COMPUTER CLOUD SECURITY SYSTEM


COMPUTER CLOUD SECURITY SYSTEM  

ABSTRACT

          Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. Cloud Computing leverages many technologies (SOA, virtualization, Web 2.0); it also inherits their security issues, which we discuss here, identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.

CHAPTER ONE

1.0     Introduction

The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [2011] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations.

Cloud Computing enables ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud Computing appears as a computational paradigm as well as a distribution architecture and its main objective is to provide secure, quick, convenient data storage and net computing service, with all computing resources visualized as services and delivered over the Internet [Zhao G, Liu J, Tang Y:2011, Zhang S, Zhang S:2012:p342]. The cloud enhances collaboration, agility, scalability, availability, ability to adapt to fluctuations according to demand, accelerate development work, and provides potential for cost reduction through optimized and efficient computing [Marinos A, Briscoe G:2011:p53].

Cloud Computing combines a number of computing concepts and technologies such as Service Oriented Architecture (SOA), Web 2.0, virtualization and other technologies with reliance on the Internet, providing common business applications online through web browsers to satisfy the computing needs of users, while their software and data are stored on the servers [Marinos A, Briscoe G:2009:p93]. In some respects, Cloud Computing represents the maturing of these technologies and is a marketing term to represent that maturity and the services they provide [Centre for the Protection of National Infrastructure:2010].

Although there are many benefits to adopting Cloud Computing, there are also some significant barriers to adoption. One of the most significant barriers to adoption is security, followed by issues regarding compliance, privacy and legal matters [8]. Because Cloud Computing represents a relatively new computing model, there is a great deal of uncertainty about how security at all levels (e.g., network, host, application, and data levels) can be achieved and how applications security is moved to Cloud Computing [Rosado DG, Gómez R, Mellado D:2012:p12]. That uncertainty has consistently led information executives to state that security is their number one concern with Cloud Computing [Mather T, Kumaraswamy S:2009:p43].

Security concerns relate to risk areas such as external data storage, dependency on the “public” internet, lack of control, multi-tenancy and integration with internal security. Compared to traditional technologies, the cloud has many specific features, such as its large scale and the fact that resources belonging to cloud providers are completely distributed, heterogeneous and totally virtualized. Traditional security mechanisms such as identity, authentication, and authorization are no longer enough for clouds in their current form [Li W, Ping L:2009:p45]. Security controls in Cloud Computing are, for the most part, no different than security controls in any IT environment. However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, Cloud Computing may present different risks to an organization than traditional IT solutions. Unfortunately, integrating security into these solutions is often perceived as making them more rigid [Cloud Security Alliance:2012].

Moving critical applications and sensitive data to public cloud environments is of great concern for those corporations that are moving beyond their data center’s network under their control. To alleviate these concerns, a cloud solution provider must ensure that customers will continue to have the same security and privacy controls over their applications and services, provide evidence to customers that their organization are secure and they can meet their service-level agreements, and that they can prove compliance to auditors [Rittinghouse JW:2009:p123].

We present here a categorization of security issues for Cloud Computing focused in the so-called SPI model (SaaS, PaaS and IaaS), identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment. A threat is a potential attack that may lead to a misuse of information or resources, and the term vulnerability refers to the flaws in a system that allows an attack to be successful. There are some surveys where they focus on one service model, or they focus on listing cloud security issues in general without distinguishing among vulnerabilities and threats. Here, we present a list of vulnerabilities and threats, and we also indicate what cloud service models can be affected by them. Furthermore, we describe the relationship between these vulnerabilities and threats; how these vulnerabilities can be exploited in order to perform an attack, and also present some countermeasures related to these threats which try to solve or improve the identified problems.

The remainder of the paper is organized as follows: Section 2 presents the results obtained from our systematic review. Next, in Section 3 we define in depth the most important security aspects for each layer of the Cloud model. Later, we will analyze the security issues in Cloud Computing identifying the main vulnerabilities for clouds, the most important threats in clouds, and all available countermeasures for these threats and vulnerabilities. Finally, we provide some conclusions.

1.1     Background of Study

Several trends are opening up the era of Cloud Computing, which is an Internet-based development and use of computer technology. The ever cheaper and more powerful processors, together with the software as a service (SaaS) computing architecture, are transforming data centers into pools of computing service on a huge scale. The increasing network bandwidth and reliable yet flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centers.

Moving data into the cloud offers great convenience to users since they don’t have to care about the complexities of direct hardware management. The pioneer of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2) are both well known examples. While these internet-based online services do provide huge amounts of storage space and customizable computing resources, this computing platform shift, however, is eliminating the responsibility of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. Recent downtime of Amazon’s S3 is such an example . From the perspective of data security, which has always been an important aspect of quality of service, Cloud Computing inevitably poses new challenging security threats for number of reasons. Firstly, traditional cryptographic primitives for the purpose of data security protection can not be directly adopted due to the users’ loss control of data under Cloud Computing. Therefore, verification of correct data storage in the cloud must be conducted without explicit knowledge of the whole data. Considering various kinds of data for each user stored in the cloud and the demand of long term continuous assurance of their data safety, the problem of verifying correctness of data storage in the cloud becomes even more challenging. Secondly, Cloud Computing is not just a third party data warehouse. The data stored in the cloud may be frequently updated by the users, including insertion, deletion, modification, appending, reordering, etc. To ensure storage correctness under dynamic data update is hence of paramount importance. However, this dynamic feature also makes traditional integrity insurance techniques futile and entails new solutions. Last but not the least, the deployment of Cloud Computing is powered by data centers running in a simultaneous, cooperated and distributed manner. Individual user’s data is redundantly stored in multiple physical locations to further reduce the data integrity threats. Therefore, distributed protocols for storage correctness assurance will be of most importance in achieving a robust and secure cloud data storage system in the real world. However, such important area remains to be fully explored in the literature.

1.2     Statement of Problem

Cloud computing has become a social phenomenon used by most people every day. As with every important social phenomenon there are issues that limit its widespread adoption.

Most issues start from the fact that the user loses control of his or her data, because it is stored on a computer belonging to someone else (the cloud provider). This happens when the owner of the remote servers is a person or organization other than the user; as their interests may point in different directions (for example, the user may wish that his or her information is kept private, but the owner of the remote servers may want to take advantage of it for their own business).

1.3     Objective of the Study

Due to the issue of security and privacy on cloud computer the researcher objectives to this study are as fellows.

Design an encryption system attached to the system that will enable any user before sending data to the cloud be encrypted with security key Device a means of sharing data in a more secure and reliable manner over the cloud system. Create the awareness of the security threats in cloud computer to the people so as the alert them on how to secure there information. (project topics   final year project topics and research materials )

1.4     Motivation/Research Thoughts

The question focus was to identify the most relevant issues in Cloud Computing which consider vulnerabilities, threats, risks, requirements and solutions of security for Cloud Computing. This question had to be related with the aim of this work; that is to identify and relate vulnerabilities and threats with possible solutions. Therefore, the research question addressed by our research was the following: What security vulnerabilities and threats are the most important in Cloud Computing which have to be studied in depth with the purpose of handling them? The keywords and related concepts that make up this question and that were used during the review execution are: secure Cloud systems, Cloud security, delivery models security, SPI security, SaaS security, Paas security, IaaS security, Cloud threats, Cloud vulnerabilities, Cloud recommendations, best practices in Cloud. This lead into this research work by the researcher.

1.5     Significance of the Study

Enlighten the people, the users of cloud computer on the security challenges and how to resolve this issues. Enhance the use and the effectiveness of the cloud computing among the people. Remove the fear of using cloud computing from the people since the research will come up with a new design that will solve the issue of privacy and third party

1.6     Abbreviation/Definition

OOPS               Object Oriented Programming Concepts

TCP/IP           Transmission Control Protocol/Internet Protocol

JDBC               Java Data Base Connectivity

EIS                 Enterprise Information Systems

BIOS              Basic Input/Output System

RMI          Remote Method Invocation

JNDI    Java Naming and Directory Interface

ORDBMS Object Relational Database Management System

CSP                 Cloud Service Provider (CSP)

J2ME              Java 2 Micro Edition

.


TYPE IN YOUR TOPIC AND CLICK SEARCH.






RESEARCHWAP.COM

Researchwap.com is an online repository for free project topics and research materials, articles and custom writing of research works. We’re an online resource centre that provides a vast database for students to access numerous research project topics and materials. Researchwap.com guides and assist Postgraduate, Undergraduate and Final Year Students with well researched and quality project topics, topic ideas, research guides and project materials. We’re reliable and trustworthy, and we really understand what is called “time factor”, that is why we’ve simplified the process so that students can get their research projects ready on time. Our platform provides more educational services, such as hiring a writer, research analysis, and software for computer science research and we also seriously adhere to a timely delivery.

TESTIMONIES FROM OUR CLIENTS


Please feel free to carefully review some written and captured responses from our satisfied clients.

  • "Exceptionally outstanding. Highly recommend for all who wish to have effective and excellent project defence. Easily Accessable, Affordable, Effective and effective."

    Debby Henry George, Massachusetts Institute of Technology (MIT), Cambridge, USA.
  • "I saw this website on facebook page and I did not even bother since I was in a hurry to complete my project. But I am totally amazed that when I visited the website and saw the topic I was looking for and I decided to give a try and now I have received it within an hour after ordering the material. Am grateful guys!"

    Hilary Yusuf, United States International University Africa, Nairobi, Kenya.
  • "Researchwap.com is a website I recommend to all student and researchers within and outside the country. The web owners are doing great job and I appreciate them for that. Once again, thank you very much "researchwap.com" and God bless you and your business! ."

    Debby Henry George, Massachusetts Institute of Technology (MIT), Cambridge, USA.
  • "I love what you guys are doing, your material guided me well through my research. Thank you for helping me achieve academic success."

    Sampson, University of Nigeria, Nsukka.
  • "researchwap.com is God-sent! I got good grades in my seminar and project with the help of your service, thank you soooooo much."

    Cynthia, Akwa Ibom State University .
  • "Great User Experience, Nice flows and Superb functionalities.The app is indeed a great tech innovation for greasing the wheels of final year, research and other pedagogical related project works. A trial would definitely convince you."

    Lamilare Valentine, Kwame Nkrumah University, Kumasi, Ghana.
  • "Sorry, it was in my spam folder all along, I should have looked it up properly first. Please keep up the good work, your team is quite commited. Am grateful...I will certainly refer my friends too."

    Elizabeth, Obafemi Awolowo University
  • "Am happy the defense went well, thanks to your articles. I may not be able to express how grateful I am for all your assistance, but on my honour, I owe you guys a good number of referrals. Thank you once again."

    Ali Olanrewaju, Lagos State University.
  • "My Dear Researchwap, initially I never believed one can actually do honest business transactions with Nigerians online until i stumbled into your website. You have broken a new legacy of record as far as am concerned. Keep up the good work!"

    Willie Ekereobong, University of Port Harcourt.
  • "WOW, SO IT'S TRUE??!! I can't believe I got this quality work for just 3k...I thought it was scam ooo. I wouldn't mind if it goes for over 5k, its worth it. Thank you!"

    Theressa, Igbinedion University.
  • "I did not see my project topic on your website so I decided to call your customer care number, the attention I got was epic! I got help from the beginning to the end of my project in just 3 days, they even taught me how to defend my project and I got a 'B' at the end. Thank you so much researchwap.com, infact, I owe my graduating well today to you guys...."

    Joseph, Abia state Polytechnic.
  • "My friend told me about ResearchWap website, I doubted her until I saw her receive her full project in less than 15 miniutes, I tried mine too and got it same, right now, am telling everyone in my school about researchwap.com, no one has to suffer any more writing their project. Thank you for making life easy for me and my fellow students... Keep up the good work"

    Christiana, Landmark University .
  • "I wish I knew you guys when I wrote my first degree project, it took so much time and effort then. Now, with just a click of a button, I got my complete project in less than 15 minutes. You guys are too amazing!."

    Musa, Federal University of Technology Minna
  • "I was scared at first when I saw your website but I decided to risk my last 3k and surprisingly I got my complete project in my email box instantly. This is so nice!!!."

    Ali Obafemi, Ibrahim Badamasi Babangida University, Niger State.
  • To contribute to our success story, send us a feedback or please kindly call 2348037664978.
    Then your comment and contact will be published here also with your consent.

    Thank you for choosing researchwap.com.