3)
for archived data but continue to maintain in-house storage for operational customer data [4].
4. Cloud computing entities [2]
 Cloud provider: Including ISPs, telecommunication companies and large business process
outsources that provide either the media (internet connections) or infrastructure (hosted data
centers) that enable customers to access cloud service.
 Cloud service broker: include technology consultant, business professional service organizations,
registered brokers and agents that help guide consumers in the selection of cloud computing
solution
 Cloud reseller: reseller become an important factor of cloud market when the cloud providers will
expand their business across continents.
5. Threats of Cloud Computing
While cost and ease of use are the two main strong benefits of the cloud computing, there are some major
issues that need to be referenced when allowing moving critical application and sensitive data to public
and shared cloud environment. The main aspect describing the achievement of any new computing
technology is the highest of security it provides whether the data located in the cloud is protected at that
level that it can avoid any sort of security issues. So here are some security threats that make impact on
cloud computing
 Account or service hijacking: attacker gain access to the users’ credential by using social
engineering and weak credentials. After that attacker can perform the malicious activities such as
access to sensitive data and manipulate data.
 Data scavenging: data can’t remove completely unless destroy the device. So attacker can recover
the data
 Data leakage: this will happen when data goes to wrong hands while data transferring, storing or
processing
 DOS attack: denial of service attack is attacker use the all possible resources which have on
network or server. Then real users can’t access to server/network for getting their services.
 VM escape: its design to exploit hypervisor to take control of the underlying infrastructure.
 Malicious VM creations: attacker who create a valid account can create a VM image containing
malicious code such as Trojan and store it in the provide repository
 Sniffing/Spoofing virtual network: Malicious VM can listen to the virtual network or even use ARP
spoofing to redirect packets t/from other VMs
Here are some other threats that come under the Cloud computing. Following threats also make
measurable impact on cloud computing but in here I haven’t presented detailed description [5].
 Multi location of the service provider
 Data combination and commingling
 Restriction on techniques and logistic
 Data transfer across the boarder
 Cloud challenges inherited from network concept
 SQL injection attacks
 Cross site scripting (XSS) attacks
 Man in the Middle attack(MITM)
 Reused IP addresses
 Cookie poisoning
 CAPTCHA breaking
6. Countermeasures
In this section I provide a brief description about the possible solutions to prevent or reduce threats which
make impact on cloud computing
 Identify the access management guidance: cloud security alliance (CSA) is a non-profit
organization that promote the use of best practices in order to provide security in cloud
environment
 Dynamic Credentials: present and algorithm to create dynamic credentials for mobile cloud
computing system
 Fragmentation-redundancy-scattering (FRS) technic: Aim to provide intrusion tolerance and, In
consequence, secure storage.
 Digital signature: proposes to secure data using digital signature with RSA algorithm while data is
being transfer over the internet.
 Homomorphic Encryption: Encryption techniques can be used to secure data while it’s being
transferred in and out of the cloud or stored in the provider’s premises. (AES, SSL)
 Web application scanner: this is a program which scans web applications through the web front-
end in order to identify security vulnerabilities.
 Trusted virtual datacenter (TVDc): it groups virtual machines that have common objectives into
workloads named Trusted Virtual Domains (TVDs). TVDc provides integrity by employing load-
time attestation mechanism to verify the integrity of the systems
 HyperSafe: it’s an approach that provides hypervisor control-flow integrity. This goal is to protect
type I hypervisors using two techniques: non-by passable memory lockdown and restricted
pointed indexing
 Trusted Cloud computing platform (TCCP): It enables provides to offer closed box execution
environments and allows users to determine if the environment is secure before launching their
VMs. The TCCP has two main elements: a Trusted Virtual Machine Monitor (TVMM) and Trusted
Coordinator (TC).
 Virtual Network Security: propose a virtual network framework that secure the communication
among virtual machines. This framework is based on Xen which offers two configuration modes
for virtual networks: “Bridge” and “Routed”. The virtual network model is composed of three
layers: routing layers, firewall and shared networks, which can prevent VMs from sniffing and
spoofing.
7. Challenges of cloud computing
The research on cloud computing is still at an early stage. Many existing issues haven’t been fully
addressed, while new challenges keep emerging from industry applications. Some of the challenging
research issues in cloud computing are given below
 Service level agreement
 Cloud data management & security
 Data encryption
 Migration of virtual machines
 Interoperability
 Access controls
 Energy management
 Server consolidations
 Reliability & availability of service
 Common cloud standards
 Platform management
Reference
[1]. Keiko Hashizume, David G Rosado, Eduardo Fernandes-Medina and Eduardo B Fernandez, “An Analysis of
security issues for cloud computing “Journal of internet services and applications, 2013 available at:
http://www.jisajournal.com/content/pdf/1869-0238-4-5.pdf
[2]. Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra satapathy,”Cloud Computing: Security Issues and
Research Challenges”, IRACST-International Journal of computer science and information technology &
security (LJCSITS) Vol.1, No.2 December 2011, available at:
http://ijcsits.org/papers/Vol1no22011/13vol1no2.pdf
[3]. Monjur Ahmed and Mohammad Ashraf Hossain, “Cloud Computing and Security Issues in the Cloud”,
International journal of network security & Its Applications (IJNSA), Vol.6, No.1, January 2014. Available
at: http://airccse.org/journal/nsa/6114nsa03.pdf
[4]. Pankaj Arora, Rubal Chaudhry Waldhawan, Er.Satinder Pal Ahuja ,“Cloud Computing Security Issues in
Infrastructure as a Service” International journal of advanced research in computer science and software
Engineerng, Vol.2, No.1, January 2012, Available at: www.ijarcsse.com
[5]. Vahid Ashktorab, Seyed Reza Taghizadeh, “Security Threats and Countermeasures in Cloud Computing”,
International Journal of Application or Innovative in Engineering & Management (IJAIEM) Vol. 1, No.2,
October 2012, available: www.ijaiem.org
[6]. Kangchan Lee “Security threats in Cloud computing Environment”, International Journal of Security and Its
Application, Vol.6, No.4, October 2012, available:
http://www.sersc.org/journals/IJSIA/vol6_no4_2012/3.pdf
[7]. Amar Gonaliya, “Security in Cloud Computing”, Technical paper contest 2011/ cloud 20/20 version 3.0,
available at: http://www.emacromall.com/techpapers/Security%20in%20Cloud%20Computing.pdf
[8]. Mohammed A. AlZain, Eric Parded, Ben Soh, James A. Thom, “Cloud Computing Security: From Single to
Multi-Clouds”, 2012 45th
Hawaii International Conference on system science, available at:
http://www.computer.org/csdl/proceedings/hicss/2012/4525/00/4525f490.pdf
[9]. Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1”,
December 2009, available at: https://cloudsecurityalliance.org/csaguide.pdf
[10].Teuseef Ahmad, Mohammad Amanul Haque, Khaled Al-Nafijan, Asrar Ahmad Ansari, “Development of
Cloud Computing and Security Issues”, ISSN 2224-5758(paper) ISSN 2224-896X(online) Vol.3, No.1, 2013,
available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.9007&rep=rep1&type=pdf
[11].Kim-Kwang Raymond Choo, “Cloud Computing: Challenges and Future Directions”, Trends & Issues in
crime and criminal justice, No.400, Oct 2010, available at:
http://aic.gov.au/media_library/publications/tandi_pdf/tandi400.pdf
[12].National Institute of Standards and Technology, NIST definition of cloud computing, Sept. 2011
[13]. Nash Gajic, “SAP Cloud Consideration”, available at: http://scn.sap.com/community/cloud/blog
[14].“Cloud Computing”, available at: http://en.wikipedia.org/wiki/Cloud_computing
Ad

Recommended

Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computingRkrishna Mishra
 
Top 10 cloud service providers
Top 10 cloud service providersTop 10 cloud service providers
Top 10 cloud service providersVineet Garg
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentationPriyanka Sharma
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingnitinw25
 
FOG COMPUTING- Presentation
FOG COMPUTING- Presentation FOG COMPUTING- Presentation
FOG COMPUTING- Presentation Anjana Shivangi
 
free space laser communication
free space laser communicationfree space laser communication
free space laser communicationBHari5
 

More Related Content

What's hot

What's hot (20)

NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applications
 
Seminar report on cloud computing
Seminar report on cloud computingSeminar report on cloud computing
Seminar report on cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
FOG COMPUTING
FOG COMPUTINGFOG COMPUTING
FOG COMPUTING
 
Green cloud computing
Green cloud computingGreen cloud computing
Green cloud computing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Edge Computing
Edge ComputingEdge Computing
Edge Computing
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Computing Documentation Report
Cloud Computing Documentation ReportCloud Computing Documentation Report
Cloud Computing Documentation Report
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Fog Computing
Fog ComputingFog Computing
Fog Computing
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Application Virtualization presentation
Application Virtualization presentationApplication Virtualization presentation
Application Virtualization presentation
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
 

Viewers also liked

SAP - Solution Marketing Case Study
SAP - Solution Marketing Case StudySAP - Solution Marketing Case Study
SAP - Solution Marketing Case StudySteve Robins
 
A systematic literature review of cloud
A systematic literature review of cloudA systematic literature review of cloud
A systematic literature review of cloudhiij
 
ร้านขายผู้หญิง
ร้านขายผู้หญิงร้านขายผู้หญิง
ร้านขายผู้หญิงKroo Naja Sanphet
 
Comm 303 presentation
Comm 303 presentationComm 303 presentation
Comm 303 presentationThomasDahlia
 
5 themes of geography 2013
5 themes of geography 20135 themes of geography 2013
5 themes of geography 2013amandaboo96
 
NEU CPS Student newsletter : August 2014
NEU CPS Student newsletter : August 2014NEU CPS Student newsletter : August 2014
NEU CPS Student newsletter : August 2014jcoggeshall
 
Change Management themes
Change Management themesChange Management themes
Change Management themesAdewale Abe
 
Biz Pro 2013 Fall Recruitment
Biz Pro 2013 Fall RecruitmentBiz Pro 2013 Fall Recruitment
Biz Pro 2013 Fall RecruitmentCandy Yu
 
NEU CPS Student Newsletter: August 2014
NEU CPS Student Newsletter: August 2014NEU CPS Student Newsletter: August 2014
NEU CPS Student Newsletter: August 2014jcoggeshall
 
Metode pendidikan islam
Metode pendidikan islamMetode pendidikan islam
Metode pendidikan islamDozzo Morini
 
CPS Student Handbook: 2012-2013
CPS Student Handbook: 2012-2013CPS Student Handbook: 2012-2013
CPS Student Handbook: 2012-2013jcoggeshall
 
70分でわかる古事記
70分でわかる古事記70分でわかる古事記
70分でわかる古事記雀 古都
 
人生十問 星雲大師
人生十問 星雲大師人生十問 星雲大師
人生十問 星雲大師菜包 七逃
 

Viewers also liked (20)

SAP - Solution Marketing Case Study
SAP - Solution Marketing Case StudySAP - Solution Marketing Case Study
SAP - Solution Marketing Case Study
 
A systematic literature review of cloud
A systematic literature review of cloudA systematic literature review of cloud
A systematic literature review of cloud
 
Literature Review
Literature ReviewLiterature Review
Literature Review
 
ร้านขายผู้หญิง
ร้านขายผู้หญิงร้านขายผู้หญิง
ร้านขายผู้หญิง
 
Comm 303 presentation
Comm 303 presentationComm 303 presentation
Comm 303 presentation
 
5 themes of geography 2013
5 themes of geography 20135 themes of geography 2013
5 themes of geography 2013
 
NEU CPS Student newsletter : August 2014
NEU CPS Student newsletter : August 2014NEU CPS Student newsletter : August 2014
NEU CPS Student newsletter : August 2014
 
10 keutamaan shodaqah
10 keutamaan shodaqah10 keutamaan shodaqah
10 keutamaan shodaqah
 
Change Management themes
Change Management themesChange Management themes
Change Management themes
 
Biz Pro 2013 Fall Recruitment
Biz Pro 2013 Fall RecruitmentBiz Pro 2013 Fall Recruitment
Biz Pro 2013 Fall Recruitment
 
Tablet
TabletTablet
Tablet
 
NEU CPS Student Newsletter: August 2014
NEU CPS Student Newsletter: August 2014NEU CPS Student Newsletter: August 2014
NEU CPS Student Newsletter: August 2014
 
Cloud by printi
Cloud by printiCloud by printi
Cloud by printi
 
True touch
 True touch True touch
True touch
 
Metode pendidikan islam
Metode pendidikan islamMetode pendidikan islam
Metode pendidikan islam
 
CPS Student Handbook: 2012-2013
CPS Student Handbook: 2012-2013CPS Student Handbook: 2012-2013
CPS Student Handbook: 2012-2013
 
70分でわかる古事記
70分でわかる古事記70分でわかる古事記
70分でわかる古事記
 
Pmt engineers
Pmt engineersPmt engineers
Pmt engineers
 
人生十問 星雲大師
人生十問 星雲大師人生十問 星雲大師
人生十問 星雲大師
 
Program guide
Program guideProgram guide
Program guide
 

Similar to Literature Review: Security on cloud computing

A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGEr Piyush Gupta IN ⊞⌘
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentIOSR Journals
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data  in CloudA Detailed Analysis of the Issues and Solutions for Securing Data  in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudIOSR Journals
 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4kongara
 
Security threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computingSecurity threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computingJahangeer Qadiree
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Cloud Computing Basics Features and Services
Cloud Computing Basics Features and ServicesCloud Computing Basics Features and Services
Cloud Computing Basics Features and Servicesijtsrd
 
Introduction to Cloud Computing.pptx
Introduction to Cloud Computing.pptxIntroduction to Cloud Computing.pptx
Introduction to Cloud Computing.pptxojaswiniwagh
 
Exploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelsExploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelscloudresearcher
 
Exploring the cloud deployment and service delivery models (2)
Exploring the cloud deployment and service delivery models (2)Exploring the cloud deployment and service delivery models (2)
Exploring the cloud deployment and service delivery models (2)Mervat Bamiah
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelSecurity Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelIOSR Journals
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...IIJSRJournal
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computingronak patel
 

Similar to Literature Review: Security on cloud computing (20)

A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
 
H046053944
H046053944H046053944
H046053944
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data  in CloudA Detailed Analysis of the Issues and Solutions for Securing Data  in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4
 
Security threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computingSecurity threat issues and countermeasures in cloud computing
Security threat issues and countermeasures in cloud computing
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Cloud Computing Basics Features and Services
Cloud Computing Basics Features and ServicesCloud Computing Basics Features and Services
Cloud Computing Basics Features and Services
 
Introduction to Cloud Computing.pptx
Introduction to Cloud Computing.pptxIntroduction to Cloud Computing.pptx
Introduction to Cloud Computing.pptx
 
Exploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelsExploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery models
 
Exploring the cloud deployment and service delivery models (2)
Exploring the cloud deployment and service delivery models (2)Exploring the cloud deployment and service delivery models (2)
Exploring the cloud deployment and service delivery models (2)
 
Cc unit 3 updated version
Cc unit 3 updated versionCc unit 3 updated version
Cc unit 3 updated version
 
Cloud notes 1
Cloud notes 1Cloud notes 1
Cloud notes 1
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelSecurity Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computing
 

Recently uploaded

Diploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdf
Diploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdfDiploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdf
Diploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdfSUMIT TIWARI
 
ICSE English Literature Class X Handwritten Notes
ICSE English Literature Class X Handwritten NotesICSE English Literature Class X Handwritten Notes
ICSE English Literature Class X Handwritten NotesGauri S
 
Creative, Technical, and Academic Writing
Creative, Technical, and Academic WritingCreative, Technical, and Academic Writing
Creative, Technical, and Academic WritingMYDA ANGELICA SUAN
 
Persuasive Speaking and Means of Persuasion
Persuasive Speaking and Means of PersuasionPersuasive Speaking and Means of Persuasion
Persuasive Speaking and Means of PersuasionCorinne Weisgerber
 
11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdfAynouraHamidova
 
New Features in the Odoo 17 Sales Module
New Features in  the Odoo 17 Sales ModuleNew Features in  the Odoo 17 Sales Module
New Features in the Odoo 17 Sales ModuleCeline George
 
catch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTS
catch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTScatch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTS
catch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTSCarlaNicolas7
 
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAYSOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAYGloriaRamos83
 
Odontogenesis and its related anomiles.pptx
Odontogenesis and its related anomiles.pptxOdontogenesis and its related anomiles.pptx
Odontogenesis and its related anomiles.pptxMennat Allah Alkaram
 
Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...
Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...
Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...AKSHAYMAGAR17
 
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdfAynouraHamidova
 
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptxBBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptxProf. Kanchan Kumari
 
DISCOURSE: TEXT AS CONNECTED DISCOURSE
DISCOURSE:   TEXT AS CONNECTED DISCOURSEDISCOURSE:   TEXT AS CONNECTED DISCOURSE
DISCOURSE: TEXT AS CONNECTED DISCOURSEMYDA ANGELICA SUAN
 
Practical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptxPractical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptxKatherine Villaluna
 
Plant Genetic Resources, Germplasm, gene pool - Copy.pptx
Plant Genetic Resources, Germplasm, gene pool - Copy.pptxPlant Genetic Resources, Germplasm, gene pool - Copy.pptx
Plant Genetic Resources, Germplasm, gene pool - Copy.pptxAKSHAYMAGAR17
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...Nguyen Thanh Tu Collection
 
Chromatography-Gas chromatography-Principle
Chromatography-Gas chromatography-PrincipleChromatography-Gas chromatography-Principle
Chromatography-Gas chromatography-Principleblessipriyanka
 
Overview of Databases and Data Modelling-1.pdf
Overview of Databases and Data Modelling-1.pdfOverview of Databases and Data Modelling-1.pdf
Overview of Databases and Data Modelling-1.pdfChristalin Nelson
 

Recently uploaded (20)

Diploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdf
Diploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdfDiploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdf
Diploma 2nd yr PHARMACOLOGY chapter 5 part 1.pdf
 
ICSE English Literature Class X Handwritten Notes
ICSE English Literature Class X Handwritten NotesICSE English Literature Class X Handwritten Notes
ICSE English Literature Class X Handwritten Notes
 
Creative, Technical, and Academic Writing
Creative, Technical, and Academic WritingCreative, Technical, and Academic Writing
Creative, Technical, and Academic Writing
 
Persuasive Speaking and Means of Persuasion
Persuasive Speaking and Means of PersuasionPersuasive Speaking and Means of Persuasion
Persuasive Speaking and Means of Persuasion
 
11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 1-2023-Aynura-Hamidova.pdf
 
New Features in the Odoo 17 Sales Module
New Features in  the Odoo 17 Sales ModuleNew Features in  the Odoo 17 Sales Module
New Features in the Odoo 17 Sales Module
 
catch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTS
catch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTScatch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTS
catch-up-friday-ARALING PNLIPUNAN SOCIAL JUSTICE AND HUMAN RIGHTS
 
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAYSOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
SOCIAL JUSTICE LESSON ON CATCH UP FRIDAY
 
Odontogenesis and its related anomiles.pptx
Odontogenesis and its related anomiles.pptxOdontogenesis and its related anomiles.pptx
Odontogenesis and its related anomiles.pptx
 
Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...
Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...
Ideotype concept and climate resilient crop varieties for future- Wheat, Rice...
 
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
 
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptxBBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
 
DNA damage and repair mechanism
DNA damage and repair mechanism DNA damage and repair mechanism
DNA damage and repair mechanism
 
DISCOURSE: TEXT AS CONNECTED DISCOURSE
DISCOURSE:   TEXT AS CONNECTED DISCOURSEDISCOURSE:   TEXT AS CONNECTED DISCOURSE
DISCOURSE: TEXT AS CONNECTED DISCOURSE
 
Practical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptxPractical Research 1: Nature of Inquiry and Research.pptx
Practical Research 1: Nature of Inquiry and Research.pptx
 
Capter 5 Climate of Ethiopia and the Horn GeES 1011.pdf
Capter 5 Climate of Ethiopia and the Horn GeES 1011.pdfCapter 5 Climate of Ethiopia and the Horn GeES 1011.pdf
Capter 5 Climate of Ethiopia and the Horn GeES 1011.pdf
 
Plant Genetic Resources, Germplasm, gene pool - Copy.pptx
Plant Genetic Resources, Germplasm, gene pool - Copy.pptxPlant Genetic Resources, Germplasm, gene pool - Copy.pptx
Plant Genetic Resources, Germplasm, gene pool - Copy.pptx
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - HK2 - GLOBAL SUCCESS - NĂM HỌC 202...
 
Chromatography-Gas chromatography-Principle
Chromatography-Gas chromatography-PrincipleChromatography-Gas chromatography-Principle
Chromatography-Gas chromatography-Principle
 
Overview of Databases and Data Modelling-1.pdf
Overview of Databases and Data Modelling-1.pdfOverview of Databases and Data Modelling-1.pdf
Overview of Databases and Data Modelling-1.pdf
 

Literature Review: Security on cloud computing

  • 1. Security Issues and countermeasures on Cloud Computing Suranga Nisiwasala University of Colombo School of Computing Abstract Cloud computing has quickly become one of the most significant field in the IT world due to its revolutionary model of computing as a utility. It came with increasing flexibility, scalability, and reliability, while decreasing operational and support cost. The development of cloud computing provide business supporting technology in a more efficient way than ever before. The shift from server to service based technology brought a significant change in computing technology. However these development have created new security vulnerabilities, including security issues whose full impressions are still rising. This paper reveals an overview and study of cloud computing including main service model of cloud computing, the general deployment models, security issues, threats, vulnerabilities and challenges of cloud computing. Main goal of publishing this paper is presenting about possible solutions for the preventing security threats on Cloud computing 1. Introduction Cloud computing, as defined by NIST, is a model for enabling always-on, convenient, on demand networks access to a shared pool of configurable computing resources(e.g. storage, applications, services etc.) that can be rapidly provisioned and released with minimal ,management effort or service provider interaction[12]. At the core of cloud computing is a datacenter that uses virtualization to isolate instance of application or services being hosted in “Cloud”. 2. Cloud Computing Service Models  Software as a service (SaaS): The cloud provider provides the cloud consumer with capability to deploy an application on a cloud infrastructure [12] and in a way it can be define as provide business application services on demand such as email, conferencing software, and business applications. SaaS makes it not necessary for the customer to have a physical copy of the software installed on a pc, laptop or any other client device. SaaS can sometimes be referred to as service or application clouds. Often it’s a kind of standard application software functionality offered within a cloud.(e.g. Salesforce CRM, Google Docs, Google calendar, SAP business by design) SaaS users have less control over security among the three fundamental delivery models in the cloud. The adoption of SaaS applications may raise some security concerns.  Application security: flaws in web application may create vulnerabilities for SaaS applications. Steal sensitive data  Multi-tenancy: single instance servers for all customer, data leakage (security policies are needed to ensure customer’s data are kept separate from other customers)  Data security: organizational data often processed in plain-text and store in cloud. And data backup is critical in order to recovery process. So cloud providers subcontract the backup. Data privacy there  Accessibility: accessing application over the internet via web browser makes access from any network device easier, including public computer and mobile devices. It exposes the services
  • 2. to additional security risk. Mobile computing threats: Information stealing mobile malware, insecure network (Wi-Fi), vulnerabilities found in the device operating system and official application, insecure market places and proximity-based hacking.  Platform as a Services (PaaS): the cloud provider provides the cloud consumer with the capability to develop and deploy applications on a cloud infrastructure using tools, runtimes, and services supported by the CSP [12]. The customer doesn’t have access to the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed tools/services and probably configuration settings for the application-hosting environment. This provides a set of developer environment that a customer can use to build their applications without having any clue about what is going on beneath the service. PaaS is a platform where application can be developed, tested and used( e.g. Google App Engine, Force.com, Microsoft Windows Azure, Java) PaaS application security can merge to two sections which are security of the platform itself and security of customer applications deployed on PaaS platform. PaaS providers are responsible for securing the platform software stack that includes the runtime engine that runs the customer applications. Same as SaaS, PaaS also bring data security issues that are describes as follows [1].  Third-party relationships: PaaS doesn’t only provide the traditional programming languages but also it offers third party web service components such as Mashups. Mashup combine more than one source element into a single integrated unit. So PaaS models also inherit security issues related to mashups such as data and network security.  Underlying infrastructure security: generally In PaaS, developers don’t allow to access to the underlying layers. So providers are responsible for securing that layer as application services.  Infrastructure as a Service (IaaS): The cloud provider provides the cloud consumer with essentially a virtual machine. The cloud consumer has the ability to deploy and run arbitrary software supported by the operating systems run by the virtual machine [1]. It provides a pool of resources such as servers, storage, networks and other computing resources in the form of virtualized systems, which are accessed through the internet. It is the hardware and software that power the cloud. The customer doesn’t have access to the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and probably limited control over selected network components.(e.g. Amazon S3, Microsoft Windows Azure, Mosso) Here are some security issues with related to IaaS  Virtualization: this allows to users to create, share, copy, migrate and roll back virtual machines, which may allow them to run a variety of applications. In this layer has two boundaries which are virtual and physical, so any flaws in either are vulnerable to any type of attack.  Virtualization has ability to migrate virtual machines between physical servers for load balancing, fault tolerance and maintaining. So using this ability attacker can transfer the virtual machine into malicious servers.  Virtual machine roll back: VM can rolled baked to the previous state if an error happen. But rolling back makes another vulnerability which is attacker can patched or re-enable the previously disabled passwords or accounts.
  • 3.  Virtual network: earlier I have mentioned the VM vulnerabilities. So virtual network increase the VMs connectivity. So through the virtual network there is possibility to perform attack such as sniffing and spoofing virtual network. 3. Cloud Deployment Model[4]  Public cloud: A public cloud is one based on the standard cloud computing model in which a service provider makes resources, such as applications and storages, available to the general public over the internet. This service may be free or offered on a pay-per usage model [4].  Private cloud: private cloud (also called internal cloud or cooperate cloud) is a marketing term for a proprietary computing architecture that provide hosted services to a limited number of people behind a firewall [4].  Community cloud: A community cloud may be established where several organizations have similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud computing [4].  Hybrid cloud: A hybrid cloud is a cloud computing environment in which an organization provides and, manages some resources in-house and has others provided externally. For an n example, an organization might use a public cloud service, such as Amazon simple storage service (Amazon S3) for archived data but continue to maintain in-house storage for operational customer data [4]. 4. Cloud computing entities [2]  Cloud provider: Including ISPs, telecommunication companies and large business process outsources that provide either the media (internet connections) or infrastructure (hosted data centers) that enable customers to access cloud service.  Cloud service broker: include technology consultant, business professional service organizations, registered brokers and agents that help guide consumers in the selection of cloud computing solution  Cloud reseller: reseller become an important factor of cloud market when the cloud providers will expand their business across continents. 5. Threats of Cloud Computing While cost and ease of use are the two main strong benefits of the cloud computing, there are some major issues that need to be referenced when allowing moving critical application and sensitive data to public and shared cloud environment. The main aspect describing the achievement of any new computing technology is the highest of security it provides whether the data located in the cloud is protected at that level that it can avoid any sort of security issues. So here are some security threats that make impact on cloud computing  Account or service hijacking: attacker gain access to the users’ credential by using social engineering and weak credentials. After that attacker can perform the malicious activities such as access to sensitive data and manipulate data.  Data scavenging: data can’t remove completely unless destroy the device. So attacker can recover the data  Data leakage: this will happen when data goes to wrong hands while data transferring, storing or processing
  • 4.  DOS attack: denial of service attack is attacker use the all possible resources which have on network or server. Then real users can’t access to server/network for getting their services.  VM escape: its design to exploit hypervisor to take control of the underlying infrastructure.  Malicious VM creations: attacker who create a valid account can create a VM image containing malicious code such as Trojan and store it in the provide repository  Sniffing/Spoofing virtual network: Malicious VM can listen to the virtual network or even use ARP spoofing to redirect packets t/from other VMs Here are some other threats that come under the Cloud computing. Following threats also make measurable impact on cloud computing but in here I haven’t presented detailed description [5].  Multi location of the service provider  Data combination and commingling  Restriction on techniques and logistic  Data transfer across the boarder  Cloud challenges inherited from network concept  SQL injection attacks  Cross site scripting (XSS) attacks  Man in the Middle attack(MITM)  Reused IP addresses  Cookie poisoning  CAPTCHA breaking 6. Countermeasures In this section I provide a brief description about the possible solutions to prevent or reduce threats which make impact on cloud computing  Identify the access management guidance: cloud security alliance (CSA) is a non-profit organization that promote the use of best practices in order to provide security in cloud environment  Dynamic Credentials: present and algorithm to create dynamic credentials for mobile cloud computing system  Fragmentation-redundancy-scattering (FRS) technic: Aim to provide intrusion tolerance and, In consequence, secure storage.  Digital signature: proposes to secure data using digital signature with RSA algorithm while data is being transfer over the internet.  Homomorphic Encryption: Encryption techniques can be used to secure data while it’s being transferred in and out of the cloud or stored in the provider’s premises. (AES, SSL)  Web application scanner: this is a program which scans web applications through the web front- end in order to identify security vulnerabilities.  Trusted virtual datacenter (TVDc): it groups virtual machines that have common objectives into workloads named Trusted Virtual Domains (TVDs). TVDc provides integrity by employing load- time attestation mechanism to verify the integrity of the systems
  • 5.  HyperSafe: it’s an approach that provides hypervisor control-flow integrity. This goal is to protect type I hypervisors using two techniques: non-by passable memory lockdown and restricted pointed indexing  Trusted Cloud computing platform (TCCP): It enables provides to offer closed box execution environments and allows users to determine if the environment is secure before launching their VMs. The TCCP has two main elements: a Trusted Virtual Machine Monitor (TVMM) and Trusted Coordinator (TC).  Virtual Network Security: propose a virtual network framework that secure the communication among virtual machines. This framework is based on Xen which offers two configuration modes for virtual networks: “Bridge” and “Routed”. The virtual network model is composed of three layers: routing layers, firewall and shared networks, which can prevent VMs from sniffing and spoofing. 7. Challenges of cloud computing The research on cloud computing is still at an early stage. Many existing issues haven’t been fully addressed, while new challenges keep emerging from industry applications. Some of the challenging research issues in cloud computing are given below  Service level agreement  Cloud data management & security  Data encryption  Migration of virtual machines  Interoperability  Access controls  Energy management  Server consolidations  Reliability & availability of service  Common cloud standards  Platform management Reference [1]. Keiko Hashizume, David G Rosado, Eduardo Fernandes-Medina and Eduardo B Fernandez, “An Analysis of security issues for cloud computing “Journal of internet services and applications, 2013 available at: http://www.jisajournal.com/content/pdf/1869-0238-4-5.pdf [2]. Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra satapathy,”Cloud Computing: Security Issues and Research Challenges”, IRACST-International Journal of computer science and information technology & security (LJCSITS) Vol.1, No.2 December 2011, available at: http://ijcsits.org/papers/Vol1no22011/13vol1no2.pdf [3]. Monjur Ahmed and Mohammad Ashraf Hossain, “Cloud Computing and Security Issues in the Cloud”, International journal of network security & Its Applications (IJNSA), Vol.6, No.1, January 2014. Available at: http://airccse.org/journal/nsa/6114nsa03.pdf
  • 6. [4]. Pankaj Arora, Rubal Chaudhry Waldhawan, Er.Satinder Pal Ahuja ,“Cloud Computing Security Issues in Infrastructure as a Service” International journal of advanced research in computer science and software Engineerng, Vol.2, No.1, January 2012, Available at: www.ijarcsse.com [5]. Vahid Ashktorab, Seyed Reza Taghizadeh, “Security Threats and Countermeasures in Cloud Computing”, International Journal of Application or Innovative in Engineering & Management (IJAIEM) Vol. 1, No.2, October 2012, available: www.ijaiem.org [6]. Kangchan Lee “Security threats in Cloud computing Environment”, International Journal of Security and Its Application, Vol.6, No.4, October 2012, available: http://www.sersc.org/journals/IJSIA/vol6_no4_2012/3.pdf [7]. Amar Gonaliya, “Security in Cloud Computing”, Technical paper contest 2011/ cloud 20/20 version 3.0, available at: http://www.emacromall.com/techpapers/Security%20in%20Cloud%20Computing.pdf [8]. Mohammed A. AlZain, Eric Parded, Ben Soh, James A. Thom, “Cloud Computing Security: From Single to Multi-Clouds”, 2012 45th Hawaii International Conference on system science, available at: http://www.computer.org/csdl/proceedings/hicss/2012/4525/00/4525f490.pdf [9]. Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1”, December 2009, available at: https://cloudsecurityalliance.org/csaguide.pdf [10].Teuseef Ahmad, Mohammad Amanul Haque, Khaled Al-Nafijan, Asrar Ahmad Ansari, “Development of Cloud Computing and Security Issues”, ISSN 2224-5758(paper) ISSN 2224-896X(online) Vol.3, No.1, 2013, available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.9007&rep=rep1&type=pdf [11].Kim-Kwang Raymond Choo, “Cloud Computing: Challenges and Future Directions”, Trends & Issues in crime and criminal justice, No.400, Oct 2010, available at: http://aic.gov.au/media_library/publications/tandi_pdf/tandi400.pdf [12].National Institute of Standards and Technology, NIST definition of cloud computing, Sept. 2011 [13]. Nash Gajic, “SAP Cloud Consideration”, available at: http://scn.sap.com/community/cloud/blog [14].“Cloud Computing”, available at: http://en.wikipedia.org/wiki/Cloud_computing