Professional Documents
Culture Documents
1. Introduction
Cloud computing takes virtual infrastructure and builds upon research in distributed computing, grid computing, utility computing, autonomic computing, networking, web services and software services. It has shown tremendous potential to empowerment, agility, multi-tenancy, reliability, scalability, availability, performance, security and maintenance. Through Cloud environment Email, Instant messaging, business software, and web content management can be offered. It incorporates many existing technologies such as information and infrastructure consisting of pools of computers, networks, distributed services application, information and storage resources. The US National Institute of Standards and Technology (NIST) defines cloud as follows: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with a minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three delivery models, and four deployment models. [1]. Due to the ever growing interest in cloud computing, we focus on issues that are specific to cloud environment. The rest of this document is organized as follows. Section 2 describes an overview of Cloud that embraces the characteristics of cloud computing, service models, deployment models and cloud scalability. Section 3 presents the security challenges in cloud and the seven layers on the basis of CSA followed by the Service Level Agreement and widely used languages for describing web services in Section 4. Finally, Section 5 concludes the paper and discusses the future work.
2. Cloud: Overview
2.1 Characteristics of Cloud Computing
The five characteristics of cloud computing embrace on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service [6].
International Journal of Computational Intelligence and Information Security, March 2012 Vol. 3, No. 3 Cloud Software as a Service (SaaS): The top layer provides the customer with ready to use application running on the infrastructure of service provider. The applications are easily accessible from several client devices as on-demand services. As clients obtain software from different providers, ensuring the information by these services is well secured becomes an issue. Salesforce, DocLanding, Zoho, Workday are instances of SaaS are used for different purposes such as email, billing, human resource management etc. Cloud Platform as a Service (PaaS): It is the middle layer that provides platform oriented service, controlling the installed applications and available hosting environment configuration. Services that the application can request from an OS can be a constraint in PaaS. Google App Engine, LoadStorm are the instances of PaaS for running web applications and testing their performance. Cloud Infrastructure as a Service (IaaS): The bottom layer provides infrastructure services such as memory, cpu and storage. The consumer can deploy and run software. It reduces hardware costs. License cost is reduced in all layers. Trusting virtual machines, setting hosts, acquiring inter host communication are significant areas to be considered in IaaS. Amazon S3 and FlexiScale are the best examples of IaaS for storage and maintaining virtual servers.
International Journal of Computational Intelligence and Information Security, March 2012 Vol. 3, No. 3 improving the bandwidth that connects two nodes. Additionally, a node can be gradually upgraded from a single power machine to a data center. Users can store their data in the cloud without they need to know where it keeps the data or how it accesses the data.
International Journal of Computational Intelligence and Information Security, March 2012 Vol. 3, No. 3
45
International Journal of Computational Intelligence and Information Security, March 2012 Vol. 3, No. 3
International Journal of Computational Intelligence and Information Security, March 2012 Vol. 3, No. 3 organization "Cloud Security Alliance" formed to use the best practices for providing security assurance has been presented. Additionally we analyzed the Service Level Agreement that builds trust between cloud providers and cloud customers. We conclude that we need security at different levels such as Server access security, Internet access security, Database access security, Data privacy security, Program access security. A secure cloud computing environment depends on identifying security solutions. A deeper study on current security approaches to deal with different security issues related to the cloud should be the focused of future work.
References
[1] [2] [3] [4] [5] http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc Ramgovind S, EloffMM, Smith E, "The Management of Security in Cloud Computing", Information Security for South Africa (ISSA) conference, pp 1-7, Sep 2010 Meiko Jensen, Jorg Sehwenk et al., On Technical Security Issues in cloud Computing IEEE International conference on cloud Computing, pp 109-116, October 2009. Mladen A. Vouk, "Cloud Computing Issues, Research and Implementations" Journal of Computing and Information Technology - CIT 16, 4, pp 235246, 2008 Herminder Singh & Babul Bansal "Analysis Of Security Issues And Performance Enhancement In Cloud Computing" International Journal of Information Technology and Knowledge Management, Volume 2, No. 2, pp. 345-349, July-December 2010 Hassan Takabi, James B.D.Joshi, Gail Joon Ahn, "SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments" 34th Annual IEEE Computer Software and Applications Conference Workshops, pp 393-398, 2010 Jonathan Spring Software Engineering, "Monitoring Cloud computing by layer part 1" Security & Privacy, IEEE vol 9, Issue 2, pp 66-68, Mar 2011 Jonathan Spring Software Engineering, "Monitoring Cloud computing by layer part 2" Security & Privacy, IEEE vol 9, Issue 3, pp 52-55, May 2011 Balachandra Reddy, Ramakrishna Paturi, Dr.Atanu, "Cloud security Issues", IEEE International conference on Services Computing, pp 517-520, 2009
[6]
[10] Hassan Takabi and JamesB.D., "Security and Privacy Challenges in Cloud Computing Environments", Security & Privacy, IEEE, vol 8, Issue 6, pp 24-31, Dec 2010. [11] Nelson Gonzalez, Charles Miers, "A quantitative analysis of current security concerns and solutions for cloud computing", Third IEEE International conference on Cloud Computing Technology and Science, pp 231-238, 2011 [12] Subhashis Sengupta, Vikrant Kaulgud and Vibhu Saujanya Sharma, "Cloud Computing Security-Trends and Research Directions", IEEE World Congress on Services, pp 524-531, 2011 [13] Siani Pearson and Azzedine Benameur, "Privacy, Security and Trust Issues Arising from Cloud Computing" 2nd IEEE International Conference on Cloud Computing Technology and Science, pp 693702, 2010 [14] Cloud Security Alliance Web site, http://www.cloudsecurityalliance.org/ [15] Lijun Mei, W.K. Chan and T.H. Tse, "A Tale of Clouds: Paradigm Comparisons and Some Thoughts on Research Issues", IEEE Asia-Pacific Services Computing Conference, pp 464-469, 2008 [16] Pankesh Patel, Ajith Ranabahu and Amit Sheth1, "Service Level Agreement in Cloud Computing", Cloud Workshops at OOPSLA, 2009 [17] www.idc.com [18] Service Level Agreement Definition and contents,http://www.service-level-agreement.net, accessed on March 10, 2009.
47
International Journal of Computational Intelligence and Information Security, March 2012 Vol. 3, No. 3
Authors Profile
Ms. R. Kalaichelvi Chandrahasan is working as an Asst. Professor in AMA International University, Kingdom of Bahrain. She is currently pursuing her research in Karpagam University, Coimbatore, India. She has published 4 research articles in the International / National Journals. Her areas of research interests are in Cloud Computing, Data mining and Semantic Web mining.
Ms. S Shanmuga Priya is working as an Asst. Professor in M.I.E.T Engg College, Trichy. She is currently pursuing her research in Bharathidasan University, Tiruchirappalli, India. Her areas of research interest are Java, Networking and Cloud Computing.
Dr. L. Arockiam is working as an Associate Professor in St.Josephs College, India. He has published 102 research articles in the International / National Conferences and Journals. He has also authored two books: "Success through Soft Skills" and "Research in a Nutshell" His areas of research interests are: Software Measurement, Cloud Computing, Cognitive Aspects in Programming, Web Service, Mobile Networks and Data mining.
48