Security Threats and Countermeasures in Cloud Computing

Document Sample
Security Threats and Countermeasures in Cloud Computing Powered By Docstoc
					International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847



           Security Threats and Countermeasures in
                      Cloud Computing
                                     Vahid Ashktorab1, Seyed Reza Taghizadeh2
                   1
                   Department of Computer Engineering, Islamic Azad University of NajafAbaad, Isfahan, Iran
               2
                Department of Information Technology, Kahje-Nassir-Toosi University of Technology, Tehran, Iran



                                                       ABSTRACT
Security concerns have given rise to immerging an active area of research due to the many security threats that many
organizations have faced at present. Addressing these issues requires getting confidence from user for cloud applications and
services. In this paper, we have cast light over the major security threats of cloud computing systems, while introducing the
most suitable countermeasures for them. We have also cited the aspect to be focused on when talking about cloud security. We
have categorized these threats according to different viewpoints, providing a useful and little-known list of threats. After that
some effective countermeasures are listed and explained.
Keywords: security challenges, cloud computing, threat and countermeasures

    1. INTRODUCTION
Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power
and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware
connected to support downtime on any device in the network, without a change in the users' perspective. Also, the
users' software image should be easily transferable from one cloud to another. Balding proposes that a layering
mechanism should occur between the front-end software, middle-ware networking and back-end servers and storage, so
that each part can be designed, implemented, tested and ran independent from subsequent layers [8]. Though cloud
computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of
the work load from the client, it is fraught with security risks. In this paper we describe the various security issues of
cloud computing beside the countermeasure of each one. In the first place, the underlying technology of cloud by itself
provides a major security risk. After that in chapter 3 we security challenges of cloud computing are explained. Chapter
4 focuses on countermeasures that can help providing a secure environment, considering the threats proposed in its
previous chapter. Finally chapter 5 provides a conclusion for the paper.

    2. SECURITY ASPECTS TO FOCUS ON IN CLOUD COMPUTING
   2.1 Availability
The goal of availability for Cloud Computing systems (including applications and its infrastructures) is to ensure its
users can use them at any time, at any place. As its web-native nature, Cloud Computing system enables its users to
access the system (e.g., applications, services) from anywhere. This is true for all the Cloud Computing systems. Two
strategies, say hardening and redundancy, are mainly used to enhance the availability of the Cloud system or
applications hosted on it. Many Cloud Computing system vendors provide Cloud infrastructures and platforms based on
virtual machines. For example, Amazon Web Services provide EC2, S3 entirely based on the virtual machine called
Xen [1], and Skytap [2] offers virtual lab management application relaying on hypervisors, including VMware [3], Xen
and Microsoft Hyper- V [4], and so on. That is the reason why Cloud service provider can rend resources (e.g., CPU
cycles, storage capacity, memory) from Amazon on demand at the expense of usage in terms of a single unit. Hence,
the virtual machine is the basic component to host these services. Clearly, virtual machines have the capability in
providing on demand services in terms of users’ individual resource requirement for a large amount of users. Figure
below shows an overview of the virtual machines.
As for redundancy, large Cloud Computing system vendors (e.g., Amazon, Google) offer geographic redundancy in
their Cloud systems, hopefully enabling high availability on a single provider. Availability zones are distinct locations
that are engineered to be insulated from failures in other availability zones and provide inexpensive, low latency
network connectivity to other availability zones in the same region. Using instances in separate availability zones, one
can protect applications from failure of a single location. Google owns more than 1 million machines which are
distributed in 36 data centers across the world. Similar to Amazon, Google offers geographic redundancy in its systems.



Volume 1, Issue 2, October 2012                                                                                      Page 234
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847




                                Figure 5: Virtual machine as infrastructure/platform[3]

    2.2 Confidentiality
Confidentiality means keeping users’ data secret in the Cloud systems. Cloud Computing system offerings (e.g.,
applications and its infrastructures) are essentially public networks Therefore, keeping all confidential data of users’
secret in the Cloud is a fundamental requirement which will attract even more users consequently. Traditionally, there
are two basic approaches (i.e., physical isolation and cryptography) to achieve such confidentiality, encrypting data
before placing it in a Cloud may be even more secure than unencrypted data in a local data center; this approach was
successfully used by TC3 [52]
    2.3 Privacy
Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust and this need to be
considered at every phase of design. The key challenge for software engineers to design cloud services in such a way as
to decrease privacy risk and to ensure legal compliance. The following tips are recommended for cloud system
designers, architects, developers and Testers [5].
1. Minimize personal information sent to and stored in the cloud.
2. Protect personal information in the cloud.
3. Maximize user control.
4. Allow user choice.
5. Specify and limit the purpose of data usage.
6. Provide feedback.
    2.4 Data Integrity
Data integrity in the Cloud system means to preserve information integrity (i.e., not lost or modified by unauthorized
users). As data is the base for providing Cloud Computing services, such as Data as a Services, Software as a Service,
Platform as a Service, keeping data integrity is a fundamental task. Furthermore, Cloud Computing system usually
provides massive data procession capability
Digital signature is a commonly used technique for data integrity testing. The widely adopted distributed file systems
(e.g., GFS [6], HDFS [53]) usually divide data in large volumes into a set of blocks, each of which has a default size
(e.g., 64MB, 128Mb). When a block of the data is physically stored on, a digital signature is attached to it. This digital
signature is useful for future integrity testing. Herein, digital signature is able to test the integrity of the data, and
recover from corruption. Hence, data integrity is fundamental for Cloud Computing system, and it is hopeful to be
achieved by techniques such as RAID-liked strategies, digital signature and so on.
    2.6. Identity and Access Management (IAM)
The key critical success factor to managing identities at cloud providers is to have a robust federated identity
management architecture and strategy internal to the organization. Using cloud-based “Identity as a Service” providers
may be a useful tool for outsourcing some identity management capabilities and facilitating federated identity
management with cloud providers [9].
   2.7 Control
Control in the Cloud system means to regulate the use of the system, including the applications, its infrastructure and
the data. Cloud Computing system always involves distributed computation on multiple large-scale data sets across a
large number of computer nodes. Even more, every Internet user is able to contribute his or her individual data to the
Cloud Computer systems which are located on the other side of the Internet, and make use of them. For example, a
user’s click stream across a set of webs (e.g., Amazon book store, Google search web pages, etc.) can be used to provide
targeted advertising. Future healthcare applications may use an individual’s DNA sequence (which is captured by
hospitals) to develop tailored drugs and other personalized medical treatments. When all these personal data are stored
in the Cloud Computing system environment, users of Cloud Computing systems may face many threats to their
individual data.


Volume 1, Issue 2, October 2012                                                                               Page 235
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

Hence, efficient and effective control over the data access in the Cloud Computing system and regulate the behaviors of
the applications (services) hosted on the Cloud Computing systems will enhance the security of systems.
    2.8 Audit
Audit means to watch what happened in the Cloud system. Auditability could be added as an additional layer above the
virtualized operation system (or virtualized application environment) hosted on the virtual machine to provide facilities
watching what happened in the system. It is much more secure than that is built into the applications or into the
software themselves, since it is able watch the entire access duration.
For such kind of scenarios, the state changes and other factors that effected the system availability should be audited∙
the Comprehensive information about users’ application and its runtime environment. Should be audited as well, but
Monitoring Should not be intrusive and must be limited to what the Cloud provider reasonably needs in order to run
their facility. Such a new feature reinforces the Cloud Computing developers to focus on providing virtualized
capabilities instead of specific hardware to being provided. Another related concern is that many nations have laws
requiring Cloud Computing providers to keep customer data and copyrighted material within national boundaries,
which make the auditability hopefully in the law issue perspective. However, some businesses do not like the ability of a
country to get access to their data via the court system.
    2.9 Compliance
 A programmatic approach to monitoring and compliance will help prepare CSPs (Cloud Service Provider) and their
users to address emerging requirements and the evolution of cloud business models. To drive efficiency, risk
management, and compliance, CSPs need to implement a strong internal control monitoring function coupled with a
robust external audit process. To gain comfort over their in-cloud activities, CSP users need to define their control
requirements, understand their CSP’s internal control monitoring processes, analyze relevant external audit reports,
and properly execute their responsibilities as CSP users [10].
    2.10 Security-as-a [cloud] Service
Security-as-a-service is likely to see significant future growth for two reasons. First, a continuing shift in information
security work from in-house to outsourced will continue. Second, several other information security needs are present
for organizations currently, but they will accelerate in need and complexity with the growing adoption of cloud
computing. The two proactive controls are important to the growth of cloud computing: identity management that is
inter-cloud and scalable to the cloud size, and (encryption) key management. The two reactive controls are needed for
audit and compliance purposes as well: scalable and effective SIEM, and data leakage prevention (DLP). Providing
solutions to each of these controls will be difficult and requires significant complexity that must be hugely scalable and
yet easy to use [10].

    3. SECURITY CHALLENGES AND THREATS OF CLOUD COMPUTING
Cloud computing is an emerging technology with shared resources and lower cost that relies on pay per use according
to the user demand. Due to its characteristics, it may face lots of threats and problems in the scopes of security. In this
section, these issues are explained and discussed
   3.1 Threats to cloud computing discovered by “Cloud Security Alliance” (CSA) [6]:
Cloud Security Alliance is a renowned community in the scope of cloud security. It has proposed the biggest security
threats of cloud systems. These threats are as follow:
    3.1.1 Abuse and Nefarious Use of Cloud Computing
Abuse and nefarious use of cloud computing is the top threat identified by the Cloud Security Alliance (CSA) [6]. A
simple example of this is the use of botnets to spread spam and malware. Attackers can infiltrate a public cloud, for
example, and find a way to upload malware to thousands of computers and use the power of the cloud infrastructure to
attack other machines.
    3.1.2 Insecure Application Programming Interfaces
As software interfaces or APIs are what customers use to interact with cloud services, those must have extremely secure
authentication, access control, encryption and activity monitoring mechanisms - especially when third parties start to
build on them.
    3.1.3 Malicious Insiders
The malicious insider threat is one that gains in importance as many providers still don't reveal how they hire people,
how they grant them access to assets or how they monitor them. Transparency is, in this case, vital to a secure cloud
offering, along with compliance reporting and breach notification.
    3.1.4 Shared Technology Vulnerabilities
Sharing infrastructure is a way of life for IaaS providers. Unfortunately, the components on which this infrastructure is
based were not designed for that. To ensure that customers don't thread on each other's "territory", monitoring and
strong compartmentalization is required.
    3.1.5 Data Loss/Leakage



Volume 1, Issue 2, October 2012                                                                                Page 236
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

Be it by deletion without a backup, by loss of the encoding key or by unauthorized access, data is always in danger of
being lost or stolen. This is one of the top concerns for businesses, because they not only stand to lose their reputation,
but are also obligated by law to keep it safe
    3.1.6 Account, Service & Traffic Hijacking
Account service and traffic hijacking is another issue that cloud users need to be aware of. These threats range from
man-in-the-middle attacks, to phishing and spam campaigns, to denial-of service attacks.
   3.2 Security Problems Concerning Location of the Cloud Systems
Some problems are inherited from the specific features of cloud computing. In cloud computing system, data storages
are spread around the world. Figure illustrate this conditions. This may result in some security problems as bellow:
    3.2.1 Multi-location of the private data
It is rather dangerous, if the business stores its private data in the third party’s device. In this sense, the businesses’
private data are sitting in someone else’s computer, and in someone else’s facility. Then, many things can go wrong.
Firstly, the Cloud service provider may go out of business. Secondly, the Cloud service provider may decide to hold the
data as hostage if there is a dispute. Thirdly, it is rather important for a company to understand in which country its
data will be hosted.
   3.2.2 Multi-location of the service provider
The Cloud service client (e.g., business user or private user) also need to make sure how the Cloud service provider
performs their declared services. Thus, the Cloud service client is able to keep a direct relationship with the provider,
and control over its own private data.
   3.2.3 Data combination and commingling
The Cloud Computing client (e.g., business user or private user) needs to ensure that its private data whether its private
data is stored separately from others or not. If they are combined or commingled with those of other clients’ data, then
it is much more vulnerable or dangerous. For example, viruses might be transmitted from one client to others. If
another client is the victim of a hack attack, the attack might affect the availability or integrity of the data of other
companies located in the same environment.
  3.2.4 Restrictions on techniques and logistics
It might be rather difficult or even impossible for the Cloud service provider to assure the locations where the Cloud
Computing client’s data will be stored. For example, Amazon has data centers all over the world, the client’s data is
placed automatically across them, unless Amazon uses specific servers for dedicated client. The Cloud service provider
may also need to address logistics. Cloud Computing providers needs to subcontract the data hosting or other service to
third parties.
  3.2.5 Data transfer across the borders
Knowing where the Cloud service provider will host the data is a prerequisite to know how to transfer data across the
country borders. Clearly, because of multi-locations of the three parties in the Cloud Computing ecosystem (i.e., Cloud
provider, XaaS provider/Cloud user, XaaS user), the data request, the data storage and the data processing usually
conduct in different places (or countries), which make the laws to be applied even more complicated, and consequently
resulting in the private information to be even more vulnerable from attack.
   3.3. Cloud Challenges Inherited From Network Concept
There are some dangerous types of threats which are not specific to cloud environment, but lunched vastly in cloud
systems due to the characteristics of cloud systems and their generality at present. These threats are listed below:
    3.3.1 SQL injection attacks
In this type of attack a malicious code is inserted into a standard SQL code. Thus the attackers gain unauthorized
access to a database and are able to access sensitive
    3.3.2 Cross Site Scripting (XSS) attacks
Injecting malicious scripts into Web is done in this kind of attack. There are two methods for injecting the malicious
code into the web-page displayed to the user: Stored XSS and Reflected XSS. In a Stored XSS, the malicious code is
permanently stored into a resource managed by the web application [14]. However, in case of a Reflected XSS, the
attack script is not permanently stored; in fact it is immediately reflected back to the user [14]
   3.3.3. Man in the Middle attacks (MITM).
In such an attack, an entity tries to intrude in an ongoing conversation between a sender and a client to inject false
information and to have knowledge of the important data transferred between them. Various tools implementing strong
encryption technologies like: Dsniff, Cain, Ettercap, Wsniff, Airjack etc. have been developed in order to provide
safeguard against them
    3.3.4 Sniffer Attacks
These types of attacks are launched by applications which can capture packets flowing in a network and if the data that
is being transferred through these packets is not encrypted, it can be read. A sniffer program, through the NIC
(Network Interface Card) ensures that the data/traffic linked to other systems on the network also gets recorded.
    3.3.5 Reused IP Addresses


Volume 1, Issue 2, October 2012                                                                                Page 237
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

When a particular user moves out of a network, then the IP-address associated with him (earlier) is assigned to a new
user. Sometimes though the old IP address is being assigned to a new user still the chances of accessing the data by
some other user is not negligible as the address still exists in the DNS cache and the data belonging to a particular user
may become accessible to some other user violating the privacy of the earlier user.
    3.3.6 Security Concerns with the Hypervisor
Cloud Computing rests mainly on the concept of virtualization. In a virtualized world, hypervisor is defined as a
controller popularly known as virtual machine manager (VMM) that allows multiple operating systems to be run on a
system at a time. Since multiple operating systems would be running on a single hardware platform, it is not possible to
keep track of all such systems and hence maintaining the security of the operating systems is difficult. It may happen
that a guest system tries to run a malicious code on the host system and bring the system down or take full control of
the system and block access to other guest operating systems [16].
    3.3.7 Denial of Service Attacks
A DoS attack is an attempt to make the services assigned to the authorized users unavailable. In such an attack, the
server providing the service is flooded by a large number of requests and hence the service becomes unavailable to the
authorized user. Sometimes, when we try to access a site we see that due to overloading of the server with the requests
to access the site, we are unable to access the site and observe an error
    3.3.8 Cookie Poisoning
It involves changing or modifying the contents of cookie to have an unauthorized access to an application or to a
webpage. Cookies basically contain the user’s identity related credentials and once these cookies are accessible, the
content of these cookies can be forged to impersonate an authorized user. Figure bellow illustrates this kind of attack




                                            Figure 6: Cookie poisoning [17]


    3.3.9 Distributed Denial of Service Attacks
DDoS may be called an advanced version of DoS in terms of denying the important services running on a server by
flooding the destination sever with large numbers of packets such that the target server is not able to handle it. In DDoS
the attack is relayed from different dynamic networks which have already been compromised unlike the DoS attack
    3.3.10 CAPTCHA Breaking
Recently, it has been found that the spammers are able to break the CAPTCHA [54], provided by the Hotmail and
Gmail service providers. They make use of the audio system able to read the CAPTCHA characters for the visually
impaired users. Various techniques such as: implementing letter overlap, variable fonts of the letters used to design a
CAPTCHA, increasing the string length and using a perturbative background can be used to avoid CAPTCHA
breaking [17]. Single frame zero knowledge CAPTCHA design principles have been proposed, which will be able to
resist any attack method of static optical character recognition (OCR).
    3.3.11 Google Hacking
Google App engine is one of the renowned solution provider in the scope of cloud computing. This engine uses a
distributed architecture named as Google geo-distributed architecture. In Google Hacking attack, The hacker searches
all the possible systems with a loophole and finds out those having the loopholes he wishes to hack upon.
    3.4 Inevitable Cases of Information Disclosure
There are some activities done in cloud environment that fail to protect the information to be disclosed to government
[18]. These activities are as follow:
    3.4.1 Electronic Communications Privacy Act (ECPA) [55]:
 In an electronic environment, the Electronic Communications Privacy Act of 1986 (ECPA) provides some protections
against government to access the electronic information that is stored in the storage device of the third parties (e.g.,
Internet service providers), including electronic mail and other computer information, and so on. However, the privacy

Volume 1, Issue 2, October 2012                                                                               Page 238
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

protections provided by ECPA for the wide range of Cloud Computing activities are putting applications themselves.
Thus, it is really difficult to apply this act in the Cloud Computing system era to protect users’ privacy.
    3.4.2 USA PATRIOT Act (UPA) [56]:
The USA PATRIOT Act, as originally enacted in 2001 and amended in 2005, includes provisions allowing the FBI to
access any business record. Although a court order is required, the FBI’s authority under the USA PATRIOT Act is
sufficient to extend to a record maintained by a Cloud provider, say Cloud users’ privacy can’t be protected. Some acts
are fail to protect the information to be disclosed to private parties.
    3.4.3 Health Insurance Portability and Accountability Act (HIPAA) [19]:
 The HIPAA health privacy rule imposes some limits on compelled disclosures. A legal demand by a private party to a
Cloud provider for disclosure of protected health information would lead the users’ privacy information to be disclosed.
    3.4.4 Fair Credit Reporting Act (FCRA) [20]:
 The FairCredit Reporting Act imposes limits on the use of credit reports by a user of credit report to a permissible
purpose. If a creditor stores a credit report with a Cloud provider, and a third party obtains the report from the Cloud
provider, the legal limit on use could be violated.
    3.4.5 Video Privacy Protection Act (VPPA) [21]:
 Video Privacy Protection Act limits some disclosures of customer data. If the Cloud provider’s terms of service allow
the provider to see, use, or disclose the information, the Cloud provider’s actions could result in a violation of the law.
    3.4.6 Gramm Leach Bliley Act (GLBA) [22]:
Gramm Leach Bliley Act restricts financial institutions from disclosing a consumer’s personal financial information to
a nonaffiliated third party. However, disclosure to a service provider is generally not restricted.
    3.4.7 Cable Communications Policy Act (CCPA) [23]:
Cable Communications Policy Act protects cable television subscriber records, but not directly prevent the use of a
Cloud provider. According to the acts illustrated above, they were used to protect privacy and fail to apply in the new
Cloud Computing service environment. Changes to these acts should be made to adapt the new Cloud Computing
environment.
  3.5 Other Common Security Threats
    3.5.1 Investigation
 Investigating an illegitimate activity may be impossible in cloud environments. Cloud services are especially hard to
investigate, because data for multiple customers may be co-located and may also be spread across multiple datacenters.
Users have little knowledge about the network topology of the underlying environment. Service provider may also
impose restrictions on the network security of the service users.
   3.5.2 Data Segregation
Data in the cloud is typically in a shared environment together with data from other customers. Encryption cannot be
assumed as the single solution for data segregation problems. In some situations, customers may not want to encrypt
data because there may be a case when encryption accident can destroy the data.
   3.5.3 Long-term Viability
Service providers must ensure the data safety in changing business situations such as mergers and acquisitions.
Customers must ensure data availability in these situations. Service provider must also make sure data security in
negative business conditions like prolonged outage etc.
   3.5.4 Compromised Servers
 In a cloud computing environment, users do not even have a choice of using physical acquisition toolkit. In a situation,
where a server is compromised; they need to shut their servers down until they get a previous backup of the data. This
will further cause availability concerns.
   3.5.5 Regulatory Compliance
 Traditional service providers are subjected to external audits and security certifications. If a cloud service provider does
not adhere to these security audits, then it leads to a obvious decrease in customer trust.
Recovery: Cloud service providers must ensure the data security in natural and man-made disasters. Generally, data is
replicated across multiple sites. However, in the case of any such unwanted event, provider must do a complete and
quick restoration.
   3.5.6 Security Issues in Virtualization
Full Virtualization and Para Virtualization [11,12] are two kinds of virtualization in a cloud computing paradigm. In
full virtualization, entire hardware architecture is replicated virtually. However, in para virtualization, an operating
system is modified so that it can be run concurrently with other operating systems. VMM Instance Isolation ensures that
different instances running on the same physical machine are isolated from each other. However, current VMMs do not
offer perfect isolation. Many bugs have been found in all popular VMMs that allow escaping from VM (Virtual
machine). Vulnerabilities have been found in all virtualization softwares, which can be exploited by malicious users to
bypass certain security restrictions or/and gain escalated privileges.
    3.5.7 Application Security


Volume 1, Issue 2, October 2012                                                                                  Page 239
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

Application software running on or being developed for cloud computing platforms presents different security
challenges. It is depending on the delivery model of that particular platform. Flexibility, openness and public
availability of cloud infrastructure are threats for application security. The existing vulnerabilities like Presence of trap
doors, overflow problems, poor quality code etc. are threats for various attacks. Multi-tenant environment of cloud
platforms, the lack of direct control over the environment, and access to data by the cloud platform vendor; are the key
issues for using a cloud application. Preserving integrity of applications being executed in remote machines is an open
problem.
    3.5.8 Identity Management
Identities are generated to access a cloud service by the cloud service provider. Each user uses his identity for accessing
a cloud service. Unauthorized access to cloud resources and applications is a major issue. A malicious entity can
impersonate a legitimate user and access a cloud service. Many such malicious entities acquire the cloud resources
leading to un-availability of a service for actual user. Also it may happen that the user crosses his boundary at the time
of service usage in the cloud environment. This could be in terms of access to protected area in memory.
Globally, 47% of those who are currently using a cloud computing service reported they have experienced a data
security lapse or issue with the cloud service their company is using within the last 12 months. India had the highest
incidence (67%), followed by Brazil (55%).
Incidence of data security lapse or issue increased from 43% in 2011 to 46% (excluding Brazil, which was not surveyed
in 2011) in 2012. India had the biggest increase of 12%, followed by Japan (7% increase) and Canada (6% increase).
Figure bellow illustrates this statics.




                       Figure 7: Data security lapse statics in different countries around the world[15]

    4. SECURITY COUNTERMEASURES IN CLOUD COMPUTING ENVIRONEMENT
There numerous ways in which cloud computing can expand on the issue of security. For example, QualysGuard is a
compilation of products that are used to discover network weaknesses. It is used by over 200 companies in Forbes
Global 2000, so it acquired significant acceptance in the marketplace. So beside all these threats, there are lots of
techniques to leverage the security to an acceptable level. This chapter focuses on these techniques
   4.1 GENERAL SECURITY COUNTERMEASURES
This section provides the research for general security issues in the cloud computing environment.
    4.1.1 Architecture security
Cloud computing security challenges can be handled practically by performing security assessment [24]. An
architecture ontology approach for secure cloud computing is defined by Kelvin Jackson [25]. The architecture of cloud
includes various security components like Access Management, Security API, Network Security and Storage Security.
These components embedded in the cloud architecture to provide secure cloud computing.
    4.1.2 Data Security
Pearson [26] discusses policies and assessment procedures for privacy enhancement methods and tools. Privacy in
terms of legal compliance and user trust, data leakage for sensitive data are provided. Ji Hu Klein [27] gave a
benchmark to secure data-in-transit in the cloud. Large scale search system for the purpose of Information exchange
between internet communities leads to formation of covert Channels [28]. An agent based security model to control
data from covert channel is presented. It may solve the problem of data leakage in the cloud environment. Descher et al
[29] discuss the privacy issue by retaining data control to user to increase confidence. Cloud computing attacks are
discussed and some provisions and means to overcome from the same are proposed.
    4.1.3 Protection from attacks at various levels


Volume 1, Issue 2, October 2012                                                                                  Page 240
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

Jensen et al [30] give the foundations of technical Security issues which consist of web service security using XML and
SOAP messages, and Transport Layer security using SSL. Arshad et al [31] propose a method to assure quality of
service for compute intensive workloads in term of security attack, encryption algorithm and authentication. An open
source resource manager Haizea is used to perform experimentations and giving an estimation to achieve security. VM
specific attack, backdoor protection, guest operating system integrity, etc., are considered as security requirements.
      4.1.4 Using Mirage Image Management System [32]
The security and integrity of VM images are the foundation for the overall security of the cloud since many of them are
designed to be shared by different and often unrelated users. This system addresses the issues related to secure
management of the virtual-machine images that encapsulate each application of the cloud. Mirage Image Management
System consists of 4 major components, named as Access Control, Image Transformation by Running Filters,
Provenance Tracking, and Image maintenance.
      4.1.5 Using Client Based Privacy Manager [33]
Client based privacy manager helps to reduce the risk of data leakage and loss of privacy of the sensitive data processed
in the cloud, and provides additional privacy related benefits. The main features of the privacy manager
are: Obfuscation, that automatically obfuscate some or all of the fields in a data structure before it is sent off.
   Preference Setting, a method for allowing users to set their preferences about the handling of personal data. Data
Access, a module that allows users to access personal information in the cloud, in order to see what is being held about
them, and to check its accuracy. Feedback. The Feedback module manages and displays feedback to the user
regarding usage of his personal information, Personae, that allows the user to choose between multiple personae
when interacting with cloud services
      4.1.6 Transparent Cloud Protection System (TCPS) [32]
TCPS is a protection system for clouds aimed at transparently monitoring the integrity of cloud components. TCPS is
intended to protect the integrity of guest Virtual Machines (VM) and of the distributed computing middleware by
allowing the host to monitor guest VMs and infrastructure components.
TCPS is a middleware whose core is located between the Kernel and the virtualization layer. By either actively or
passively monitoring key kernel or cloud components TCPS can detect any possible modification to kernel data and
code, thus guaranteeing that kernel and cloud middleware integrity has not been compromised and consequently no
attacker has made its way into the system.
In the previous chapter we spoke about some dangerous types of threats which are not specific to cloud environment,
but lunched vastly in cloud systems due to the characteristics of cloud systems and their generality at present. In this
part, countermeasures to these threats are presented:
  4.2 Countermeasures for Challenges Inherited From Network Concept
In the previous chapter we explained some dangerous types of threats which are not specific to cloud environment. In
this chapter we have cited the treats to these threats:
      4.2.1 SQL injection attacks
using filtering techniques to sanitize the user input etc. are used to check the SQL injection attacks. A proxy based
architecture towards preventing SQL Injection attacks which dynamically detects and extracts users’ inputs for
suspected SQL control sequences has been proposed in [35].
      4.2.2 Cross Site Scripting (XSS) attacks
Various techniques like: Active Content Filtering, Content Based Data Leakage Prevention Technology, Web
Application Vulnerability Detection Technology has already been proposed to prevent XSS attacks [36]. These
technologies adopt various methodologies to detect security flaws and fix them. A blueprint based approach that
minimizes the dependency on web browsers towards identifying untrusted content over the network has been proposed
in [37]
     4.2.3 Man in the Middle attacks (MITM).
A few of the important points like: evaluating software as a service security, separate endpoint and server security
processes, evaluating virtualization at the end-point have been done to tackle with tis kind of attack in cloud computing
[38]. in most of the cases, the security practices implemented (in the organization’s private network) apply to the
private cloud too. However, in case of a public cloud implementation, network topology might need to be changed in
order to implement the security features [39].
      4.2.4 DNS Attacks
Although using DNS security measures like: Domain Name System Security Extensions (DNSSEC) reduces the effects
of DNS threats but still there are cases when these security measures prove to be inadequate when the path between a
sender and a receiver gets rerouted through some malicious connection.
      4.2.5 Sniffer Attacks
 A malicious sniffing detection platform based on ARP (address resolution protocol) and RTT (round trip time) can be
used to detect a sniffing system running on a network [40].
     4.2.6. Security Concerns with the Hypervisor


Volume 1, Issue 2, October 2012                                                                              Page 241
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

If a hacker is able to get control over the hypervisor, he can make changes to any of the guest operating systems and get
control over all the data passing through the hypervisor [41]. Based on the understanding of how the various
components in the hypervisor architecture behave, an advanced cloud protections system can be developed by
monitoring the activities of the guest VMs (Virtual Machines) and inter-communication among the various
infrastructure components [42, 43].
     4.2.7 Denial of Service Attacks
Usage of an Intrusion Detection System (IDS) is the most popular method of defence against this type of attacks [44]. A
defence federation is used in [45] for guarding against such attacks. Each cloud is loaded with separate IDS. The
different intrusion detection systems work on the basis of information exchange. In case a specific cloud is under attack,
the cooperative IDS alerts the whole system. A decision on trustworthiness of a cloud is taken by voting, and the overall
system performance is not hampered
     4.2.8 Cookie Poisoning
This can be avoided either by performing regular cookie cleanup or implementing an encryption scheme for the cookie
data. This can be achieved by the scheme introduced in [36]. The introduced scheme seem to act reasonably in
confronting cookie poisoning attack.
     4.2.9 Distributed Denial of Service Attacks
 [46] has proposed a swarm based logic for guarding against the DDoS attack. The use of IDS in the virtual machine is
proposed in [47] to protect the cloud from DDoS attacks. A SNORT like intrusion detection mechanism is loaded onto
the virtual machine for sniffing all traffics, either incoming, or outgoing. Another method commonly used to guard
against DDoS is to have intrusion detection systems on all the physical machines which contain the user’s virtual
machines [48]. This scheme had been shown to perform reasonably well in a Eucalyptus [49] cloud.
     4.2.10 CAPTCHA Breaking
Integration of multiple authentication techniques along with CAPTCHA identification (as adopted by companies like
Facebook, Google etc.) may be a suitable option against CAPTCHA breaking. Various techniques such as:
implementing letter overlap, variable fonts of the letters used to design a CAPTCHA, increasing the string length and
using a perturbative background can be used to avoid CAPTCHA breaking [50]. Single frame zero knowledge
CAPTCHA design principles have been proposed, which will be able to resist any attack method of static optical
character recognition (OCR).
    4.2.11 Google Hacking
In order to avoid these threats, application security should be assessed at the various levels of the three service delivery
models in cloud: IaaS, PaaS and SaaS. In case of an IaaS delivery model, cloud providers are mostly not concerned
with the security policies applied by the customer and the application’s management. The following points should be
taken care of while designing the application:
   Standard security measures must be implemented to safeguard against the common vulnerabilities associated with the
web.
   Custom implementation of authorization and authentication schemes should not be implemented unless they are
tested properly.
   Back up policies such as Continuous Data Protection (CDP) should be implemented in order to avoid issues with data
recovery in case of a sudden attack [51].
    4.3 Countermeasures for CAS proposed threats
There are also some threats, stated by Cloud Security Alliance, which were explained in the previous chapter. There are
some countermeasures to confront these threats. These countermeasures are as follow [13]:
     4.3.1 Confronting Abuse and Nefarious Use of Cloud Computing
To confront this threat, one should Strict initial registration and validation processes. Another effective measure is
toEnhanced credit card fraud monitoring and coordination, andComprehensive introspection of customer network
traffic. Another useful step to take is toMonitor public blacklists for one’s own network blocks.
     4.3.2 Confronting Insecure Application Programming Interfaces
To confront this threat, one should analyze the security model of cloud provider interfaces. Another effective measure is
toEnsure strong authentication and access controls are implemented in concert with encrypted transmission,
andUnderstand the dependency chain associated with the API.
     4.3.3 Confronting Malicious Insiders.
To confront this threat, one should Enforce strict supply chain management and conduct a comprehensive supplier
assessment. Another effective measure is toSpecify human resource requirements as part of legal contracts, andRequire
transparency into overall information security and management practices, as well as compliance reporting. Another
useful step to take is toDetermine security breach notification processes.
      4.3.4 Confronting Shared Technology Vulnerabilities
To confront this threat, one should implement security best practices for installation/configuration. Another effective
measure is to monitor environment for unauthorized changes/activity, andPromote strong authentication and access


Volume 1, Issue 2, October 2012                                                                                 Page 242
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847

control for administrative access and operations. Other useful steps to take are toEnforce service level agreements for
patching and vulnerability remediation, and to Conduct vulnerability scanning and configuration audits.
    4.3.5 Confronting Data Loss/Leakage
To confront this threat, one should implement strong API access control. Another effective measure is toEncrypt and
protects integrity of data in transit, andAnalyze data protection at both design and run time. Other good steps to take
are toImplement strong key generation, storage and management, and destruction practices, andContractually demand
providers to wipe persistent media before it is released into the pool. The manager can also contractually specify
provider backup and retention strategies.
   4.3.6 Confronting Account, Service & Traffic Hijacking.
To confront this threat, one should prohibit the sharing of account credentials between users and services. Another
effective measure is toLeverage strong two-factor authentication techniques where possible, andEmploy proactive
monitoring to detect unauthorized activity. Another useful step to take is toUnderstand cloud provider security policies
and SLAs.
In the real word, cloud service providers tend to make use of procedure more that other methods of providing security.
This may be because of the fact that some methods are more possible for them to be applied rather that the other ones,
due to the economic issues, their inaccessibility to certain tools, or other problems. Table below shows mostly used
methods by cloud service providers of the moment.


                             Table 4: Prefered measures by Service Prividers for the moment

                   Security Issue                                            Results

                                             90% are using standard methods like other common services, while
          Password Recovery
                                             10% are using sophisticated techniques.

                                             40% are using standard SSL encryption, while 20% are using
          Encryption Mechanism               encryption mechanism but at an extra cost. 40% are using advance
                                             methods like HTTPS access also.

                                             70% have their datacenters located in more than one country, while
          Data Location
                                             10% are located at a single location. 20% are not open about this issue.

                                             In 40% there is a reported downtime alongwith a result
          Availability History
                                             in data loss, while in 60% cases data availability is good

          Proprietary/Open                   Only 10% providers have open mechanism.

                                             70% are providing extra monitoring services, while 10% are using
          Monitoring Services
                                             automatic techniques. 20 % are not open about this issue.


    5. CONCLUSION
Security concerns are an active area of research and experimentation. Lots of research is going on to address the issues
like network security, data protection, virtualization and isolation of resources. Addressing these issues requires getting
confidence from user for cloud applications and services. Obtaining user confidence can be achieved by creating trust
for cloud resource and applications, which is a crucial issue in cloud computing. Trust management is attracting much
attention. Providing secure access to cloud by trusted cloud computing and by using service level agreements, made
between the cloud provider and user; requires lots of trust and reputation management. We will be focusing on the
analysis of solution in the cloud computing environment. Also lots of our survey based in the field of trust and trust
management. In this article we gave a telling overview of security threats of cloud computing. We have also provided
the reader with some effective countermeasures, beside introducing main elements of security in cloud computing.

REFRENCES
  [1] Nuno Santos Krishna P. Gummadi Rodrigo Rodrigues, “Towards Trusted Cloud Computing”, Conference on Hot Topics in
    Cloud Computing 2009, pages 1-5, USA.
  [2] Hyukho Kim, Hana Lee, Woongsup Kim, Yangwoo Kim, “A Trust Evaluation Model for QoS Guarantee in Cloud Systems”,
    International Journal of Grid and Distributed Computing, March, 2010.
  [3] Zhimin Yang at el, “A Collaborative Trust Model of Firewall-through based on Cloud Computing”, 14th International
    Conference on Computer Supported Cooperative Work in Design, 2010, China.


Volume 1, Issue 2, October 2012                                                                                     Page 243
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847
 [4] Mahbub Ahmed, “Above the Trust and Security in Cloud Computing: A Notion towards Innovation”, IEEE/IFIP International
    Conference on Embedded and Ubiquitous Computing, 2010, Australia.
 [5] Siani Pearson. Taking Account of Privacy when Designing Cloud Computing Services. CLOUD '09: Proceedings of the 2009
    ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages 44-52. May 2009
 [6] S. Ghemawat, H. Gobioff, and S. Leung, “The Google file system,” in Proceedings of the 19th Symposium on Operating
    Systems Principles (OSDI’2003), 2003, pp. 29–43.
 [7] Tian Li at el, “Evaluation of User Behavior Trust in Cloud Computing”, International Conference on Computer
 [8] R. Burnside, “Electronic Communications Privacy Act of 1986: The Challenge of Applying Ambiguous Statutory Language to
    Intricate Telecommunication Technologies, The,” Rutgers Computer & Tech. LJ, vol. 13, p. 451, 1987.
 [9] Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David
    Patterson, Ariel Rabkin, Ion Stoica, Matei Zaharia. A view of cloud computing. Communications of the ACM , Volume 53 Issue
    4, pages 50-58. April 2010.
 [10] Tim Mather, Subra Kumaraswamy, Shahed Latif Cloud Security and Privacy : An Enterprise perspective of Risks and
    Compliance, O'Reilly Media, Inc., 2009
 [11] Jansen, W.A.; (2010), “ Cloud Hooks: Security and Privacy Issues in Cloud Computing5719001 IEEE 2011 44th Hawaii
    International Conference on System Sciences (HICSS), pp1, 4-7 Jan. 2011.
 [12] Tian L.Q; NI Y,LING; (2010) , “Evolution of user Behavior Trust in Cloud Computing”, 2010 International Conference on
    Computer Application and System Modeling (ICCASM 2010),Vol. 7,pp V7-567, 22-24 Oct. 2010.
 [13] Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava. Secure and Efficient Access to Outsourced Data. CCSW '09:
    Proceedings of the 2009 ACM workshop on Cloud computing security, pages 55-65. November 2009
 [14] P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, “Cross-Site Scripting Prevention with Dynamic
    Data Tainting and Static Analysis”, Proceedings of the Network and Distributed System
 [15] Char Sample, Senior Scientist, BBN Technologies, Diana Kelley, Partner, Security Curve, “Cloud computing security:
    Routing and DNS security threats
  [16] Shengmei Luo, Zhaoji Lin, Xiaohua Chen, Zhuolin Yang, Jianyong Chen, “Virtualization security for cloud computing
    services”, Int. Conf on Cloud and Service Computing, pp. 174-179, Dec, 2011.
 [17] Albert B Jeng, Chien Chen Tseng, Der-Feng Tseng, Jiunn-Chin Wang, “A Study of CAPTCHA and its Application to User
    Authentication”, Proc. Of 2nd Intl. Conference on Computational Collective Intelligence: Technologies and Applications, 2010.
 [18] S. Dwyer III, A. Weaver, and K. Hughes, “Health Insurance Portability and Accountability Act,” Security Issues in the
    Digital Medical Enterprise.
 [19] Zhong Dong, Zhu Yian, Lei Wanbao, Gu Jianhua, Wang Yunlan, “Multilevel Trust Management Framework for Pervasive
    Computing”, Third International Conference on Knowledge Discovery and Data Mining, 2010, pages 159-62, China.
 [20] Pho Duc Giang, Le Xuan Hung, Riaz Ahmed Shaikh, Yonil Zhung, Sungyoung Lee, Young-Koo Lee and Heejo Lee, “A
    Trust-Based Approach to Control Privacy Exposure in Ubiquitous Computing Environments”, IEEE International Conference
    on Pervasive Services, July 2007, pages 149 – 152, Korea.
 [21] Huafei Zhu, Feng Bao, “Computing Trust in a Complex Environment”, 18th Annual IEEE International Symposium on
    Personal, Indoor and Mobile Radio Communications, 2007. Pages 1-5, Singapore.
 [22] Pearson, S.; (2009), “Taking account of privacy when designing cloud computing services”,5071532 searchabstract CLOUD
    '09. ICSE Workshop on Software Engineering Challenges of Cloud Computing, 2009. pp 44, 23-23 May 2009.
 [23] Kresimir P; Zeljko H; (2010), “Cloud computing security issues and challenges”, MIPRO 2010, May 24-28, 2010, Opatija,
    Croatia.
 [24] Mieso K. Denko and Tao Sun,” Probabilistic Trust Management in Pervasive Computing”, IEEE/IFIP International
    Conference on Embedded and Ubiquitous Computing, 2008,page 610-15, Canada.
  [25]       Kevin      Jackson,      “Secure      Cloud       Computing:        An      Architecture    Ontology      Approach”
    http://sunset.usc.edu/gsaw/gsaw2009/s12b/jackson.pdf, DataLine, 2009.
 [26] Pearson, S. “Taking account of privacy when designing cloud computing services” Software Engineering Challenges of Cloud
    Computing, 2009, pages, 44 – 52, Vancouver, BC.
 [27] Ji Hu Klein, “A Benchmark of transparent data encryption for migration of web application in cloud”, Eighth IEEE
    International Conference on Dependable, Autonomic and Secure Computing, 2009, pages 735 – 740, Chengdu.
 [28] Tetsuya, M. Kazuhiro, S. Hirotsugu, K. “A system for search, access restrictions and agents in the Clouds”, Ninth Annual
    International Symposium on Applications and the Internet Cloud, 2009. Pages 201-204, Japan.
 [29] Descher, M. Masser, P. Feilhauer, T. Tjoa, A.M. Huemer, D., “Retaining data control to the Client in Infrastructure Cloud”,
    International Conference on Availability, Reliability and Security, 2009, pages 9-16, Dornbirn.
 [30] Jensen, M. Schwenk, J. Gruschka, N. Iacono, “On technical security issues in Cloud” IEEE International Conference on
    Cloud Computing, 2009, pages 109-16, Germany.
 [31] Arshad, J. Townend, P. Jie Xu , “Quantification of Security for compute Intensive Workloads in Clouds”, 15th International
    Conference on Parallel and Distributed Systems, School of Computation, pages 478-486, Dec. 2009, UK.
 [32] Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, Peng Ning. Managing security of virtual machine images in a
    cloud environment. CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security pages 91-96. November
    2009.
 [33] Miranda Mowbray, Siani Pearson. A Client-Based Privacy Manager for Cloud Computing. COMSWARE '09: Proceedings of
    the Fourth International ICST Conference on COMmunication System. June 2009
 [34] Flavio Lombardi, Roberto Di Pietro. Transparent Security for Cloud. SAC '10: Proceedings of the 2010 ACM Symposium on
    Applied Computing, pages 414-415. March 2010.


Volume 1, Issue 2, October 2012                                                                                     Page 244
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
       Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 1, Issue 2, October 2012                                         ISSN 2319 - 4847
 [35] A. Liu, Y. Yuan, A Stavrou, “SQLProb: A Proxybased Architecture towards Preventing SQL Injection Attacks”, SAC March
    8-12, 2009
 [36] D. Gollmann, “Securing Web Applications”, Information Security Technical Report, vol. 13, issue. 1, 2008
 [37] Ter Louw, M; Venkatakrishnan, V. N.; “BluePrint: Robust Prevention of Cross-Site scripting attacks for existing
 browsers”, 30th IEEE Symposium on Security and Privacy, pp. 331-346, May, 2009.
 [38] Eric Ogren, “Whitelists SaaS modify traditional security, tackle flaws”, Sep. 17, 2009. [Eric Ogren is the founder and
    principal security analyst at Ogren Group]
 [39] Gurdev Singh, Amit Sharma, Manpreet Singh Lehal, “Security Apprehensions in Different Regions of Cloud Captious
    Grounds”, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.4, July 2011.
 [40] Zouheir Trabelsi, Hamza Rahmani, Kamel Kaouech, Mounir Frikha, “Malicious Sniffing System Detection Platform”,
    Proceedings of the 2004 International Symposium on Applications and the Internet (SAINT'04), pp. 201-207, 2004
 [41] Jenni Susan Reuben, “A Survey on Virtual Machine Security”, Seminar of Network Security, Helsinki University of
    Technology, 2007.
 [42] Flavio Lombardi, Roberto Di Pietro, “Secure Virtualization for Cloud Computing”, Journal of Network and Computer
    Applications, vol. 34, issue 4, pp. 1113- 1122, July 2011, Academic Press Ltd. London, UK.
 [43] Hanqian Wu, Yi Ding, Winer, C., Li Yao, “Network Security for Virtual Machines in Cloud Computing”, 5th Int’l
    Conference on Computer Sciences and Convergence Information Technology, pp. 18-21, Seoul, Nov. 30-Dec. 2, 2010
 [44] K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, “Intrusion detection techniques for Grid and Cloud Computing
    Environment”, IT Professional, IEEE Computer Society, vol. 12, issue 4, pp. 38-43, 2010.
 [45] Ruiping Lua and Kin Choong Yow, “Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network”,
    IEEE Network, vol. 25, no. 4, pp. 28-33, July-August, 2011.
 [46] R. Gellman, “Privacy in the Clouds:Risks to Privacy and Confidentiality from Cloud Computing,” 2009.
 [47] Aman Bakshi, Yogesh B. Dujodwala, “Securing cloud from DDoS Attacks using Intrusion Detection System in Virtual
    Machine”, ICCSN ’10 Proceeding of the 2010 Second International Conference on Communication Software and networks, pp.
    260-264,2010
 [48] Claudio Mazzariello, Roberto Bifulco and Roberto Canonico, “Integrating a Network IDS into an Open Source Cloud
    Computing Environment”, Sixth International Conference on Information Assurance and Security, USA, pp. 265-270, Aug. 23-
    25, 2010.
 [49] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, and D. Zagorodnov, “The Eucalyptus open-source
    cloud-computing system”, in Proceedings of the 9th IEEE/ACM International Symposium on Cluster Computing and the Grid
    (CCGRID ’09), pp. 124–131, 2009
  [50] John E. Dunn, “Spammers break Hotmail’s CAPTCHA yet again”, Tech-world, Feb. 16, 2009. Ruiping Lua and Kin
    Choong Yow, “Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network”, IEEE Network, vol. 25,
    no. 4, pp. 28-33, July-August, 2011.
 [52] Minqi Z; Rong Z; Wei X; Weining Q; Aoying Z; (2010),“Security and Privacy in Cloud Computing: A Survey”, Sixth
    international conference on Semantics Knowledge and Grid (SKG), pp 105, 1-3 Nov. 2010.
 [53] Popovic K; Hocenski Z; (2010), “Cloud computing security issues and challenge”, 5533317searchabstractMIPRO, 2010
    Proceedings of the 33rd International Convention , pp 344,24-28 May 2010.
 [55] Jensen, M.; Schwenk, J.; Gruschka, N.; Iacono, L.L.; (2010), “On Technical Security Issues in Cloud Computing”, IEEE
    International Conference on Cloud Computing, 2009.
 [54] John E. Dunn, “Spammers break Hotmail’s CAPTCHA yet again”, Tech-world, Feb. 16, 2009.
 [56] Jianfeng Y; Zhibin C; (2010), “Cloud Computing Research and Security Issues”, IEEE 2010 International Conference on
    Computational Intelligence and Software Engineering (CiSE), pp1, 10-12 Dec 2010.
AUTHOR

                        Seyed Reza Taghizadeh has received his bachelor degree in software engineering in 2008,
                        and his master degree in information technology in 2011. His fields of interest are network
                        security, routing algorithm of networks, and wireless sensor networks. He has taught different
                        courses of network such as Network security, computer networks, and network lab. He has also
                        published lots of research papers in the fields of network routing and network security.



                          Vahid AshkTorab is a M.Sc. student in Computer Engineering at Islamic Azad University of
                         Iran Najafabad Branch. He received his B.Sc. degree in Computer Science from Islamic Azad
                         University of shiraz , Iran, in 2007. His research interests Cloud Computing and Distributed
                         Systems




Volume 1, Issue 2, October 2012                                                                                    Page 245

				
DOCUMENT INFO
Shared By:
Stats:
views:158
posted:11/21/2012
language:
pages:12
Description: International Journal of Application or Innovation in Engineering & Management (IJAIEM),Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com