Professional Documents
Culture Documents
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
Nadia Khan
Fatima Jinnah Women University
Rawalpindi, Pakistan
nadiakhanfjwu@gmail.com
Mehreen Sirshar
Fatima Jinnah Women University
Rawalpindi, Pakistan
msirshar@gmail.com
I.
INTRODUCTION.
MODELS
OF
CLOUD
172 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
B. SERVICE MODELS
Software-as-a-Service (SaaS): It is a process by which
Application Service Provider (ASP) provide different software
applications over the Internet. It also helps the users to get rid
of installing, downloading, and operating the application on
their own computer. It also eliminates the software
maintenance load.
Examples: Google Apps
Platform-as-a-Service (PaaS): PaaS provides a computing
platform and solution stack as a service without software
downloads or installation for developers, end-users, or IT
managers. It provides an infrastructure for testing cloud
applications.
Examples: Force.com, Google App Engine, and
Microsoft Azure.
Infrastructure as a Service (IaaS): It is the sharing of
hardware resources which uses the Virtualization technology.
The primary objective of IaaS is to make resources such as
servers, storage, and network accessible to all applications and
operating systems. In the cloud infrastructure, the user does
not manage the hardware, but he has to control the operating
systems and deployed applications.
Examples: AmazonEC2, Amazon S3, Go Grid.
II.
173 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
concepts: hardware, software and communication, but these
should be transparent to clients. Mobile devices have been
widely accepted because it becomes the first choice of
working and entertainment for new generation in their daily
lives.
E. Cloud Computing Security Issues in Infrastructure as
a Service (Pankaj Arora et al, 2012)
Infrastructure as a Service (IaaS) supports the foundation layer
for the other delivery models, but the other delivery models
are affected by this layer due to lack of security, for instance,
PaaS, and SaaS that are built upon IaaS layer are highly
affected. This paper presents detailed study of IaaS
components and determines its security and weakness. Service
Level Agreement (SLA) should have very much importance.
There are attacks against XML and Web services the solution
proposed is to provide the Data Encryption mechanism. There
are Physical attacks against computer hardware the solution
proposed is to provide transparent cryptographic file systems.
Provide Firewalls Traffic Encryption for Port scanning DNS
security. The Security holes presented here which are
associated with IaaS implementation are also discussed in this
Paper.
H. An Advanced Survey on Cloud Computing and Stateof-the-art Research Issues (Mohiuddin Ahmed et al,
2012)
Cloud computing through flexible infrastructure provides
facilities to business entrepreneurs. It also facilitates the IT
industry. Users can share software, processing power,
bandwidth, memory and storage space through cloud
computing. Utility computing is turn into reality through the
advancement in the area of cloud computing because it
dramatically changes the horizon of IT. It provides many
benefits but the research communities are attracted through
automatic resource positioning, information security and
energy management. This paper presented cloud computing
overview and also focused on the state-of-the-art research.
Wikipedia, social networking sites, YouTube, Web-based
email clients: Yahoo and Gmail, Skype or Bit Torrents are all
applications that run in the cloud.
I.
174 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
175 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
T.
Q. Cloud Computing Security Case
Research (Chimere et all, 2013)
Studies
and
ANALYSIS
176 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
research challenges discussed in different techniques are;
Service Level Agreements (SLAs) ,Common Cloud Standards
, Cloud Data Management and Security ,Migration of virtual
Machines , Data Encryption ,Energy Management ,Access
Controls ,Multi-tenancy ,Reliability & Availability of Service,
and Platform Management. M.Nazir [4] has provided the
deployment model, platform, storage, software and
infrastructure as services that scale up or down depending on
the user demand. There are four deployment models which are
as follows Public Cloud, Hybrid Cloud, Private Cloud, and
Community Cloud. All techniques have provided the
Reliability concept because it is the demand of the user to get a
cloud as a reliable resource. A. Gani [20] technique provides a
safe zone to store users data so it will reduce the issues of
users such as software updating, virus attacks and data loss. If
server failure happens then cloud computing systems will
transfer and backup those data to other machines to make sure
that the whole system is working properly. S.Benerjee[1],
C.B.Westphall[5], A.Gani [20] technique provides Quality of
communication. For Quality of communication we have to
upgrade the bandwidth, by upgrading the bandwidth the
performance will be improved but it will incurs additional cost
to customer. S.Benerjee[1], G. Gowri[2], M.R. Patra[3]
provides the Privacy concept , it will increase the user
expectation because the cloud provider will prevent
unauthorized access to both data and code. All techniques
follow the Mobility mechanism except F.Lombardi et al[13]
and K.Birman et al[16],mobile nodes can establish connection
with others in mobile computing network. S.Benerjee[1],
G.Gowri[2], C.B.Westphall[3] provides the concept of
Interoperability. This is the ability of two or more systems
work together in order to exchange information and use that
exchanged information. All techniques have provided the
protection effectiveness results specially the proposed novel
advanced architecture (ACPS) for cloud protection. Results
have shown that the proposed approach is much effective but
introduces just a small performance handicap.
Therefore, we suggest that cloud computing technology should
be promoted because of its high reusability and scalability
properties. Cloud testing should be adopted because it provide
easy to use testing environment. A highly generic design must
be customizable to specific domain through reusability. It is
also suggested that a different quality model should be used to
ensure the quality of system. Keeping in view the limitations
and suggestions about adopting cloud computing technique
especially timing constraints must never be ignored.
IV.
CONCLUSION
177 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
[12] Mike Houlihan, The Power of Client Plus Cloud
Computing to Democratize Research, December,2010,
http://research.microsoft.com
[13] Chimere Barron, Huiming Yu and Justin Zhan , Cloud
Computing Security Case Studies and Research, July,2013,
http://www.iaeng.org/
[14] Dr. Rahul Malhotra & Prince Jain, Testing Techniques
and its Challenges in a Cloud Computing Environment,
July,2013, http://www.thesij.com/
[15] Mr. Odd Steen and Rehan Saleem, cloud computings
effect on enterprises, January, 2011, http://lup.lub.lu.se/
http://www.ijircce.com/
[17] Sarbojit Banerjee, A survey on Software as a service
(SaaS) using quality model in cloud computing, January,
2014, http://www.researchgate.net/
[18] Mohsin Nazir ,Cloud Computing: Overview & Current
Research
Challenges,
November,2012,
http://www.iosrjournals.org
[19] Cloud Computing Research For IT Strategic Planning ,
January, 2012, http://www.intel.com/
[20] Carlos et al, Management and Security for Grid, Cloud
and Cognitive Networks, 2011, http://www.fsma.edu.br/
178 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
TABLE I:
Evaluation parameters
Security
Meaning
Proposed technique is secure or not
Testability
Virtualization
Simulation results.
Specifications of SLA.
Deployment constraints
Testing challenges
Yes, No
Reliability
Quality of communication
Bandwidth upgrading,
Data delivery time reducing
The state of being free from public attention
Employees can access information wherever they are, rather
than having to remain at their desks.
Research challenges
SLA (service level agreement)
Cloud computing entities
Cross Site Scripting
Reusability
Scalability
Case studies
Research democratization
Privacy
Mobility
Interoperability
and Web
Browsers &
Technology
Effectiveness
Possible values
Security threats, Challenges,
issues, yes, No
Security
matrices,
QOA
matrices,
software
quality
matrices.
Yes, no, issues
Challenges, issues
Yes, No
Yes, No
Yes , No
Yes, No
Yes ,No
Yes, No
Yes No
Yes ,No
Yes, No, IE (version 6-8),
Firefox
Apple Safari, Google
Chrome, and Opera
Yes, No, ACPS under attack
179 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
TABLE II
ANALYSIS OF PARAMETERS FOR CLOUD COMPUTING APPLICATIONS AND ITS TESTING METHODOLOGIES
Scalability
Yes,
quality
models
are
specified
No
No
No
No
No
No
Yes,reus
e various
internet
based
services
Yes
G. Gowri, 2014
Yes,
virtual
security
applicatio
ns
Yes,
security
applicati
ons,
QOS
Yes,
specified
testing
methods
Yes,
virtual
security
applicatio
ns.
No
No
No
No
Yes
Yes
Yes,
security
architectur
e
specified.
Yes
No
Yes
Yes,
research
challeng
es
specified
e.g.SLA
Yes,
descri
bed
No
No
Yes
Yes
Mohsin
Nazir,2012
Yes,
security
services
are
identified
No
Yes,
testing
types,
methods
No
Yes,
research
challeng
es
are
describe
d
Yes,
descri
bed
Yes,
buisness
level and
services
level
entities
No
Yes
Yes
Carlos
B.
Westphall,2011
Yes,
security
for grid,
networks
Yes,
envirnm
ent
security,
QA
describe
d
No
Yes,
virtualizat
ion
in
security
Yes,
challeng
es
identifie
d SLA
Yes,
detail
ed
descri
ption
No
Yes,
executi
ng web
pages
scripts
are
defined
Yes
Yes
O.Steen, 2008
Yes, data
security
Yes
No
Yes
Yes
No
No
No
No
No
S. A.
2012
Yes
Yes
Yes
Yes,
virtualizat
ion
to
consolidat
e server
Yes
No
No
No
Yes
Yes
computing
Reusability
XSS
Cloud
Entities
SLA
Research Challenges
Yes,
network
security,
applicatio
n security
are
described
Virtualization
SQM
S.Benerjee,2014
Chaves,
Testability
Security
Techniques
S#
1
180 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
9
1
0
1
1
1
2
D.R.Malhot
ra
and
P.Jain,2013
C.Barron,2
009
M.Houliha
n, 2010
P.Arora,
2012
Yes
No
Yes
Yes
Yes
No
No
No
Yes
Ye
s
Yes
Yes
No
Yes
Yes
No
Yes
No
Yes
Yes
No
No
No
Yes
No
No
No
Yes
Ye
s
No
Yes,
data
security is
described
No
Yes
Yes
Yes
Yes
No
No
Yes
No
N.
Yes
No
No
No
Yes research
challenges
specified
No
No
No
Yes
Ye
s
Cloud
security
model
Yes
,Informatio
n security
is identified
Yes
No
Yes
Yes
Yes
Yes
No
No
Yes
Ye
s
No
No
Yes
Yes
No
No
No
Yes
Ye
s
No
Yes
Yes
Yes
Yes
No
No
Yes
No
Ye
s
Ye
s
Mirzaei,20
08
1
3
1
4
F.
Lombardi
,2009
M.Ahmed,
2012
1
5
1
6
1
7
K.Lee,2012
K.Birman,2
008
Q.Zhang,20
10
No
No
No
No
No
No
No
No
Yes
Yes
No
Yes
Yes
Yes
Yes
No
No
Yes
1
8
R.Prasad,
2012
Yes
No
Yes
Yes
Yes
No
No
Yes
Ye
s
1
9
2
0
M.A.Vouk,
2008
A.Gani,201
2
Yes
Yes
Yes
Yes
Yes
Yes
Yes,Cloud
providers
and
consumers
are
two
main
entities
No
No
Yes
Yes
Yes
Yes
No
Yes
Yes
No
No
Yes
Ye
s
Ye
s
181 | P a g e
www.ijccse.com
ISSN: 2312-7694
Summaya et al. / International Journal of Computer and Communication System Engineering (IJCCSE)
TABLE III ANALYSIS OF PARAMETERS FOR CLOUD COMPUTING APPLICATIONS
AND ITS TESTING METHODOLOGIES
Yes
Yes
No
Yes
Yes
Yes
No
Yes
Yes
Yes
Ye
s
No
No
Yes
No
Ye
s
Yes
Yes,
deploym
ent
models
No
Ye
s
Yes
No
Yes
No
Ye
s
No
No
No
Ye
s
Yes
No
Yes
No
Ye
s
S. A.
Chaves,
2012
D.R.Malhotr
a and P.
Jain,2013
C.Barron,20
09
No
Yes
No
Ye
s
No
No
Yes
Yes
Ye
s
No
No
No
Ye
s
No
No
Yes
No
Ye
s
Yes, security
case studies
Yes
No
Ye
s
Yes
No
Yes
No
Ye
s
10
M.Houlihan,
2010
No
Yes
No
Ye
s
Yes
No
Yes
No
Ye
s
11
P,Arora,201
2
No
No
No
Ye
s
Yes
Yes
Yes
Yes
Ye
s
12
N.Mirzaei
No
No
No
No
Yes
Yes
Yes
13
F. Lombardi
,2009
M.Ahmed,2
012
K.Lee,2012
No
No
No
Yes
Yes
No
No
No
No
No
No
Yes
Yes
Yes
Yes, security
case studies
No
No
No
No
Yes
Yes
No
Yes
No
No
No
No
No
Ye
s
Ye
s
Ye
s
Ye
s
No
No
Yes
N0
No
Yes
Yes
Yes
No
No
No
Yes
No
Yes
No
No
No
No
No
Yes
Yes
Yes
No
No
No
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Mohsin
Nazir,2012
No
Yes,
virtual
tools
identified.
No
Carlos B.
Westphall,2
011
Odd Steen,
2008
No
2
3
6
7
14
15
16
17
18
19
20
K,Birman,2
008
Q.Zhang,20
10
R.Prasad,20
12
M.A.Vouk,2
008
A.Gani,2012
Effectiveness
Mobility
Yes
No
Interoperabil
ity
and Web
Browsers &
Technology
Privacy
Yes
S.Benerjee,2
014
G. Gowri,
2014
M.R. Patra,
2011
Quality of
communicati
on
Reliability
Deployment
Constraints
Research
Democratizat
ion
Case studies
Techniques
S#
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
Ye
s
No
Ye
s
Ye
s
182 | P a g e
www.ijccse.com