Study of Cloud Computing: Security Issues, Challenges & Multi-Tenancy.
As we all know Cloud computing is an emerging domain and security of the data must be protected over the network. It is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the internet. Cloud computing is a long dreamed vision of computing as a utility, where data owners can remotely store their data in the cloud to enjoy on- demand highly- quality application and services from a shared pool of configurable computing resources. There are some security issues occurring while using services over the cloud.
In this paper, I investigate and highlight the detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
KEYWORDS: Cloud Computing, Security, Security issues, SAAS, PAAS, IAAS and Multi-tenancy.
Today’s Cloud computing is one of the most important and reasonable technology. It is a way of computing in which dynamically scalable and often virtualized resources are provide as a services over the internet. Internet is not only a communication medium but, because of the reliable, affordable and ubiquitous broadband access, is becoming a powerful computing platform rather than running software and managing data on the desktop computer or server, user are able to execute application and access data on demand from the cloud (internet) anywhere in the world. This new computing paradigm is referred as a cloud computing. We define a general representation of cloud in which the application software and often the data itself is stored permanently not on your pc but rather a remote server that‟s connected to the internet. A simple example of cloud computing is Yahoo email, Gmail, or Hotmail etc. All you need is just an internet connection and you can start sending emails. The server and email management software is all on the cloud (internet) and is totally managed by the cloud service provider Yahoo, Google etc.
Fig1. Cloud computing
1.1 CLASSIFICATION OF CLOUD COMPUTING:
Cloud computing is classified based on either there:-
- Service models
- Deployment model
A) Services Models:
Three types of cloud services and user can use any services which are mentioned below:
- Software as Service (SaS)
- Platform as service (PaS)
- Infrastructure as service (IaS)
Software as a Service (SaaS): It is also called a delivery model where the software and the data which is associated with is hosted over the cloud environment by third party and that third party is called cloud service provider, like your Gmail account, you use that application on someone else’s system.
Platform as a Service (PaaS): In this, you can use Web-based tools to develop applications so they run on systems software which is provided by another company, like Google App Engine.
Infrastructure as a Service (IaaS): It provides services to the companies with computing resources including servers, networking, storage,and data centre space on a pay-per-use basis.
- B) Deployment Models:
The four widely referenced deployment models are private, public, community, and hybrid cloud.
Private Cloud: The cloud infrastructure is operated within a single organization, and managed by the organization or a third party regardless whether it is located premise or off premise. The cloud resources are used by the organization itself for its private use. The private clouds are built by an organization for serving its critical business applications.
Public Cloud: This type of cloud is the dominant form of current cloud computing deployment model. The public cloud can be used by the general public cloud consumers for their own benefits and the public cloud service provider has got the complete ownership of the public cloud with their own policies, values, costing and charging models. Many popular public cloud service providers are Amazon EC2, Force.com, Microsoft and Google App Engine etc.
Community Cloud: This type of cloud is jointly constructed by certain organizations and the same cloud infrastructure as well as policies, requirements, values and concerns is shared by them. The economic stability and democratic equilibrium is formed by the cloud community.
Hybrid Cloud: This type of cloud infrastructure is basically a combination of two or more clouds, it can either be public, private or community. The hybrid cloud is used by the organizations for optimizing their resources to increase their core competency by margining out peripheral business functions onto the cloud while controlling core activities on premise through private cloud.
Fig. 2 Cloud Computing Models
- SECURITY ISSUES ON DELIVERY MODELS ON CLOUD COMPUTING:
Software as a Service (SaaS) security issues: SaaS provides application services on demand such
as email, conferencing software, and business applications such as ERP, CRM, and SCM. SaaS users have less control over security among the three fundamental delivery models in the cloud.The
adoption of SaaS applications may raise some security concerns.
Platform as a Service (PaaS) security issues : PaaS facilitates deployment of cloud-based applications without the cost of buying and maintaining the underlying hardware and software layers. As with SaaS and IaaS, PaaS depends on a secure and reliable network and secure web browser. PaaS application security comprises two software layers: Security of the PaaS platform itself (i.e., runtime engine), and Security of customer applications deployed on a PaaS platform. PaaS providers are responsible for securing the platform software stack that includes the runtime engine that runs the customer applications.
Infrastructure as a Service (IaaS) security issues : IaaS provides abundant resources such as servers, storage, networks, and other computing resources in the form of virtualized systems, which are accessed through the Internet. Users are entitled to run any software with full control and management on the resources allocated to them. With IaaS, cloud users have better control over the security compared to the other models as long there is no security hole in the virtual machine monitor. They control the software running in their virtual machines, and they are responsible to configure security policies correctly. IaaS providers must undertake a substantial effort to secure their systems in order to minimize these threats that result from creation, communication, monitoring, modification, and mobility. Here are some of the security issues associated to IaaS.
- PROBLEM STATEMENT:
My research focus on the security issues in cloud. I will discuss Multi-tenancy issue which I found a major concern in cloud computing. I will broadly cover the aspect of multi-tenancy in cloud computing which will meet the challenges of security of data, so that the data will remain protected while being on the network.
4. SECURITY ISSUES IN CLOUD COMPUTING:
Based on the study, I found that there are many issues in cloud computing but security is the major issue which is associated with cloud computing.
Top seven security issues in cloud computing environment as discovered by “Cloud Security Alliance” CSA are :
- Misuse and reprehensible Use of Cloud Computing.
- Insecure API.
- Wicked Insiders.
- Shared Technology issues/multi-tenancy nature.
- Data Crash.
- Account, Service & Traffic Hijacking.
- Unidentified Risk report.
Misuse and reprehensible Use of Cloud Computing :Hackers, spammers and other criminals take advantage of the suitable registration, simple procedures and comparatively unspecified access to cloud services to launch various attacks like key cracking or password.
Insecure Application Programming Interfaces (API): Customers handle and interact with cloud services through interfaces or API’s. Providers must ensure that security is integrated into their service models, while users must be aware of security risks.
Wicked Insiders: Malicious insiders create a larger threat in cloud computing environment, since consumers do not have a clear sight of provider policies and procedures. Malicious insiders can gain unauthorized access into organization and their assets.
Shared Technology issues/multi-tenancy nature: This is based on shared infrastructure, which is not designed to accommodate a multi-tenant architecture.
Data Crash: Comprised data may include; deleted or altered data without making a backup; unlinking a record from a larger environment; loss of an encoding key; and illegal access of sensitive data.
Account, Service & Traffic hijacking: Account or service hijacking is usually carried out with stolen credentials. Such attacks include phishing, fraud and exploitation of software vulnerabilities. Attackers can access critical areas of cloud computing services like confidentiality, integrity and availability of services.
Unidentified Risk Report: Cloud services means that organizations are less involved with software and hardware, so organizations should not be aware with these issues such as internal security, security compliance, auditing and logging may be overlooked.
5. SECURITY ISSUE: MULTI-TENANCY
Multi-tenancy is a major concern in cloud computing. Multi-tenancy occurs when various consumers using the same cloud to share the information and data or runs on a single server. Multi-Tenancy in Cloud Computing occurs when multiple consumers share the same application, running on the same operating system, on the same hardware, with the same data-storage system and both the attacker and the sufferer are sharing the common server.
This architecture fully separates your information from other customer’s information, while allowing us to roll out rapidly the latest functionality to each, all at once. This approach offers the most configurability and allows you to extract deep insight from your information
Oracle delivers a latest Multitenant architecture that allows a multitenant container database to grasp numerous pluggable databases. An existing database can simply be adopted with no application changes necessary.
5.2 What Is Multi-Tenancy Able To Do?
Simplify Data Mining: Instead of being composed from various sources, all the information for consumers is stored in a single database scheme.
Decreases expenditure: Multi-tenancy reduces the overhead by amortizing it over many users, like they can charge for the certified software because everyone can run it on a single system, so only single certify will need to purchase
More elasticity: It provides the flexibility to import and export your information
- CHALLENGES OF COMPUTER CLOUD:
An adoption of new technology of cloud computing is associated with numerous challenges because users are still skeptical about its authenticity
Security: It is clear that the security issue has played the most important role in hindering Cloud computing acceptance. Without doubt, putting your data, running your software on someone else’s hard disk using someone else’s CPU appears daunting to many. Well-known security issues such as data loss, phishing, botnet (running remotely on a collection of machines) pose serious threats to organization’s data and software.
Costing: Cloud consumers must consider the tradeoffs amongst computation, communication, and integration. While migrating to the Cloud can significantly reduce the infrastructure cost, it does raise the cost of data communication, i.e. the cost of transferring an organization’s data to and from the public and community Cloud and the cost per unit of computing resource used is likely to be higher.
Charging: The elastic resource pool has made the cost analysis a lot more complicated than regular data centers, which often calculates their cost based on consumptions of static computing.
- FUTURE WORK:
In future work, I will design a framework which may satisfy the security issues related to multi-
tenancy and how low-power processors crunching many workloads in the cloud.
Cloud computing is an immense prospect both for the businesses and the attackers – both parties be able to have their own reward from cloud computing. An infinite possibilities of cloud computing cannot be unseen only for the security issues reason – the unending analysis and research for robust, regular and integrated security models for cloud computing might be the only path of inspiration. Based on this fact that the impact of security issues in cloud computing can be decrease by multi-tenancy architecture.
- Subashini, and V. Kavitha. (2010) “A survey on security issues in service delivery models of cloud computing.” J Network Comput Appl doi:10.1016 / j.jnca.2010.07.006. Jul., 2010.
- A Platform Computing “Enterprise Cloud Computing: Transforming IT.” Platform Computing, pp6, 2010.
- Torry Harris – “Cloud Computing – Overview”
- Zhang S, Zhang S, Chen X, Huo X (2010) Cloud Computing Research and Development Trend. In: Second International Conference on Future Networks (ICFN‟10), Sanya, Hainan, China. Washington, DC, USA: IEEE Computer Society. pp 93-97
- Nazia Majadi – “Cloud Computing: Security Issues and Challenges “ – International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013
- Ramgovind, M. M. Eloff, E. Smith. “The Management of Security in Cloud Computing” In PROC 2010 IEEE International Conference on Cloud Computing 2010.
- K. Balachandra, P. V. Ramakrishna and A. Rakshit. “Cloud Security Issues.” In PROC „09 IEEE International Conference on Services Computing, 2009, pp 517-520.
- P – “Cloud Computing Security Issues and Challenges “ – International Journal of Computer Science and Information Technology Research ISSN 2348-120X (online) Vol. 2, Issue 3, pp: (122-128)
- “Addressing cloud computing security issues” – Future Generation
Computer Systems – Volume 28, Issue 3, March 2012, Pages 583–592
- “Security Guidance for Critical Areas of Focus in Cloud computing”, April 2009, presented by
Cloud Security Alliance (CSA).
- Arijit Ukil, Debasish Jana and Ajanta De Sarkar” A SECURITY FRAMEWORK IN CLOUD
COMPUTING INFRASTRUCTURE “International Journal of Network Security & Its
Applications (IJNSA), Vol.5, No.5, September 2013 DOI:10.5121/ijnsa.2013.5502 11.
- Rabi Prasad Padhy, Manas Ranjan Patra and Suresh Chandra Satapathy ,” Cloud Computing:
Security Issues and Research Challenges”, IRACST – International Journal of Computer Science
and Information Technology & Security (IJCSITS) Vol. 1, No. 2, December 2011.
- Kashif Munir and Prof Dr. Sellapan Palaniappan,” FRAMEWORK FOR SECURE CLOUD
COMPUTING “, International Journal on Cloud Computing: Services and Architecture
(IJCCSA), Vol.3, No.2, April 2013.
- Miranda Mow bray and Siani Pearson, “A Client- Based Privacy Manager for Cloud computing”,
June 2009, Proceedings of the Fourth International ICST Conference on communication system
software and Middleware. Flavio Lombardi and Roberto Di Pietro, “Transparent Security for Cloud”, March 2010,
Proceedings of the 2010 ACM Symposium on Applied Computing, pages 414-415. Objectives of
this paper is to study the major security issues arising in cloud environment. WeichaoWang, Zhiwei Li, Rodney Owens and Bharat Bhargava, “Secure and Efficient Access
to Outsourced Data”, ember 2009, Proceedings of the ACM workshop on Cloud computing
security, pages 55-65. Krešimir Popović, Željko Hocenski,”Cloud computing security issues and challenges”,
MIPRO 2010, May 24-28, 2010, Opatija, Croatia.
Student of Computer Science & Engineering.
A P G Shimla University,HP,India.