Cloud Computing: Security and Privacy Challenges Analysis

Verified

Added on 2019/10/31

AI Summary

This report provides a comprehensive overview of security and privacy concerns within cloud computing environments. It begins with an introduction to cloud computing, its architecture, and service delivery models (SaaS, PaaS, IaaS). The report then delves into the security and privacy issues, challenges, and various threats, including insider and external attacks, data breaches, and denial-of-service attacks. It categorizes cloud computing attackers and explores potential solutions like data-driven security, high-confirmation remote server authentication, and security-enhanced business intelligence. The report concludes by emphasizing the importance of addressing these security concerns to foster the growth and adoption of cloud computing, highlighting the need for robust security measures to protect data and ensure user trust.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Security and Privacy Issues in Cloud Computing

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Abstract
Cloud Computing is a processor prototype, which offers on-demand services that are open
to everyone at anytime inclusive of the clouds consigning to the computer network. It can
be employed as an Internet service for attaining colossal flexibility, superior output, extreme
processing command, and better quality of service. Restricted manipulation on the data
might leads to several security concerns including information outflow, timid user
interfaces, and distribution of sources, information accessibility, and interior damage. In this
report, I depicted major security and privacy concerns, challenges, and the resolutions in
cloud computing.

Contents
Abstract.................................................................................................................................... 2
1. Introduction......................................................................................................................... 4
2. Cloud Computing Architecture ............................................................................................4
3. Cloud Service Delivery Models ............................................................................................5
4. Distributed computing Security and Privacy Issues .............................................................5
5. Security and Privacy Challenges...........................................................................................6
6. Security Issues in Cloud Computing .....................................................................................6
7. Cloud Security Threats..........................................................................................................7
8. Categorization of Cloud Computing Attackers......................................................................9
9. Solutions for Security Issues in Cloud
Computing...............................................................................................................................10
10. Conclusion........................................................................................................................ 11
11. Reference......................................................................................................................... 11

1. Introduction
Cloud computing corresponds to a conceptual transfer in computer network. National
Institute for Standards and Technology (NIST) defines cloud computing as “Cloud computing
is a replica to facilitate suitable, on-claim network admission to a collective group of
disposable computing components like applications, storage servers, services, and networks
that are stipulated and liberated with negligible attempt or service contributor
communication” (Chachra, 2014). Due to the provisioning of computing services on-
demand, there are certain concerns and confronts that require to be tackled before the
occurrence of ubiquitous implementation.
Distributed computing downgrades similarly to the applications gave as amenities on the
Internet and the product and equipment utilized in the server farm that offers those
enhancements. There are four crucial cloud movement models, as depicted by NIST in
perspective of who gives the cloud organizations to be specific Public cloud, private cloud,
group cloud, and crossover cloud. Finally, the security standards are lacking for dealing with
the rapidly changing and creating advances of appropriated figuring. As needs be, one can't
just move applications to the cloud and foresee that they will run capably. Along these lines,
there are lethargy and execution issues since the Internet affiliations and the framework
associations may add to inaction or may put basic on the open information exchange limit.
2. Cloud Computing Architecture
In this section, a best level outline of dispersed processing that depicts distinctive cloud
models is shown. Disseminated computing updates facilitated exertion, spryness, flexibility,
openness and offer the likelihood to price diminishment because of streamlined figuring.
From a plan perspective, given this engrossed advancement of cloud development, there is
much perplexity including how cloud is absolute and not exactly similar to prevailing cloud
models and how these resemblances and differences can influence the definitive, effective
and automatic approaches for managing cloud group since it is related to traditional

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

framework and information security (Nandan & Vajpayee, 2016).
Fig 1: Architecture of cloud computing
3. Cloud Service Delivery Models
Three independent cloud utility prototypes are routinely implied in the same way as "SPI
MODEL", in which "SPI" implies Software, Platform and Infrastructure independently
(Ahmed, 2014).
Software as a Service (SaaS): Certain limit towards the client is for exploiting the provider's
software executed on the cloud and unlocked from various client equipments owing to a
thin client network like web program.
Platform as a Service (PaaS): Within this conveyance prototype, programming layer or
change stipulation is proffered as cloud management, whereupon previous bigger measures
of organization administrations are built.
Infrastructure as a Service (IaaS): IaaS prototype furnishes essential accumulation together
with figuring out the capacities like standardized organizations beneath framework.
4. Distributed computing Security and Privacy Concerns

The principle subject of this report, namely the security and insurance related challenges in
disseminated computing is discussed in this section. Several safety concerns in favour of
disseminated computing are provided since various advancements such as frameworks,
databases, working systems, virtualization, resource arranging, trade organization,
synchronization control and memory organization are enveloped. In this way, safety
concerns on enormous quantities of the mentioned frameworks are applicable towards the
distributed computing.
Information safety comprises of information indoctrination together with additionally
guaranteeing that the proper arrangements are implemented to distribute the data. In the
same way, distribution of cloud services and the calculation of memory administration
should conform to ensure safety. Finally, the information mining methods help to discover
the malware presented in the mists – an approach that is normally embraced inside
identification frameworks (Brodkin, 2017).
5. Security and Privacy Challenges
Before classifying new challenges, the structure of many cloud models is recognized so that
the user can relieve or refute some emerging security threat. The Institutionalized interfaces
could transform the safety management less stipulating, but the cloud providers facilitating
numerous groups create more data to detect numerous threats.
The cloud client will be placed in danger if the consideration is drawn from the client’s awful
activities. The consideration is exerted from law authorization in order to prompt the
equipment seizure and awful reputation.
The information can be secured without any support of distributed computing.
Correspondingly, all associations are defenceless against insider threats. Even though
transforming all the activities to cloud will increase the expenses of lost trust. The cloud
access and response can be confined through a cloud framework and well-thoroughly
considered character interface (Open Cloud Manifesto, 2017).
6. Security Issues in Cloud Computing

The cloud security is accomplished by means of extrinsic management together with
affirmation similar to customary outsourcing plans. Extra security concerns are encountered
due to the absence of basic distributed computing safety standards. Many exclusive safety
techniques and security enhancements are actualized by the cloud contributors and the
contrasting security models are executed on their personal value (Chen & Zhao, 2012).
In this manner, the enterprises that need to use the cloud services are not drastically unique
in their administered endeavours confront many security challenges. the security challenges
confronted by associations wishing to utilize cloud administrations are not drastically unique
in relation to those reliant on their own in-house administered endeavours. Intrinsic and
Extrinsic security attacks require hazard alleviation or hazard acknowledgment. Specifically,
accompanying security issues are illustrated as follows:
• The data resources threats confronted in cloud computing.
• Capacity of attackers assaulting the cloud.
• Materializing cloud refuge perils.
• Few illustration cloud protection occurrences.
7. Cloud Protection Threats
The cloud conveyance prototypes employed in cloud client enterprises indicate the
modification in the data resources threats dwelling in the cloud. The distributed computing
does not provide protection measures against some types of refuge dangers. Table given
below illustrates the threats classified by threat categorization, accessibility, and
uprightness safety prototypes and their depictions.
Threat Depiction
Privacy
Insider Threats:
 Malevolent cloud contributor
 Malevolent cloud user
 Malevolent intermediary customer
Client details secured in the cloud can be
attacked by the intrinsic attackers. Hence,
each of the cloud service prototypes can
present various client requirements:
SaaS – Supplier administrators and cloud

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

clients
PaaS- Assessment condition administrators
IaaS- Interloper Instructors
External Threats:
 Cloud Framework Attack
 Cloud Applications Attack
 Isolated Hardware Assail
 Isolated Hardware and Software
damage on cloud customer
enterprises’ resources
Outside assailants tend to attempt more
open Internet confronting mists. Anyhow,
the outer aggressors influence a wide range
of cloud conveyance prototypes, especially
in the areas where the client endpoints are
focussed.
Data Outflow:
 Malfunction of security admittance
permissions along various domains
 Electronic and backup system
Malfunction
The human blunder flawed equipment will
cause data trade off usually by a danger
caused by the sensitive information spillage
in numerous conceivably contender
organizations.
Reliability
Statistics Separation:
 Erroneous definition of security
standards
 Erroneous constitution of virtual
devices
The honesty of information residing inside
complex cloud facilitating conditions will
cause danger against information
trustworthiness if the framework reources
are viably isolated.
Client Admittance:
 Improper admittance to
administration process
The utilization of improper threat detecting
techniques can provide gateway to many
security threats that displeases cloud users
and create deliberate harm to the user’s
data sources.
Information Eminence:
 Presentation of defective software
The quality of client’s information can be
affected extensively if the cloud suppliers
possess more information of the clients. The
occurrence of broken segment in the client
information will also conceivably affect the
uprightness of information if the framework

is shared by other cloud clients.
Accessibility
Denial of Service Attack:
 Cloud arrangement and Application
denial of service
 Records and distributed network
bandwidth refutation of cloud
amenities
Open cloud administrations require the
access of a cloud computing asset. So, the
refusal of administration is against the
security policy of open cloud administrators.
All the cloud service prototypes are affected
by the extrinsic and intrinsic cloud operators.
Hence, the operators can provide application
for foreswearing of administration.
Incorporation of feeble revival process
 Incantation of insufficient failure
recuperation
If the cloud users recuperate their in house
frameworks that are controlled by
intermediary cloud specialists, the
recuperation will be lost and the initiated
threat detection methods can be elevated
(Popovi & Hocenski, 2010).
Table 1: Table illustrating a list of Cloud Security Threats
8. Categorization of Distributed Computing Attackers
The enterprises administering their own in house frameworks and those who are engaged
with customary outsourcing models can be able to recognize more number of security
attacks and conflicts in distributed computing (Sen, 2010). The types of distributed
computing attackers responsible for causing several types of threats are divided into two
sections as delineated in Table 2.
Inside Attackers An intrinsic attacker comprises
accompanying attributes:
• The intrinsic attackers create damage to
the cloud framework employed by the cloud
users, cloud specialist enterprises, and other
outsider supplier association who supports

the operation of many cloud amenities
• The client information and assisting
foundation applications contingent upon
their hierarchical portion can be accessed
securely by the cloud administrators
Outside Attackers The outside attackers comprises the
following characteristic:
The cloud management, cloud applications,
or cloud user information cannot be
accessed directly without any permission
Table 2: Table illustrating the types of attacks in cloud computing environment
9. Solutions for safety concerns encountered in Cloud Computing
This section discusses the novel security approaches utilized in distributed computing
arrangements. The cloud contributor possesses some administration over the client’s
information according to the type of cloud service model.
Data driven security: By adopting a strategy for shielding information from inside, the
information control can be beneficially extended in the cloud. This type of self-insurance
method termed as data driven security requires knowledge to be placed in the information
itself.
High-confirmation remote server authentication: The organizations are disheartened in
order to transit their information to the cloud due to the absence of enhanced security. The
security of proprietor’s information and the guarantee that their information is not being
mishandled or spilled or if nothing else have an unalterable review trail is ensured.
Security upgraded business knowledge: The encryption holds the information control of all
the information residing on the cloud. But, the encryption limits the utilization of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

information while seeking and ordering the information and ends up plainly dangerous, if
certainly feasible.
Table 3 outlines some critical security issues in distributed computing and their conceivable
resistance components.
Critical Security Issues Suggested Solution
Parodying Identity Authentication
Secure Mysteries
Try not to store inside facts
Messing with Information Consent
Message verification codes
Hashes
Denial of Service Isolation
Endorsement
Strangling
Table 3: Security Issues and their solutions
10. Conclusion:
To conclude with, the IT division is being empowered by the open source programming in
order to rapidly construct and transfer applications at the cost of control and
administration. The foundation for cloud agreements exist if a significant number of these
distributed computing barricades have been considered. It is critical to solve any security
concerns causing detours in cloud processing for enhancing the novelty and henceforth
sound development of worldwide economy.
11. Reference:
Nandan, S., & Vajpayee, A. (2016). A Survey on Secure Cloud: Security and Privacy in Cloud
Computing. American Journal of Systems and Software, 4(1), 14-26.
Chachra, P. (2014). A Survey of the Existing Security Issues in Cloud Computing. International
Journal of Computer Science and Information Technologies, 5 (2), 20-34.

Ahmed, M. (2014). cloud computing and security issues in the Cloud. International Journal of
Network Security & Its Applications (IJNSA), 6(1), 67-75.
Brodkin, J. (2017, September 18). Gartner: Seven Cloud-Computing Security Risks. Retrieved
from http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-
security-risks-853.
Chen, D., & Zhao, H. (2012). Data Security and Privacy Protection Issues in Cloud Computing.
International Conference on Computer Science and Electronics Engineering, 1(3), 647-
651.
Popovi, K., & Hocenski, Z. (2010). Cloud Computing Security Issues and Challenges.
Proceedings of the 33rd International Convention in MIPRO, 344-349.
Sen, J. (2010). A Distributed Trust Management Framework for Detecting Malicious Packet
Dropping Nodes in a Mobile Ad Hoc Network. International Journal of Network
Security and its Applications (IJNSA), 2(4), 92-104.
Open Cloud Manifesto. (2017, September 20). Retrieved from
http://www.opencloudmanifesto.org/Open%20Cloud%20Manifesto.pdf.