Analysis of Security Threats and Preventive Methods in Cloud Computing

Verified

Added on 2021/06/14

AI Summary

This report delves into the security challenges inherent in cloud computing, a technology closely tied to virtualization and utilized for various purposes. It identifies major security risks, including data breaches, data loss, traffic hijacking, insecure APIs, denial-of-service attacks, malware attacks, cloud abuse, and vulnerabilities related to shared technology. The report examines each threat, providing detailed explanations of their potential impact. Furthermore, the paper proposes and explores a variety of preventive measures and solutions to mitigate these risks. These include selecting reliable cloud providers, implementing encryption systems, establishing authorization processes, monitoring network traffic, inspecting security standards, enforcing strong API security, and establishing a robust supply chain management plan. The paper also proposes a Security Access Control Service model, which utilizes Hadoop for analysis, aiming to provide a practical approach to cloud security. Finally, the report emphasizes the growing importance of cloud computing and the need for users to thoroughly explore and understand cloud security before adoption, offering valuable insights for both cloud providers and users.

Security threats in cloud computing and preventive
methods
[Name of the Author]
[Name of the University]
[Available at]
ABSTRACT – Cloud computing is closely related to the
virtualization. It is better to say that cloud computing has
taken the virtualization in next level of evolution. Clouds are
mainly used for various purposes. Cloud computing is an
Information Technology paradigm which is associated with
enabling a ubiquitous rate of access to the pool of system
resources which are generally configurable and are shared.
This technology can be provisioned by putting a little amount
of management effort and are accessed by making use of the
internet. This report is mainly associated with discussing
about the major security risks in cloud computing and what
are the preventive measures to save the information present
in the clouds.
Keywords— cloud computing, security of cloud computing, risks
faced by cloud computing, prevention from security issues.
INTRODUCTION
Cloud computing generally consists of the cloud, which
generally means the Internet. This is associated with
facilitating the users to get access of the device, which are
residing at place of the internet and this is done mainly in
order to share various types of information in different forms.
Along with this, the cloud-computing environment is also used
for accessing different kind of software and database. This
type of accessing is mainly done by making use of the SaaS or
the Software as a Service [1]. Besides this, users would also be
capable of using updated software without any kind of need of
installing the software in the system of the user.
LITEERATURE REVIEW
Cloud computing is responsible for reducing the costs
associated with the installation and purchasing of new devices
at a drastic rate. This mainly has happened due to presence of
a singular network where all the devices are connected and
they share the network amongst themselves.
Cloud computing has some outstanding features and this
mainly includes the following:
 This helps a lot in reducing the cost which are
generally required for the purpose of buying any kind
of external device.
 Favoring the device by providing mobility of the
locations. Which means that an user can access a
device or service irrespective of their location.
 Providing virtual technology, which means that it is
associated with providing the facility of sharing the
servers as well as the sources [2].
 Provide multitenancy, which means that it is
associated with providing of the facility to enable the
users to share their resources by means of
centralization.
 Cloud computing is also associated with enhancing the
load capacity.
Along with all this cloud computing also, favor a lot in
various type of processes and for this reason it is very much
popular amongst the users of the internet.
A. Research problems
Along with the various type of benefits and its popularity,
the cloud computing technology has been associated with
various type of drawbacks, which are unavoidable, and this
has ultimately resulted the technology to face various type of
security breaches. Some of the common security challenges
for the cloud technology mainly involves the breach of the
data, loss of the data, hijacking of the traffic, APIs which are
unsecure, Denial of service attack, attacks from the malware,
abuse of the clouds knowledge’s which are insufficient and the
vulnerabilities related to the haring of the technology [3].
The security challenges of the cloud technology has been
discussed I brief in the following section of the report.
 Breach of the data: In case if the backups of the data
are stored in offline form then the risks related to the
loss of data is relatively less whereas this would be
greatly increasing the risk related to the exposure of
the data. It is possible for the virtual machine to get
easy access of the side channels timing information in
order to derive the private cryptographic keys. These
keys are generally used by the other virtual machines,
which are present in the same network. In case when
the designing is not done in a proper way then the
attacker would become capable of reaching out to the
data of the user and use it for various malicious
purposes [4].
 Abuse of the clouds: IaaS or Infrastructure as a Service
is one of the feature of the cloud computing is
associate with providing virtualization of the devices as
well as the storages and the networks. However, this
providing of virtualization does not consist of any type
of secured registration process. Which means that it is
possible for anyone who is having the correct
credentials can sign up for the cloud and are capable of
using the cloud services instantly. For this reason, many
of the cloud network can become a victim of various
type of malicious attacks, spam mails and many more
[5].
 API, which are insecure: API or the Application User
Interface along with the software and other type of
interfaces generally gets shared by the users present at
a particular cloud network. The security, which is
present for this type of shared resources, are mainly
dependent upon the different type of security policies,
which are used by the respective software and the APIs.
Therefore, it is very much essential to have a tight
security in the APIs and the software that are going to
be shred on the clouds [6].

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

 Attacks form various malwares: The visibility is less and
the exposure is more in the cloud networks. Due to this
reason the cloud networks are prone to various type of
malware attacks. In many cases it has been seen that
the cloud providers are not associated with providing
of a detailed information about various aspects like the
ways by which they would be granting access to the
software and the other functionalities, how they would
be associated with tracking of the users and many
more. Due to the presence of a loophole like this, it
becomes very easy for an attacker to inject various kind
of malicious software, viruses and many more into the
system [7].
 Issues due to the shared technology: The clouds along
with the IaaS functionality has been associated with the
providing of scalability at the high-ends. This is mainly
done by allowing the users to get access to the devices,
which are generally shared. Besides this, the Hypervisor
is associated with allowing a single guest in the OS to
be connected to the other physical resources. Due to
this reason the clouds are placed at risk whenever a
guest OS have an access to the various unnecessary
levels which are responsible influencing the other
systems which are present in the network.
 Data loss: The deletion, alteration, unlinking of the
records, storing of the data on various unreliable
mediums might lead to compromise of the important
data, which acts as one of the major security threats for
the cloud environment. This is ultimately the main
reason for the loss of the important data, reputation,
customers trust and sometimes might lead to loss of
the customer. Several legal as well as policy compliance
issues might be caused due to loss of data [8].
 Service hijacking or Account Hijacking: Various types of
attacks, which are included in under this treat are the
Phishing, fraud and the exploitation of the software
and many more. This type of attacks are mainly done
by means of stealing the credentials and this might lead
to severe amount of destruction to the integrity and
reputation.
B. Preventive measures or Solutions:
The security threats in the cloud can be eliminated very
easily if certain simple steps are considered. The elimination of
the treats is possible by folling the steps listed below:
 Prevention of the data breach is possible by
selecting a cloud provider which is proper along
with being reliable. Besides this, proper encryption
systems can also be installed in order to ensure the
security of the data [9].
 The treats related to cloud abuse can be eliminated
by having authorization registration processes
followed by validating the processes as well. The
credit card processes are also to be monitored in
order to any type of fraud. The network traffic
should also be examined properly. Besides all this,
an eye should be kept upon the blacklisted staffs.
 Inspection of the security standards are to be done
thoroughly which are provided the cloud providers.
Along with this it is also to be made sure that there
exists strict authentication along with transmission
of the data in an encrypted form [10].
 In order to prevent the malware attacks a supply
chain management plan is to be made which would
also be authorized. Besides this the human resource
requirements should be included in the legal
contracts [11].
 Along with the above-mentioned solutions there
should also exist absolute visibility in the
mechanism for the security as well as in the
compliance.
 Best security measures are to be achieved in order
to install and configure the clouds. The non-
authorized changes and activities also needs to be
audited along with the promoting of the SLA or eth
service level agreements in order to install all the
vulnerability assessments. Time to time scanning
should be done in order to find out the
vulnerabilities.
 Powerful API securities are to be enforced along
with the Securing of the data by making use of the
SSL encryption is to be done. Besides this, the
integrity of the data running time is to be checked
along with the time duration of designing. The
users should also explore the backup plans and
collection plans of the providers [12].
C. Figures and Tables
Fig 1: Basic traits of Cloud computing
Fig 2: Loss of Control over the data

Fig 3: Solution for malware attack
Fig 4: Survey on the security of the Cloud
Fig 5: Basic Architecture of Cloud Computing
PROPOSED DESIGN
The Security model known as the Security Access Control
Service is proposed for the cloud computing. This design
would be using the tool known as the Hadoop in order to do all
the analysis.
After consideration all the security challenges it is
understood that there is a need of practical approach. The
proposed design has been has been shown in the figure
provided below:
Fig 5: System model for the proposed design
The elements of the model has been discussed below:
 Access Authorization: this is manly used in order to
authorize the users who requests for a cloud
service.
 Security API: keeps users use specific services
safely after accessing to the cloud.
 Cloud connection security: This ensures that the
safe resource of the upper service layer provided by
the bottom resource layer.
CONCLUSION
The spread of cloud computing is increasing day by day. This
technology is associated with providing of various kind of
facilities like saving of costs and many more. However, the
security problems related to cloud computing acts as a major
drawback for the users. Due to this reason, it is much necessary
to explore the cloud computing services before adopting them.
This paper has been associated with identifying the major
security issues related to the usage of the cloud computing. The
paper have also been associated with providing certain
solutions by which the security threats can be eliminated very
easily.
REFERENCES
[1] Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security
issues. Future Generation computer systems, 28(3), 583-592.
[2] Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B.
(2013). An analysis of security issues for cloud computing. Journal of
internet services and applications, 4(1), 5.
[3] Chen, D., & Zhao, H. (2012, March). Data security and privacy protection
issues in cloud computing. In Computer Science and Electronics
Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-
651). IEEE.
[4] Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts,
architecture and challenges. In Computing, Electronics and Electrical
Technologies (ICCEET), 2012 International Conference on (pp. 877-880).
IEEE.
[5] Ren, K., Wang, C., & Wang, Q. (2012). Security challenges for the public
cloud. IEEE Internet Computing, 16(1), 69-73.
[6] Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A
survey on security challenges in cloud computing. Computers & Electrical
Engineering, 39(1), 47-54.
[7] Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud
computing security problem. arXiv preprint arXiv:1609.01107.
[8] Ryan, M. D. (2013). Cloud computing security: The scientific challenge,
and a survey of solutions. Journal of Systems and Software, 86(9), 2263-
2268.
[9] Puthal, D., Sahoo, B. P. S., Mishra, S., & Swain, S. (2015, January). Cloud
computing features, issues, and challenges: a big picture.
In Computational Intelligence and Networks (CINE), 2015 International
Conference on (pp. 116-123). IEEE.
[10] Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud
computing: Opportunities and challenges. Information sciences, 305,
357-383.
[11] Rao, R. V., & Selvamani, K. (2015). Data security challenges and its
solutions in cloud computing. Procedia Computer Science, 48, 204-209.
[12] Shahzad, F. (2014). State-of-the-art survey on cloud computing security
Challenges, approaches and solutions. Procedia Computer Science, 37,
357-362.