Survey on Privacy and Data Security Issues in Cloud Computing

International Journal of Engineering and Advanced Technology (IJEAT)ISSN: 2249 – 8958, Volume-2, Issue-5, June 2013III. SECURITY CONCERNS IN CLOUD COMPUTINGCloud services are applications running somewhere in theCloud Computing infrastructures through internal networkor Internet. For users, they don’t know or care about thedata where to be stored or services where to be provided.Cloud computing allows the providers to develop theapplication, deploy and run, that can easily grow in terms ofcapacity or scalability, work rapidly i.e. performance, andnever or at least rarely fail which means reliability, withoutany concerns on the properties and the locations of theunderlying infrastructures. The penalty of obtaining theseproperties of Cloud Computing are to store individualprivate data on the other side of the Internet and get servicefrom other parties (i.e. Cloud providers, Cloud serviceproviders), and consequently result in security and privacyissues. Then, what kind of security is sufficient for users?To achieve adequate security, it contains 5 goals: They areavailability, data integrity, confidentiality, control and audit.The five goals are integrated systematically, and none ofthem could be forfeited to achieve the adequate security.Nevertheless, few Cloud Computing systems can achievethe five goals together nowadays[2].A. AvailabilityThe goal of availability for cloud computing systemsincluding applications and its infrastructures is to ensureits users can use them at any time, at any place. Cloudcomputing system enables its users to access the systemfrom anywhere (e.g., applications, services). This is truefor all the Cloud Computing systems (e.g., DaaS, SaaS,PaaS, IaaS, and etc.). Required to be accessed at anytime, the Cloud Computing system should be severingall the time for all the users (say it is scalable for anynumber of users). Two strategies, redundancy andhardening, are mainly used to enhance the availability ofthe Cloud system or applications hosted on it.B. ConfidentialityConfidentiality means keeping user’s data secret in theCloud systems. The confidentiality in Cloud systems isa big obstacle for users to step into it, as many users say“My sensitive corporate data will never be in the Cloud”in the article named “Above the Cloud”. CloudComputing system offerings are basically publicnetworks. The applications or systems are exposed tomore attacks when comparison to those hosted in theprivate data centers. Hence, keeping all confidential dataof user’s secret in the cloud is a fundamentalrequirement which will attract even more usersconsequently. Usually, there are two basic approaches(i.e., physical isolation and cryptography) to achievesuch confidentiality, which are broadly adopted by theCloud Computing vendors. Encrypted storage is anotherchoice to enhance the confidentiality. For example,encrypt the data before placing it in a cloud. Thisapproach may be even more secure than unencrypteddata in a local data center.[7]C. Data IntegrityIn the Cloud system data integrity means preserveinformation integrity i.e., not modified or lost unauthorizedusers. The data is the base for providing Cloud Computingservices, such as Software as a Service, Data as a Services,Platform as a Service, keeping data integrity is a primarytask. Data integrity is fundamental for Cloud Computingsystem, and it is expectant to be achieved by techniquessuch as digital signatures, RAID-liked strategies and so on.D. ControlControl in the Cloud system means to regulate the use ofthe system, together with the applications, infrastructureand the data. Cloud computing system at all times involvesdistributed computation on multiple large-scale data setsacross a large number of computer nodes. Every internetuser is able to contribute his or her individual data to theCloud Computer systems which are situated on the otherside of the Internet, and utilize them. For instance, a user’sclick stream across a set of webs (e.g., Google search webpages, Amazon book store, etc.) can be used to presenttargeted advertising. Future healthcare applications mightuse an individual’s DNA sequence (which is captured byhospitals) to develop tailored drugs and other personalizedmedical treatments. When all these private data are stored inthe Cloud Computing system environment, users of CloudComputing systems might face many threats to theirindividual data[6].E. AuditAudit means to watch what happened in the Cloud system.Auditability can be added as an additional layer above thevirtualized operation system or virtualized applicationenvironment hosted on the virtual machine to providefacilities watching what happened in the system. It is moresecure than that which is built into the applications or intothe software themselves, because it is able to watch theentire access duration. For such kind of scenarios, threemain attributes should be audited:1. Events: The state changes and other factors thataffected the system availability.2. Logs: Comprehensive information about users’application and its runtime environment.3. Monitoring: Should not be intrusive and must belimited to what the Cloud provider reasonably needs inorder to run their facility.IV. THREATS TO SECURITY IN CLOUD COMPUTINGCloud computing may not increase the risk that personalinformation will be improperly exposed or misused; it couldincrease the chances of exposure. The aggregation of data ina cloud provider can make that data very attractive tocybercriminals. Additionally, given how inexpensive it is tokeep data in the cloud, there may be a tendency to retain itfor an indefinite period, thereby increasing the risk ofbreaches.The chief concern in cloud environments is to providesecurity around multi-tenancy and isolation; givingcustomers more comfort in addition “trust us” idea ofclouds. Security at different levels such as Host level,Network level and Application level is necessary to keepthe cloud up and running continuously.A. Basic SecurityWeb 2.0, a key technology towards enabling the use ofSoftware as a Service relieves the users from tasks likeinstallation and maintenance of software. It’s widely usedall over. The security has become more important than everfor such environment, as the user community using Web 2.0is rising.SQL injection attacks: are the one in which a maliciouscode is inserted into a standard SQL code and thus the131