A SEMINAR

REPORT

ON
“SECURITY ISSUES IN CLOUD COMPUTING”

Submitted by
ATHARV JOSHI

UNDER THE GUIDANCE OF

Pallavi Shimpi

Towards the partial fulfillment of Third Year Under Graduate Course in Computer
Engineering
of
SAVITRIBAI PHULE UNIVERSITY OF PUNE
In the academic year 2021-22

DEPARTMENT OF COMPUTER ENGINEERING,

Dr. D. Y. Patil Educational Enterprises Charitable Trust’s
Dr. D. Y. Patil School of Engineering
Dr.D. Y. Patil Knowledge City, Charholi (Bk), Lohegaon, Pune - 412 105

Affiliated to
SAVITRIBAI PHULE UNIVERSITY OF PUNE (2020-201)
 DEPARTMENT OF COMPUTER ENGINEERING,
Dr. D. Y. Patil Educational Enterprises Charitable Trust’s
Dr. D. Y. Patil School of Engineering
Dr. D. Y. Patil Knowledge City, Charholi (Bk), Lohgaon, Pune - 412 105

CERTIFICATE
This is to certify that Seminar Report
On

“SECURITY ISSUES IN CLOUD COMPUTING”

Submitted by
Exam seat no: T150884248 ATHARV JOSHI

Towards the partial fulfillment of Third Year Under Graduate Course in

Computer Engineering
Of

SAVITRIBAI PHULE UNIVERSITY OF PUNE

In the academic year 2021-22

Dr. Sunil Rathod Dr. Pankaj Agarkar

Seminar Guide HOD

Dr. Ashok Kasnale

Principal
 AKNOWLEDGEMENT
It gives me a great pleasure and immense satisfaction to present this special topic Semina
report on “Machine learning based image classification”
which is the result of unwavering support, expert guidance and focused direction of my guide
Pallavi Shimpi to whom I express my deep sense of gratitude and humble thanks, for his
valuable guidance throughout the presentation work. The success of this Seminar-I has
throughout depended upon an exact blend of hard work and unending co-operation and
guidance, extended to me by the superiors at our college.

Furthermore, I am indebted to Dr. Pankaj Agarkar, HOD Computer and

Dr. Ashok Kasnale, Principal whose constant encouragement and motivation inspired me to
do my best.

Last but not the least I sincerely thanks to my colleagues, the staff and all others who directly
or indirectly helped us and made numerous suggestions which have surely improved the
quality of my work.

Atharv Joshi
(T.E. Computer Engineering)
 INDEX
PAGE
NO. CHAPTER NAME NO.
ABSTRACT 1
1 INTRODUCTION 2
1.1CLOUD COMPUTING BACKGROUND 2
1.2 CLOUD COMPUTING MODELS 3
2 CLOUD COMPUTING: A MASSIVE 3-4
COLLECTION OF RESOURCES
CLOUD COMPUTING:WHY SHOULD WE USE IT 4
3 LOSS OF CONTROL IN THE CLOUD 5

4 LACK OF TRUST ISSUE IN CLOUD 5-6

5 MULTITENDENCY ISSUE IN CLOUD 6

.
6 OTHER CLOUD SECURITY ISSUES 6-7

6.1 REDUCE CONTROL LOSS:CAUTION 8

6.2 REDUCE CONTROL LOSS: ACCESS CONTROL 10

6.3.REDUCE AMOUNT OF RENT IN CLOUD 11

7 FINAL THOUGHTS 12
8 CONCLUSION 13

9 REFRENNCES 14

-
Abstract

Cloud computing is an online computer-based building architecture

where demand and pay per access to a pool of shared resources
namely networks, storage, servers, services and applications, without
physical access. It therefore saves to manage the costs and time of
organizations. General data is stored in Relational Databases on one
or more servers within the organization and clients need to request
data from these server devices. This paper provides a detailed study of
the IAAS and its components. We present how security in the IAAS
line requires careful management as delivery models- Platform as a
Service and Software as a service built on the IAAS layer. We focus
on the fact that IAAS security issues - data protection and usage
monitoring, end-to-end login and reporting, robust infrastructure and
end-encryption need to be addressed.
Introduction
• Introduce cloud issues / features that create interesting security
issues.
• Identify a few security issues within this
Frame
• Suggest some ways to deal with these problems
- First ideas to think about

Cloud Computing Background

• Features
- Use of online-based services to support business process
- Hire IT-services on a Government-like basis

• Qualities
- Quick delivery
- Low start-up costs / large fees
- Costs based on usage or registration
- Multi-employer sharing of resources / resources

• Key features
- On demand self-service
- Universal network access
- Location collection of private resources
- Quick stretch
- Rated service

• “Cloud computing integrates existing strategies and

technologies, embedded in a new paradigm that provides
improved development, flexibility, business speed, faster startup
time, reduced administrative costs, and timely access to
resources”
Cloud Models

• Delivery Models
– SaaS
– PaaS
– IaaS
• Deployment Models
– Private cloud
– Community cloud
– Public cloud
– Hybrid cloud
• We propose one more Model: Management Models
(trust and tenancy issues)
– Self-managed
– 3rd party managed (e.g. public clouds and VPC)

Cloud Computing: A Massive Concentration of

Resources

• Also a massive concentration of risk

– expected loss from a single breach can be significantly larger

– concentration of “users” represents a concentration of threats

• “Ultimately, you can outsource responsibility but you can’t
outsource accountability.”

Cloud Computing: who should use it?

• Cloud computing makes perfect sense if your security is weak, with
no features, or below measure.
Finally if
- cloud provider security people are "better" than
yours (and at least successfully connected),
- Web service links do not present too many new ones
to be in danger, once
- cloud provider aims to at least as high as you, e
security objectives,
then cloud computing has better protection.

• Many security issues arise:

- Loss of control

- Despair (methods)

- Multiple employment

• These problems exist mainly in the third group

management models

- Autonomous clouds still have security issues, but they are related to
the above

Loss of Control in the Cloud

• Loss of customer control

- Data, applications, resources are available from the provider

- User ID management is cloud-based

- User access control rules, security policies and

enforcement is handled by the cloud provider

- Buyer relies on provider to guarantee

• Data security and privacy

• Availability of resources

• Monitoring and maintenance of equipment / resources

Lack of Trust in the Cloud

• Slight deviation from speech
- (But related)
- Trusting a third party requires risking it
• Definition of hope and risk
- Parties against the same coin (J. Camp)
- People rely only on payments (Economist opinion)
- The need for hope arises only in dangerous situations
• Ineffective third party management systems
- It is difficult to balance trust and risk
- e.g. Escrow key (Clipper chip)
- Is the cloud straight in the same direction?

Multi-tenancy Issues in the Cloud

• Conflict between employers' opposing intentions

- Employers share many resources and have conflicting

intentions

• How does the use of multiple sites deal with conflict of

interest?

- Can employers get along and ‘play well’?

- If they can't, can we separate them?

• How can you provide for diversity among employers?

Cloud security issues

• In theory, reducing any issues can help:

- Loss of Control
• Take back control
- Data and applications may still need to be in the cloud
- Contracts (incentives): the topic of future speech
- Multiple employment
• Private cloud
- Removes the reasons for using the cloud from the beginning
• VPC: still not a separate program
• Strong separation
Reduce Lack of Confidence: Language of Policy

• Consumers have certain safety requirements but cannot say how they
are treated
- What does the provider do for me?
- Currently consumers are not able to ask for their needs from a
provider (SLAs on one side)
• Ordinary language to convey human policies and expectations
- Agreed and maintained by both parties
- General language for SLAs
- Can be used in the cloud environment to detect high security
durability

• Certificates

- Another reliable, independent test method that can be compared with

the description of security features and warranty
- Sarbanes-Oxley, DIACAP, DISTCAP, etc. (if any
enough cloud environment?)
• Risk assessment
- Performed by certified third parties
- Provides buyers with extra assurance
Reduce Cloud Loss

• Monitoring
• Utilizing different clouds
• Access control management

Reduce Control Loss: Caution

• Cloud buyer needs status awareness of critical applications

- When sub-components fail, what is the effect of mechanical
failure
the idea
- What rescue methods can be taken (by provider and buyer)
• Requires a timely monitoring and management tool for the
client application
- Cloud buyer and cloud provider have different system ideas
- Enable both provider and employers to monitor cloud content
under their control
- Provide ways that allow the provider to deal with attacks that
he or she cannot deal with.
• infrastructure reconstruction (create new or relocate existing
error sites)
• closing off parts or stones (and assisting employers with entry
if necessary
• Repairs
- Provide ways that allow the consumer to do something about
the attacks he or she may be making
handle (monitoring application rate).

RAdAC (Risk Access)

• VM installation with remote proof of target body host
• Enable the transfer of the user application to another cloud
Reduce Control Loss: Use Different Clouds

• The concept of ‘Don’t put all your eggs in one basket’

- Consumer can use services from different clouds by using
intra-cloud or multi-cloud construction
- Suggest multi-cloud or cloud-based construction where
customers
• Spread the risk
Increase inactivity (per activity or per program)
• Increase the chances of the completion of critical application
equipment
- Possible issues to consider:
• Policy inconsistencies (combined, what is the broader policy?)
• Dependence of data between clouds
• Data semantics are different in the cloud
• Knowing when to use the retrenchment feature (monitoring
technology)
Reduce Control Loss: Access Control

• Multiple access control layers

- Eg. cloud access, server access, service access, domain access
(direct
and questions about web services), access to VMs, and access to VM
content
- Depending on the supply model used, some of them will be
controlled by the supplier and some by the consumer
• Regardless of the download model, the provider needs to manage
processes to verify and use user access (in the cloud)
- Established Ownership Management: the responsibility for access
control remains with the provider
- Requires the user to place a large amount of trust in the provider on
security, management, and compliance with access control policies.
This can be a burden when many users from different organizations
with different access control policies, get involved
Reduce the amount of rent in the cloud

• Can’t really force the provider to accept less

tenants
– Can try to increase isolation between tenants
• Strong isolation techniques (VPC to some degree)
– C.f. VM Side channel attacks
(T. Ristenpart et al.)
• QoS requirements need to be met
• Policy specification
– Can try to increase trust in the tenants
 • Who’s the insider, where’s the security boundary? Who
can I
trust?
• Use SLAs to enforce trusted behavior

Final Thoughts: Security of Hosting

• Are space management part of the cloud infrastructure?

- Without security cycle
- While cloud buyers are concerned about security on the cloud
provider site, it is easily possible
they forget to harden their equipment
• Lack of security of local devices can
- Provide a way for malicious services in the cloud to attack local
networks with these storage resources
- Relaxing the cloud and its resources for other users
• With mobile devices, the threat may be even greater
- Users have misplaced or stolen the device
- Security measures for handheld gadgets are often insufficient
compared to, desktop computer
Conclusion
Cloud computing is sometimes considered reincarnation
for the classic mainframe client-server model
- However, resources are ubiquitous, awesome, highly efficient
- Contains all traditional threats, as well as new ones

• Developing computer security solutions can help identify problems

and methods in terms of
- Loss of control
- Despair
- Multiple employment issues
Refrences
1. NIST (Authors: P. Mell and T. Grance), "The NIST
Definition of Cloud Computing (ver. 15)," National
Institute of Standards and Technology, Information
Technology Laboratory (October 7
2009).
2. J. McDermott, (2009) "Security Requirements for
Virtualization in Cloud Computing," presented at the
ACSAC Cloud Security Workshop, Honolulu, Hawaii, USA,
2009.