Call for Paper - November 2020 Edition
IJCA solicits original research papers for the November 2020 Edition. Last date of manuscript submission is October 20, 2020. Read More

A Survey on Security Mechanisms of Leading Cloud Service Providers

Print
PDF
International Journal of Computer Applications
© 2014 by IJCA Journal
Volume 98 - Number 1
Year of Publication: 2014
Authors:
Deepak Panth
Dhananjay Mehta
Rituparna Shelgaonkar
10.5120/17149-7184

Deepak Panth, Dhananjay Mehta and Rituparna Shelgaonkar. Article: A Survey on Security Mechanisms of Leading Cloud Service Providers. International Journal of Computer Applications 98(1):34-37, July 2014. Full text available. BibTeX

@article{key:article,
	author = {Deepak Panth and Dhananjay Mehta and Rituparna Shelgaonkar},
	title = {Article: A Survey on Security Mechanisms of Leading Cloud Service Providers},
	journal = {International Journal of Computer Applications},
	year = {2014},
	volume = {98},
	number = {1},
	pages = {34-37},
	month = {July},
	note = {Full text available}
}

Abstract

With an unprecedented pace of developments in Cloud computing technology, there has been an exponential increase of users of these services and an equal rise of cloud services providers. Clouding Computing is a virtual pool of resources provided to users as service through a web interface. These resources may include Software, Infrastructure, Storage, Network, Platform etc. With more and more organizations migrating their data over cloud, it is imperative to ensure security and integrity of their data. In this paper we 1) discuss the security challenges posed to data on the cloud computing. 2) Survey cryptographic algorithms that can be used to overcome these challenges. 3) Survey Security designs of 5 leading cloud service providers. 4) Perform a comparative study of security and features of these providers.

References

  • Cloud computing, Wikipedia. At: http://en. wikipedia. org/wiki/Cloud_computing
  • Gordon Haff. 2013. INTRODUCTION TO CLOUD COMPUTING, Red Hat Inc.
  • Introduction to Cloud Computing, 2010 Dialogic Corporation, pp 4-5.
  • Kuyoro S. O. , Ibikunle F. &AwodeleO. 2011. Cloud Computing Security Issues and Challenges. International Journal of Computer Networks (IJCN), Volume (3) : Issue (5) : 2011, pp 252-253 .
  • Jaydip Sen, Security and Privacy Issues in Cloud Computing. Innovation Labs, Tata Consultancy Services Ltd. , Kolkata, India, pp 10-12.
  • Cloud Security Alliance (February, 2013). The Notorious Nine, Cloud Computing Top Threats in 2013.
  • Securosis (November 7, 2012). Defending Against Denial of Service Attacks V 1. 3
  • Bryan Sullivan, Said Tabet, Edward Bonver, Judith Furlong, Steve Orrin & Peleus Uhley (December 5, 2013). Practices for Secure Development of Cloud Applications. SAFECode & Cloud Security Alliance.
  • Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O'Reilly Media, Inc. , Sebastopol, CA
  • Cloud Security Alliance (2010), Top Threats to Cloud Computing V1. 0.
  • Ertaul L, Singhal S, Gökay S (2010) Security challenges in Cloud Computing. In: Proceedings of the 2010 International conference on Security and Management SAM'10. CSREA Press, Las Vegas, US, pp 36-42.
  • Grobauer B, Walloschek T, Stocker E (2011) Understanding Cloud Computing vulnerabilities. IEEE Security Privacy 9(2), pp 50-57.
  • Muhammad Imran Tariq, University of Lahore, Pakistan (2012). Towards Information Security Metrics Framework for Cloud Computing, International Journal of Cloud Computing and Services Science (IJ-CLOSER). Vol. 1, No. 4, October 2012, pp 210-211.
  • Reuben JS (2007) A survey on virtual machine Security. Seminar on Network Security. Technical report, Helsinki University of Technology, October 2007.
  • Keiko Hashizume, David G Rosado, Eduardo Fernandez-Medina and Eduardo B Fernandez (2013), An analysis of security issues for cloud computing. Hashizume et al. Journal of Internet Services and Applications 2013.
  • Cloud Security Alliance (2012) SecaaS implementation guidance, category 1: identity and Access management.
  • Xiao S, Gong W (2010) Mobility Can help: protect user identity with dynamic credential. In: Eleventh International conference on Mobile data Management (MDM). IEEE Computer Society, Washington, DC, USA, pp 378-380.
  • Somani U, Lakhani K, Mundra M (2010) Implementing digital signature withRSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In: 1st International conference on parallel distributed and grid Computing (PDGC). IEEE Computer Society Washington, DC, USA, pp 211-216.
  • Harnik D, Pinkas B, Shulman-Peleg A (2010) Side channels in Cloud services:deduplication in Cloud Storage. IEEE Security Privacy 8(6), pp 40-47.
  • Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption method applied to Cloud Computing. In: National Days of Network Security and Systems (JNS2). IEEE Computer Society, Washington, DC, USA, pp 86-89
  • DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications Sector (Directive on privacy and electronic communications).
  • Wu H, Ding Y, Winer C, Yao L (2010)Network Security for virtual machine in Cloud Computing. 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society Washington, DC, USA, pp 18-21
  • Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE symposium on Security and privacy. IEEE Computer Society, Washington, DC, USA pp 380-395.
  • Berger S, Caceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D (2008) TVDc: managing Security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1), pp 40-47.
  • Berger S, Caceres R, Goldman K, Pendarakis D, Perez R, Rao JR, Rom E, SailerR, Schildhauer W, Srinivasan D, Tal S, Valdez E (2009) Security for the Cloud infrastructure: trusted virtual data center implementation. IBM J Res Dev, pp 560-571.
  • ShafiGoldwasser, & MihirBellare (July,2008). Lecture Notes on Cryptography.
  • Public-key cryptography, Wikipedia. At: http://en. wikipedia. org/wiki/Public-key_cryptography
  • Global Cloud Computing Market Forecast 2015-2020, Market Research Media.
  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of , Official Journal L 281, 23/11/1995
  • DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications Sector (Directive on privacy and electronic communications).
  • National Institute of Standards and Technology (November 2011), US Government Cloud Computing Technology Roadmap Volume II (Release 1. 0). Useful Information for Cloud Adopters.
  • Cloud Security Alliance (2009) Security best practices for cloud computing.
  • Cloud Computing Security (May, 2010), A Trend Micro Whitepaper.
  • Amazon S2, Amazon web services. At: http://aws. amazon. com/ec2/
  • Amazon S3, Amazon web services. At: http://aws. amazon. com/s3/
  • Amazon RDS, Amazon web services. At: http://aws. amazon. com/rds/
  • Amazon DynamoDB, Amazon web services. At: http://aws. amazon. com/dynamodb/
  • Amazon ElastiCache, Amazon web services. At: http://aws. amazon. com/elasticache/
  • AWS ISO 27001 FAQs, Amazon Web Services. At: http://aws. amazon. com/security/iso-27001-certification-faqs/
  • AWS GovCloud (US) Region – Government Cloud Computing. At: http://aws. amazon. com/govcloud-us/
  • Amazon Web Services: Overview of Security Processes (November 2013), At: http://media. amazonwebservices. com/pdf/AWS_Security_Whitepaper. pdf
  • US Patriot Act, US Government Information. 107th Congress.
  • Vulnerability Reporting, Amazon web services. At: http://aws. amazon. com/security/vulnerability-reporting/
  • Penetration Testing, Amazon Web Services. At: http://aws. amazon. com/security/penetration-testing/
  • AWS Identity and Access Management (IAM), At: http://aws. amazon. com/iam/
  • AWS PGP Public Key, Amazon Web Services, At: https://aws. amazon. com/security/aws-pgp-public-key/
  • AWS GovCloud (US) Region – Government Cloud Computing. At: http://aws. amazon. com/govcloud-us/
  • Security Bulletins, Amazon Web services. At: https://aws. amazon. com/security/security-bulletins/
  • Google App Engine, Wikipedia. At: http://en. wikipedia. org/wiki/Google_App_Engine
  • Google App Engine, At: https://developers. google. com/appengine/docs/whatisgoogleappengine
  • Google Cloud Storage – a simple way to store, protect, and share data (2012). Google Inc.
  • An Inside Look at Google BigQuery(2012), Google Inc.
  • Google, data centers. At: https://www. google. com/about/datacenters/inside/locations/index. html
  • Google Apps Administrator, Google Inc.
  • Google Cloud Storage, Google Inc.
  • Google Cloud SQL, Google Inc. At: https://developers. google. com/cloud-sql/faq#whatissql
  • Microsoft Azure, Wikipedia. At: http://en. wikipedia. org/wiki/Microsoft_Azure
  • Deb Shinder(2009,Nov 11), Microsoft Azure: Security in the Cloud, WindowSecurity. com.
  • Tata Consultancy Services, Windows Azure – The Cloud Computing Platform.
  • Microsoft Security Development Lifecycle (SDL), Microsoft.
  • Charlie Kaufman and Ramanathan Venkatapathy(2010, August), Windows Azure Security Overview, Windows Azure.
  • Jonathan Wiggs (2010, January) Crypto Services and Data Security in Microsoft Azure, MSDN Magazine.
  • Pedro Hernandez(2013-10-01),Microsoft's Windows Azure Meets Federal Security Standards. eWEEK. com
  • Security Best Practices Windows Azure, Microsoft.
  • Storage, Backup, and Recovery, Microsoft Azure, Microsoft.
  • Azure Active Directory, Microsoft Azure, Microsoft.
  • David Chappel (2010, October) Introducing the Windows Azure Platform. David and Chappel Associates.
  • Microsoft Azure, Microsoft. http://www. microsoft. com/windowsazure
  • Karin Beaty and Chris Bode(2012, September). A "how-to" guide on using cloud services for security-rich data backup. IBM Global Technology Services.
  • IBM solutions for cloud and virtualization in enterprise environments(2013, May), IBM Software.
  • Rackspace. http://www. rackspace. com/
  • OpenStack, http://www. rackspace. com/cloud/openstack/
  • OpenStack, http://www. openstack. org/
  • Joe Burke, Rackspace Private Cloud Security, Rackspace US, Inc.
  • Rackspace Bolsters Expanding List of Security Credentials (March 13, 2013), Rackspace Hosting, Rackspace.
  • RACKSPACE SECURITY & COMPLIANCE , Rackspace US, Inc.
  • Information Age (21 May 2012), Exposing the cracks in cloud security, Information-age. com.
  • Rackspace Private Cloud, Rackspace US, Inc. At: http://www. rackspace. com/cloud/private/
  • Alex Pucher, Stratos Dimopoulos, A Survey on Cloud Provider Security Measures.
  • Products & Services, Amazon Web Services. At: https://aws. amazon. com/products/
  • JR Raphael, InfoWorld, July 1, 2013. The worst cloud outages of 2013. JR Raphael (July 1, 2013) The worst cloud outages of 2013- slide4. InfoWorld.
  • Top Threats Working Group (Feb, 2013). The Notorious Nine, Cloud Computing Top Threats in 2013. Cloud Security Alliance.
  • Carl Bagh (May16, 2014). Sony PlayStation Network attack shows Amazon EC2 a hackers' paradise. Ibtimes. com
  • By Pavel Alpeyev, Joseph Galante and Mariko Yasu (May 15, 2011). Amazon. com Server Said to Have Been Used in Sony Attack, Bloomberg. com.
  • Google Cloud Platform, At: https://cloud. google. com/
  • JR Raphael (July 1, 2013) The worst cloud outages of 2013- slide12. InfoWorld.
  • Twitter breach revives security issues with cloud computing, CloudCenter News Article, ClearCenter Corp.
  • Microsoft Azure. At: http://azure. microsoft. com/en-us/services/
  • Charles Babcock (May 14, 2014). Social Science Site Using Azure Loses Data. Informationweek. com
  • JR Raphael (July 1, 2013), The worst cloud outages of 2013- Slide 8, InfoWorld.
  • SmartCloud, Infrastructure and platform services. IBM Inc.
  • SmartCloud, Cloud Applications (SaaS , PaaS). IBM Inc.
  • Rackspace. At: http://www. rackspace. com/
  • Ben Greiner(December 23, 2013), Rackspace Email Security Breach. Source: forgetcomputers. zendesk. com
  • Google Encryption Standard. At: https://developers. google. com/cloud-sql/faq
  • Gramm–Leach–Bliley Act, PUBLIC LAW 106–102—NOV. 12, 1999, 106th Congress
  • ] Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection. In:Trusted Infrastructure Technologies Conference, 2008. APTC'08, Third Asia-Pacific. IEEE Computer Society, Washington, DC, USA, pp 9–18
  • Xiaopeng G, Sumei W, Xianqin C (2010) VNSS: a Network Security sandbox for virtual Computing environment. In: IEEE youth conference on information Computing and telecommunications (YC-ICT). IEEE Computer Society, Washington DC, USA, pp 395 –398.