SlideShare una empresa de Scribd logo
1 de 13
Descargar para leer sin conexión
Cloud computing security
Cloud computing
 “Cloud computing is a model for enabling convenient,
 on-demand network access to a shared pool of
 configurable computing resources (e.g., networks,
 servers, storage, applications, and services) that can be
 rapidly provisioned and released with minimal
 management effort or service provider interaction. This
 cloud model promotes availability and is composed of
 five essential characteristics, three service models, and
 four deploymentmodels.”
 The cloud computing model NIST defined has three
  service models and four deployment models. The three
  service models, also called SPI model, are: Cloud
  Software as a Service (SaaS), Cloud Platform as a
  Service (PaaS) and Cloud Infrastructure as a Service
  (IaaS). The four deployment models are:
 Private cloud,
 Community cloud,
 Public cloud and Hybrid cloud.
 cloud computing security concerns remain a major
  barrier for the adoption of cloud computing.
 According to a survey from IDCI in 2009, 74% IT
  managers and CIOs believed that the primary
  challenge that hinders them from using cloud
  computing services is cloud computing security issues.

 Another survey carried out by Garter in 2009, more
 than 70% CTOs believed that the primary reason not
 to use cloud computing services is that there are
 datasecurity and privacy concerns.
ADVANCED ISSUES IN CLOUD COMPUTING
SECURITY


  1) Abstraction:
  Cloud provides an abstract set of service end-points.
  For a user, it is impossible to pin-point in which
  physical machine, storage partition (LUN), network
  port MAC address, switches etc. are actually involved.
  Thus, in event of security breach, it becomes difficult
  for a user to isolate a particular physical resource that
  has a threat or has been compromised.
2)Lack of execution controls: The external cloud user
  does not have fine-gained control over remote
  execution environment. Hence the critical issues like
  memory management, I/O calls, access to external
  shared utilities and data are outside the purview of the
  user.
 The client would want to inspect the execution traces
  to ensure that illegal operations are not performed.
 3) Third-party control of data: In cloud, the storage
  infrastructure, and therefore, the data possession is
  also with the provider. So even if the cloud provider
  vouches for data integrity and confidentiality, the
  client may require verifiable proofs for the same.
3) Multi-party processing: In multi-cloud scenario,
  one party may use part of the data which other party
  provides. In absence of strong encryption (as data is
  being processed), it becomes necessary for
  participating cloud computing parties to preserve
  privacy of respective data.
Three specific areas of security
  research
 Trusted computing:
 Information centric security (ICS)
 Privacy preserving models
Trusted computing
 It is a set technology being developed and promoted by
  Trusted Computing Group (TCG).
 To tackle the concern of un-trusted execution
  environment, trusted platform modules enable a strong
  endorsement key to attest users to a host and host to users.
 All subsequent execution on an attested host-user pair can
  then be validated through trusted path mechanism.
 New techniques such as Provable Data Possession (PDP)
  in untrusted cloud may be a more efficient mechanism as it
  generates a probabilistic proof for data integrity based on
  only a small portion of the file.
 Similarly there are research works around Proof of
  Retrievability (PoR) to give customer some
  semblance of assurance that once data is stored in a
  public cloud, it will be eventually retrievable.
 Proof carrying codes is another mechanism through
  which the cloud provider host can verify user
  applications through formal proofs.
Information centric security (ICS)

 Strong encryption of the entire data may not be useful
  as the data is often processed in cloud in un-encrypted
  form which makes it vulnerable.
 One way of achieving ICS would be to use Policy based
  or Role based access controls which can be defined in a
  language like Extensible Access Control Markup
  Language (XACML) which governs context-based
  access rules in policy enforcement point of the data.
 Any access request to the data can then be verified
  through an assertion or by checking with central
  server.
 Another way could be to add access control metadata
 in the form of Cryptographic Message Syntax (CMS) It
 is more compact than XML, and is flexible enough to
 freely add users to the ‘read’ list as long as each user
 possesses a cryptographic key pair

Más contenido relacionado

La actualidad más candente

Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storageShakas Technologies
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storageMustaq Syed
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentIJNSA Journal
 
Dynamic and public auditing with fair arbitration for cloud data
Dynamic and public auditing with fair arbitration for cloud dataDynamic and public auditing with fair arbitration for cloud data
Dynamic and public auditing with fair arbitration for cloud dataShakas Technologies
 
Dont look at this
Dont look at thisDont look at this
Dont look at thismylawyer1
 
A Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud ComputingA Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud ComputingEditor IJCATR
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageNagamalleswararao Tadikonda
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 

La actualidad más candente (10)

Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storage
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storage
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environment
 
Dynamic and public auditing with fair arbitration for cloud data
Dynamic and public auditing with fair arbitration for cloud dataDynamic and public auditing with fair arbitration for cloud data
Dynamic and public auditing with fair arbitration for cloud data
 
Dont look at this
Dont look at thisDont look at this
Dont look at this
 
A Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud ComputingA Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud Computing
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storage
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
 
Ppt 1
Ppt 1Ppt 1
Ppt 1
 

Destacado

042 cola drinks how safe are they
042 cola drinks how safe are they042 cola drinks how safe are they
042 cola drinks how safe are theyAndrew Roshan
 
Pre Production Techniques Pro-Forma
Pre Production Techniques Pro-FormaPre Production Techniques Pro-Forma
Pre Production Techniques Pro-FormaChloeandRachel
 
"ИННА ТУР" - подарочные сертификаты!
"ИННА ТУР" -  подарочные сертификаты!"ИННА ТУР" -  подарочные сертификаты!
"ИННА ТУР" - подарочные сертификаты!ИННА ТУР
 
TED Presentation
TED PresentationTED Presentation
TED Presentationauniz
 
Shockathon_2015_ゆずったーbyブルブル広告
Shockathon_2015_ゆずったーbyブルブル広告Shockathon_2015_ゆずったーbyブルブル広告
Shockathon_2015_ゆずったーbyブルブル広告Yuichi Kurihara
 
クラウドExpo120511
クラウドExpo120511クラウドExpo120511
クラウドExpo120511BBTower
 
Sin título 1
Sin título 1Sin título 1
Sin título 1flaviles
 
English assignment travel
English assignment travelEnglish assignment travel
English assignment travelrhettlewisr
 
Atkins p friedman_r_molecular_quantum_mechanics_oup_2005
Atkins p friedman_r_molecular_quantum_mechanics_oup_2005Atkins p friedman_r_molecular_quantum_mechanics_oup_2005
Atkins p friedman_r_molecular_quantum_mechanics_oup_2005Tiến Đồng Sỹ
 
Everything XControls
Everything XControlsEverything XControls
Everything XControlsTeamstudio
 
Why do I need an app for my business
Why do I need an app for my businessWhy do I need an app for my business
Why do I need an app for my businessInspiremoi
 
TSI Recent Workshops Oct. 2013
TSI   Recent Workshops Oct. 2013TSI   Recent Workshops Oct. 2013
TSI Recent Workshops Oct. 2013Lisa MacLeod
 
"ИННА ТУР" - Департамент корпоративного обслуживания
"ИННА ТУР" -  Департамент корпоративного обслуживания"ИННА ТУР" -  Департамент корпоративного обслуживания
"ИННА ТУР" - Департамент корпоративного обслуживанияИННА ТУР
 
Custom hiring vs. individual buying of combines
Custom hiring vs. individual buying of combinesCustom hiring vs. individual buying of combines
Custom hiring vs. individual buying of combinesamit_yipl
 

Destacado (20)

042 cola drinks how safe are they
042 cola drinks how safe are they042 cola drinks how safe are they
042 cola drinks how safe are they
 
Pre Production Techniques Pro-Forma
Pre Production Techniques Pro-FormaPre Production Techniques Pro-Forma
Pre Production Techniques Pro-Forma
 
"ИННА ТУР" - подарочные сертификаты!
"ИННА ТУР" -  подарочные сертификаты!"ИННА ТУР" -  подарочные сертификаты!
"ИННА ТУР" - подарочные сертификаты!
 
TED Presentation
TED PresentationTED Presentation
TED Presentation
 
La entrevista la obserbacion
La entrevista la obserbacionLa entrevista la obserbacion
La entrevista la obserbacion
 
Shockathon_2015_ゆずったーbyブルブル広告
Shockathon_2015_ゆずったーbyブルブル広告Shockathon_2015_ゆずったーbyブルブル広告
Shockathon_2015_ゆずったーbyブルブル広告
 
Project FLMNH
Project FLMNHProject FLMNH
Project FLMNH
 
クラウドExpo120511
クラウドExpo120511クラウドExpo120511
クラウドExpo120511
 
Sin título 1
Sin título 1Sin título 1
Sin título 1
 
English assignment travel
English assignment travelEnglish assignment travel
English assignment travel
 
Atkins p friedman_r_molecular_quantum_mechanics_oup_2005
Atkins p friedman_r_molecular_quantum_mechanics_oup_2005Atkins p friedman_r_molecular_quantum_mechanics_oup_2005
Atkins p friedman_r_molecular_quantum_mechanics_oup_2005
 
Titanic
TitanicTitanic
Titanic
 
Everything XControls
Everything XControlsEverything XControls
Everything XControls
 
Mood boards
Mood boardsMood boards
Mood boards
 
Why do I need an app for my business
Why do I need an app for my businessWhy do I need an app for my business
Why do I need an app for my business
 
5 aplicatii
5 aplicatii5 aplicatii
5 aplicatii
 
Valmis kalle nalle
Valmis kalle nalleValmis kalle nalle
Valmis kalle nalle
 
TSI Recent Workshops Oct. 2013
TSI   Recent Workshops Oct. 2013TSI   Recent Workshops Oct. 2013
TSI Recent Workshops Oct. 2013
 
"ИННА ТУР" - Департамент корпоративного обслуживания
"ИННА ТУР" -  Департамент корпоративного обслуживания"ИННА ТУР" -  Департамент корпоративного обслуживания
"ИННА ТУР" - Департамент корпоративного обслуживания
 
Custom hiring vs. individual buying of combines
Custom hiring vs. individual buying of combinesCustom hiring vs. individual buying of combines
Custom hiring vs. individual buying of combines
 

Similar a Cloud computing security

APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Security Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party AuditorSecurity Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party Auditorijsrd.com
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyIJERA Editor
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudIJERA Editor
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentEditor IJCATR
 
Enabling Public Audit Ability and Data Dynamics for Storage Security in Clou...
Enabling Public Audit Ability and Data Dynamics for Storage  Security in Clou...Enabling Public Audit Ability and Data Dynamics for Storage  Security in Clou...
Enabling Public Audit Ability and Data Dynamics for Storage Security in Clou...IOSR Journals
 
Survey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloudSurvey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloudeSAT Publishing House
 
Survey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloudSurvey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloudeSAT Journals
 
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
Ieeepro techno solutions   2011 ieee dotnet project -secure role based dataIeeepro techno solutions   2011 ieee dotnet project -secure role based data
Ieeepro techno solutions 2011 ieee dotnet project -secure role based dataASAITHAMBIRAJAA
 
Ieeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions   2011 ieee java project -secure role based dataIeeepro techno solutions   2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based datahemanthbbc
 
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsData Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsIJERA Editor
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Security threats in cloud computing
Security threats  in cloud computingSecurity threats  in cloud computing
Security threats in cloud computingPuneet Arora
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTIJNSA Journal
 

Similar a Cloud computing security (20)

APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
Security Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party AuditorSecurity Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party Auditor
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge Privacy
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted Cloud
 
C017421624
C017421624C017421624
C017421624
 
H1803035056
H1803035056H1803035056
H1803035056
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
 
Enabling Public Audit Ability and Data Dynamics for Storage Security in Clou...
Enabling Public Audit Ability and Data Dynamics for Storage  Security in Clou...Enabling Public Audit Ability and Data Dynamics for Storage  Security in Clou...
Enabling Public Audit Ability and Data Dynamics for Storage Security in Clou...
 
Survey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloudSurvey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloud
 
Survey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloudSurvey on securing outsourced storages in cloud
Survey on securing outsourced storages in cloud
 
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
Ieeepro techno solutions   2011 ieee dotnet project -secure role based dataIeeepro techno solutions   2011 ieee dotnet project -secure role based data
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
 
Ieeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions   2011 ieee java project -secure role based dataIeeepro techno solutions   2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based data
 
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsData Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocol
 
Security threats in cloud computing
Security threats  in cloud computingSecurity threats  in cloud computing
Security threats in cloud computing
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
 

Cloud computing security

  • 2. Cloud computing  “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deploymentmodels.”
  • 3.  The cloud computing model NIST defined has three service models and four deployment models. The three service models, also called SPI model, are: Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS) and Cloud Infrastructure as a Service (IaaS). The four deployment models are:  Private cloud,  Community cloud,  Public cloud and Hybrid cloud.
  • 4.  cloud computing security concerns remain a major barrier for the adoption of cloud computing.  According to a survey from IDCI in 2009, 74% IT managers and CIOs believed that the primary challenge that hinders them from using cloud computing services is cloud computing security issues.  Another survey carried out by Garter in 2009, more than 70% CTOs believed that the primary reason not to use cloud computing services is that there are datasecurity and privacy concerns.
  • 5. ADVANCED ISSUES IN CLOUD COMPUTING SECURITY  1) Abstraction:  Cloud provides an abstract set of service end-points. For a user, it is impossible to pin-point in which physical machine, storage partition (LUN), network port MAC address, switches etc. are actually involved. Thus, in event of security breach, it becomes difficult for a user to isolate a particular physical resource that has a threat or has been compromised.
  • 6. 2)Lack of execution controls: The external cloud user does not have fine-gained control over remote execution environment. Hence the critical issues like memory management, I/O calls, access to external shared utilities and data are outside the purview of the user.  The client would want to inspect the execution traces to ensure that illegal operations are not performed.
  • 7.  3) Third-party control of data: In cloud, the storage infrastructure, and therefore, the data possession is also with the provider. So even if the cloud provider vouches for data integrity and confidentiality, the client may require verifiable proofs for the same.
  • 8. 3) Multi-party processing: In multi-cloud scenario, one party may use part of the data which other party provides. In absence of strong encryption (as data is being processed), it becomes necessary for participating cloud computing parties to preserve privacy of respective data.
  • 9. Three specific areas of security research  Trusted computing:  Information centric security (ICS)  Privacy preserving models
  • 10. Trusted computing  It is a set technology being developed and promoted by Trusted Computing Group (TCG).  To tackle the concern of un-trusted execution environment, trusted platform modules enable a strong endorsement key to attest users to a host and host to users.  All subsequent execution on an attested host-user pair can then be validated through trusted path mechanism.  New techniques such as Provable Data Possession (PDP) in untrusted cloud may be a more efficient mechanism as it generates a probabilistic proof for data integrity based on only a small portion of the file.
  • 11.  Similarly there are research works around Proof of Retrievability (PoR) to give customer some semblance of assurance that once data is stored in a public cloud, it will be eventually retrievable.  Proof carrying codes is another mechanism through which the cloud provider host can verify user applications through formal proofs.
  • 12. Information centric security (ICS)  Strong encryption of the entire data may not be useful as the data is often processed in cloud in un-encrypted form which makes it vulnerable.  One way of achieving ICS would be to use Policy based or Role based access controls which can be defined in a language like Extensible Access Control Markup Language (XACML) which governs context-based access rules in policy enforcement point of the data.  Any access request to the data can then be verified through an assertion or by checking with central server.
  • 13.  Another way could be to add access control metadata in the form of Cryptographic Message Syntax (CMS) It is more compact than XML, and is flexible enough to freely add users to the ‘read’ list as long as each user possesses a cryptographic key pair