[1] 1. TRUSTED CLOUD COMPUTING WITH SECURE RESOURCES AND DATA COLORING 1.1 trust and security is considered as two major factors in the platform of cloud computing. Trust and security have prevented businesses from fully accepting cloud platforms. Trust & Reputation Management has made Cloud Computing Trusted with Secure Resources and Data Coloring and water marking. A reputation system is one of the ways for establishing trust between service providers and data owners. These techniques are used to safe the confidential data from unauthorized access. A new business model is enabled by Cloud computing that supports on-demand, pay-for-use, and econ¬omies-of-scale IT services over the Internet. The Internet cloud works as a service factory …show more content…
at the innermost implementation layer, there is infrastructure-as-a-service (IaaS) model which is extended to form the platform-as-a-service (PaaS) layer by adding OS and middle¬ware support. PaaS further by applications on data, content, and meta¬data using special APIsis created to extends to the software-as-a-service (SaaS) model. all protection functions at all levels are being demanded by SaaS. At the other extreme, IaaS demands protec¬tion mainly at the networking, trusted com¬puting, and compute/storage levels, whereas PaaS embodies the IaaS support plus additional protection at the resource-management level. 1.3Securing Infrastructure as a Service: In a virtu¬alized environment , lease compute, stor¬age, network, and other resources are provided to user by the IaaS model. underlying cloud infrastructure has not been manage by the user but user has control over the OS, storage, deployed applications, and possibly certain network¬ing components. Amazon’s Elastic Compute Cloud (EC2) is a good example of IaaS. At the cloud infrastructure level, CSPs can enforce network security with intrusion-detection systems (IDSs), firewalls, antivirus programs, distributed denial-of-service (DDoS) defenses. 1.4Securing Software as a Service: To serve thousands of cloud custom¬ers, who make no upfront investment in serv¬ers or software licensing, SaaS is employing browser-initiated application software. From the provider’s
Cloud Computing has very many benefits especially for the businesses. First, it leads to reduced technological costs. This is because unlike purchasing of a system which is expensive, the payment is only made upon usage and thus making it cheap (Marston et al 2011). Secondly, there are much reduced
The security concerns for IaaS and PaaS models are described collectively because of their reliance over each other. The attacks on these two layers are of three types: attacks on the cloud services, attacks on virtualization and attacks on utility computing. Hardware virtualization, software virtualization, cloud software, utilitycomputing and Service Level Agreement (SLA) are considered some of the common security concerns for IaaS and PaaS.
Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.
Cloud computing offers services to users based on on-demand self-service, broad network access, measured service, resource pooling and rapid elasticity; These characteristics promise a faster time for implementation, lower cost, superior scalability and a better end user satisfaction. These services are delivered in models known as Software As A service (SaaS), Platform As A Service (PAAS), and Infrastructure As A Service (IAAS). The first layer which is the Software As A service (SaaS) is the layer in which software applications are delivered to end users. Below is the Platform As A Service (PAAS) layer which offers a platform on which applications can be developed. The lowest layer is the Infrastructure As A Service (IAAS) layer, in this layer the physical servers and network infrastructure is offered as a service. These services can be deployed throughout the internet (Public Cloud Computing), on the intranet infrastructure, (Private Cloud Computing), in a shared community of private networks (Community Cloud Computing), or a hybrid of both (Hybrid Cloud Computing). The service deployment models are [8]:
There are three major cloud deployment models along with few other emerging models like federated and intercloud [1].
The cloud computing industry evolved over the past fifteen years and according to (White, 2013) in the article, “A Cloud Retrospective”, the cloud industry was introduced out of the dot.com bubble burst at the beginning of the twenty-first century compelled internet-based companies to modernize their Information Technology (IT) Architecture and find more efficient IT operating solutions (White, 2013). (White, 2013), writes that Amazon entered the cloud market by introducing its Amazon Web Services (AWS) in 2006. (White, 2013) states in 2007 there were disagreements by the experts on the true definition of cloud computing. In 2008 the cloud market expands to include more vendors (White, 2013). (White, 2013)
The public cloud is a deployment model where cloud services are provided over a public network, such as the internet, by a third-party provider. Examples of public cloud services include Dropbox, Gmail and Twitter. By definition, most SaaS applications operate under the public cloud deployment model. One of the primary advantages of public cloud is its attractive pricing model. The organisation is typically charged a subscription fee for access to the cloud services, paying only for the number of users required, this removes the need for business to manage software licences (Savvas [Online], 2014). However, security conscious organisations requiring a SaaS solution may opt for a private cloud segregated from public networks. There are obvious security concerns involved in exposing a SaaS application to a public network. However, there are concrete steps an organisation can take to reduce the risk incurred with public cloud deployments. Many public cloud SaaS providers offer two-factor authentication, requiring an additional level of verification before the user’s credentials are accepted. This is typically achieved using an authentication code in the form of a text message sent to the user’s registered mobile number. Furthermore, organisations should develop and maintain a culture of cyber security, enforce best practices such as creating strong passwords and training staff in phishing awareness.
By 2020, Forbes (McKendrick, 2012) has estimated that the cloud market will be worth $270 billion; this suggests that the market is expanding rapidly and users are becoming more aware of this feature. Many people, though, still ponder over the exact purpose of cloud computing: Cloud computing is a group of offline servers that are networked together to allow data to be stored centrally. For example, Drop box is an established cloud storage company that allows users to store documents, images and videos on their servers. This type of cloud computing is known as ‘Software-as-a-Service’, which are business applications that are hosted by the provider and delivered as a service (Hurwitz, 2010). Hurwitz also mentions two other types of cloud computing: ‘Platform as a Service (PaaS)’ and ‘Infrastructure as a Service (IaaS)’. ‘Platform as a service’ is where the consumer will create an application, using tools and software from the provider, then the provider will administer the consumer with networks, storage and servers. ‘Infrastructure’ as a service is where the provider will provide the consumer with physical computer or virtual machine.
As depicted in figure 3, the technical details, arrangements and management of the cloud service providers’ network is transparent to the cloud user. From the end of the cloud user, the service from the provider comes in the form of SaaS, PaaS or IaaS where the cloud user has no intention or worry about what goes on in the internal arrangement of the cloud service providers’ network. Any disruption of any form for whatever is the reason, deem to the cloud users either as service unavailability or quality deterioration – its affect and ways to counter this disruption is a critical part for the cloud infrastructure. Security issues might play a stimulating role as a driving factor for any aforementioned disruption.
From the previous section, we see a very wide range of services provided by cloud technology. The main idea of cloud is dealing with connection from internet and make internet as its “computer-based”. Therefore, maintaining security in the cloud is like safeguarding the jungle because every weakness in network link are adversary’s opportunity to harm our properties. Security concerns in cloud services could be related to Integrity, for instances users who use PaaS will not let anyone influence or change his application code. Another concern is confidentiality
Cloud Computing appears as a computational paradigm as well as distribution architecture and its main objective is to Provide secure, quick, convenient data storage and net computing device, with all computing resource visu-alized as service ,with all computing resources visualized as service and delivery over the internet [1,2].The cloud enhances collaboration, agility, scalability, availability, ability to adapt to fluctuations according to demand, accelerate development work, and provides potential for cost reduction through optimized and efficient compu-ting [3,5].Cloud computing is buzz word of IT industry today and present everywhere and every one's mind. Cloud computing is ubiquitous, next generation's infor-mation technology architecture which offers on-demand access to the network. It is dynamic, virtualized, scalable and pay per use model over internet. Cloud computing is a box of several concepts such as virtualization, Service oriented architecture (SOA), web 2.0 and many more. In some respects, Cloud Computing represents the maturing of these technologies and is a marketing term to repre-sent that maturity and the services they provide [4].There are several advantages of adopting cloud computing but still journey of cloud is not easy. Cloud still is its early stage, suffering from many pitfalls and one of the most concern is security along with availability, privacy and compliance. Traditional security mechanism such as Authentication , authorization ,
Cloud computing security or also known as cloud security talks about a broad set of technologies, policies and controls deployed to protect applications, data, and the corresponding infrastructure of cloud computing. The cloud is a great invention to allow high capacity storage of data but without the cost to allow sharing of resources in a quick and timely manner. With technology becoming advanced in such a short amount time, new steps must be created to protect people information from being hacked. Hacker’s mission is determined by greed, anger, or request to damage their victims and the organization they might be a part. No one can actually stop all the potential vulnerabilities from being breached, but the provider and clients
Software as a Service (SaaS): In this service provider provide an applications to consumers over internet.
Software as a service – SaaS describes a system in which high level functionality software as an on-demand is hosted by a cloud and shared to end client using thin client application via internet. The main feature of SaaS systems is that the API offered to the cloud client is for a complete software service. The SaaS Cloud provider may charge end user based on number of users or number of requests hit on hosted API. Example Sales Force.
In this work I am proposing to design framework based on trusted computing technology to improve data security and confidentiality in the cloud. In order to do that I will work on defining protocols to make sure that data storage and replication is only done on trusted storage servers and also data access from the cloud is secure for the client and users. Cloud computing allows clients to use computing resources with option of pay per use. It is convenient option used widely in Information Technology industry. Data security and confidentiality is problematic when data transfers to third party.