Security Issues and Challenges in Cloud Computing: A Review

Authors

  • Prabal Verma  Department of Computer Science and Engineering, BGBSU, Rajouri, Jammu & Kashmir, India
  • Aditya Gupta  Department of Computer Science and Engineering, BGBSU, Rajouri, Jammu & Kashmir, India
  • Rakesh Singh Sambyal  Department of Information Technology Engineering, BGBSU, Rajouri, Jammu & Kashmir, India

Keywords:

Cloud computing provides a convenient access to a shared pool of configurable computing resources on demand. In cloud computing, the services are provided in the form of IT-related capabilities, which are accessible with minimal management effort and without requirement of the detailed knowledge of the technologies that are related to cloud computing. Because of the Security threats involved in Cloud Computing the users hesitate to use its services in spite of the great savings promised by Cloud. In this paper an overview of Cloud Computing and the security challenges related to Cloud are discussed. Although Cloud security can be improved with the help of many technological approaches available but currently there are no solutions that can provide all security features and the challenges such as service level agreements for security has to be tackled, also for ensuring accountability in the cloud certain holistic mechanisms should be implemented.

Abstract

Cloud computing provides a convenient access to a shared pool of configurable computing resources on demand. In cloud computing, the services are provided in the form of IT-related capabilities, which are accessible with minimal management effort and without requirement of the detailed knowledge of the technologies that are related to cloud computing. Because of the Security threats involved in Cloud Computing the users hesitate to use its services in spite of the great savings promised by Cloud. In this paper an overview of Cloud Computing and the security challenges related to Cloud are discussed. Although Cloud security can be improved with the help of many technological approaches available but currently there are no solutions that can provide all security features and the challenges such as service level agreements for security has to be tackled, also for ensuring accountability in the cloud certain holistic mechanisms should be implemented.

References

  1. Klyuev Vitaly, Oleshchuk Vladimir. Semantic retrieval: an approach to representing, searching and summarising text documents. Int J Inform Technol Commun Converg 2011;1(2):221–34.
  2. Nyre Åsmund Ahlmann, Jaatun Martin Gilje. A probabilistic approach to information control. J Internet Technol 2010;11(3):407–16.
  3. Ling Amy Poh Ai, Masao Mukaidono. Selection of model in developing information security criteria for smart grid security system. J Converg 2011;2(1):39–46.
  4. National Institute of Standards and Technology. The NIST definition of cloud computing; 2011. <http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf> [retrieved 14.04.11].
  5. Baek Sung-Jin, Park Sun-Mi, Yang Su-Hyun, Song Eun-Ha, Jeong Young-Sik. Efficient server virtualization using grid service infrastructure. J Inform Process Syst 2010;6(4):553–62.
  6. Mell Peter, Grance Tim. Effectively and securely using the cloud computing paradigm; 2011. <http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt> [retrieved 18.04.11].
  7. Hsu Ping-Hai, Tang Wenshiang, Tsai Chiakai, Cheng Bo-Chao. Two-layer security scheme for AMI system. J Converg 2011;2(1):47–52.
  8. Kryvinska Natalia, Thanh Do Van, Strauss Christine. Integrated management platform for seamless services provisioning in converged network. Int J Inform Technol Commun Converg 2010;1(1):77–91.
  9. Wlodarczyk Tomasz, Rong Chunming, Thorsen Kari Anne. Industrial cloud: toward inter-enterprise integration. In: Jaatun M, Zhao G, Rong C, editors.Cloud computing. Lecture notes in computer science, vol. 5931. Berlin/Heidelberg: Springer; 2009. p. 460–71. <http://dx.doi.org/10.1007/978-3-642-10665-1_42>.
  10. Amazon. Amazon Elastic Compute Cloud (EC2). <http://aws.amazon.com/ec2/>.
  11. Lee Hong Joo. Analysis of business attributes in information technology environments. J Inform Process Syst 2011;7(2):385–96.
  12. M. Casassa-Mont, S. Pearson and P. Bramhall, “Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services”, Proc. DEXA 2003, IEEE Computer Society, 2003, pp. 377-382.
  13. Microsoft. Microsoft Windows Azure. <http://www.microsoft.com/windowsazure/>.
  14. Google, Google Apps. <http://www.google.com/apps/>.
  15. Salesforce. Groupon expands throughout the US and beyond with salesforce; 2011. <http://www.salesforce.com/showcase/stories/groupon.jsp>.
  16. Salesforce.Salesforce CRM applications and software solutions. <http://www.salesforce.com/eu/crm/products.jsp>.
  17. Google. Google App Engine. <http://code.google.com/appengine/>.
  18. https://www.pcisecuritystandards.org/index.shtml.
  19. Dropbox, Where Are My Files Stored?; 2011. <http://www.dropbox.com/help/7> [retrieved 26.04.17].
  20. http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_ Security_Standard, 24 January 2010.
  21. J. Salmon, “Clouded in uncertainty – the legal pitfalls of cloud computing”, Computing, 24 Sept 2008, http://www.computing.co.uk/computing/features/2226701/cl ouded-uncertainty-4229153.
  22. Gartner: Seven cloud-computing security risks. InfoWorld. 2008-07-02. http://www.infoworld.com/d/security-central/gartner-seven-cloudcomputing-security-risks-853.
  23. Cloud Security Front and Center. Forrester Research. 2009-11-18. http://blogs.forrester.com/srm/2009/11/cloud-security-front-andcenter.html.
  24. Cloud Security Alliance. http://www.cloudsecurityalliance.org.
  25. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1, http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf.
  26. S. Subashini, V.Kavitha. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(2011)1-11.
  27. Mohamed Al Morsy, John Grundy, Ingo Müller, “An Analysis of The Cloud Computing Security Problem,” in Proceedings of APSEC 2010 Cloud Workshop, Sydney, Australia, 30th Nov 2010.
  28. Yanpei Chen, Vern Paxson, Randy H. Katz, “What's New About Cloud Computing Security?” Technical Report No. UCB/EECS-2010-5. http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html.
  29. Fogarty Kevin. Cloud computing standards: too many, doing too little; 2011. <http://www.cio.com/article/679067/ Cloud_Computing_Standards_Too_Many_Doing_Too_Little> [retrieved 15.09.17].
  30. Balachandra R K, Ramakrishna P V, Dr. Rakshit A, ‘Cloud Security Issues’, 2009 IEEE International Conference on Services Computing, viewed 26 October 2009, pp 517-520.
  31. Bernsmed Karin, Jaatun Martin Gilje, Meland Per Håkon, Undheim Astrid. Security SLAs for federated cloud services. In: Proceedings of the 6th international conference on availability, reliability and security (AReS 2011); 2011.
  32. Bernsmed Karin, Jaatun Martin Gilje, Undheim Astrid. Security in service level agreements for cloud computing. In: Proceedings of the 1st international conference on cloud computing and services science (CLOSER 2011); 2011.
  33. Rong Chunming, Nguyen Son T. Cloud trends and security challenges. In: Proceedings of the 3rd international workshop on security and computer networks (IWSCN 2011); 2011.
  34. Gentry Craig. A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University; 2009. <http://crypto.stanford.edu/craig/craig-thesis.pdf> [retrieved 21.04.11].
  35. Bellare Mihir, Goldreich Oded, Goldwasser Shafi. Incremental cryptography: the case of hashing and signing. In: Advances in cryptology – CRYPTO’94. Springer; 1994. p. 216–33.
  36. Bellare Mihir, Goldreich Oded, Goldwasser Shafi. Incremental cryptography and application to virus protection. In: Proceedings of the 27th annual ACM symposium on theory of computing. ACM; 1995. p. 45–56.
  37. Zhao Gansen, Rong Chunming, Li Jin, Zhang Feng, Tang Yong. Trusted data sharing over untrusted cloud storage providers. In: Proceedings of the 2nd IEEE international conference on cloud computing technology and science (CloudCom 2010); 2010.
  38. Rong Chunming, Zhao Gansen. Incremental encryption. Norwegian Patent No. P3683NO00-DT (Pending).
  39. Pearson Siani, Charlesworth Andrew. Accountability as a way forward for privacy protection in the cloud. In: Jaatun M, Zhao G, Rong C, editors. Cloud computing. Lecture notes in computer science, vol. 5931. Berlin/Heidelberg: Springer; 2009. p. 131–44. 10.1007/978-3-642-10665-1_12. <http:// dx.doi.org/10.1007/978-3-642-10665-1_12>.
  40. Pearson Siani. Toward accountability in the cloud. EEE Internet Computing 2011;15(4):64–9. http://dx.doi.org/10.1109/MIC.2011.98.

Downloads

Published

2018-04-25

Issue

Section

Research Articles

How to Cite

[1]
Prabal Verma, Aditya Gupta, Rakesh Singh Sambyal, " Security Issues and Challenges in Cloud Computing: A Review, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 4, Issue 1, pp.189-196, March-April-2018.