Introduction to Cloud Computing Introduction 3 Main Body3 Approaches: 5 Demonstration and Evaluation
VerifiedAdded on  2021/02/19
|14
|5243
|273
AI Summary
Cloud Computing Introduction 3 Main Body3 Overview:3 Approaches: 5 Demonstration and evaluation 6 Conclusion 12 References 13 Introduction Cloud computing refers to on-demand availability of resources of computer system which provides data storage along with computing power without any kind of direct active management through its user. Cloud renders a strong computing platform which allows organisations as well as individuals to deliver their tasks like usage of online storage space, development of customised software for systems, adopting business applications and creating realistic network environment (Ashktorab and
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Cloud ComputingCloud Computing
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction......................................................................................................................................3
Main Body.......................................................................................................................................3
Overview:...............................................................................................................................3
Approaches:............................................................................................................................5
Demonstration and evaluation................................................................................................6
Conclusion.....................................................................................................................................12
References......................................................................................................................................13
Introduction......................................................................................................................................3
Main Body.......................................................................................................................................3
Overview:...............................................................................................................................3
Approaches:............................................................................................................................5
Demonstration and evaluation................................................................................................6
Conclusion.....................................................................................................................................12
References......................................................................................................................................13
Introduction
Cloud computing refers to on-demand availability of resources of computer system which
provides data storage along with computing power without any kind of direct active management
through its user. Basically, it is being utilised for description of data centre which are available
for users on the internet (Ahmed and Hossain, 2014). This is liable for delivering diverse
services by making use of internet to their clients. It involves applications and tools such as
servers, data storage, software, networking and database. This essay is based on cloud
computing, approaches associated with this, its understanding and evaluation of different aspects
associated with this. Along with this, different aspects, facts and opinions are also illustrated.
Furthermore, it includes limitations it has with respect to security aspects.
Main Body
Overview:
Delivery of computing power as a service over a network rather then having the physical
resources within the location of customer is referred to as cloud computing. Cloud renders a
strong computing platform which allows organisations as well as individuals to deliver their
tasks like usage of online storage space, development of customised software for systems,
adopting business applications and creating realistic network environment (Ashktorab and
Taghizadeh, 2012). At present, lots of people are making use of cloud services for delivering
their services in an amplified manner. This also denotes that ample of data is stored within cloud
computing environments. But, with this security is also compromised which leads to data
breaches to cloud services as hackers are attempting to exploit the vulnerabilities that exist
within its architecture. It is liable for delivering storage space as well as application through the
utilisation of internet with minimal cost. An instance can be taken to understand its usage on
individuals on day to day basis like web based mail systems are used for exchanging messages
with each other, social networking sites provide a platform where information can be shared
with friends and remain in contact with them. These are some basic examples of cloud
computing which denotes that services from cloud are being utilised by each individual in real
Cloud computing refers to on-demand availability of resources of computer system which
provides data storage along with computing power without any kind of direct active management
through its user. Basically, it is being utilised for description of data centre which are available
for users on the internet (Ahmed and Hossain, 2014). This is liable for delivering diverse
services by making use of internet to their clients. It involves applications and tools such as
servers, data storage, software, networking and database. This essay is based on cloud
computing, approaches associated with this, its understanding and evaluation of different aspects
associated with this. Along with this, different aspects, facts and opinions are also illustrated.
Furthermore, it includes limitations it has with respect to security aspects.
Main Body
Overview:
Delivery of computing power as a service over a network rather then having the physical
resources within the location of customer is referred to as cloud computing. Cloud renders a
strong computing platform which allows organisations as well as individuals to deliver their
tasks like usage of online storage space, development of customised software for systems,
adopting business applications and creating realistic network environment (Ashktorab and
Taghizadeh, 2012). At present, lots of people are making use of cloud services for delivering
their services in an amplified manner. This also denotes that ample of data is stored within cloud
computing environments. But, with this security is also compromised which leads to data
breaches to cloud services as hackers are attempting to exploit the vulnerabilities that exist
within its architecture. It is liable for delivering storage space as well as application through the
utilisation of internet with minimal cost. An instance can be taken to understand its usage on
individuals on day to day basis like web based mail systems are used for exchanging messages
with each other, social networking sites provide a platform where information can be shared
with friends and remain in contact with them. These are some basic examples of cloud
computing which denotes that services from cloud are being utilised by each individual in real
time and also backup is provided within the cloud servers by which it can be accessed whenever
it is being required (Chou, 2013).
Cloud computing is also utilised by businesses for having services to reduction of
operational costs as well as improvisation of flow of cash. For an instance, social news website
have the storage space from Amazon Elastic Compute Cloud (EC2). This denotes a web service
which is liable for providing resizable and secured computing capacity within the cloud
(Hashizume and et. al, 2013). Furthermore, Amazon EC2 provides an interface that will assist
within obtaining as well as configuring capacity via minimised friction that is responsible for
providing complete control to the resources. Basically, Amazon EC2 will eliminate the
requirement for investment within hardware up front for development as well as deployment of
applications quickly. It leads to launching of virtual servers when they are required, security can
be configured, management of storage and networking.
In the similar manner digital photo sharing websites makes use of Amazon S3 for photo
hosting services. Amazon Simple Storage Service denotes a object storage that is responsible for
offering data availability, performance, security and industry leading scalability (Jiang, Ma and
Wei, 2016). This denotes that customers of all sizes as well as industries can make its use for
storing as well as protecting any amount of data for their use cases like mobile applications,
websites and restoring them. Likewise software firms opt for services delivered by Microsoft
Azure. This is being delivered by Microsoft for development, its testing, deployment and
management of services along with applications through the utilisation of Microsoft managed
data centres. This furnishes tools as well as frameworks for development of services via a global
network.
Cloud renders services at affordable prices but it also leads to rise within the security
issues that are related with it. This makes firms or individuals more vulnerable to cybercrimes.
For this, hackers or intruders tend to develop and utilise the different techniques for gaining
access to clouds without any kind legal authorization so that they can attain their goals. If
appropriate location of data can be attained then it will make hackers to have access to the
sensitive as well private information which will lead them to carry out illegal activities. This can
be understood by taking an instance, like hackers have taken a storage space from Amazon's EC2
services and attacked the Sony's PlayStation Network (Jouini and et. al, 2012). Within the data
leakage incident, Epsilon leaked email addresses and names of millions of customers from the
it is being required (Chou, 2013).
Cloud computing is also utilised by businesses for having services to reduction of
operational costs as well as improvisation of flow of cash. For an instance, social news website
have the storage space from Amazon Elastic Compute Cloud (EC2). This denotes a web service
which is liable for providing resizable and secured computing capacity within the cloud
(Hashizume and et. al, 2013). Furthermore, Amazon EC2 provides an interface that will assist
within obtaining as well as configuring capacity via minimised friction that is responsible for
providing complete control to the resources. Basically, Amazon EC2 will eliminate the
requirement for investment within hardware up front for development as well as deployment of
applications quickly. It leads to launching of virtual servers when they are required, security can
be configured, management of storage and networking.
In the similar manner digital photo sharing websites makes use of Amazon S3 for photo
hosting services. Amazon Simple Storage Service denotes a object storage that is responsible for
offering data availability, performance, security and industry leading scalability (Jiang, Ma and
Wei, 2016). This denotes that customers of all sizes as well as industries can make its use for
storing as well as protecting any amount of data for their use cases like mobile applications,
websites and restoring them. Likewise software firms opt for services delivered by Microsoft
Azure. This is being delivered by Microsoft for development, its testing, deployment and
management of services along with applications through the utilisation of Microsoft managed
data centres. This furnishes tools as well as frameworks for development of services via a global
network.
Cloud renders services at affordable prices but it also leads to rise within the security
issues that are related with it. This makes firms or individuals more vulnerable to cybercrimes.
For this, hackers or intruders tend to develop and utilise the different techniques for gaining
access to clouds without any kind legal authorization so that they can attain their goals. If
appropriate location of data can be attained then it will make hackers to have access to the
sensitive as well private information which will lead them to carry out illegal activities. This can
be understood by taking an instance, like hackers have taken a storage space from Amazon's EC2
services and attacked the Sony's PlayStation Network (Jouini and et. al, 2012). Within the data
leakage incident, Epsilon leaked email addresses and names of millions of customers from the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
database. There are many incidents with reference to security aspects of related with cloud
computing. This denotes that there has been intense knowledge about cloud security threats for
rendering the secured services to their users.
Approaches:
Cloud computing comprises of delivery of computing resources such as storage,
application and servers such as services to their end users through the usage of cloud computing
service providers. End users have on-demand access to the services by making use of web
browsers (Kalaiprasath, Elankavi and Udayakumar, 2017). It has three layers which includes
system, platform and application layer. The bottom layer is system which involves computational
resources like network devices, storage, memory and infrastructure of servers. This is referred to
as Infrastructure as a service. It is liable for providing virtualised computing resources via a
internet. This provides firms with an option for paying for IaaS on demand, it is scalable with
respect to processing & storage requirements, this saves cost of buying as well as maintenance of
hardware and there is no single point of failure. The virtualisation technology is being utilised
within which allows clients within development of critical network infrastructure. This
eliminates the cost associated with hardware along with this, it eases load associated with
network administration as IT professionals are not needed for monitoring physical networks
(Kumar and Kumar, 2013). Amazon's EC2 renders IaaS services by providing virtual computing
environment and interface for web service.
The platform layer is referred to as Platform as a service which provides development
platform for their users for designing specified applications. PaaS is a deployment and
development environment within the cloud and comprises of resources which will enable within
delivery of requirements which may vary from easy cloud based apps to more sophisticated and
cloud enabled enterprise applications. Here, individual or an organisation can opt for cloud
services as a pay-as-you-go basis for having a secured internet connection. Basically, PaaS
provider are responsible for hosting hardware as well software for developing & executing new
application. It is liable for providing user interface that is web based services for development,
testing, deployment, hosting and maintenance of applications, multi-tenant architecture along
with high scalability and load balancing (Lee, 2012). Through this also, individuals need to buy
their development tools which will again minimise the cost associated with this. For an instance,
GoogleApps it includes: Google Calendar, Google Talk, Docs, Groups and Google Sites.
computing. This denotes that there has been intense knowledge about cloud security threats for
rendering the secured services to their users.
Approaches:
Cloud computing comprises of delivery of computing resources such as storage,
application and servers such as services to their end users through the usage of cloud computing
service providers. End users have on-demand access to the services by making use of web
browsers (Kalaiprasath, Elankavi and Udayakumar, 2017). It has three layers which includes
system, platform and application layer. The bottom layer is system which involves computational
resources like network devices, storage, memory and infrastructure of servers. This is referred to
as Infrastructure as a service. It is liable for providing virtualised computing resources via a
internet. This provides firms with an option for paying for IaaS on demand, it is scalable with
respect to processing & storage requirements, this saves cost of buying as well as maintenance of
hardware and there is no single point of failure. The virtualisation technology is being utilised
within which allows clients within development of critical network infrastructure. This
eliminates the cost associated with hardware along with this, it eases load associated with
network administration as IT professionals are not needed for monitoring physical networks
(Kumar and Kumar, 2013). Amazon's EC2 renders IaaS services by providing virtual computing
environment and interface for web service.
The platform layer is referred to as Platform as a service which provides development
platform for their users for designing specified applications. PaaS is a deployment and
development environment within the cloud and comprises of resources which will enable within
delivery of requirements which may vary from easy cloud based apps to more sophisticated and
cloud enabled enterprise applications. Here, individual or an organisation can opt for cloud
services as a pay-as-you-go basis for having a secured internet connection. Basically, PaaS
provider are responsible for hosting hardware as well software for developing & executing new
application. It is liable for providing user interface that is web based services for development,
testing, deployment, hosting and maintenance of applications, multi-tenant architecture along
with high scalability and load balancing (Lee, 2012). Through this also, individuals need to buy
their development tools which will again minimise the cost associated with this. For an instance,
GoogleApps it includes: Google Calendar, Google Talk, Docs, Groups and Google Sites.
Through its utilisation, users have the option for customisation through these tools. Microsoft
Azure is a PaaS provider which provides a framework, tools and languages. Furthermore, users
can merge within their existent IT environments through this.
Application layer is the topmost which is referred to as software-as-a-service which
provides users with an option to make use of applications which are executing on the cloud
rather than making payments for purchasing such kind of applications. For an instance, Groupon
is a is a firm that is making use of SaaS for delivering their services (Modi and et. al, 2013).
They provide online support solutions. Zendesk is liable for processing everyday customer
tickets in an efficient manner through which they can deliver amplified services to their
customers. The other example is of Marathon Data Systems which furnishes solutions for field
services which includes air conditioning, heating, pest control, plumbing and many others. This
involves third-party provider applications which are made available to their customers via
internet. Instead of installation as well as maintenance of software that can be accessed by being
within the network. This will free up critical software & their management. They are also
referred to as web-based, hosted or on-demand software. This renders multitenant architecture
(applications & users makes use of common, single and code based infrastructure) which can be
maintained centrally. Furthermore, easy customisation is provided which will fit within the
business processes without creating any impact on their infrastructure.
There are different providers who render client services to them and depending upon the
features provided it can be utilised (Parekh and Sridaran, 2013). This has been shown here,
Infrastructure as a service (IaaS) is being provided by Amazon EC2, Rackspace, Vmware,
BluePOint, OpenStack and many more. Vendors of Platform as a service (PaaS) are: Google
Apps, SAP, Joyent, Amazon AWS, IBM, Netsuite and various others. SaaS services are rendered
by Gageln, Microsoft 365, LiveOPs, Knowledge Tree, CVM Solutions, etc.
Demonstration and evaluation
Security threats illustrate the software attacks, identity theft, intellectual property,
sabotage, information extortion and many others. Basically, threat denotes that anyone can take
vantage of vulnerabilities present within the system for breaching its security and negatively
altering, erasing and harming interest objects. This can be carried out by different software
attacks and malware (Rabai and et. al, 2013). The different models or approaches have been
Azure is a PaaS provider which provides a framework, tools and languages. Furthermore, users
can merge within their existent IT environments through this.
Application layer is the topmost which is referred to as software-as-a-service which
provides users with an option to make use of applications which are executing on the cloud
rather than making payments for purchasing such kind of applications. For an instance, Groupon
is a is a firm that is making use of SaaS for delivering their services (Modi and et. al, 2013).
They provide online support solutions. Zendesk is liable for processing everyday customer
tickets in an efficient manner through which they can deliver amplified services to their
customers. The other example is of Marathon Data Systems which furnishes solutions for field
services which includes air conditioning, heating, pest control, plumbing and many others. This
involves third-party provider applications which are made available to their customers via
internet. Instead of installation as well as maintenance of software that can be accessed by being
within the network. This will free up critical software & their management. They are also
referred to as web-based, hosted or on-demand software. This renders multitenant architecture
(applications & users makes use of common, single and code based infrastructure) which can be
maintained centrally. Furthermore, easy customisation is provided which will fit within the
business processes without creating any impact on their infrastructure.
There are different providers who render client services to them and depending upon the
features provided it can be utilised (Parekh and Sridaran, 2013). This has been shown here,
Infrastructure as a service (IaaS) is being provided by Amazon EC2, Rackspace, Vmware,
BluePOint, OpenStack and many more. Vendors of Platform as a service (PaaS) are: Google
Apps, SAP, Joyent, Amazon AWS, IBM, Netsuite and various others. SaaS services are rendered
by Gageln, Microsoft 365, LiveOPs, Knowledge Tree, CVM Solutions, etc.
Demonstration and evaluation
Security threats illustrate the software attacks, identity theft, intellectual property,
sabotage, information extortion and many others. Basically, threat denotes that anyone can take
vantage of vulnerabilities present within the system for breaching its security and negatively
altering, erasing and harming interest objects. This can be carried out by different software
attacks and malware (Rabai and et. al, 2013). The different models or approaches have been
illustrated above, they are: IaaS, PaaS and SaaS not only provides wide range of services to their
clients but also address the security issues related with information along with threats that are
being possessed by cloud computing systems.
Hackers or intruders may forcefully affect the computing capabilities that are being
rendered by the clouds for carrying out unauthenticated services. Like infrastructure-as-a-service
is present within bottom and renders powerful functionalities to the cloud which will enhance the
extensibility for their users to provide an option of customisation within the realistic environment
that involves virtual machines executing in different kinds of operating system (Rachana and
Guruprasad, 2014). Hackers might rent the virtual machines as well as carry out analysis of their
configurations, identify the vulnerabilities which exist and attack virtual machines of other
customers who have opted for services from identical cloud. IaaS enables hackers for carrying
out the attacks such as brute-force cracking in which high computing power is required.
Infrastructure-as-a-service is responsible for supporting diverse virtual machines and renders an
appropriate platform for intruders for launching attacks such as DDoS (distributed denial of
service attack) as it needs ample number of attacking instances (SECURITY THREATS ON
CLOUD COMPUTING VULNERABILITIES, 2013).
The other threat or vulnerability is data loss which is a crucial security risk. Within
software-as-a-service, firms makes use of applications for processing out their business data as
well as its storage within the data centres (Sharma and Trivedi, 2014). In case of PaaS cloud
models, developers are liable for utilisation of data for testing integrity of software within the
SDLC (System development life cycle). Within the IaaS cloud models, users are responsible for
creating new drives within the virtual machines for storing the data on them. But, data that is
present on these drives can be accessed via unauthorised access by their internal employees and
hackers also. This can be understood by the fact that internal employees do possess the access to
data which they can do either accidentally or it might be their intention to access details of any
specified client. Furthermore, external hackers can have access the database within the cloud
environment through the utilisation of wide range of hacking techniques like network channel
eavesdropping and session hijacking.
The other strategy which can be utilised is traditional network attack that can be utilised
for harassing three approaches, layers or models associated with cloud systems. This can be
understood by taking an example like web browser attacks can be used for exploiting
clients but also address the security issues related with information along with threats that are
being possessed by cloud computing systems.
Hackers or intruders may forcefully affect the computing capabilities that are being
rendered by the clouds for carrying out unauthenticated services. Like infrastructure-as-a-service
is present within bottom and renders powerful functionalities to the cloud which will enhance the
extensibility for their users to provide an option of customisation within the realistic environment
that involves virtual machines executing in different kinds of operating system (Rachana and
Guruprasad, 2014). Hackers might rent the virtual machines as well as carry out analysis of their
configurations, identify the vulnerabilities which exist and attack virtual machines of other
customers who have opted for services from identical cloud. IaaS enables hackers for carrying
out the attacks such as brute-force cracking in which high computing power is required.
Infrastructure-as-a-service is responsible for supporting diverse virtual machines and renders an
appropriate platform for intruders for launching attacks such as DDoS (distributed denial of
service attack) as it needs ample number of attacking instances (SECURITY THREATS ON
CLOUD COMPUTING VULNERABILITIES, 2013).
The other threat or vulnerability is data loss which is a crucial security risk. Within
software-as-a-service, firms makes use of applications for processing out their business data as
well as its storage within the data centres (Sharma and Trivedi, 2014). In case of PaaS cloud
models, developers are liable for utilisation of data for testing integrity of software within the
SDLC (System development life cycle). Within the IaaS cloud models, users are responsible for
creating new drives within the virtual machines for storing the data on them. But, data that is
present on these drives can be accessed via unauthorised access by their internal employees and
hackers also. This can be understood by the fact that internal employees do possess the access to
data which they can do either accidentally or it might be their intention to access details of any
specified client. Furthermore, external hackers can have access the database within the cloud
environment through the utilisation of wide range of hacking techniques like network channel
eavesdropping and session hijacking.
The other strategy which can be utilised is traditional network attack that can be utilised
for harassing three approaches, layers or models associated with cloud systems. This can be
understood by taking an example like web browser attacks can be used for exploiting
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
authorization, authentication as well as vulnerabilities associated with cloud systems (Singh,
Jeong and Park, 2016). Hackers or intruders can make use of malicious programs which involves
trojan or viruses that can be uploaded within the cloud system and leads to damage the system.
Malicious operations such as spoofing attacks, metadata, etc. can also be carried out which might
be embedded within normal command, can be transferred to the cloud and implemented like a
valid instance so create a negative impact on overall performance of the system. In context of
IaaS, the hypervisor similar to Xen, vSphere, Vmware, etc. can be used for carrying out
administrative operations associated with virtual instances which can outlook through zero day
attack.
This denotes that it is necessary for identification of cloud threats for implementation of
enhanced security mechanism for protection of cloud computing environment (Tariq, 2012). The
security threats have been illustrated above in terms of three perspectives: data breaches, abuse
utilisation of cloud computational resources and security attacks on cloud. Each of them have
been evaluated in this section for exploiting vulnerabilities which exists within the cloud
systems.
Abuse utilisation of cloud computational resources, with respect to this intruders or
hackers makes use of botnet or multiple computers for producing large amount of computing
power for carrying out cyber-attacks on computer systems. This process seems critical and might
take huge amount of time for its completion. Powerful computing infrastructure involves
hardware along with software components that can be created easily through the utilisation of
registration process as a cloud computing service provider. Here, advantage is being taken with
respect to prevailing computing power in context of cloud networks which will lead hacker to
attack systems within short interval of time frame. This can be understood by taking an instance
of denial of service and brute force attacks which are being launched by making use of
vulnerabilities which exists within the cloud computing (Tiwari and Mishra, 2012).
Brute force attack denotes a technique which is being utilised for breaking the passwords
and success of this is entirely dependent on the computing capabilities as large number of
passwords must be sent to their target user's account until access to appropriate is identified.
Cloud computing systems render an environment which can be utilised by hackers for carrying
out such kind of attacks. As per the studies, it was found that WPA-PSK protected network was
cracked within 20 minutes by renting a space through Amazon’s EC2 and around 4,00,000
Jeong and Park, 2016). Hackers or intruders can make use of malicious programs which involves
trojan or viruses that can be uploaded within the cloud system and leads to damage the system.
Malicious operations such as spoofing attacks, metadata, etc. can also be carried out which might
be embedded within normal command, can be transferred to the cloud and implemented like a
valid instance so create a negative impact on overall performance of the system. In context of
IaaS, the hypervisor similar to Xen, vSphere, Vmware, etc. can be used for carrying out
administrative operations associated with virtual instances which can outlook through zero day
attack.
This denotes that it is necessary for identification of cloud threats for implementation of
enhanced security mechanism for protection of cloud computing environment (Tariq, 2012). The
security threats have been illustrated above in terms of three perspectives: data breaches, abuse
utilisation of cloud computational resources and security attacks on cloud. Each of them have
been evaluated in this section for exploiting vulnerabilities which exists within the cloud
systems.
Abuse utilisation of cloud computational resources, with respect to this intruders or
hackers makes use of botnet or multiple computers for producing large amount of computing
power for carrying out cyber-attacks on computer systems. This process seems critical and might
take huge amount of time for its completion. Powerful computing infrastructure involves
hardware along with software components that can be created easily through the utilisation of
registration process as a cloud computing service provider. Here, advantage is being taken with
respect to prevailing computing power in context of cloud networks which will lead hacker to
attack systems within short interval of time frame. This can be understood by taking an instance
of denial of service and brute force attacks which are being launched by making use of
vulnerabilities which exists within the cloud computing (Tiwari and Mishra, 2012).
Brute force attack denotes a technique which is being utilised for breaking the passwords
and success of this is entirely dependent on the computing capabilities as large number of
passwords must be sent to their target user's account until access to appropriate is identified.
Cloud computing systems render an environment which can be utilised by hackers for carrying
out such kind of attacks. As per the studies, it was found that WPA-PSK protected network was
cracked within 20 minutes by renting a space through Amazon’s EC2 and around 4,00,000
passwords per second. Furthermore, the fact is that the cost associated with breach was 28 cents
per minutes. Denial of service attacks a system or networks by interruption by which legitimate
users do not get access to the services which are being delivered even being within the network.
The objective of such kind of attacks is: consumption limited, scarce or non-renewable
resources, physical modification of components of a network and alteration of information
associated with configuration.
At present scenario, flooding is one of the common methods that is being utilised by
hackers for crumbling the system of victim by sending them bogus requests (Ahmed and
Hossain, 2014). When such kind of attack takes place, it either leads to direct or indirect DoS. In
case when cloud server receives lots of flooded requests then they are liable for providing
specified computational resources by which malicious requests can be addressed. At this stage
the server gets exhausted to their entire capabilities and this leads \to occurrence of direct DoS to
the requests that have been carried out via their legitimate users. Apart from this, it also leads to
indirect DoS to other servers who are rendering their services within the same cloud and shares
the workload of their victim server which leads to entire availability of all the services that are
being rendered by specified cloud. Computing services can be utilised for sending huge amount
of packets to the network of the firms. This can be understood by taking an instance like,
Bitbucket which was hosted by Amazon was attacked through the utilisation of DDoS attacks
which comprised of flood of TCP SYN and UDP packet connection request but this made the
entire services unavailable which lead to lose access to the projects that were hosted on
Bitbucket.
Data Breaches involves malicious insiders and online cyber thefts. In context of
malicious insider security attacks takes place from anywhere either inside or outside (Ashktorab
and Taghizadeh, 2012). According to the survey which was conducted in 2011, it was observed
that 21% of cyber attacks occurred due to insiders and they were damaging as well as very
expensive for the organisations. The vulnerabilities associated with cloud computing to
malicious insider involves poor enforcement of roles, AAA vulnerabilities, OS vulnerability,
lack of need to know principle, poor patch management, data is not processed within encrypted
form, insufficient physical security procedures and application vulnerability. Insiders who make
use of cloud for carrying out nefarious activities are mostly liable for carrying out attacks against
per minutes. Denial of service attacks a system or networks by interruption by which legitimate
users do not get access to the services which are being delivered even being within the network.
The objective of such kind of attacks is: consumption limited, scarce or non-renewable
resources, physical modification of components of a network and alteration of information
associated with configuration.
At present scenario, flooding is one of the common methods that is being utilised by
hackers for crumbling the system of victim by sending them bogus requests (Ahmed and
Hossain, 2014). When such kind of attack takes place, it either leads to direct or indirect DoS. In
case when cloud server receives lots of flooded requests then they are liable for providing
specified computational resources by which malicious requests can be addressed. At this stage
the server gets exhausted to their entire capabilities and this leads \to occurrence of direct DoS to
the requests that have been carried out via their legitimate users. Apart from this, it also leads to
indirect DoS to other servers who are rendering their services within the same cloud and shares
the workload of their victim server which leads to entire availability of all the services that are
being rendered by specified cloud. Computing services can be utilised for sending huge amount
of packets to the network of the firms. This can be understood by taking an instance like,
Bitbucket which was hosted by Amazon was attacked through the utilisation of DDoS attacks
which comprised of flood of TCP SYN and UDP packet connection request but this made the
entire services unavailable which lead to lose access to the projects that were hosted on
Bitbucket.
Data Breaches involves malicious insiders and online cyber thefts. In context of
malicious insider security attacks takes place from anywhere either inside or outside (Ashktorab
and Taghizadeh, 2012). According to the survey which was conducted in 2011, it was observed
that 21% of cyber attacks occurred due to insiders and they were damaging as well as very
expensive for the organisations. The vulnerabilities associated with cloud computing to
malicious insider involves poor enforcement of roles, AAA vulnerabilities, OS vulnerability,
lack of need to know principle, poor patch management, data is not processed within encrypted
form, insufficient physical security procedures and application vulnerability. Insiders who make
use of cloud for carrying out nefarious activities are mostly liable for carrying out attacks against
the IT infrastructure as they have the knowledge of operations that is the reason that even
through forensic analysis it becomes hard to identify them.
Cloud computing services render their users with high processing capabilities which lead
to online cyber theft. In order to save cost associated with having their own servers and
management of traffic for their customers & visitors leads them to utilise services that are being
offered by cloud (Chou, 2013). This can be evaluated by taking an instance of Netflix which
leases their computing space from AWS for rendering subscription services through which
clients can have access to movies or episodes. Similarly, there is dropbox. But the sensitive data
which is stored on cloud becomes more vulnerable to online attacks. In 2011, around 37% cases
involved were due to malicious attacks and the average cost associated with them was around
$222. The accounts of near about 24 million customers were compromised even if it was in the
encrypted forms. Social media provides a platform in which users have their personal details and
there is higher probability of online cyber thieves, if any how they get access to the cloud. Online
cyber thieves can also have the advantage from power which is being rendered by cloud
computing service providers for launching attacks. For an instance, Amazon’s EC2 was being
utilised by hackers for having access to private information in which they rented a space and
respectively launched an attack to have information of others present within the identical server.
A cloud security attack involves malware injection and wrapping attack. In case of
web-based application, dynamic web-pages are being provided for internet users for having
access to the application servers through usage of web browsers. The applications are identical to
email systems or they might be critical like online banking systems (Hashizume and et. al, 2013).
There have been around 36% web attacks in 2011 and with 4500 attacks per day. The attacks
were carried out via injection flaws, improper bug handling, session management, failures to
restricted URL access and insecure interactions. Malware injection attack is also web-based
attack where hackers are exploit vulnerabilities with respect to web applications and embeds the
harmful codes within normal URL’s for having access to their credentials. After crafting them
they are being injected to the cloud approaches or models IaaS, PaaS and SaaS accordingly.
When it will be completed then hacker can carry out their operations as per their requirements
within the cloud like data theft, its manipulation or eavesdropping. Generally, cross-site scripting
and SQL injection attacks are being utilised. SQL injections are liable for targeting the servers
which are executed on database applications; it is injected in the form of malicious code so that
through forensic analysis it becomes hard to identify them.
Cloud computing services render their users with high processing capabilities which lead
to online cyber theft. In order to save cost associated with having their own servers and
management of traffic for their customers & visitors leads them to utilise services that are being
offered by cloud (Chou, 2013). This can be evaluated by taking an instance of Netflix which
leases their computing space from AWS for rendering subscription services through which
clients can have access to movies or episodes. Similarly, there is dropbox. But the sensitive data
which is stored on cloud becomes more vulnerable to online attacks. In 2011, around 37% cases
involved were due to malicious attacks and the average cost associated with them was around
$222. The accounts of near about 24 million customers were compromised even if it was in the
encrypted forms. Social media provides a platform in which users have their personal details and
there is higher probability of online cyber thieves, if any how they get access to the cloud. Online
cyber thieves can also have the advantage from power which is being rendered by cloud
computing service providers for launching attacks. For an instance, Amazon’s EC2 was being
utilised by hackers for having access to private information in which they rented a space and
respectively launched an attack to have information of others present within the identical server.
A cloud security attack involves malware injection and wrapping attack. In case of
web-based application, dynamic web-pages are being provided for internet users for having
access to the application servers through usage of web browsers. The applications are identical to
email systems or they might be critical like online banking systems (Hashizume and et. al, 2013).
There have been around 36% web attacks in 2011 and with 4500 attacks per day. The attacks
were carried out via injection flaws, improper bug handling, session management, failures to
restricted URL access and insecure interactions. Malware injection attack is also web-based
attack where hackers are exploit vulnerabilities with respect to web applications and embeds the
harmful codes within normal URL’s for having access to their credentials. After crafting them
they are being injected to the cloud approaches or models IaaS, PaaS and SaaS accordingly.
When it will be completed then hacker can carry out their operations as per their requirements
within the cloud like data theft, its manipulation or eavesdropping. Generally, cross-site scripting
and SQL injection attacks are being utilised. SQL injections are liable for targeting the servers
which are executed on database applications; it is injected in the form of malicious code so that
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
their information can be bypassed for gaining unauthenticated access within the database (Jiang,
Ma and Wei, 2016). The SaaS application was attacked through this to exploit the vulnerabilities
present within it and have access to the database of specific organisation. Cross-site scripting are
dangerous and most malicious types by FireHost. In this case, hackers inject scripts like
VBScript, HTML, ActiveX and JavaScript within the dynamic web page which is vulnerable for
execution of scripts within the web browser of victim. Latter on, this will lead to carry out illegal
activities within the victim’s system when they click on the malicious links. For an instance, the
vulnerabilities present within The Amazon’s store lead to hijacking of the AWS session through
which hackers had access to entire customer’s data (Jouini and et. al, 2012). This involved plain
text passwords, tokens and even authentication information.
When client makes a request for a specified service within web server via web browser
then services are being interacted by making use of SOAP protocol and then they are being
transmitted through utilisation of HTTP protocol with XML. For ensuring data integrity and
confidentiality of SOAP messages a security mechanism is conducted, Web services security is
applied in which digital signatures will be utilised for signing as well as encryption of the content
into the message. This will lead to authenticate client as well as server will be able to validate the
message which is transferred. Within wrapping attacks XML signatures are being used fro
exploiting weakness when web servers validate signed requests (Kalaiprasath, Elankavi and
Udayakumar, 2017). These attacks are being carried out when translation is carried out, the
hacker use the bogus element within the structure of message along with the malicious code and
it is being sent to the server. As the body is same, the server will be tricked thereby leads to
authorise the hacker and provides them with specified services. In 2008, Amazon EC2 server
was also vulnerable to wrapping attack as it possessed weakness within its validation process.
Certain aspects have been illustrated above, along with the probable attacks that can
occur on cloud which illustrates that there are some limitations which needs to be improvised so
that there is no unauthorised as well as illegal access to the services being offered by cloud. For
this some countermeasures have been illustrated in this section. The infrastructure of cloud
computing involves vendor (cloud service provider) who renders computing resources to end
users who are making use of end resources that are being delivered (Kumar and Kumar, 2013).
For ensuring that best quality is being rendered, they need to ensure that secured cloud
environment is being provided to them. This can be done through formulation efficacious
Ma and Wei, 2016). The SaaS application was attacked through this to exploit the vulnerabilities
present within it and have access to the database of specific organisation. Cross-site scripting are
dangerous and most malicious types by FireHost. In this case, hackers inject scripts like
VBScript, HTML, ActiveX and JavaScript within the dynamic web page which is vulnerable for
execution of scripts within the web browser of victim. Latter on, this will lead to carry out illegal
activities within the victim’s system when they click on the malicious links. For an instance, the
vulnerabilities present within The Amazon’s store lead to hijacking of the AWS session through
which hackers had access to entire customer’s data (Jouini and et. al, 2012). This involved plain
text passwords, tokens and even authentication information.
When client makes a request for a specified service within web server via web browser
then services are being interacted by making use of SOAP protocol and then they are being
transmitted through utilisation of HTTP protocol with XML. For ensuring data integrity and
confidentiality of SOAP messages a security mechanism is conducted, Web services security is
applied in which digital signatures will be utilised for signing as well as encryption of the content
into the message. This will lead to authenticate client as well as server will be able to validate the
message which is transferred. Within wrapping attacks XML signatures are being used fro
exploiting weakness when web servers validate signed requests (Kalaiprasath, Elankavi and
Udayakumar, 2017). These attacks are being carried out when translation is carried out, the
hacker use the bogus element within the structure of message along with the malicious code and
it is being sent to the server. As the body is same, the server will be tricked thereby leads to
authorise the hacker and provides them with specified services. In 2008, Amazon EC2 server
was also vulnerable to wrapping attack as it possessed weakness within its validation process.
Certain aspects have been illustrated above, along with the probable attacks that can
occur on cloud which illustrates that there are some limitations which needs to be improvised so
that there is no unauthorised as well as illegal access to the services being offered by cloud. For
this some countermeasures have been illustrated in this section. The infrastructure of cloud
computing involves vendor (cloud service provider) who renders computing resources to end
users who are making use of end resources that are being delivered (Kumar and Kumar, 2013).
For ensuring that best quality is being rendered, they need to ensure that secured cloud
environment is being provided to them. This can be done through formulation efficacious
policies and utilisation of enhanced security techniques. Through the valid credit card anyone
can have the access to services that are being offered by cloud providers. This leads hackers to
have an effective asset to have powerful computing powers and carry out their harmful activities.
To mitigate such kind of acts which are due to weak registration systems, frauds related with
credit card monitoring and blocking of black list needs to be applied (Lee, 2012). Along with
this, security policies must be applied by which risk associated with abusive use of
computational power of cloud can be eliminated.
This can be understood by an example, like Amazon EC2 has established the clear
policies for their users for avoiding offending occurrences when any kind of complaints related
with this are attained. The data which is stored within the cloud is private as well as confidential,
this denotes that there has be specified control mechanisms to make sure that only authorised
users have access to the data. Here, the physical computing systems have to be monitored along
with this, there needs to be restricted access to un-trusted resources so that malicious activities
can be avoided. It is not possible to identify the behaviour of insiders in terms of who have
carried out the illegal activity so in such cases appropriate tools must be utilised for dealing with
insider threats (Modi and et. al, 2013). This needs to contain anomalous behaviour pattern
detection techniques, data loss preventing systems, decoy technologies, authorisation and
authentication technologies. This will lead to detection of real time traffic and maintain the
records for future forensics.
Conclusion
From above it can be concluded that, cloud computing is possess powerful computing
methodologies which renders intensified benefits to their users. This is a developing field as per
the demands of their customers. But along with this, it is necessary to monitor the vulnerabilities
which are being present within the existing systems so that exploitation of information do not
takes place through them. Security vulnerabilities that exists within cloud has been illustrated
here along with different approaches associated with cloud computing. They have been presented
from different perspectives, that is: abuse usage of computational resources, cloud security
attacks and data breaches. The examples from real world have been analysed to understand the
exploits which have incurred. Along with this, some countermeasures have been mentioned
which can be utilised to ensure that data is protected and illegitimate user do not get access to
authorised information.
can have the access to services that are being offered by cloud providers. This leads hackers to
have an effective asset to have powerful computing powers and carry out their harmful activities.
To mitigate such kind of acts which are due to weak registration systems, frauds related with
credit card monitoring and blocking of black list needs to be applied (Lee, 2012). Along with
this, security policies must be applied by which risk associated with abusive use of
computational power of cloud can be eliminated.
This can be understood by an example, like Amazon EC2 has established the clear
policies for their users for avoiding offending occurrences when any kind of complaints related
with this are attained. The data which is stored within the cloud is private as well as confidential,
this denotes that there has be specified control mechanisms to make sure that only authorised
users have access to the data. Here, the physical computing systems have to be monitored along
with this, there needs to be restricted access to un-trusted resources so that malicious activities
can be avoided. It is not possible to identify the behaviour of insiders in terms of who have
carried out the illegal activity so in such cases appropriate tools must be utilised for dealing with
insider threats (Modi and et. al, 2013). This needs to contain anomalous behaviour pattern
detection techniques, data loss preventing systems, decoy technologies, authorisation and
authentication technologies. This will lead to detection of real time traffic and maintain the
records for future forensics.
Conclusion
From above it can be concluded that, cloud computing is possess powerful computing
methodologies which renders intensified benefits to their users. This is a developing field as per
the demands of their customers. But along with this, it is necessary to monitor the vulnerabilities
which are being present within the existing systems so that exploitation of information do not
takes place through them. Security vulnerabilities that exists within cloud has been illustrated
here along with different approaches associated with cloud computing. They have been presented
from different perspectives, that is: abuse usage of computational resources, cloud security
attacks and data breaches. The examples from real world have been analysed to understand the
exploits which have incurred. Along with this, some countermeasures have been mentioned
which can be utilised to ensure that data is protected and illegitimate user do not get access to
authorised information.
References
Books& Journals
Ahmed, M. and Hossain, M.A., 2014. Cloud computing and security issues in the
cloud. International Journal of Network Security & Its Applications, 6(1), p.25.
Ashktorab, V. and Taghizadeh, S.R., 2012. Security threats and countermeasures in cloud
computing. International Journal of Application or Innovation in Engineering &
Management (IJAIEM), 1(2), pp.234-245.
Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), p.79.
Hashizume, K. and et. al, 2013. An analysis of security issues for cloud computing. Journal of
internet services and applications, 4(1), p.5.
Jiang, Q., Ma, J. and Wei, F., 2016. On the security of a privacy-aware authentication scheme for
distributed mobile cloud computing services. IEEE systems journal, 12(2), pp.2039-2042.
Jouini, M. And et. al, 2012. Towards quantitative measures of Information Security: A Cloud
Computing case study. International Journal of Cyber-Security and Digital
Forensics, 1(3), pp.265-279.
Kalaiprasath, R., Elankavi, R. and Udayakumar, D.R., 2017. Cloud. Security and Compliance-A
Semantic Approach in End to End Security. International Journal Of Mechanical
Engineering And Technology (Ijmet), 8(5), pp.987-994.
Kumar, P. and Kumar, L., 2013. Security Threats to Cloud Computing. International Journal of
IT, Engineering and Applied Sciences Research (IJIEASR), 2(1).
Lee, K., 2012. Security threats in cloud computing environments. International journal of
security and its applications, 6(4), pp.25-32.
Modi, C. and et. al, 2013. A survey on security issues and solutions at different layers of Cloud
computing. The journal of supercomputing, 63(2), pp.561-592.
Parekh, D.H. and Sridaran, R., 2013. An analysis of security challenges in cloud
computing. IJACSA) International Journal of Advanced Computer Science and
Applications, 4(1).
Rabai, L.B.A. and et. al, 2013. A cybersecurity model in cloud computing
environments. Journal of King Saud University-Computer and Information
Sciences, 25(1), pp.63-75.
Rachana, S.C. and Guruprasad, H.S., 2014. Emerging Security Issues and challenges in cloud
computing. International Journal of Engineering Science and Innovative
Technology, 3(2), pp.485-490.
Sharma, R. and Trivedi, R.K., 2014. Literature review: cloud computing–security issues, solution
and technologies. International Journal of Engineering Research, 3(4), pp.221-225.
Singh, S., Jeong, Y.S. and Park, J.H., 2016. A survey on cloud computing security: Issues,
threats, and solutions. Journal of Network and Computer Applications, 75, pp.200-222.
Tariq, M.I., 2012. Towards information security metrics framework for cloud
computing. International Journal of Cloud Computing and Services Science, 1(4), p.209.
Books& Journals
Ahmed, M. and Hossain, M.A., 2014. Cloud computing and security issues in the
cloud. International Journal of Network Security & Its Applications, 6(1), p.25.
Ashktorab, V. and Taghizadeh, S.R., 2012. Security threats and countermeasures in cloud
computing. International Journal of Application or Innovation in Engineering &
Management (IJAIEM), 1(2), pp.234-245.
Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), p.79.
Hashizume, K. and et. al, 2013. An analysis of security issues for cloud computing. Journal of
internet services and applications, 4(1), p.5.
Jiang, Q., Ma, J. and Wei, F., 2016. On the security of a privacy-aware authentication scheme for
distributed mobile cloud computing services. IEEE systems journal, 12(2), pp.2039-2042.
Jouini, M. And et. al, 2012. Towards quantitative measures of Information Security: A Cloud
Computing case study. International Journal of Cyber-Security and Digital
Forensics, 1(3), pp.265-279.
Kalaiprasath, R., Elankavi, R. and Udayakumar, D.R., 2017. Cloud. Security and Compliance-A
Semantic Approach in End to End Security. International Journal Of Mechanical
Engineering And Technology (Ijmet), 8(5), pp.987-994.
Kumar, P. and Kumar, L., 2013. Security Threats to Cloud Computing. International Journal of
IT, Engineering and Applied Sciences Research (IJIEASR), 2(1).
Lee, K., 2012. Security threats in cloud computing environments. International journal of
security and its applications, 6(4), pp.25-32.
Modi, C. and et. al, 2013. A survey on security issues and solutions at different layers of Cloud
computing. The journal of supercomputing, 63(2), pp.561-592.
Parekh, D.H. and Sridaran, R., 2013. An analysis of security challenges in cloud
computing. IJACSA) International Journal of Advanced Computer Science and
Applications, 4(1).
Rabai, L.B.A. and et. al, 2013. A cybersecurity model in cloud computing
environments. Journal of King Saud University-Computer and Information
Sciences, 25(1), pp.63-75.
Rachana, S.C. and Guruprasad, H.S., 2014. Emerging Security Issues and challenges in cloud
computing. International Journal of Engineering Science and Innovative
Technology, 3(2), pp.485-490.
Sharma, R. and Trivedi, R.K., 2014. Literature review: cloud computing–security issues, solution
and technologies. International Journal of Engineering Research, 3(4), pp.221-225.
Singh, S., Jeong, Y.S. and Park, J.H., 2016. A survey on cloud computing security: Issues,
threats, and solutions. Journal of Network and Computer Applications, 75, pp.200-222.
Tariq, M.I., 2012. Towards information security metrics framework for cloud
computing. International Journal of Cloud Computing and Services Science, 1(4), p.209.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Tiwari, P.K. and Mishra, B., 2012. Cloud computing security issues, challenges and
solution. International journal of emerging technology and advanced engineering, 2(8),
pp.306-310.
Online
SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES. 2013. [Online].
Available through:
<https://www.academia.edu/40586919/SECURITY_THREATS_ON_CLOUD_COMPU
TING_VULNERABILITIES.
solution. International journal of emerging technology and advanced engineering, 2(8),
pp.306-310.
Online
SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES. 2013. [Online].
Available through:
<https://www.academia.edu/40586919/SECURITY_THREATS_ON_CLOUD_COMPU
TING_VULNERABILITIES.
1 out of 14
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.