1 - Report Modfied

Scientifically Literature Search
Final Report On
Cloud Computing Security
Name Amad UR Rehman
Student Number LS2039202
School of Cyber Science and
School Technology
Network and Information
Major Security
Supervisor Prof. Dr Gao Ying

Date: 2020-01-05
Contents
1 Introduction............................................................................................................................….1
1.1 Definition of The Cloud………………………………..………………………….…….1
1.2 Types of Clouds …..…………………………………….……………………….………2
1.3 Implementation – Cloud Architecture ……………………………………………….….5
1.4 Databases Used for Literature Review………………………………….………….........6
2 Literature Review……………………………………………………………………… ………
7
2.1 Domain Background …,,,,,,,,,,……………………………………………………….….7
2.2 Literature Review ……………………………………………………………………….7
2.3 Existing Security Threats ………..…………………………………………………….10
2.4 Existing Security Solutions…………………………………………………….….…...13
3 Summary and Conclusion……………………………………………………………...
……...18
4 References………………………………………………………………………... ……
…….19
5 Comments from the Supervisor………………………………………………………… …....22
Beihang University Scientifically Literature Search Final Report
Abstract
Cloud Computing is a technology developed recently and being used for personal but also
business purposes. Cloud security was vulnerable to threats and many cases had as result data
loss, hacking, denial of services and etc. but new security models and security tools are being
improved. The purpose of this research is to define “cloud computing”, its functionality and
implementation, define the function of a cloud security and refer to its existence, a literature
review for previews attempts and improvements, a research on open-source security tools, the
implementation of a cloud server and demonstration of security protection on cloud servers. At
the end of this report summary and conclusion of the whole report is included.
Keywords：Cloud Computing, Security, Cloud Architecture, Security Threats.

1. Introduction
1.1 Definition of the Cloud
Cloud computing is a model for enabling universal, on-demand and convenient network access to a
shared pool of configurable computing resources (e.g., servers, applications, storage, networks and
services) that can be quickly provisioned and released with little to no management effort or service
provider interaction” [1]
As the world of technology and informatics is rising and new ambitions are gained, the more recent
topics students choose the more knowledge they consolidate for their future development. Cloud
Computing is a modern word and often used for something “new”. It is also said that is destined only
to group of experts [2]. The meaning of cloud and its functionality had always existed since the
application of the internet took place. Researchers and network engineers gave this technology the
name “cloud” similar to the functions that physical clouds have. Cloud technology and networking
since its implementation has been used for personal, academic but also business purposes, even
famous consortiums take advantage from it or even sell its services. What is cloud? Why made its
appearance? What is its function to the real world? The introduction chapter will include these
answers and will clear up all the mist in order to explain it in plain terms. [3]
To begin with, the reason cloud was put in line was because of firms facing managing problems for
data that were excessively stored, either mandatory capacity was limited due to the infrastructure of
the business, or out large capacity that leaded to a wasted capital. Apart from those major valued
factors such as the initial capital, capitals and the service-fix cost, the sophisticated effort for the
patching, the managing and the upgrading of the internal infrastructure is a huge obstacle for firm’s
development and mobility. As we know, for many firms where client and cultural competency have
not the strength to manage large data center environments and infrastructure, it would be wise to
upload their files or data backups to another machine via internet, in order to concentrate more on the
organization’s primary objectives. Cloud computing is the technology or better the ability to upload
and maintain data, share/trade software and hardware resources, storage via the internet. The super
1
user of the cloud server is the cloud operator and he/she has access everywhere.
In a long and lasting official definition: “Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications and services) that can be rapidly provisioned and released
with minimal management effort or service provider interaction.”
From business perspective, the idea of cloud environment is evolving as many firms are switching to
this way of infrastructure. It is a cost-effective solution and a tremendous step on new lines of
business. A good example is “Apple’s Siri”, that is a “cloud-based natural language intelligent
assistant”. Many start- up organizations began with the function of cloud, for example applications
(Pinterest) that hold all of their data to cloud servers like Amazon’s Cloud Platform (Amazon Web
Services).
Cloud computing security is defined as the processes, interactions and policies designed to fulfill
security insurance and information protection for a cloud-based environment. It uses both logical and
physical ways for the whole sharing system of the cloud like the software (SaaS), platform (PaaS)
and infrastructure (IaaS). In a cloud security policy, the cloud provider sets the constraints of the end-
user as he is limited to permissions (Acceptable User Policy). Cloud security policy is a mandatory
procedure for every corporation and business as the level of cloud security defines whether an
organization will choose to trust this network topology or refer to another model. The bad hierarchy
and security gaps for organizations which were using cloud servers are published in articles and
newspapers and lead other ones not to participate and fear on changing their network way of
connection. There are non-profit organizations (Cloud Security Alliance – CSA) of corporation
experts, which they research and produce plans of frameworks, guidelines for securing,
implementing and enforcing solutions in cloud operating systems. [3]
1.2 Types of Clouds
In order to provide a safe and secure solution plan for a cloud environment, a final decision has to be
done on which type of cloud should be chosen. According to the latest information we have, there
have been developed only three types of cloud deployment models, which are private, public and
hybrid. These are going to be discussed further below. [4]
2
Cloud computing security model has three security and delivery models. These are the following:
1. Private Cloud:
A cloud platform with dedicated use for home users or special organizations
2. Public Cloud:
Designated for public clients that can register for a low price of registration or even free and take
advantage of the infrastructure (storage of data, software and etc).
3. Hybrid Cloud:
A private cloud that can expand to manage resources of public clouds.
Cloud computing service models or “offerings” can be divided in three and they support the above
[1,2] models:
1. IaaS - Infrastructure as a Service
It delivers computation, network resources, also includes servers, virtual machines, storage, load
balancers and other core infrastructure stack
2. PaaS - Platform as a Service
Provides platform, business and service tools, adds development and programming applications to
IaaS, includes databases, web servers, execution frameworks/runtimes and development tools
3. SaaS – Software as a service
Provides applications from the infrastructure of the cloud and implements them on an end-user
machine (Sales force CRM, Gmail/Google Apps, Microsoft Live and etc) [4]
Public Cloud
Public cloud is a model which permits access to users via web browser interfaces. In order to have
access on its users have to pay in a paying method system like the water supplying metering system
with prepaid accounts. In fact, that does not only give profit to the cloud providers but also gives
them the ability for optimization [5]. Cloud clients then debit their IT charge at a logical level by
lowering the capital loss on the IT system infrastructure. From a security perspective, public clouds
are less secure according to the other ones because they focus on taking care more on having all the
applications online than protecting the data uploaded from possible attacks [6]. Therefore, privacy
and trust fade out with public clouds and their clients keen on negotiating with private cloud servers
for better security results [7]. Possible solutions for this matter would be 1) both cloud provider and
3
client agree on sharing data responsibility in supporting daily checks and validations through their
own systems, 2) for each of them to have responsible roles for dealing with security within their
permission boundaries [8].
Private Cloud
A private cloud is implemented in a corporation’s internal infrastructure data center. It is more
manageable to set up security, adjusting requirements and elasticity, and provides more supervision
on its application and use. Private cloud offers virtual applications, infrastructure resources with the
permission of the cloud vendor, that he/she is responsible to put them available for share and use. It
differs from the public cloud server because all the private cloud applications and resources are
controlled by the corporation itself, like Intranet. Security on a private cloud server is more secure of
the public because it disables the exposition to external and specifies the internal access on
privileged users [9].
Hybrid Cloud
A hybrid cloud is a private cloud that is connected on one or more outwardly services. It is basically
managed on the centric system infrastructure, catered as a single service, and hold on a secure
network environment. It provides to its client’s virtual IT resources like public and private clouds.
Hybrid cloud server’s vendors give more secure data management and provide several parties access
the internet with high supervision and protection. It’s an open architecture that allows interfaces with
other ‘friendly’ systems. In other words, hybrid clouds are private cloud vendors that keen to expand
and be more flexible, like a mix of both public and private [10].
To summarize, in deciding which of the three types of cloud is to be deployed, business
administrators need to take in consideration the security aspects of the corporation’s architectural
structure, further information on the security differences between those cloud models is essential [4].
4
Figure 1 - "Illustrating the Cloud Computing Ser vice Models”
1.3 Implementation – Cloud Architecture
In a cloud-based environment, which SaaS, PaaS and IaaS are provided, large resources on virtual
machines can give greater results on efficiency and flexibility. Every physical host’s resources are
virtualized as a Virtual Machine (VM) that runs multiple operation tasks and processes. “Cloud
platform provides pools of virtualized resources (computing, memory, saving storage, bandwidth)
spanning multiple hosts and storage frames”. Multi-tenancy is shared on the physical infrastructure
of the cloud [7].
Techniques such as storage frames and workload balancing can be used in order to achieve high
resource utilization. Workload balancing is accomplished through virtual machine live migration, an
Figure 2 "Cloud Platform Architecture (CPA)”

application that moves virtual applications between physical ones in a total and stealth (not observed
by the users) way. The storage, computing and network resources are the basic virtualized resources
5
offered from a cloud vendor [7].
1.4 Databases Used for Literature Review
There are multiple databases to be used for the literature review compilation for this study, but I
chose following databases;
1. Elsevier Science Direct
2. Springer
3. Taylor and Francis
4. Wiley Online Library
6
2. Literature Review
2.1 Domain Background
Cloud computing has been presented so far as a cost-effective, resulting and multitasking solution.
The advantages have been mentioned for the reader to understand the elasticity in the tasks cloud
system fulfills. The rapid growth of such technologies and systems is parallel to the growth of
security threats.
Open (via internet) systems like cloud have endless vulnerabilities because of them being new and
public. As a result of this, competition has been increased between cloud vendors and clients target to
find which of those is the most secure and safe. Hosts tend to use cloud services for data securing
and their utilization so this grows the competition on the market and the security perspective of the
cloud managers. This chapter will conclude some of the most major security threats exist, deep
analysis will occur describing the high value of importance cloud vendors should have against one of
those, solutions of facing security threats on cloud systems created by researchers and testers will be
added as long as security models, history and a literature review will be added to show the latest
solutions created and evaluated. [5].
2.2 Literature Review
Rongxing will be the first of the papers being reviewed. His team proposed of a new security and
provenance data forensics tool for cloud systems. Secret documented files included on the tree of the
users file system, with the aid of the tool will support their privacy and security. Another use it’s the
authentication mechanism they applied to check for unrecognized user access and this comes from
the process of examining the resolve disputes of data. The provenance prospect is a process of the
‘bilinear pairing method’ that blocks of data forensics built within the environment. Using security
techniques via multiple tests they accomplished to prove functionality on their model. Their work is
done successfully as they introduced a functioning system but they could not implement as there
occurred complex on mathematical models [1].
La ‘Quata Sumter states that the growth of cloud computing implementation results to internet
7
security doubted and threats constantly increasing. Clients of cloud vendors and services are
seriously discouraged for the weakness of cloud security to protect data and make available when
needed. Users doubt the access mechanism on servers of cloud as also its security. To assure and
encourage cloud clients for information security, they have proposed a model that keeps track of
every move and process is taking place on the information stored. In order to complete this, they
demanded a security capture device that will support their model and make it work completely. The
advantages are that they have been dealing with customer encouragement about the security concerns
but due to the limitation of their model, its practical only for small cloud environments and not
recommended for larger ones [2].
Mladen says that cloud computing came as a system after many practical years on networking and
computer technology. This paper is focused on concerns based on ‘cloud computing with
virtualization, cyber infrastructure, service-oriented architecture and end users. Key concerns have
been taken under consideration and implementation and research made their work important. User’s
dissatisfaction pushed them to write theoretical papers based on security concepts and issue
authentication [3].
Wenchao et al. on this research proposed another perspective of solutions through data centric. They
have investigated the security requirements of securing data and sharing through applications online.
Discussion on forensic, system analysis and data management has been included. They proposed a
new security platform known in the short name of DS2 which stands for Declarative Secure
Distributed Systems. This platform supports the functions of the proposed data securing methods.
Network protocol and security policies are managed by the ‘Secure Network Data log (SeNDlog)’ a
rooted language that processes networking and access control logic-based tasks. With the aid or
Rapid Net declarative networking engine they managed to develop DS2 prototype and they added
provenance support according to their belief that will make the security level more stable. “The
strength in their work lies on the data centric security that results to secure query processing, system
analysis and forensics, efficient end to end verification of data”. Their work should be evaluated
from professional cloud vendors [4].
Due to the cloud computing services and benefits which are safety, security and privacy, Soren
explained the majority of the influence cloud spreads. Complex and good managing of the web
8
interfaces of a cloud have better results than wrong configured because the second ones can make the
whole system vulnerable to threats. The platform of their implementation was “Amazon’s Elastic
Compute Cloud (EC2)”. They implemented a security analysis tool and simulate it to real factors.
Complex high level query language has been proposed and used to describe the requirements of the
configuration. Python and EC2 were the main software used for their implementation. This tool
identifies the breaches on the secure sections of the infrastructure and then informs the administrators
to check the problem, in other words it works like an antivirus program. The advantages of their
work is that they investigated every possible security attack with the proposed tool but it has a huge
disadvantage that the software is linked to work with the EC2 infrastructure and not in general
systems [5].
Flavi and Roberto proposed a novel Architecture and Transparent Cloud Protection System (TCPS)
for better security management. They claim that they have accomplished integrity in privacy issues
in clouds. To identify them, they built a more feasible and more secure architecture which they
named TCPS. This system can be used to keep track of every host transfer but also keep the
transparency and virtualization of the server. The results of their work are that they created an
intrusion detection mechanism built in the architecture but they did not manage to deploy realistic
scenarios and test their work, so they could not validate it [6].
Wayne stated the essentiality of configuring security on critical systems. Facing security issues from
end user perspective is mandatory. Security policies with strong commands should keep data checked
for dangerous actions and prevent unauthorized access to both clouds and data servers. Their paper
focuses on public clouds. Key factors are “end user trust, insider access, visibility, risk management,
client-side protection, server-side protection, and access control and identity management”. The
weakness in their work is that they did not outcome of a tool, or a solution on real infrastructure [7].
Jingpeng managed to propose a paper on cloud’s image repository. Their design addresses the risks
and can be easily implemented and prove success. Filters in the system infrastructure capture
malware and secondly all sensitive to crack passwords are removed and replaced by stronger ones.
Clients can choose the required images. Repository maintenance decreases the possibility of running
illegal software. The testing of this papers show that filters work efficiently in the image
management system. They proposed a system “different” from other cloud architectures and showed
9
with aid of filters and scanners that they could detect malicious traffic. The weakness is that captures
of filters are not 100% accurate and could lead to legitimate issues as also the scanner cannot capture
every type of virus and it has to be updated constantly [8].
Miranda and Siani are facing problems of data seepage user complain about. This issue puts a serious
obstacle on the acceptance of the implementation of cloud and its growth on the market. Some
scenarios have been taken under consideration. A client-based privacy manager tool for processing
sensitive information inserted in the cloud is proposed. The tool reduces security issues as
simultaneously increases privacy safety. The tool has been tested successfully and used in many
environments.
The privacy manager tool ensures security on services within the client machine. It has a feature that
reduces critical data transferred for further actions. Once data is targeted the output is de- obfuscated.
The key this tool uses is so secret that even the cloud providers have no right to know. The privacy
manager enables end users to contribute to the changes of their personal data, and also rectify them.
The strength of their tool proposed is providing access control, user customization and feedback
facility but it cannot be implemented to all scenarios [9].
Dan and Anna proposed a data protection framework for sensitive information. Their proposed
framework contains three basic keys: policy ranking, integration and enforcement. Various models
have been described for each part. They presented security data models but also cost functions. Their
work is tested and simulated but not validated on real environments [10].
2.3 Existing Security Threats
Within a cloud environment we define as secure policy issues like “privacy, security, anonymity,
telecommunications capacity, government surveillance, reliability and liability”. A Survey on Cloud
Computing Security: Issues, Solution and Threats in [11] conducted an overview of cloud security
concerns such as sharing and virtualization of resources. Thereafter, solutions were proffered with a
view to enhancing security on the cloud. There is a difference between each type of client a cloud
server deals with. Academia clients require more performance than security protection in comparison
with business clients that want their data to be protected more than having use on a high-performance
system. Gartner’s seven security concerns will be described below.
10
• Privileged user access: Fragile data that can be analyzed from outsiders and give them ability of
bypassing the ‘physical – logical’ layer of the cloud and gain access on data and software.
• Regulatory compliance: Clients are responsible for the good management and security of their
data, even in a cloud environment. Most cases show that percentage of data loss or privacy intrusion
is caused from human factors that were clients.
• Data location: The exact location of the data clients uploaded is not known by them, and the
distributed data storage because of its behavior can lead to loss of control and it is good for
customers to know where their data is stored before proceeding to the cloud.
• Data segregation: Encryption and decryption of data in the cloud is essential but it cannot be the
only way of solution as it is vulnerable to attacks.
• Recovery: In a case of server failure or denial of service how will the data of clients been
restored? Does the cloud vendor have a backup plan of reverse engineer and protection of data? Are
cloud managers capable of restoring data or they have to be supported from an outsider third part
company? These actions are not on clients favor.
• Investigate support: Cloud services are hard to investigate cause of many customers data placed
in the same location, but can also spread infected files to other sets of software.
• Long-term viability: Cloud providers have to assure their clients that even in a case of a merge in
a bigger cloud company there will still be integrity and availability on their data [2].
So, as clients tend to trust and transfer data on third-party hardware servers that are live or virtual
online, the cloud vendors have to give IT security solutions and policies to protect client’s data. This
trend and new responsibility model will give another meaning to the cloud management as more
challenges are occurring and more solutions are found. The first question that someone can do to an
administrator of IT business environment is if he and the team has the ability to whether prevent a
security threat from intruding the infrastructure or deal with a breached security. The answer is two
sided as the first responsible for any security breach are the customers themselves and then the cloud
security itself [2].
A. Data Leakage
To begin with, by moving to cloud environments, there are two obvious changes for client’s data.
First, data is uploaded from the customer’s machine to a different target area. Secondly, the transfer
occurs from a single to a multi-tenant area. This causes possibilities of data leakage effects. This is a
11
major cloud security threat [21].

For its prevention Data Leakage Prevention (DLP) has been invented for the protections of sensitive
data. DLP though cannot protect data and it is useless on public clouds due to their nature of
architecture, so DLP tools are not the most effective solution in this incident. In public clouds, clients
have the authority to control the whole infrastructure so DLP agents cannot act automatically with
unwanted results [22].
B. Cloud Security Issues
Internet is a communication model that cloud environments exist from. It uses the TCP/IP protocol
which addresses unique IP of users and identifies them over the Internet. Virtual machines similarly
to the TCP/IP protocol use IP addresses. A malicious user, internal or external can search for IP
addresses.
When they find the targets physical server, they implant a malicious virtual machine to attack. If a
hacker gets access to a VM he can get data of all users, this is possible by copying the data into a
hard drive of his own and analyze them in a safe place before cloud providers are alerted [23].
1) Attacks in Cloud
Nowadays, several attacks in the IT world have been reported. Clouds give access to legal users that
register but can also have stored clients that have criminal purposes. A hacker can use cloud servers
for storing his malicious programs, that programs can cause Distributed Denial of Service (DDoS) to
the cloud system. If the victim shares the same cloud with the hacker, it would be easier to the hacker
to sketch up the attack. This can be valid as mentioned above with virtual machines too [24].
a) DDos Attacks Against Cloud
The DDoS kinds of attacks are usually taking place on high quantity IP packets traffic on specific
entries. Blacklist pattern programs are quickly becoming out-of-service due to overrun. In cloud
systems where there is a big amount of clients using it, denial of service has a bigger impact in
contrast to single infrastructures. DDoS attacks prefer low cloud resources. The solution is to
increase the number of critical resources. Bot-net way of attacking is the most serious problem a
cloud could face [24].
Most of the anti-attack software published on the market cannot either protect a system from a DDoS
attack or stop traffic because it cannot examine which traffic is good or bad. Intrusion Prevention
Systems (IPS) [http://cloudsecurity.trendmicro.com] is effective when the attack is located and
12
recognized.
Unfortunately, firewalls are not so resulting on DDoS attacks since firewalls transport legitimate
traffic and are vulnerable to spy-poof software [23].
b) Cloud Against DDos Attacks
DDoS attacks are powerful threats. They are launched from a bot-net with many zombie machines
support. Initialization of DDoS occurs when a huge amount of packets are sent to the web server
from many sources. Cloud servers can tolerate more effectively those attacks as they have plenty of
resources online to defend with, in order to protect from a site, shut down [24].
2.4 Existing Security Solutions
There are several solutions that exist in the internet environment that can run also to cloud
infrastructures effectively but more cloud specified attacks need more expertise solutions. Internet
solutions can be used to cloud systems or even improved.
Figure3 "Proposed Solution”

A. Access Control
The mechanisms of access control are tools that enable user authorized access and support the
13
prevention of unauthorized ones to the infrastructure. These mechanisms should analyze user’s
lifecycle by the time they sign up until their de-registration, so it would be sure they had no longer
access. Special analysis should be put on user entering privilege mode and can modify system
policies. The following steps should be considered to ensure security:
I. Control access to information.
2. Manage user access rights.
3. Encourage good access practices.
4. Control access to network services.
5. Control access to operating systems.
6. Control access to applications and systems.
In the SaaS model cloud provider is the one responsible for the management of the whole
infrastructure. Application is delivered as a service to clients via a web browser so other network
controls lose their power and get ignored by the user access controls. Clients should focus to their
user access commands [25].
In the PaaS model, cloud provider focuses on the management of access control to servers, network
and application infrastructure.
IaaS clients are responsible for every management aspect exists in this architecture. Access on virtual
machines, storage, servers, and network should me designed to be managed from the clients.
B. Countermeasure and Fast Response
Common point in IT and cloud security of networks is investigation of possible problems and threats
that can enter the system but more important is the implementation of the special response every
problem needs to get. Cloud is set up on a group of specialized storage devices, lead by a custom
high distribution coordinator, being available 24/7. For flexibility, scalability and efficiency usage of
resources, cloud vendors must produce many solutions to almost any problems they face, in areas
with great adaptability and workload analysis [20].
1) Partitioning
Workloads that have to come across multiple nodes, partitioning on data must occur in order to
maximize transaction and better performance. The main goal is to minimize the chances of entering
transactions to multiple nodes and result with the answer [25].
2) Migration
14
A cloud’s main objective is the ability to have flexibility. In the “cloudpedia” this means
concentrating more resources on components they need. There is a challenge on database programs
that large amounts of data have to be transferred properly to other locations. In migration, the method
works like predicting the adaptation time for example like partitioning time and breaking data into
smaller parts in order to maintain transactions and simultaneously moving them [25].
3) Workload Analysis and Allocation
For better collaboration between virtual machines and their workloads, it is essential that analysis
and classification is done to the resources required in order to estimate the virtual machine allocation
memory. [25]
C. Trace of User’s Behavior
Since most of the problems appear due to user novice knowledge on clouds and mistakes, method of
tracing the user’s identity and origin has already been implemented. Every cloud vendor knows
user’s unique identity and can easily investigate on his behaviors. In order to maximize security,
user’s behavior has to be monitored from underground programs for criminal actions. Every
suspicious move will be traced and will warn user or even ban according to the level of the act. In
fact, those kinds of monitors have been used in IT environments such as TCP protocols for many
decades. A good start would be to implement them also on cloud servers [25].
Based on the security model of Prashant Srivastana, Satyam Singh a proactive methodology is
described to improve the security aspects within a cloud environment [6].
This proactive methodology which is followed is listed according to the implementation level:
• Create a detailed Cloud Policy.
• Identify compatible Cloud Service Provider based on the Cloud Policy above.
• Draft a detailed Service Level Agreement with provisions for monitoring of the Cloud Service
Provider network and services.
• Continuous monitoring by the Security Cloud for policy violation.
• The feedback is used to refine the Cloud Policy according to the emerging technology trends and
solution. The details on creation of the Cloud Policy and the Security Cloud are described in the later
sections [6].
A. Security Cloud Policy
Every cloud environment has its own methods and protocols of management and security aspects.
15
Public clouds are the ones that are more vulnerable to threats and sometimes they act as a third party
in form of the CSP (Cloud Service Provider). IT companies are assigned to build cloud providers
custom made security models [6].
The security cloud policy aims to have a specific goal to every cloud service. It maps the exact
security requirements and adopts them. Separated and also “special” cloud policies that are hidden
and authorized only to IT managers have more benefits as they can specify all the security issues of
the organization without contributions [6].
B. Creating the Security Cloud Policy
• Privileged user access: Cloud provider must acknowledge that administrator and managers
should have HR experiences as well.
• Regulatory Compliance: Provider has to give allowance to third party audits for regulatory
issues. Data logs should be also included.
• Data Location: Independence on data locations is one of the factors cloud is created. The
provider must align boundaries to data that exceed their limit for better control.
• Data Segregation: Cloud specialists have to be able to investigate encrypted files so they can sort
it as safe or threatening. The cloud provider must use standard encryption.
• Recovery: Business Continuity Plan must be afforded as a method of data being destroyed, in
order to recover from severe incidents. Guaranteed time must be included [26].
• Investigative Support: Illegal activity investigation on a cloud environment is difficult. Even
experts sometimes cannot target criminal behavior. Requests on outside investigative companies can
be helpful.
• Long Term Viability: In case of mergers, a clear mandate has to assure clients what happens to
their data.
• Data Management: This section has to determine teams, privileges, management policies and
etc. Details can be performed and revealed transparently.
• Application security: Application layer should be tested for security concerns. Provider has to set
the security requirements and features to the developers and the security team.
• Security model of cloud provider interfaces: The APIs must be supported with a great security
model.
• Provider HR Policy: It is essential to analyze the human resources policy of the cloud provider.
16
• Secure data deletion: Attackers can always press hacking forces onto data rejected and get useful
information. Therefore, providers have to assure persistent data deletion.
• Information from Provider: The provider must supply the other company teams with useful logs
and data grams in order to check risky criteria [27].
C. Security Cloud
• Monitoring public blacklists for one’s own network blocks: 24-hour checks have to be
performed between the Cloud Service Provider and public black lists. Companies using cloud
systems do not prefer that their service ends to a spam activity or DDoS situation.
• Vulnerability Assessment: Insurance on the current health of the network provided has to be
checked and confirmed for network resources via automated software tools.
• Penetration Testing: Tools that penetrate the network should be used but with great supervision
in order not to lose connection and cause a limited network to the clients. Open-Source Penetration
Testing frameworks are OSSTMM and etc.
• Log Analysis: Cloud Service Provider due to the cloud policy requirements has to perform
checks and tests and report any issue or gap to the management team.
• Host Based Intrusion Prevention System: In the IaaS delivery model, only storage and basic
networking is provided. It is estimated that client will provide OS and apps. HIPS (Host Based
Intrusion Prevention System) can be used for security reasons. These results lead to an effective
system [6].
Security cloud model is effective to private cloud models but always attached to the company’s
security policy. Except from testing, scanning and penetration, it can be able to check password
weakness with famous deciphering programs offline [6].
17
Figure 4 "Architecture based on proacti ve methodology” – [6]
18
3. Summary and Conclusion
The problem of private clouds is that they are often underutilized until they get in a larger
environment. This parts train cloud developers and administrators of a company with the ability of
having the insight key of cloud architecture but also avoid exposing the company to threats
implementing a public cloud. The Security Cloud model provides security solutions not only to the
Public cloud but also to the private infrastructure. Penetration testing and vulnerability scanning
improves the overall performance.
Public cloud providers guarantee results in addition to a good cloud policy. In order to achieve high
security and defense, cloud providers are strictly monitoring the whole system 24/7. Finally, updates
to the cloud policy of a company prepare the company and reduce chances of being attacked from
the latest threats of security.
In conclusion, to begin with, an introduction navigated the reader through words and technical terms
that were defined afterwards in order to be understood and proceed to more advanced sections. In the
introduction section, the term ‘cloud’ has been defined as long as ‘security’ and there was clearly
defined from what scope the reader should investigate this report. Introduction part also included the
delivery models, the cloud architectures, threats, existed solutions and methodologies. The second
major part of the introduction followed by the literature review, which was based on a white paper
published on 2011. This paper included all the latest security tools and models for cloud
environments and a review was given for each of them.
The aim of this report is to theoretically explain the definition of the cloud, step by step appropriation
of the reader on such terms and learning to keep a scope of security. The security threats and
solutions have been referred along to a proactive methodology for more advanced cloud
implementers.
19
4. References
[1] Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800-
145 (2011).
[2] Kandukuri, B.R., Paturi, V.R., Rakshit, A., 2009. Cloud Security Issues, in: IEEE International
Conference on Services Computing, 2009.
[3] DeChaves, S.A., Westphall, C.B., Westphall, C.M., Gerônimo, G.A.: Customer Security
Concerns in Cloud Computing. IARIA, 978-1-61208- 113-7 (2011).
[4] Ramgovind, S., Eloff, M.M., Smith, E., 2010. The management of security in Cloud computing,
in: Information Security for South Africa (ISSA), 2010.
[5] Shaikh, F.B., Haider, S., 2011. Security threats in cloud computing, in: Internet Technology and
Secured Transactions (ICITST), 2011 International Conference.
[6] Srivastava, P., Singh, S., Pinto, A.A., Verma, S., Chaurasiya, V.K., Gupta, R., 2011. An
architecture based on proactive model for security in cloud computing, in: 2011 International
Conference on Recent Trends in Information Technology (ICRTIT).
[7] Tianfield, H., 2011. Cloud computing architectures, in: 2011 IEEE International Conference on
Systems, Man, and Cybernetics (SMC).
[8] A Platform Computing Whitepaper, ‘Enterprise Cloud, Computing: Transforming IT’, Platform
Computing, pp6, viewed 13, March 2010.
[9] Dooley B, 2010, ‘Architectural Requirements of the Hybrid Cloud’, Information Management
Online, viewed 10 February 2010.
[10]Raoa, R.V., Selvamanib K.: Data Security Challenges and Its Solutions in Cloud Computing
20
International Conference on Intelligent Computing, Communication &Convergence (ICCC-

2015).
[11] CommVault.: Your Top 5 Cloud Data Protection Challenges. Solved. commvault.com/cloud.
(2015).
[12]Brodkin J, 2008, ‘Gartner: Seven cloud-computing security risks’, Infoworld, viewed 13 March
2009.
[13]ISO. ISO 7498-2:1989. Information processing systems- Open Systems Interconnection. ISO
7498-2
[14]B. Rochwerger et al, “The RESERVOIR model and architecture for open federated cloud
computing”.
[15]R. Buyyaa et al, “Cloud computing and emerging IT platforms: Vision, hype, and reality for
delivering computing as the 5th utility.
[16]G. J. Popek and R. P. Goldberg, “Formal requirements for virtualizable third generation
architectures, 1974.
[17] Cloud Migration Survey Report.: The Most Up-to-Date Benchmarks, Trends, and Best
Practices. Amazon Web Services. (2017).
[18]SUN Microsystems, “Introduction to cloud computing architecture”, White Paper, 1st Edition,
June 2009.
[19]J. Varia, “Architecting for the cloud: Best practices”, May 2010.
[20]Sabahi, F., 2011. Cloud computing security threats and responses, in: 2011 IEEE 3 rd International
Conference on Communication Software and Networks (ICCSN).
[21]C. Almond, "A Practical Guide to Cloud Computing Security," 27 August 2009.
[22]Chouhan, P.K.; Yao, F.; Sezer, S.: Software as a Service: Understanding Security Issues: Science
and Information Conference (2015) July 28-30 London, UK
[23]N. Mead, et al, “Security quality requirements engineering (SQUARE) methodology, “Carnegie
Mellon Software Engineering Institute”.
[24]J. W. Rittinghouse and J. F. Ransome, Cloud Computing: Taylor and Francis Group, LLC, 2010.
[25]P. Sefton, "Privacy and data control in the era of cloud computing."
[26]Kresimir Popovic and Zeljko Hocenski, “Cloud computing security issues and challenges,” in
Proceedings of the 33rd International Convention, MIPRO 2010
21
[27]Arora, R.; Anshu P.: Secure User Data in Cloud Computing Using Encryption Algorithms:
International Journal of Engineering Research and Applications (2013)
[28]T. Garfinkel and M. Rosenblum, “When virtual is harder than real: security challenges in virtual
machine-based computing environments,” Proc. 10th Conference on Hot Topics in Operating
Systems (HOTOS’05), vol. 10, USENIX Association, Berkeley, CA, USA, June 2005, pp. 20-
20.
[29]R. Chow et al., “Controlling data in the cloud: outsourcing computation without outsourcing
control,” Proc. 2009 ACM Workshop on Cloud Computing Security, ACM, New York, NY,
USA, Nov. 2009.
[30]S. Pearson, “Taking Account of Privacy when Designing Cloud Computing Services,” Proc.
ICSE Workshop on Software Engineering Challenges of Cloud Computing (CLOUD'09), IEEE
Computer Society, Washington, DC, USA, May 2009.
22
23
5. Comments from The Supervisor
Signature:
Phone number:
E-mail:
24

1 - Report Modfied

Uploaded by

Copyright:

Available Formats

1 - Report Modfied

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1 - Report Modfied

Uploaded by

Copyright:

Available Formats

Scientifically Literature Search

Name Amad UR Rehman

Student Number LS2039202

School of Cyber Science and

Network and Information

Supervisor Prof. Dr Gao Ying

Keywords：Cloud Computing, Security, Cloud Architecture, Security Threats.

1.1 Definition of the Cloud

1.2 Types of Clouds

Figure 1 - "Illustrating the Cloud Computing Ser vice Models”

1.3 Implementation – Cloud Architecture

Figure 2 "Cloud Platform Architecture (CPA)”

offered from a cloud vendor [7].

1.4 Databases Used for Literature Review

2.1 Domain Background

2.2 Literature Review

2.3 Existing Security Threats

major cloud security threat [21].

2.4 Existing Security Solutions

Figure3 "Proposed Solution”

Figure 4 "Architecture based on proacti ve methodology” – [6]

3. Summary and Conclusion

International Conference on Intelligent Computing, Communication &Convergence (ICCC-

5. Comments from The Supervisor

You might also like