Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

A Comprehensive Review on Trust Issues,

Security and Privacy Issues in Cloud Storage
K.Suresha P.Vijayakarthick
Department of Computer Science and Engineering Department of Information Science and Engineering
D R R Government Polytechnic Sir M Visveswaraya Institute of Technology
Davanagere, Karnataka, India-577004 Bangalore, Karnataka, India

Abstract:- Now a days everywhere talking about cloud I. INTRODUCTION

computing paradigm and if you look at business
enterprises there are lot of initiatives to put everything Cloud computing has been characterized as “A Model
on a cloud computing . Most of the IT industries are for enabling Convenient, On-demand Network access to a
insisting to adopt cloud computing in their business Shared pool of Configurable Computing resources (e.g.,
operations. A Cloud Computing is a one infrastructure Networks, Servers, Storage, Applications, and Services) that
which can cater to the need of many people and it can do can be Rapidly Provisioned and Released with Minimal
different varieties of services and functionalities such as management effort or Service Provider Interaction” [61].
,it can store for you, it can compute for you, importantly Cloud computing should be seen as a digital computing
it can scale for your need, so cloud computing means a paradigm with implications for greater flexibility and lower
provision of infrastructure which is scalable and it can cost availability. And of this, cloud computing has attracted a
do different varieties of services. A major challenge lot of coverage lately. Cloud computing services benefit from
today in providing cloud computing is data security, economies of scale gained by efficient utilization of
access control and privacy of users data, so first we need infrastructure, specialization and other productivity.
to identify what are the security issues, security threats However, the evolution of distributed computation is only in
and security vulnerabilities present in cloud computing its infancy. Today , the term itself is still used for a variety of
,after identifying and analyzing all these issues we have meanings and interpretations[33]. Three widely cited service
to propose a solution model which will provide data models have been built [58, 78, 85] Software-as-a-Service
security ,access control and data privacy in cloud (SaaS) facilitates a software implementation platform in
computing. Information security is one of the significant which one or more programmes and computer resources are
imperatives for re-appropriated information in a provided for use on demand as a turnkey service. This will
distributed storage condition. reduce the total costs of hardware and software development,
repair and service. Platform-as-a-Service (PaaS) facilitates a
This paper addresses key concerns that are presumed to software implementation paradigm in which the
have long haul pertinence to distributed computing programming platform is distributed as an on-demand service
security and protection on the basis of established where applications can be developed and implemented. It
concerns and vulnerabilities. The main aim of this paper will reduce the cost and complexity of buying, housing, and
is to highlight key security , privacy and trust concerns managing the hardware and software components of the
in current cloud computing environments and to help network.
users understand the tangible and intangible risks
associated with their use, including those associated with Infrastructure-as-a-Service (IaaS) promotes a software
cloud computing. (a)Survey the most important delivery paradigm in which the core computing infrastructure
protection, security and trust gives that present dangers of servers, applications and network equipment is provided as
to current distributed computing conditions and (b) an on-demand service on which application development and
Analyze how these possible risks to privacy , security and execution mechanisms can be based. It may be used to avoid
confidence can be handled and provide a high level of common hardware and software infrastructure components
security, confidence and reliability in the cloud from being purchased, stored and controlled.
computing world. In the near future, we will further
examine and evaluate privacy, protection and trust Cloud computing should be entirely used as a private
problems in the cloud computing environment through a platform in a corporate computing environment. However, it
quantifiable methodology, further build and deploy should be apparent from the service models that the key
comprehensive security, privacy trust assessment, thrust of cloud computing is to provide the external party
management system for truly cloud computing with the means to outsource aspects of the setting. And for
environments. the outsourcing of information technology resources, there is
anxiety about the implications for data security and privacy;
Keywords:- Access Control, Trust Issues, Security Threats, In fact, the transfer of sensitive programmes or data from the
Vulnerabilities, Multitenancy, Virtualization. company's computer center to another organization’s
computer center. While cost savings are the primary

IJISRT20SEP705 www.ijisrt.com 1244

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
justification for converting to a cloud provider, there should availability issues Finally , in Section VI, conclusions and
be no savings in terms of protection or privacy. In the end , guidance for future work are given.
the organization is responsible for the overall state of the
outsourced operation. Monitoring and resolution of security II. DATA SECURITY ISSUES
and privacy problems remain the responsibility of the
company; as do other important issues, such as performance, Data security is used as a composite term, including 'a
availability, and recovery. mixture of privacy, the prevention of unauthorized exposure
of information, integrity of information, the prevention of
Cloud computing, a long-standing "computing as a unauthorized alteration or deletion of information, and the
service" idea, has opened a new era in future computing, prevention of unauthorized withholding of information'[13].
transformed a large part of the IT market, reshaped the Data protection is the lack of unwanted access to, or
buying and use of IT software and hardware, and drawn handling of, the state of the system. The main dimensions of
substantial interest from global and local IT participants, security are efficiency, secrecy and integrity. One of the
national governments and international agencies[1,3,4].Cloud biggest challenges to opening the new era of the long-
computing is a large- Cloud computing is a wide scale dreamed view of computers as a service is security.
distributed computing paradigm powered by economies of
scale in which a pool of abstracted, virtualized, seamlessly Cloud computing security issues can be categorized
elastic, highly available, configurable and reconfigurable into six sub-categories [5,6,7,11,14], including: (a) how to
computing services can be quickly generated and published provide cloud service access or tracking protection
with limited management effort in data centers. Services are measures, (b) how to keep all entities and confidential
delivered on demand via high-speed Internet to external information secret, (b) how to keep data private, (c) how to
customers with a "X as a Service (XasS)" machine deter malicious insiders from illegal actions due to the
architecture divided into three segments: "applications”, general lack of transparency in the provider system (d) how
“platforms" and "infrastructure." The objective[3][4] is to to prevent hijacking of networks, where phishing, malware
provide consumers with more flexible installations, more and harassment are well-known IT issues, (e) how to
extensible software for computing , storage and networks in a manage multi-instances in multi-tenancy network
straightforward manner. Similarly, it is no longer sufficient environments that assume that all instances are completely
for IT businesses with creative concepts for new application separated from each other. However, this principle will also
technologies to make substantial capital outlays in hardware break down, allowing attackers to cross virtual machines'
and technological infrastructure. side channels, circumvent the sandboxed environment
restrictions, and have full access to the host, and (f) how to
Cloud servers with access to physical files, develop appropriate regulations and implement regulatory
identification and certificate processing , data authentication, jurisdiction, such that consumers, if required, have a chain
tempering, integrity , security, negligence and information against their vendors.
leakage are involved in these problems. To secure private and
sensitive data stored in data centres, the cloud customer In a global network related to data from other
needs to verify (a) the true truth of the cloud computing consumers, data stored in the cloud typically exists.
system in the world. (b) cloud storage of information; and (c) Organizations that transfer confidential and monitored data
stability of software in the field of cloud computing. to the cloud must therefore take care of the means by which
However, in cloud data centres, data and resources control is data access is handled and the information is kept secure.
not safe and accurate.
This paper addresses important cloud infrastructure-  Data-Isolate:
related security and privacy challenges as they extend to Data can take a variety of forms. Cloud-based
outsourcing parts of the organizational computing application development, for instance, requires application
environment. It identifies areas of interest that need extra programmes, templates, and setup settings, as well as
consideration and makes educated security decisions with the software for development. This includes documentation and
appropriate context. In this paper, trust issues in current cloud other material created or used by apps for deployed apps, as
computing environments are primarily involved and help well as account records for application users. One way of
users understand the tangible and intangible risks associated keeping data secure from unauthorized users is access
with their uses. Our contributions can be summarized as: (a) controls; encryption is another. Data Access Controls are
surveying the most significant privacy, security and trust normally Identity-based, making verification of the User's
issues that pose threats in current cloud computing Identity an important problem in cloud computing.
environments; and (b) examining how these potential
security, privacy and trust risks can be handled and provide a Database ecosystems that are used in cloud computing
highly Secure, Trustworthy and efficient cloud storage. can vary greatly. For instance, some settings adopt a multi-
instance model, while others adopt a model of multi-intent.
The rest of this paper is arranged as follows. Section II For each service customer, the former provides a particular
poses data security issues and fixes them. In cloud database management system operating on a VM perhaps,
computing, Section III raises data privacy problems and granting the customer direct control over job definition, user
discusses them. In cloud computing , Section IV raises trust permission, and other administrative tasks relevant to
or confidence problems and addresses. Section V raises data security. For a cloud service customer, the latter creates a

IJISRT20SEP705 www.ijisrt.com 1245

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
predefined environment that is shared with other users, many cloud storage services, on the other hand, is that
usually by marking data with a user ID. precise knowledge about the status of an entity 's data is
either unavailable or not disclosed to the service subscriber.
For databases, there are various types of multi-tenant This situation makes it impossible to assess whether
arrangements available. A type pools resources differently, effective safeguards are in place and whether there is
delivering varying amounts of separation and utilization of consistency with legal and regulatory enforcement
services[26, 65]. Also, other considerations apply. Some requirements. To a degree, external audits and security
features, such as data encryption, for example, are only certifications may address this problem, but they are not a
feasible with agreements that use separate databases rather panacea.
than shared ones. This forms of tradeoffs imply that the
suitability of the data management system with the data It is incredibly difficult to guarantee protection under
concerned be carefully considered. The choice of storage international laws and regulations if sensitive data crosses
and data organization used in the application is likely to be the borders of countries. For instance, the expansive powers
influenced by criteria in certain fields, such as health care. of the USA Patriot Act have concerned some foreign
Data that is responsive to privacy is usually a big governments that the regulations would allow the U.S.
problem[52]. government access to private information outsourced to
American businesses, such as medical records[5]. The
When at rest, in transit and in usage, data must be limitations on the trans-border flow of non-classified
secured and access to data must be controlled. confidential data and data confidentiality requirements have
Communication protocol standards and public key become the subject of national and international privacy and
certificates allow cryptography to secure data transfers. security laws and regulations[12]. Key concerns related to
However, specifications for data storage at rest are not as cross-border data transfers include whether the regulations
well standardized, making interoperability an issue due to in the jurisdiction where data is gathered allow data to flow,
the predominance of proprietary programmes. Lack of whether such regulations continue to relate to post-transfer
interoperability impacts the availability of data and data, and whether there are external challenges to the
complicates the portability of applications and data between regulation at the destination[12]. Technical, physical and
cloud service providers. Cryptographic key management is institutional protections are also implemented, such as
currently primarily the responsibility of users in cloud access restrictions. For example , European data protection
providers. Using hardware authentication modules that do laws may impose additional responsibilities relating to the
not scale well to the cloud model, key generation and handling and processing of European data transmitted to the
storage is usually done outside the cloud. Research work United States[9].
underway to define extensible and functional Cryptographic
secret key manage and interchange techniques to III. DATA PRIVACY ISSUES
government use that would potentially helping to resolve the
obstacles. The security of information usage considered as Privacy is the privilege of a individual or a group to
evolving field of Cryptography with little experimental distinguish themselves or knowledge regarding themselves
results to give, confidence technique is the key protection and, therefore, to reveal themselves selectively,
[22]. including[15]: (a) where: a participant might be more anxious
with the exposure of their present or future information than
 Data-Sanitize: information from the past; (b) how: a user might be
There is strong safety ramifications for the data comfortable when friends may inquire for their information
sanitization protocols implemented by the service supplier. manually, but may not want to notify. (c) scope: the user may
Sanitize is the withdrawal from a storage facility of sensitive have their information documented as a generic area rather
data in a variety of ways, such as when a storage unit is than a particular point; in the business, consumer and privacy
removed from use or relocated for storage to another venue. sense, the protection and proper usage of customer
It also applies to backup copies made for the service's information and the satisfaction of the customer's
recovery and restoration and to the residual data left after the requirements about its use are required. Privacy in
service 's termination. Data from one subscriber is physically organizations requires the application of guidelines,
combined with data from other users in a cloud computing protocols, standards and processes for the management of
arrangement, which can complicate matters. With sufficient publicly identifiable information[8].
expertise and tools, for example , data may be recovered
from damaged drives that are not adequately disposed of by Depending on the different cloud contexts, privacy
service providers. issues vary and can be categorized into four
subcategories[5][6][8], including: (a) how to keep consumers
 Data Location: in charge of their data when collected and processed in the
This issue is one of the popular complying problems cloud, and how to avoid infringement, misuse and
challenging a company as the position of valuable data [30, unauthorized resale (b) how to ensure the reproduction of
51]. The usage of an in-house database center enables the data in a jurisdiction and in a reliable state that it is normally
organization to coordinate its processing system and to possible to replicate consumer data at a variety of acceptable
consider in detail where the information is stored and the locations and to avoid data destruction, misuse and unwanted
safeguards used to safeguard the information. A feature of

IJISRT20SEP705 www.ijisrt.com 1246

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
modification or manufacture; (c) which party is responsible  Insider Access:
for enforcing security requirements for personal information; Data collected or maintained outside the limits of an
entity, the firewall and other security mechanisms are
IV. TRUST ISSUES combined with an intrinsic level of risk. For most companies,
the insider protection problem is a well-known issue which,
Trust is seen as a measurable faith that uses knowledge beyond its name, often extends to outsourced cloud
to make trustworthy decisions. Originally used in social services[21,54]. Insider risks range to those faced by current
science to create a connexion between human beings, it is or former workers and include company partners, suppliers,
now an important alternative for the development of security and other persons who have had access to the networks,
mechanisms in distributed computing environments. Since systems , and data of the enterprise to carry out or facilitate
confidence has many soft security features, such as activities. It is also possible to cause accidents inadvertently.
confidentiality, reliability , integrity, fairness, confidence, Moving data and information to an external cloud storage
integrity, protection, competence, and so on.. Indeed, the facility improves not only the staff of the service provider,
bond of trust between persons is the most complex since it is but also likely other business customers, with the possibility
extremely contextual, context-dependent, non-symmetrical, of insider protection. For eg, it has been seen that an internal
uncertain and partly transitive[9,10]. denial of service attack against the Amazon Elastic Compute
Cloud ( EC2) entails a service user creating an initial 20
Trust evaluation is a multi-faceted and multi-phase accounts and launching instances of virtual machines for
process based on multi-dimensional variables and the length each, then these accounts are used to build an additional 20
of the trust assessment, and is used to find the answer to the accounts and system instances to extend and rapidly absorb
question "What node(s) should I associate with and what resources[76].
should I not associate with?" The observable perception of
trust is adapted by [16], "Trust of Party A to Party B to  Composite Services:
Service X is A's observable expectation that B behaves Nesting and layering of other cloud providers may be
consistently". Another perception of mathematical made up of cloud services themselves. A SaaS provider
confidence is provided in[17],' Confidence (or, might build its services on PaaS or IaaS cloud resources , for
symmetrically, distrust) is a simple degree of subjective example. Issues can emerge from cloud service providers
probability in which an agent determines whether a particular subcontracting their services to third-party service providers,
action will be carried out by another agent or a group of including the scope of third-party management, the duties
agents, both before it is able to monitor such an action (or involved, and the solutions and remedies available.
independently or in its ability to monitor it) and in a way in Furthermore, confidence is not transitory, ensuring that third-
which it affects its own action.' Standard hard security party arrangements be updated before entering into an
techniques such as encryption and permission have a stable arrangement with the service provider and that the terms of
cloud defence mechanism, but they fail when cooperating certain arrangements be maintained in the course of the
entities operate maliciously due to the scale and transient relationship or unless fully informed of any planned changes.
existence of collaborations. For composite cloud providers, responsibility and
performance expectations may become a serious concern.
Through mitigating the role of hostile actors in This situation is illustrated by Linkup, an online storage
communications and thereby providing a highly trustworthy facility that closed after its 20,000 users lost access to a vast
cloud computing system, Trust will combat such security volume of data. The exact responsibility for the cause of the
challenges as a soft social security philosophy. Trust issues failure was uncertain because another organisation, Nirvanix,
can be categorised into four subcategories of cloud hosted the data for The Linkup, and another, Savvis, hosted
computing environments[5][6,8,12], including: (a) how to its application and database[18].
define and measure trust based on the unique feature of cloud
computing environments; b) how to deal with highly  Visibility:
sensitive malicious recommended data in cloud computing Migration to cloud computing provides the service
environments, as cloud trust is variable and unpredictable, (c) provider with control over the networks on which the
how to recognize and provide the extent of difference in enterprise's data and software operate. They must be
service security compared to the degree of trust, (d) how to introduced in accordance with those used by internal
deal with the change in the degree of trust with touch time organisational systems in order to avoid causing gaps in
and meaning, and how to track, adjust, and completely reflect security, administration, operational and technological
the complicated change in trust relationship with time and controls. The problem is overwhelming, because the metrics
space. used to assess the security of the two computer systems are
an evolving research area[27]. Furthermore, the user's
A business relinquishes complete power of some areas network and system level access is typically outside the reach
of protection under the cloud infrastructure paradigm and, in of most service arrangements, explicitly affecting exposure
doing so, confers an unprecedented degree of confidence on and the means of auditing operations. Service arrangements
the service provider. should have a means of making the compliance protocols and
mechanisms implemented by the service provider more
visible, as well as their reliability over time , to ensure that

IJISRT20SEP705 www.ijisrt.com 1247

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
policies and procedures are enforced over the device provider may be backed up by a second cloud storage
lifecycle. provider to ensure that data is available for rapid resumption
of critical operations after a sustained disruption or
 Risk Management: significant disaster at the primary level.
Some subsystems or subsystem components for cloud-
based applications are outside the direct control of an  Prolonged and Permanent Outages:
organisation who controls the knowledge and authorises the A service provider may encounter severe issues, such as
usage of the software. When they have greater control of the bankruptcy or lack of services, disrupting the service for
systems and equipment involved, often individuals are more extended periods of time or triggering a full shutdown. The
at ease with risk. In the very least, when faced with an event, FBI raided data centres in Texas in April 2009, for example,
a high degree of management provides an incentive to weigh and seized hundreds of computers to pursue fraud claims
choices, set priorities and behave decisively in the company's against a range of businesses working out of the centers[86].
best interest. The related uncertainties need to be analysed in Hundreds of other firms who were not involved in the probe
detail before choosing between an in-house approach versus yet had the misfortune of getting their network activities
a cloud-based implementation. It may be a struggle to located in the targeted centres were interrupted by the raid.
evaluate and mitigate risk in cloud-based systems. Ideally, The major data loss suffered by magnolia, the Bookmark
the level of trust depends on the degree to which the archive service and the sudden failure of Omni drive, an
organisation is able to exert full control over the external online storage company that collapsed in 2008 without
service supplier in relation to the use of the security measures warning to its users[37, 58], are other examples.
necessary for the protection of the operation and the evidence
on the effectiveness of those controls[29]. However, the  Denial of Service:
proper operation of the module and the efficiency of security Application denial attacks include saturating the target
measures can not be tested as closely as in the operational with fake requests to discourage it from responding to
framework, and the degree of confidence must be contingent genuine requests in a timely manner. Typically, to launch an
on other considerations. intrusion, an attacker requires multiple computers or a botnet.
In order to defend from and raise costs, even a failed
V. AVAILABILITY ISSUES distributed denial of service attack will potentially absorb a
large amount of money. In certain cases, complex cloud
In basic words, availability means an individual has a provision makes it possible for an attacker to do damage.
wide set of accessible and functional computer services at all While cloud services are valuable, They could be flooded
times. Disponibility can be temporarily or indefinitely with enough computers to attack[28]. For example, during an
compromised and impairment may be partial or absolute. obvious denial of service attack on the underlying Amazon
Service denial attempts, system outages and natural disasters cloud infrastructure, a denial of service attack on Bit Bucket,
are always a challenge to availability. a code hosting site, culminated in an interruption of more
than 19 hours of downtime [19, 62]. There could be denial of
 Temporary Outages: service attacks against proprietary networks, such as those
Cloud computing services can and do experience used in cloud computing, in addition to publicly available
failures and performance slowdowns, despite the use of networks. A denial of service attack against the computer
architectures designed for high service reliability and programming interface of Amazon Cloud Services, for
availability[58]. Amazon's Easy Storage Infrastructure (S3) instance, occurred, involving system instances replicating
and EC2 systems experienced a three-hour shutdown in themselves exponentially[76]. As an attack vector, the
February 2008, which in turn impacted the usage of systems centrally assigned non-routable addresses used to manage
by Twitter and other start-up companies[55,63]. The services within the network of the service provider can also
lightning storm in June 2009 caused a partial EC2 blackout, be used. For elements of one cloud, the worse probability is
impacting some users for 4 hours[64]. Similarly, the failure to target that of another or to target all of its own
of the Salesforce.com storage cluster prompted a shutdown in elements[45].
February 2008 for several hours and a more brief shutdown
in January 2009 due to the failure of the network VI. CONCLUSION AND FUTURE WORK
device[31,37]. Owing to networking problems related to
updates, Microsoft's Azure cloud service encountered major Any of the biggest security issues have receded into
loss for approximately 22 hours in March 2009[24]. the past and remain unanswered while demonstrating the
savings and performance gains of the cloud. Several
At a standard 8.76 hours of downtime is expected in important pieces of technology, such as a federated
one year at a level of 99.999 percent reliability. In the confidence system, have not been fully implemented yet,
organisation's contingency plans to manage the repair and impacting successful implementations. A long-standing
rehabilitation of disrupted cloud systems and processes using security challenge that overshadows large-scale computation
alternate networks, facilities and sites, the extent of stability in general is now deciding the security of sophisticated
of a cloud infrastructure as well as its backup and recovery computer systems. For information protection experts and
capability should be taken into account. For software stored professionals, the accomplishment of high quality standards
there, cloud computing systems may be a single point of in software has been an inescapable goal and is still a work
failure. In such situations, data maintained by the primary in progress for cloud computing. The reliability of the cloud

IJISRT20SEP705 www.ijisrt.com 1248

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
infrastructure depends on powerful computation and REFERENCES
cryptography. Organizational data must be protected in a
way compliant with the practises of the service centre of the [1]. Foster I, Zhao Y, Raicu I, Lu, S. Cloud Computing and
enterprise or the cloud. There is no clear support Grid Computing 360-degree compared. Proceedings of
arrangement encompassing the breadth of available cloud the Grid Computing Environments Workshop, GCE
services and the demands of different entities. A useful 2008; IEEE Press, Nov. 2008, 1-10.
starting point[51] is to provide a list of common outsourcing [2]. Buyya R, Chee Shin Y, Venugopal S, Broberg J,
requirements, such as privacy and security guidelines, Brandic I. Cloud computing and emerging IT
compliance and compliance issues, service quality criteria platforms: vision, hype, and reality for delivering
and fines, change management procedures, quality of service computing as the 5th utility. Future Generation
operation, and the right to cancel. In some ways, conversion Computer Systems; 2009;25(6):599–616.
to a cloud storage infrastructure is a risk assessment practise. [3]. Armbrust M, Fox A, Griffith R, Joseph A D, Katz R,
The research makes use of both qualitative and quantitative Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I,
elements. Risks must be carefully balanced against the Zaharia M. A View of Cloud Computing.
safeguards available and future advantages, with the Communications of the ACM; 2010;53(4):50–58.
assumption that the organisation is responsible for security. [4]. Mell P, Grance T. The NIST Definition of Cloud
So many restrictions, if the advantages outweigh the costs Computing. Communications of the ACM;
and associated risks, may be disruptive and risky. 2010;53(6):50.
Maintaining an appropriate compromise between the [5]. Paquette S, Jaeger P T, Wilson S C. Identifying the
strength of the controls and the relative risk associated with security risks associated with governmental use of
each programme and procedure is crucial. cloud computing.Government Information
Quarterly; 2010;27(3):245–253.
High security remains one of the key obstacles to [6]. Subashini S, Kavitha V. A survey on security issues in
opening up the modern era of the long-dreamed view of service delivery models of cloud computing. Journal of
computers as a good. As essential systems and data are Network and Computer Applications; 2011;34(1):1–
migrated to cloud storage centres, they run on virtual 11.
computing services in the form of a virtual computer. These [7]. Vaquero L M, Rodero-Merino L, Morán D. Locking
unusual aspects, however, introduce many new security the sky: A survey on IaaS cloud security. Computing;
concerns, such as accessibility vulnerabilities, virtualization 2011;91(1):93–118.
vulnerabilities, and mobile apps vulnerabilities. With the [8]. Pearson S, Benameur A. Privacy, security and trust
growth of cloud computing and the rising number of cloud issues arising from cloud computing. Proceedings of
users, stability, privacy and trust aspects can continuously the 2nd IEEE International Conference on Cloud
grow. Paragraphs L shall be indented. Both the paragraphs, Computing Technology and Science, CloudCom 2010;
that is, both left-justified and right-justified, must be IEEE Press, Nov. 2010, 693-702.
justified. The cloud user wants to verify (a) the true [9]. Ahamed S I, Haque M M, Endadul Hoque M, Rahman
existence of the world's cloud computing environment; (c) F, Talukder N. Design, analysis, and deployment of
the security of cloud data; and (b) the security of cloud omnipresent formal trust model (FTM) with trust
storage services to secure the sensitive and sensitive data bootstrapping for pervasive environments. Journal of
contained in data centres. Systems and Software ; 2010;83(2):253–270.
[10]. Karaoglanoglou K, Karatza H. Resource discovery in a
In this article, we intend primarily to illustrate the main Grid system: Directing requests to trustworthy virtual
security , privacy and confidence challenges in modern organizations based on global trust values. Journal of
cloud computing environments and help users understand Systems and Software; 2011;84(3):465–478.
the tangible and intangible threats associated with their use. [11]. Takabi H, Joshi J B D, Ahn G. Security and privacy
Two key facets of confidentiality, safety and confidence challenges in cloud computing environments. IEEE
issues are discussed, including: (a) surveying the most Security & Privacy;2010;8(6):24–31.
significant data, protection and confidence problems raised [12]. Sangroya A, Kumar S, Dhok J, Varma V. Towards
by challenges in modern cloud computing environments; (b) analyzing data security risks in cloud computing
identifying how these future technology, privacy and trust environments.Communications in Computer and
risks can be resolved, and creating a highly stable , secure Information Science; 2010;54:255–265.
and effective ecosystem for cloud computing. [13]. Algirdas A, Jean-Claude L, Brian R, Carl L. Basic
concepts and taxonomy of dependable and secure
Future studies will concentrate on the following: (a) computing. IEEE Transactions on Dependable and
reviewing and assessing privacy, security and trust concerns Secure Computing; 2004;1(1):11–33.
in the cloud computing world from a quantifiable [14]. Tchifilionova V. Security and privacy implications of
methodology; the survey and review methodology presented cloud computing - Lost in the cloud. Proceedings of
in this paper is a first step towards analysing privacy, the IFIP WG 11.4 International Workshop on Open
security and trust concerns (b) introducing maximum Research Problems in Network Security, iNetSec
defence, faith evaluation of privacy, management's privacy 2010; Springer Verlag Press, Mar.2010,149-158.
issues and (c) the application of a framework in the actual
world of cloud computing.

IJISRT20SEP705 www.ijisrt.com 1249

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[15]. Krumm J. A survey of computational location privacy. [29]. M. P. Eisenhauer, Privacy and Security Law Issues in
Personal and Ubiquitous Computing; 2009;13(6):291– Off-shore Outsourcing Transactions, Hunton &
399. Williams LLP, The Outsourcing Institute, February 15,
[16]. Shekarpour S, Katebi S D. Modeling and evaluation of 2005,
trust with an extension in semantic web. Journal of http://www.outsourcing.com/legal_corner/pdf/Outsour
Web Semantics;2010;8(1):26–36. cing_Privacy.pdf
[17]. Iltaf N, Hussain M, Kamran F. A mathematical [30]. P. Ferrie, Attacks on Virtual Machine Emulators,
approach towards trust based security in pervasive White Paper, Symantec Corporation, January 2007,
computing environment. Proceedings of the http://www.symantec.com/avcenter/reference/Virtual_
Third International Conference and Workshops, ISA Machine_Threats.pdf
2009IEEE Press, Jun. 2009, 702-711. [31]. T. Ferguson, Salesforce.com Outage Hits Thousands of
[18]. J. Brodkin, Loss of Customer Data Spurs Closure of Businesses, CNET News, January 8, 2009,
Online Storage Service ‘The Linkup,’ Network World, http://news.cnet.com/8301-1001_3-10136540-92.html
August 11,2008, [32]. S. Frei, T. Duebendorfer, G. Ollmann, M. May,
http://www.networkworld.com/news/2008/081108- Understanding the Web Browser Threat, ETH Zurich,
linkup-failure.html?page=1 Tech Report Nr. 288, 2008, http://e-
[19]. C. Brooks, Amazon EC2 Attack Prompts Customer collection.ethbib.ethz.ch/eserv/eth:30892/eth-30892-
Support Changes, Tech Target, October 12, 2009, 01.pdf
http://searchcloudcomputing.techtarget.com/news/artic [33]. G. Fowler, B. Worthen, The Internet Industry is on a
le/0,289142,sid201_gci1371090,00.html Cloud – Whatever That May Mean, The Wall Street
[20]. M. Calore, Ma.gnolia Suffers Major Data Loss, Site Journal, March 26, 2009
Taken Offline, Wired Magazine, January 30, 2009, [34]. S. Gajek, M. Jensen, L. Liao, and J. Schwenk,
http://www.wired.com/epicenter/2009/01/magnolia- Analysis of Signature Wrapping Attacks and
suffer/ Countermeasures, IEEE International Conference on
[21]. D. Cappelli, A. Moore, R. Trzeciak, T. J. Shimeall, Web Services, Los Angeles, CA, July 2009
Common Sense Guide to Prevention and Detection of [35]. T. Garfinkel, M. Rosenblum, When Virtual is Harder
Insider Threats,3rd Edition, Version 3.1, CERT, than Real, HotOS’05, Santa Fe, NM, June 2005
January 2009, http://www.cert.org/archive/pdf/CSG- [36]. S. Garfinkel, An Evaluation of Amazon’s Grid
V3.pdf Computing Services: EC2, S3 and SQS, Technical
[22]. USA Patriot Act Comes under Fire in B.C. Report, Report TR-08-07, Center for Research on Computation
CBC News, October 30, 2004, and Society, Harvard University, July 2007
http://www.cbc.ca/canada/story/ [37]. D. Goodin, Salesforce.com Outage Exposes Cloud's
2004/10/29/patriotact_bc041029.html Dark Linings, The Register, January 6, 2009,
[23]. R. Chow et al., Controlling Data in the Cloud: http://www.theregister.co.uk/2009/01/06/salesforce_ou
Outsourcing Computation without Outsourcing tage/
Control, ACM Workshop on Cloud Computing [38]. D. Goodin, Webhost Hack Wipes Out Data for
Security, Chicago, IL, November 2009 100,000 Sites, The Register, June 8, 2009,
[24]. [24]G. Clarke, Microsoft's Azure Cloud Suffers First http://www.theregister.co.uk/2009/06/08/webhost_atta
Crash, The Register, March 16, 2009, ck/
http://www.theregister.co.uk/ [39]. A. Greenberg, IBM's Blindfolded Calculator, Forbes
2009/03/16/azure_cloud_crash/ Magazine, July 13, 2009
[25]. S. Cocheo, The Bank Robber, the Quote, and the Final [40]. N. Gruschka, L. L. Iacono, Vulnerable Cloud: SOAP
Irony, nFront, ABA Banking Journal, 1997 Message Security Validation Revisited, IEEE
http://www.banking.com/aba/profile_0397.htm International Conference on Web Services, Los
[26]. Safe Harbor Privacy Principles, U.S. Department of Angeles, CA, July 2009
Commerce, July 21, 2000, [41]. M. Gunderloy, Who Protects Your Cloud Data?, Web
http://www.export.gov/safeharbor/eg_main_018247.as Worker Daily, January 13, 2008,
p http://webworkerdaily.com/2008/01/13/who-protects-
[27]. J. E. Dunn, Ultra-secure Firefox Offered to UK Bank your-cloud-data/
Users, Techworld, February 26, 2010, [42]. Twitter Email Account Hack Highlights Cloud
http://news.techworld.com/security/3213740/ultra- Dangers, Infosecurity Magazine, July 23, 2009,
secure-firefox-offered-to-uk-bank-users/ http://www.infosecurity-
[28]. J. E. Dunn, Virtualised USB Key Beats Keyloggers, magazine.com/view/2668/twitter-email-account-hack-
Techworld, February 22, 2010, highlights-cloud-dangers-/
http://news.techworld.com/security/3213277/virtualise [43]. D. Jacobs, S. Aulbach, Ruminations on Multi-Tenant
d-usb-key-beats-keyloggers/[29] M. P. Eisenhauer, Databases, Fachtagung für Datenbanksysteme in
Privacy and Security Law Issues in Off-shore Business, Technologie und Web, March 2007,
Outsourcing Transactions, Hunton & Williams LLP, http://www.btw2007.de/paper/p514.pdf
The Outsourcing Institute, February 15,2005,

IJISRT20SEP705 www.ijisrt.com 1250

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[44]. W. Jansen, Directions in Security Metrics Research, [60]. R. McMillan, Hackers Find a Home in Amazon's EC2
Interagency Report 7564, National Institute of Cloud, Infoworld, IDG News Network, December 10,
Standards and Technology (NIST), April 2009 2009, http://www.infoworld.com/d/cloud-
[45]. M. Jensen, J. Schwenk, N. Gruschka, L. L. Iacono, On computing/hackers-find-home-in-amazons-ec2-cloud-
Technical Security Issues in Cloud Computing, IEEE 742 Hospital, PC Magazine,
International Conference on Cloud Computing, NewsServiceSept.17,2009,http://www.pcworld.com/bu
Bangalore, India, September 21-25, 2009 sinesscenter/article/172185/misdirected_spyware_infec
[46]. Guide for Applying the Risk Management Framework ts_ohio_hospital.
to Federal Information Systems, Joint Task Force [61]. P. Mell, T. Grance, The NIST Definition of Cloud
Transformation Initiative, Special Publication 800-37, Computing, Version 15, October 7, 2009,
Revision 1, NIST http://csrc.nist.gov/groups/SNS/cloud-computing
[47]. B. R. Kandukuri, R. Paturi V, A. Rakshit, Cloud [62]. C. Metz, DDoS Attack Rains Down on Amazon
Security Issues, IEEE International Conference on Cloud, The Register, October 5, 2009,
Services Computing, Bangalore, India, September 21- http://www.theregister.co.uk/ 2009/ 10/05/
25, 2009 amazon_bitbucket_outage/
[48]. [48]P. A. Karger, I/O for Virtual Machine Monitors: [63]. R. Miller, Major Outage for Amazon S3 and EC2,
Security and Performance Issues, IEEE Security and Data Center Knowledge, February 15, 2008,
Privacy, September/October 2008 http://www.datacenterknowledge.com/archives/
[49]. N. Katz, Austin Plane Crash: Pilot Joseph Andrew 2008/02/15/ major-outage-for-amazon-s3-and-ec2/
Stack May Have Targeted IRS Offices, Says FBI, CBS [64]. R. Miller, Lightning Strike Triggers Amazon EC2
News, February 18, 2010, Outage, Data Center Knowledge, June 11, 2009,
http://www.cbsnews.com/8301-504083_162-6220271- http://www.datacenterknowledge.com/archives/2009/0
504083.html?tag=contentMain%3bcontentBody 6/11/lightning-strike-triggers-amazon-ec2-outage/
[50]. Y. Keleta, J. H. P. Eloff, H. S. Venter, Proposing a [65]. J. Oberheide, E. Cooke, F. Jahanian, Empirical
Secure XACML Architecture Ensuring Privacy and Exploitation of Live Virtual Machine Migration, Black
Trust, Research in Progress Paper, University of Hat Security Conference, Washington, DC, February
Pretoria, 2005, 2008
http://icsa.cs.up.ac.za/issa/2005/Proceedings/Research/ [66]. T. Ormandy, An Empirical Study into the Security
093_Article.pdf Exposure to Hosts of Hostile Virtualized
[51]. S. M. Kerner, Mozilla Confirms Security Threat from Environments, 2007,
Malicious Firefox Add-Ons, eSecurity Planet, http://taviso.decsystem.org/virtsec.pdf
February 5, 2010, [67]. S. Overby, How to Negotiate a Better Cloud
http://www.esecurityplanet.com/news/article.php/3863 Computing Contract, CIO, April 21, 2010,
331/Mozilla-Confirms-Security-Threat-From- http://www.cio.com/article/591629/How_to_Negotiate
Malicious-Firefox-Add-Ons.htm _a_Better_Cloud_Computing_Contract
[52]. S. King et al., SubVirt: Implementing Malware with [68]. S. Pearson, Taking Account of Privacy when
Virtual Machines, IEEE Symposium on Security and Designing Cloud Computing Services, ICSE
Privacy, Berkeley, California, May 2006 Workshop on Software Engineering Challenges
[53]. B. Krebs, Salesforce.com Acknowledges Data Loss, of Cloud Computing, May 23, 2009, Vancouver,
Security Fix, The Washington Post, November 6, 2007 Canada
[54]. E. Kowalski et al., Insider Threat Study: Illicit Cyber [69]. N. Provos et al., The Ghost In The Browser: Analysis
Activity in the Government Sector, Software of Web-based Malware, Hot Topics in Understanding
Engineering Institute, January 2008, Botnets (HotBots), April 10, 2007, Cambridge,
http://www.cert.org/archive/pdf/insiderthreat_gov2008 MA
.pdf [70]. N. Provos, M. A. Rajab, P. Mavrommatis, Cybercrime
[55]. M. Krigsma, Amazon S3 Web Services Down. Bad, 2.0: When the Cloud Turns Dark, Communications of
Bad News for Customers, ZDNET, February 15, 2008, the ACM, April 2009
http://blogs.zdnet.com/projectfailures/?p=602 [71]. Security Within a Virtualized Environment: A New
[56]. S. Labaton, 2 Men Held in Attempt to Bomb I.R.S. Layer in Layered Security, White Paper, Reflex
Office, New York Times, December 29, 1995 Security, retrieved April 23, 2010,
[57]. 20-Year Term in Plot to Bomb IRS Offices, Nation In http://www.vmware.com/files/pdf/partners/security/sec
Brief, Los Angeles Times, August 10, 1996 urity-virtualized-whitepaper.pdf
[58]. N. Leavitt. Is Cloud Computing Really Ready for [72]. T. Ristenpart, E. Tromer, H. Shacham, S. Savage, Hey,
Prime Time?, IEEE Computer, January 2009 You, Get Off of My Cloud: Exploring Information
[59]. R. McMillan, Salesforce.com Warns Customers of Leakage in Third-Party Compute Clouds, ACM
Phishing Scam, PC Magazine, IDG News Network, Conference on Computer and Communications
November 6, 2007, Security, November 2009
http://www.pcworld.com/businesscenter/article/ [73]. VMware Vulnerability in NAT Networking, BugTraq,
139353/salesforcecom_warns_customers_of_phishing Security Focus, December 21, 2005,
_scam.html http://www.securityfocus.com/archive/1/420017

IJISRT20SEP705 www.ijisrt.com 1251

Volume 5, Issue 9, September – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[74]. A. Shah, Kernel-based Virtualization with KVM,
Linux Magazine, issue 86, January 2008,
http://www.linuxmagazine.com/w3/issue/86/Kernel_B
ased_Virtualization_With_KVM.pdf
[75]. T. Shelton, Remote Heap Overflow, ID: ACSSEC-
2005-11-25 - 0x1, http://packetstormsecurity.org/0512-
advisories/ACSSEC-2005-11-25-0x1.txt
[76]. M. Slaviero, BlackHat presentation demo vids:
Amazon, part 4 of 5, AMIBomb, August 8,
2009,http://www.sensepost.com/blog/3797.html
[77]. J.D.Sutter,TwitterHackRaisesQuestions about 'Cloud
Computing', CNN, July 16, 2009,
http://edition.cnn.com/2009/TECH/07/16/twitter.hack/
[78]. L. M. Vaquero1, L. Rodero-Merino1, J. Caceres, M.
Lindner, A Break in the Clouds: Towards a Cloud
Definition, Computer Communication Review,
January 2009, http://ccr.sigcomm.org/online/files/p50-
v39n1l-vaqueroA.pdf
[79]. K. Vieira, A. Schulter, C. Westphall, C. Westphall,
Intrusion Detection Techniques in Grid and Cloud
Computing Environment, IT Professional, IEEE
Computer Society, August 26, 2009.
[80]. VMware Hosted Products and Patches for ESX and
ESXi Resolve a Critical Security Vulnerability,
VMware Security Advisory,VMSA-2009-0006,
http://www.vmware.com/security/advisories/VMSA-
2009-0006.html
[81]. P. Wainewright. Many Degrees of Multi-tenancy,
ZDNET News and Blogs, June 16, 2008,
http://blogs.zdnet.com/SAAS/?p=533
[82]. J. Wei et al., Managing Security of Virtual Machine
Images in a Cloud Environment, ACM Cloud
Computing Security Workshop, Nov. 13, 2009,
Chicago, IL
[83]. L. Whitney, Amazon EC2 Cloud Service Hit by
Botnet, Outage, December 11, 2009, CNET News,
http://news.cnet.com/8301-1009_3-10413951-83.html
[84]. Xen Architecture Overview, Version 1.2, Xen Wiki
Whitepaper, February 13, 2008,
http://wiki.xensource.com/xenwiki/XenArchitecture?a
ction=AttachFile&do=get&target=Xen+Architecture_
Q1+2008.pdf
[85]. L. Youseff, M. Butrico, D. D. Silva, Toward a Unified
Ontology of Cloud Computing, Grid Computing
Environments Workshop, held with SC08, November
2008.
http://www.cs.ucsb.edu/~lyouseff/CCOntology/Cloud
Ontology.pdf
[86]. K. Zetter, FBI Defends Disruptive Raids on Texas
Data Centers, Wired Magazine, April 7, 2009,
http://www.wired.com/threatlevel/2009/04/data-
centers-ra/

IJISRT20SEP705 www.ijisrt.com 1252