National Conference on Role of Cloud Computing Environment in Green Communication 2012 31
Data Security in Cloud Computing
ME Computer Science
Sun College of Engineering and Technology
Erachakulam, Nagercoil, India
Abstract— Cloud Computing provides a way to share distributed for number of reasons. Firstly, traditional cryptographic
resources , software and information to computers and other primitives for the purpose of data security protection can not
devices on_demand which belongs to different organizations. Any be directly adopted due to the users’ loss control of data under
computing services like cloud computing should provide the data
security and integrity for getting acceptance by the users. Since Cloud Computing. Therefore, verification of correct data
cloud computing uses distributed resources in open environment, storage in the cloud must be conducted without explicit
clients of cloud computing have some problems of security, knowledge of the whole data. Considering various kinds of
integrity and confidentiality of their data and computations. To data for each user stored in the cloud and the demand of long
overcome this problem we analyse some security requirements in term continuous assurance of their data safety, the problem of
cloud computing environment. For this we propose a Trusted
Cloud Computing Platform (TCCP), which enables IaaS
verifying correctness of data storage in the cloud becomes
providers to provide a secured box execution environment for even more challenging. Secondly, Cloud Computing is not
security, integrity and confidentiality of data. To improve the justa third party data warehouse. The data stored in the cloud
security of shared data objects and distributed software modules may be frequently updated by the users, including insertion,
Data Coloring technique is used in the TCCP. deletion, modification, appending, reordering, etc. To ensure
Keywords - cloud computing; Trusted Cloud Computing storage correctness under dynamic data update is hence of
Platform; Data Coloring; paramount importance. However, this dynamic feature also
makes traditional integrity insurance techniques futile and
I. INTRODUCTION entails new solutions. Last but not the least, the deployment of
Cloud Computing is powered by data centers running in a
Cloud computing is used to reduce the IT costs by storing simultaneous, cooperated and distributed manner. Individual
data and computations in virtual machines. Cloud computing user’s data is redundantly stored in multiple physical locations
has improve IT to newer limits by store data and share
to further reduce the data integrity threats. Therefore,
resources to reducing capital expenditure. It reduces the time
distributed protocols for storage correctness assurance will be
required to install resources and new servers, which take more
time to do it. It allow the clients to quick accessing of of most importance in achieving a robust and secure cloud
uploading and downloading of datas and all computations data storage system in the real world.
when they need to access. Cloud users have no need of instal
separate storage and softwares in their own computing devices. System Model
Instead of installing storage and softwares in the clients There are three different network entities are used in the
machines, to reduce all installation expenditure clients can representation of network architecture of cloud data storage.
renting storage and software from a cloud provider. The cloud Three different network entities can be identified as follows:
providers have a large storage and software with them to User: users, who have data to be stored in the cloud and rely
provide the clients when they request them for rent. When
on the cloud for data computation, consist of both individual
renting the resources and software from cloud providers
security is the most serious problem for the clients. To avoid consumers and organizations.
this, the cloud service users or clients must need to secure their Cloud Service Provider (CSP): a CSP, who has significant
data before store into the cloud providers. resources and expertise in building and managing distributed
cloud storage servers, owns and operates live Cloud
One of the most serious problem is the posibility of Computing systems.
confidentiality violations. This is because of change or leak the Third Party Auditor (TPA): an optional TPA, who has
company’s data, known or unknown by the cloud provider’s expertise and capabilities that users may not have, is trusted to
employees. This may damage the name and finances of the assess and expose risk of cloud storage services on behalf of
company. For this they can use encryption before store their the users upon request.
data to the providers where the data is to be computed. In cloud data storage, a user stores his data through a CSP
From the perspective of data security, which has always into a set of cloud servers, which are running in a cloud
been an important aspect of quality of service, Cloud provider, Co-operated and distributed manner. Data
Computing internally poses new challenging security threats redundancy can be employed with technique of erasure
Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012 32
correcting code to further tolerate faults or server crash as instances in cases of EC2 or by just increasing memory in some
user’s data grows in size and importance. Thereafter, for other case.
application purposes, the user interacts with the cloud servers On-demand self-service
via CSP to access or retrieve his data. In some cases, the user
may need to perform block level operations on his data. The A consumer can unilaterally provision computing capabilities,
most general forms of these operations we are considering are such as server time and network storage, as needed automatically
without requiring human interaction with each service’s provider.
block update, delete, insert and append.
As users no longer possess their data locally, it is of Broad Network Access
critical importance to assure users that their data are being Capabilities are available over the network and accessed through
correctly stored and maintained. That is, users should be standard mechanisms that promote use by client platforms (e.g.,
equipped with security means so that they can make mobile phones, laptops, and PDAs).
continuous correctness assurance of their stored data even
without the existence of local copies. In case that users do not
necessarily have the time, feasibility or resources to monitor The provider’s computing resources are pooled to serve multiple
their data, they can delegate the tasks to an optional trusted consumers using a multi-tenant model, with different physical and
virtual resources dynamically assigned and reassigned according to
TPA of their espective choices. In our model, we assume that
consumer demand. A sense of location independence exists because
the point-to-point communication channels between each the customer generally has no control over or knowledge of the
cloud server and theuser is authenticated and reliable, which provided resources’ exact location but may be able to specify location
can be achieved in practice with little overhead. Note that we at a higher level of abstraction (e.g., country, state, or data center).
don’t address the issue of data privacy in this paper, as in Examples of resources include storage, processing, memory, network
Cloud Computing, data privacy is orthogonal to the problem bandwidth, and virtual machines.
we study here. Not only does it desire to move data that has Rapid Elasticity
not been or is rarely accessed to a lower tier of storage than
Capabilities can be rapidly and elastically provisioned, in some
agreed for netary reasons, but it may also attempt to hide a
cases automatically, to quickly scale out and rapidly released to
data loss incident due to management errors, Byzantine quickly scale in. To the consumer, the capabilities available for
failures and so on. On the other hand, there may also exist an provisioning often appear unlimited and can be purchased in any
economicallymotivated adversary, who has the capability to quantity at any time.
compromise a number of cloud data storage servers in
different time intervals and subsequently is able to modify or
delete users’ data while remaining undetected by CSPs for a Cloud systems automatically control and optimize resource use by
certain period. leveraging a metering capability appropriate to the type of service
(e.g., storage, processing, bandwidth, and active user accounts). The
provider and consumer can monitor, control, and report resource
There are two types of adversary models involved in cloud usage, thus providing transparency of the utilized service.
computing Threats. They are
Weak Adversary: The adversary is interested in corrupting the Location and Device Independence
user’s data files stored on individual servers. Once a server is Users can access the server through the internet from any
comprised, an adversary can pollute the original data files by place and from any device including the iPhone and Androids.
modifying or introducing its own fraudulent data to prevent
the original data from being retrieved by the user. Data Protection
Strong Adversary: This is the worst case scenario, in which we Where do data physically reside, and does the data’s location
assume that the adversary can compromise all the storage have legal ramifications?
servers so that he can intentionally modify the data files as Are data safely protected (i.e., by encryption) while stationary or
long as they are internally consistent. In fact, this is equivalent in motion within and across the cloud?
to the case where all servers are colluding together to hide a
How is availability of data assured in the cloud?
data loss or corruption incident.
Does the provider take measures to ensure that deleted data is not
Features of cloud computing recoverable?
The major features of cloud computing are discussed here, Security Control
Consumption based billing What security controls does the cloud provider need to
implement, and how?
Pay per use is the winning characteristic for cloud. You How are assurance levels effectively and efficiently managed in
can pay for the time you use the infrastructure of cloud the cloud?
Rapid Elasticity Security Threats in Cloud Computing
Consumers can increase or decrease the capacity within a Traditional server environments pose several challenges:
matter of minutes. This can be by adding instances in case of high labor and capital costs, long development and eployment
Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012 33
cycles and quality risks associated with largely manual model in which public verifiability is enforced can be used
processes. Organisations are now finding new ways to meet where the third party auditor audits the data without wasting
these challenges using cloud computing from cloud providers. with user's time to ensure the data security.
Some cloud infrastructures designed to provide rapid access to
security-rich, enterprise-class virtual server environments, How to Secure Data during Transport in Cloud Computing
well suited for development and test activities and other When transporting data in cloud computing environment,
dynamic workloads. Ideal for both IT and application keep two things in mind: Make sure that no one can intercept
development teams, the Cloud delivers cloud-based services, your data as it moves from client to cloud provider in the
systems and software to meet the needs of your business. cloud, and make sure that no data tamper with or leaks from
any storage in the cloud.
The three general models of cloud computing are IaaS
(Infrastructure as a Service), PaaS (Platform as a Service), In the cloud, the sending data from client to cloud provider
and SaaS (Software as a Service). Each of these models might be within a cloud environment. The data can be send to
possess a different impact on application security. However, the public Internet between an enterprise and a cloud provider,
in a typical scenario where an application is hosted in a cloud, or between two or more cloud providers.
two broad security questions that arises are: The security process may include separating our data from
– How secure is the Data? other companies’ data and then encrypting it by using any
– How secure is the Code? encryption methods. In addition, you can provide security to
Cloud computing environment is generally assumed as a older data that remains with a cloud provider after you no
potential cost saver as well as provider of higher service longer need it.
quality. Security,confidentiality, Availability, and Reliability
A virtual private network (VPN) is one way to manage the
are the major quality concerns of cloud service users. These
security of data during its transport in a cloud environment. A
suggests that security in one of the important challenge among
VPN essentially makes the public network your own private
all other quality challenges. network instead of using dedicated connectivity.
The data transfer between cloud providers and cutomers Security components of cloud computing
can be secured using SSL. Users ignore the warning exploited
by attackers because this technology is much familiar. Google Firewall
has demonstrated such type of exploitation in cloud based A firewall to act as a barrier to between the public Internet
services. On the other hand, a flaw in indexing system design like cloud providers and any private network like cloud users.
has resulted in security vulnerability where one user can read
others documents. Also there are other attacks which were Encryption
successful on cloud which makes it vulnerable to attacks. Encryption is used to protect our sensitive data from
hackers and employees in the cloud providers; only the
The developer should always assume that intruders have computer that you send the data should have the key to decode
full access to the client as anyone including intruders can buy the data by using some Decryption methods.
the software in SaaS model. Though they are not supplied with
source code, they still have access to binaries using which they Antivirus
can exploit the vulnerabilities. Hence there should always be a Antivirus scanning can be done on the cloud to reduce the
verification mechanism to verify client requests before risk of malicious activities. It is an expensive operation and
execution. doing it once ahead of time for benefit of many could be
Data Security in cloud Computing advantageous, and with the power of cloud more anti-virus
engines can be employed to make more efficient. The
The organisations using cloud computing should maintain challenge here is bridging the gap between the threat release
their own data backups even if the providers backs up data for and the virus signature release. Although antivirus scanning is
the organisation. This will help continuous access to their data an expensive operation, it should be repeated with the release
even at the critical situations such as data providers going shut of new virus signatures
down or disaster at data center etc.
Providing security for cloud computing requires more than
A client or customer manager has to eliminate the fear of authentication using passwords and confidentiality in data
data leakage and loss of privacy in cloud computing. In transmission. This proposed to a solution for intrusion
salesforce.com which can undergo a security threat; theft of detection in cloud computing. The solution consists of two
sales data and various ways that an intruder can gain kinds of analysis behavioural analysis and knowledge analysis.
knowledge based on the un-encrypted data. The threats include In behavioural analysis, the data mining techniques were used
the collection of personal information and getting inappropriate to recognize expected behaviour or a sever deviation of
access to the information. Based on this scenario a set of behaviour and in knowledge analysis security policy violations
requirements was derived which include the minimization of and attack patterns were analysed to detect or prevent
personal and sensitive data used in cloud and maximising intrusion.
security protection of data. Finally the overall architecture for
client-based privacy data manager has been depicted. The
Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012 34
Depending upon the need of security of our data, the level itself can prevent attacks that require physical access to the
of concern about data security may differ for everyone. In some machines.
situations, such as with a test environment processing test data, Sysadmins need privileged permissions at the cluster’s
you may have limited concerns about some of these security machines in order to manage the software they run. Since we
and privacy issues. In other situations where you may have a do not precisely know the current IaaS providers, we assume
lot at risk if the security and privacy of your data is in our attack model that sysadmins can login remotely to any
compromised, you need to evaluate how your cloud vendor machine with root privileges, at any point in time. The only
treats the security issues. way a sysadmin would be able to gain physical access to a
Infrastructure as a Service(IaaS) node running a costumer’s VM is by diverting this VM to a
machine under her control, located outside the IaaS’s security
Today, cloud providers offer services at various software perimeter.
stack layers of the software stack model. Infrastructure as a
Therefore, the TCCP must be able to confine the VM
Service (IaaS) providers provide services to their customers to
access the entire virtual machines (VMs) which are hosted by execution inside the perimeter, and guarentee that at any
the cloud providers. Some of the impotant Infrastructure as a point a sysadmin with root privileges remotely logged to a
Service (IaaS) providers are Amazon, Flexiscale and GoGrid. machine hosting a Vm cannot access its memory.
The responsibilities for providing the entire software stack
running inside a VM is the customers or the users of the Trusted Computing
system. At higher layers, Software as a Service (SaaS) systems
offer complete online applications that can be directly executed The Trusted Computing Group (TCG) proposed a set of
by their users. The most popular Software as a Service (SaaS) hardware and software technologies to enable the construction
systems is Google Apps. of trusted platforms. In particular, the TCG proposed a
standard for the design of the trusted platform module (TPM)
Since the services in the higher layers of the software stack
are provide the services for their own to run the software which chip that is now bundled with commodity hardware. The TPM
is directly access the customers data, the problem of contains an endorsement private key (EK) that uniquely
confidentiality of computations increases. The lower layer IaaS identifies the TPM (thus, the physical host), and some
cloud providers where securing a customer’s VM is more cryptographic functions that cannot be modified. The
manageable. While we know very little detail about the respective manufacturers sign the corresponding public key to
internal organization of IaaS services, we describe about the guarantee the correctness of the chip and validity of the key.
IaaS platform that offers an interface similar to EC2. It Trusted platforms [1, 4, 5, 9] leverage the features of TPM
manages one or more clusters whose nodes run a virtual chips to enable remote attestation. This mechanism works as
machine monitor (typically Xen) to host customers’ VMs. Our follows. At boot time, the host computes a measurement list
simple description aggregates all these components in a single ML consisting of a sequence of hashes of the software
cloud manager (CM) that handles a single cluster. VM is involved in the boot sequence, namely the BIOS, the boot
launched from a virtual machine image (VMI) loaded from the loader, and the software implementing the platform. The ML is
CM. Once a VM is launched, users can log in to it using securely stored inside the host’s TPM. To attest to the
normal tools such as ssh. platform, a remote party challenges the platform running at the
Also from the interface to every user, the CM exports host with a nonce nU. The platform asks the local TPM to
services that can be used to perform administrative tasks such create a message containing both the ML and the nU,
as adding and removing VMIs or users. encrypted with the TPM’s private EK. The host sends the
message back to the remote party who can decrypt it using the
Attack models in cloud computing EK’s corresponding public key, thereby authenticating the
host. By checking that the match and the ML corresponds to a
A sysadmin of the cloud provider that has privileged configuration it deems trusted, a remote party can reliably
control over the backend can perpetrate many attacks in order identify the platform on an untrusted host.
to access the memory of a customer’s VM. With root
privileges at each machine, the sysadmin can install or execute A trusted platform like Terra implements a thin VMM that
all sorts of software to perform an attack. Sysadmin run a user enforces a closed box execution environment, meaning that a
level process that directly accesses the content of a VM’s guest VM running on top cannot be inspected or modified by a
memory at run time. Furthermore, with physical access to the user with full privileges over the host. The VMM guarantees
machine, a sysadmin can perform more sophisticated attacks its own integrity until the machine reboots. Thus, a remote
like cold boot attacks and even tamper with the hardware. party can attest to the platform running at the host to verify
In current IaaS providers, we can reasonably consider that that a trusted VMM implementation is running, and thus make
no single person accumulates all these privileges. Moreover, sure that her computation running in a guest VM is secure.
providers already deploy stringent security devices, restricted Given that a traditional trusted platform can secure the
access control policies, and surveillance mechanisms to computation on a single host, a natural approach to secure an
protect the physical integrity of the hardware. Thus, we IaaS service would be to deploy the platform at each node of
assume that, by enforcing a security perimeter, the provider the service’s backend. However, this approach is insufficient:
Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012 35
a sysadmin can divert a customer’s VM to a node not running Metadata Data Trusted computing Compute and storage
the platform, either when the VM is launched, or during the Networking Binary analysis, scanners, WebApp .rewalls,
VM execution. Consequently, the attestation mechanism of transactional security, copyright protection Data loss
the platform does not guarantee that the measurement list protection, common log .le, database activity, monitoring,
obtained by the remote party corresponds to the actual encryption, data coloring (watermarking) Government risk
configuration of the host where the VM has been running ser CM NN31 NN2 4
management and compliance, identity and access
E The components of the trusted cloud computing platform management, virtual machines (VMs), patch management
include a set of trusted nodes (N) and the trusted coordinator Hardware and software RoT and APIs, trust-overlay and
(TC). The untrusted cloud manager (CM) makes a set of reputation systems IDS/IPS, host-based .rewalls, integrity and
services available to users. The TC is maintained by an
.re/log management, encryption, masking Network IDS/IPS,
external trusted entity (ETE). Therefore, the TCCP needs to
.rewalls, data processing information, anti-DDoS, QoS,
provide a remote attestation that guarantees the immutability
DNSSEC IPS: Intrusion-prevention system RoT: Root of trust
of the platform’s security properties in the backend.
DDoS: Distribted denial of service DNSSEC: Domain Name
Trusted Cloud Computing Platform System Security Extensions QoS: Quality of service Security,
privacy, and copyright protection measures needed at various
The Trusted Cloud Computing Platform (TCCP) that cloud service levels .
provides a closed box execution environment by extending the
concept of trusted platform to an entire IaaS backend. The Securing Software as a Service
TCCP guarantees the confidentiality and the integrity of a
user’s VM, and allows a user to determine up front whether or SaaS employs browser-initiated application software to
not the IaaS enforces these properties. serve thousands of cloud customers, who make no upfront
Trusted platform module (TPM) chips, which are now investment in servers or software licensing. From the
being bundled into commodity hardware and which provide provider’s perspective, costs are rather low compared with
unique identification and a public endorsement key, plus conventional application hosting. SaaS — as heavily pushed
capabilities that are specific to the machine on which the chip by Google, Microsoft, Salesforce.com, and so on — requires
has been installed, are components of TCCP. that data be protected from loss, distortion, or theft. Trans-
actional security and copyright compliance are designed to
Securing Infrastructure as a Service
protect all intellectual property rights at this level. Data
encryption and coloring offer options for upholding data
The IaaS model lets users lease compute, storage, network,
integrity and user privacy.
and other resources in a virtualized environment. The user
doesn’t manage or control the underlying cloud infrastructure
but has control over the OS, storage, deployed applications, Data coloring
and possibly certain networking components. Amazon’s
Elastic Compute Cloud (EC2) is a good example of IaaS. At Data coloring is the technique used in the software file or
the cloud infrastructure level, CSPs can enforce network data object to secure the clients data from attackers or threats.
security with intrusion-detection systems (IDSs), firewalls, This lets us segregate user access and insulate sensitive
antivirus programs, distributed denial-of-service (DDoS) information from cloud provider access.
defenses, and so on. A trusted software environment that provides useful tools
for building cloud applications over protected datasets. In the
Securing Platform as a Service past, watermarking was mainly used for digital copyright
management. Christian Collberg and Clark Thomborson have
suggested using watermarking to protect software modules.
Cloud platforms are built on top of IaaS with system
The trust model Deyi Li and his colleagues propose offers a
integration and virtualization middleware support. Such
second-order fuzzy membership function for protecting data
platforms let users deploy user-built software applications
owners. We extend this model to add unique data colors to
onto the cloud infrastructure using provider-supported pro- protect large datasets in the cloud. We consider cloud security
gramming languages and software tools (such as Java, Python, a community property. To guard it, we combine the
or .NET). The user doesn’t manage the underlying cloud advantages of secured cloud storage and software
infrastructure. Popular PaaS platforms include the Google App watermarking through data coloring and trust negotiation. The
Engine (GAE) or Microsoft Windows Azure. This level image is the data object being protected.
requires securing the provisioned VMs, enforcing security Data coloring provides forward and backward color-
compliance, managing potential risk, and establishing trust generation processes. We add the cloud drops (data colors)
among all cloud users and providers. Cloud service models into the input photo and remove color to restore the original
Applications APIs Content Integration OS and middleware photo. The coloring process uses three data characteristics to
APIs Connectivity and delivery Virtualization Hardware IaaS generate the color: the expected value (Ex) depends on the
PaaS SaaS Applications Data/information Management data content, whereas entropy (En) and hyperentropy (He) add
Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012 36
randomness or uncertainty, which are independent of the data the security of the customers data stored in the providers of
content and known only to the data owner. Collectively, these cloud computing.
three functions generate a collection of cloud drops to form a
unique ―color‖ that providers or other cloud users can’t detect. REFERENCES
Additional details about this cloud watermark scheme are  http://cloudsecurityalliance.org/guidance/csaguide.pdf/
available elsewhere. http://microsoft.com/
We can use data coloring at varying security levels based http://aws.amazon.com/ec2/
on the variable cost function applied. We can apply the http://www.google.com/support/forum/
method to protect documents, images, video, software, and http://www.sciencedaily.com/releases/
relational databases. Figure 4b shows the details involved in Nuno Santos, Krishna P. Gummadi, Rodrigo Rodrigues, MPI-SWS
Towards Trusted Cloud Computing.
the color-matching process, which aims to associate a colored Kai Hwang, University of Southern California, Deyi Li, Tsinghua
data object with its owner, whose user identification is also University, China, Trusted Cloud Computing with Secure Resources and Data
colored with the same Ex, En, and He identification Coloring.
characteristics. The color-matching process assures that colors http://www.circleid.com/posts/20090226
cloud computing hype security/
applied to user identification match the data colors. This can  T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh.
initiate various trust-management events, including authentica- Terra: A Virtual Machine-Based Platform for Trusted Computing.
tion and authorization. Virtual storage supports color In Proc. of SOSP’03, 2003.
generation, embedding, and extraction.  TCG. https://www.trustedcomputinggroup.org.
Combining secure data storage and data coloring, we can
prevent data objects from being damaged, stolen, altered, or
deleted. Thus, legitimate users have sole access to their
desired data objects. The computational complexity of the
three data characteristics is much lower than that performed in
conventional encryption and decryption calculations in PKI
services. The watermark-based scheme thus incurs a very low
overhead in the coloring and decoloring processes. The En and
He functions’ randomness guarantees data owner privacy.
These characteristics can uniquely distinguish different data
Abbreviations and Acronyms
IEEE - Institute of Electrical and Electronics Engineers
IaaS – Infrastructure as a Service
SaaS – Software as a Service
PaaS – Platform as a Service
TC – Trusted Computing
TCP – Trusted Computing Platform
TCCP – Trusted Cloud Computing Platform
In this paper, we discuss the concerns about the
confidentiality, availability and integrity of the cloud users
data and computation are a major important measures for
enterprises looking to embrace cloud computing. For the need
of security of data in the cloud we present the design of a
Trusted Cloud Computing Platform (TCCP) that enables IaaS
services such as Amazon EC2 to provide a closed box
execution environment. TCCP guarantees confidential
execution of guest VMs, and allows users to attest to the IaaS
provider and determine if the service is secure before they
launch their VMs. Data coloring is the technique used in the
software file or data object to secure the clients data from
attackers or threats. This lets us segregate user access and
insulate sensitive information from cloud provider access.
When we combine these two techniques, it leads to increase
Department of CSE, Sun College of Engineering and Technology