Abstract— This paper presents an overview on cloud computing. It became the most popular in the world of computer science. It’s a technique of using a network which is hosted on internet and you can access it from all over the world by connecting to the internet. A technique which is used for storing the data globally rather than storing it locally which is cost effective. As cloud computing provides lot of good services but at the same time cloud computing have some security challenges too. In this paper cloud computing, its services, its security and some of the key research topics in this area is discussed.
Index Terms—Cloud Platform, Grid computing, cloud security.
1. INTRODUCTION
Cloud Computing is a dispersed design which unifies server possessions on ascendable platform in order to deliver services as well as computing resources. Because of extraordinary achievement of internet in last few years, resources of computing are now more universally accessible. It empowered the awareness of a new computing theory which is known as Cloud Computing. This atmosphere involves the old service providers to have two diverse methods. These are service providers (SP) and infrastructure providers (IP). IP are managing cloud computes and they lease resources to the users as per their practice. Service providers contract the resources from the infrastructure providers (IP) in order to aid the users withotherservices like testing as a service, software as a service (SAS) etc. This Computing has fascinated the enormous companies like Google, Microsoft, Amazon and reflected as a great inspiration in today’s Info about expertise industry. All these big companies are attracted toward cloud computing as its cost effective as well as time effective at the same time. But at the same time if we are discussing the benefits of a system there must be some cons too. As the security in the field of computer science is one of the most important aspects.
1.1. Cloud computing overview
It is a method of using the Internet to provide application
recollection and software. By using cloud computes, we share
costs such as resources. Users can pay for it at any time and practice what they want at any given time, dropping the budget of the user. Cloud computing keys are software programs, hardware’s, platforms, the storage suppliers that offer products on the Internet.There are not any shrink cases involving hardware or discs for users to obtaining and set up by the user themself. Cloud service providers certainly take a periodic fee each month depend upon your practice.Cloud computing is an assembly of computing software and computer services obtainable from a dispersed server. The name “cloud” has extensive remained used as a symbol for the Internet network, and some numerous widespread services and websites that you may previously enjoyed. I don't comprehend that they are cloud centered. Social networking spots, Internet based email customers (such as Gmail and Yahoo, Wikipedia and YouTube), and peer-to-peer networks (such as Skype or Bit Torrent) are some of the applications that route in the cloud computing. In addition, there is no central location or society to control them, except for web browsers and Internet networks. Enterprise cloud computing is appropriate for the business domain. As an alternative of acquiring and setting up the physical substructure essential to route software packages, enterprises ingest assets on a software-as-a-service source. Running a private application (like Microsoft, SAP or Oracle) will necessitate hardware and a broad substructure to provision it: office space, power, network, server, storage, preservation and bandwidth, no need to reference it, specialists need to set up and run them. Cloud delivers a shortened and easy clarification for this intricacy and the essential principal expenditures.
1.2. Cloud Architecture
Before start talking about the security issues it’s important to know about the architecture of cloud. In simple words, a set of different resources which scales up and which scales down as per user demand. It enables new ways of offering services and lot of products with technical and low price opportunities. As below a table of NIST cloud computing reference architecture is presented.
A Review on Cloud Computing, its Security &
Research challenges
Danish Javeed
1, Di Xiao Qiang
2, Ijaz Ahmed
3, Muhammad Taimoor Khan
4, Fawad Khan
5,
Asmatullah Khan
61, 2, 3, 5, 6Computer Science Department, Changchun University of Science & Technology China.
Actor Definition
Cloud Customer An Organization or a person who upholds a corporate association with, and customs service from,Cloud Provider Cloud Provider An organization, or a person, or object responsible for assembling a service accessible to concerned parties Cloud Auditor A group that can conduct self-governing valuation of the services of cloud, information system processes,
performance, and safety of cloud operation
Cloud Trader A Unit that accomplishes the usage, distribution of cloud facilities, performance, and discusses association among Cloud providers and Cloud Customers
[image:2.595.142.473.210.420.2]Cloud Carrier An intermediate that delivers connection and conveyance of cloud amenities from Cloud Providers to Cloud Customers
Table A: Actors in NIST Cloud Computing Reference Architecture
As the above table shows all of the actors and their definitions. Now below is the graph of the full architecture
Fig A: NIST Cloud Computing Reference Architecture4
2. KEY SECURITY CHALLENGES IN CLOUD COMPUTING
Here in this part of paper i will explain some of the key challenges in cloud computing which users have to face.
2.1. Cloud Threats
Numerous threats that were examined over a period of time, and it has been found that a huge amount Of data has been compromised by hackers and unapproved Access. There are some other minor percentage of security risk was due to Loss, Mixture, IT incident, Inappropriate Disposal etc.
2.2. Data Breaches
Cloud computing and its facilities are new so data breaks in all practices have been occurred for so many years. But the query here is why subtle data is stored over the internet rather than in the vicinity or on premise? A study conducted with title “Man in Cloud Attack” intelligences that almost over 50% of the It specialists have faith that the security measure on cloud are low.
2.3. Insider Threat
An attack on your system inside your association may be seem doubtful but in most of attacks almost 70 percent of attacks are from inside with in organization. And even sometimes these insiders don’t necessary to have any malevolent purposes while attacking.
2.4. Malware Injection
[image:2.595.71.292.624.760.2]2.5. Denial of Service Attacks
Contrasting other types of cyber-attacks, that are naturally propelled to generate a long-term base and takeover sensitive info, denial of service attacks don’t effort to break your safety perimeter. Relatively, they struggle to make your website and servers unobtainable to customers.
2.6. Shared Vulnerabilities
The cloud security is the shared concern in between the customer and the provider. This trust between client and the provider wants the customer to take preventive movements to keep their data safe. While main providers like Drop box, Microsoft, and Google do have consistent measures to protect their sideways, fine grain control is up to the client
.
2.7. Shared Servers
Cloud based systems use servers to hold or store the data but the users can’t physically access those servers and for every user the server is same. Cloud don’t provide a specific server to each user, every user share the same server in between each other. So the problem here is the user may be putting its data on risk if any of the other users upload or store potentially infected or malicious data.
2.8. Lack of Control
When a user relies on a 3rdparty to store their data so at the
same time the user is lifting lot of responsibility off its shoulders. We may call it a double edged sword.
On one hand you won’t manage your own data but at the same time on the other hand somebody else will manage it. If something infects your storage providers so at the same time it will indirectly put you in problems because your data can be accessible by them and the more time your data is unprotected the more risk you will have. And as you can’t manage your data so you must rely on service provider to manage your data.
2.9. Lack of Back up Services
Last but not least the lack of backup services. One of the biggest complaints from clients and companies that service providers receive are that they don’t offer an automatic backup. Instead they expect you or they demand you to make the backups of your own data. To be honest and fair in scenario some providers may provide backups for your data but in some cases some don’t provides backups for your data and you have to do it by yourself. And those who don’t provide you automatic backup also don’t give you the safety at the same time in the event of sudden loss of your data.
2.10.IP Spoofing
[image:3.595.318.535.240.366.2]It is recognized as investigation of the data that is being directed over the net. When data is directed over the net the invader operates the data. The operation is done in a technique that the IP address of the reliable system and then amends the packet info and then sends it to the reception system.
Fig: Showing IP Spoofing attack by modifying packet.
These are some of the others security challenges in cloud computing
Fig: Other security challenges in cloud computing
3. RESEARCH CHALLENGES IN CLOUD COMPUTING
In this part of my paper I will briefly explain some of the vital research challenges in cloud computing
Fig 2.1
In the fig2.1 these are the 10 major cloud computing research challenges which I will briefly describe below
3.1. Portability
It is the ability to move the data of an application as well as an application from one place to another place. If one cloud atmosphere is windows and the new cloud atmosphere is Linux then the application which runs on ancient cloud will run on the new cloud deprived of being changes is known as portability.
3.2. New Architecture
[image:3.595.309.546.475.566.2]3.3. Limited Scalability.
Before cloud computing promised to provide infinite scalability to the customers. But with time being millions of users are drifting to cloud services and so now this assurance is not contented.
This trial of scalability unlocks a new research area to discover a solution for such problem.
3.4. Lack of Standards
Every of the cloud services providers have their own values and there is no reasonable performance dimension facility for the users where the users can compare the performance and the standards of the server providers. The cloud computing must be standardized.
3.5. Security Of Privacy
The key problem in the cloud is the sanctuary doubts of the users. While due to the obtainability of the modern methods of the security the odds of the security defects are too much condensed.
3.6. Reliability
When we talk about accessibility of the connection to the cloud computing then once again it converts in to a big issue. The end users aren’t sure at all whether they will be connected to the network till the end or not. And will endure his work or not at any time the connection is lost. Another issue is that the connection in between user and server is protected or not. The flowing of data is harmless or not. So it’s also a key research area which van be titles as reliability in cloud computing.
3.7. Governance
Some of the companies or administrators which start providing cloud services spending their own data hubs in order to rule and bring the authority in such area. Some of the government organizations and users must work together to resolve such issues.
3.8. Metering
Organizations using cloud services must pattern the performance of all the services. Service providers must deliver means to measure and observe all of their services.
3.9. Energy Management
By the user standpoints all of these resources are on times? If in such cases then it is extremely fruitless in terms of requirements in order of consumptions of energy. This is key area for research.
3.10.Denial of Service
As it is already explained in key matters in cloud computing the denial of service is the key issue and a research area in cloud computing. Is it really essential to figure a denial of service protection in cloud schemes or it can be handled on the internet level? This is also a challenge to researchers.
4. CONCLUSION
One of the major uncertainties in cloud computing are shared servers as well as shared resources. Everyday new progression in the biosphere of computer science and cloud computing is altering the dreams in to reality. This advancement provides lot of benefits but at the same time there are lot of challenges in this domain. Such as insiders threat, denial of service etc. there are still lot of issue in this
area which must need to be solved. There are lot of opportunities for the research in such area to provide the best solution for some of the key challenges which has been discussed in this paper. In this paper an impression of cloud computing has been presented. Plus some light have been thrown on some key research areas and some key issues of cloud computing. Cloud computing is still in early stages of progress. We have faith that this paper will convey a better empathetic of cloud computing and its security challenges.
REFERENCE
[1]. J. J. Peng, X. J. Zhang, Z. Lei, B. F. Zhang, W. Zhang, and Q. Li, “Comparison of Several Cloud Computing Platforms,” 2009 Second International Symposium on Information Science and Engineering (ISISE '09). IEEE Computer Society, Washington, DC, USA, pp. 23-27, DOI=10.1109/ISISE.2009.94.
[2]. S. Zhang, S. F. Zhang, X. B. Chen, and X. Z. Huo, “The Comparison between Cloud Computing and Grid Computing,” 2010 International Conference on Computer Application and System Modeling (ICCASM), pp. V11-72 - V11-75, DOI= 22-24 Oct. 2010.
[3]. B. Grobauer, T. Walloschek, and E. Stöcker, “Understanding Cloud Computing Vulnerabilities,” 2011 IEEE Security and Privacy, pp. 50-57, DOI= March/April 2011.
[4]. W. Dawoud, I. Takouna, and C. Meinel, “Infrastructure as a Service Security: Challenges and Solutions,” 2010 7th International Conference on Informatics and System, pp. 1-8, March 2010.
[5]. P. Mell and T. Grance, “Draft nist working definition of cloud computing - vol. 21, Aug 2009, 20 09.
[6]. E. Marinelli, “Hyrax: cloud computing on moile devices using mapreduce,” DTIC Document, Tech. Rep., 2009.
[7]. T. Dillon, C. Wu, and E. Chang, “Cloud Computing: Issues and Challenges,” 2010 24th IEEE International Conference on Advanced Information Networking and Applications(AINA), pp. 27-33, DOI= 20-23 April 2010.
[8]. L.J. Zhang and Qun Zhou, “CCOA: Cloud Computing Open Architecture,” ICWS 2009: IEEE International Conference on Web Services, pp. 607-616. July 2009.
[9]. A. Kundu, C. D. Banerjee, P. Saha, “Introducing New Services in Cloud Computing Environment”, International Journal of Digital Content Technology and its Applications, AICIT, Vol. 4, No. 5, pp. 143-152, 2010 [10]. ] A. Williamson, “Comparing cloud computing providers,” Cloud Comp. J., vol. 2, no. 3, pp. 3–5, 2009.
[11]. R. L Grossman, “The Case for Cloud Computing,” IT Professional, vol. 11(2), pp. 23-27, 2009, ISSN: 1520-9202.
[12]. Pring et al., “Forecast: Sizing the cloud; understanding the opportunities in cloud services,” Gartner Inc., Tech. Rep. G00166525, March 2009.
[13]. M. Satyanarayanan, P. Bahl, R. Caceres, and N. Davies, “The case for vm-based cloudlets in mobile computing,” Pervasive Computing, IEEE, vol. 8, no. 4, pp. 14–23, 2009.
[14]. R. Cohen. (2010, O) The cloud computing opportunity by the numbers. [Online]. Available: http://www.elasticvapor.com/2010/05/ cloud-computing-opportunity-by-numbers.html
[15]. B. Marrapese. (2010, Dec.) Google ceo: a few years later, the mobile phone becomes a super computer. [Online].
[17]. B. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti, “Clonecloud: Elastic execution between mobile device and cloud,” in Proceedings of the sixth conference on Computer systems. ACM, 2011, pp. 301–314.
AUTHOR’S PROFILE
Mr. Danish Javeed
A master scholar in Computer science, Department of Computer Science , Changchun University of Science and Technology, Changchun China, Research Interest: Information Security, Internet of things (IOT), Machine Learning.
Email: [email protected]
Mr. Ijaz Ahmad
A master scholar in Computer science, Department of Computer Science , Changchun University of Science and Technology, Changchun China, Research Interest:, Artificial Intelligence, Machine Learning , Computer Vision.
Email: [email protected]
Dr. Asmatullah Khan
A PHD scholar in Information and Communication Engineering, Changchun University of Science and Technology, Changchun China, Research Interest: Artificial Intelligence.
