Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

An Outline of the Problems and Potential

Solutions for Cloud Computing Security
Md. Afroz1 Birendra Goswami2
Department of Computer Science & IT Research Branch, Professor and Dean Department of Computer Science & IT,
YBN University, Ranchi, Jharkhand, India YBN University, Ranchi, Jharkhand, India

Abstract:- The security issues and solutions related to instantly assigned, scaled, and released with minimum
cloud computing are a strongly debated academic topic at administration effort or service provider participation. [3].
the moment. Even though there have been many studies on
cloud security, there is still some uncertainty about how to Using the cloud immediately reduces overall expenses
link issues with solutions. It is challenging to both and enhances system performance since the user no longer
generalize the idea and investigate its particular needs needs to worry about installing and maintaining her system
since there is no established framework for cloud security. physically. When cloud-based services are used, a layer of
Some polls focus on access control systems, while others abstraction is built between the user whose data or services are
discuss virtualization issues and solutions. A survey's being handled in the cloud and the actual servers or storage.
suggested countermeasures must also specifically state the The cloud user, who may also be the service or data owner, is
issue they are meant to solve. All of these factors have been now forced to depend only on the cloud service provider (CSP)
taken into account while writing this survey paper, which for the security and privacy of her data. Mutual trust may be
includes a discussion of many open questions in the subject achieved to some degree by negotiating the SLA, but several
and covers all pertinent themes with appropriate links security vulnerabilities unique to the cloud eventually occur
between them. and must be handled by either the CSP or the user.

Keywords:- Cloud Computing,Virtualization,Information Data is the top concern for IT security, regardless of the
Security, Data Security, , Security Challenges, Trust infrastructure being utilized. This also holds true for cloud
computing, whose dispersed architecture and multi-tenant
I. INTRODUCTION design highlight new security concerns. The data life cycle
encompasses the creation, archival, use, diffusion, and
Cloud computing is a highly scalable and cost-effective disposal of data. For each of these data life cycle stages, each
infrastructure for running High Performance Computing, CSP should provide the necessary security procedures [4].
enterprise and Web applications. Businesses are increasingly
substituting cloud-based for internal resources to capture If the online application (shared application) is
benefits like faster scale-up/scale-down of capacity, pay-as- constructed insecurely, a client might, for example, employ a
you-go pricing, and access to cloud-based applications and SQL injection [5] to get unauthorized access to another
services without buying and managing on-premises customer's data and delete or edit it. To avoid this, the
infrastructure. A remarkable positive change can be noticed in appropriate security measures must be implemented. Data
IT capital costs, labor cost and enhancement of productivity deletion is an issue in the cloud once again, and as a result, the
by using cloud-based computing [1] CSP must take extra care to ensure that data is permanently
and totally wiped at the request of the customer. The customers
A service level agreement must be established between should also be able to see and verify the data backups utilized
the cloud provider and the consumer (or broker) before the to avoid data losses (scope, saving intervals, saving timings,
cloud provider may offer a service to that customer (SLA). The storage length, etc.). All of these issues, in addition to a
SLA is an agreement that outlines the quality of service (QoS) number of others, must be taken care of while using a cloud
between a service provider and service user. It often also service.
contains the cost of the service, with the cost of the service
adjusting the degree of QoS [2]. Virtualization, which provides the requisite levels of
flexibility, security, isolation, and manageability for
This cloud-customer relationship, which reflects the delivering IT services on demand, is another essential
concept of a distributed system made up of a number of virtual component of cloud computing. IaaS is based on the concept
machines that may be dynamically provided to fit a customer's of hardware virtualization, while PaaS solutions (covered in
changing resource demands, is underwritten by the SLA. the next section) gain from programming level virtualization.
Service Level Agreement (SLA) Simple on-demand network
access to a pool of reconfigurable computing resources, such Server consolidation, which enables several applications
as network, storage, hardware, and applications, is made or services to utilise a single physical server's resources
possible by the concept of cloud computing that can be concurrently without interfering with one another or even
exposing this information to the client apps, is a concept that

IJISRT22AUG1287 www.ijisrt.com 1806

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
comes with virtualization. Given the aforementioned, it is very end up costing customers money. Customers are still in the
clear that Virtual Machines construct the whole back-end for dark about the CSP's storage strategy, where their data is
Cloud-based services. It also increases certain hazards for the kept, and whose data is kept nearby (i.e. certain issues of
Cloud, however. It allows for a novel, unexpected kind of multi-tenancy). Enterprises must make certain security
phishing. Malicious programs' ability to completely compromises in order to go to the public cloud.
transparently imitate a host might lead to the theft of private
information from the visitor. Additionally, Live Migration [6]  Private Cloud: Only one organization may use cloud
and Virtual Machine Image [6] concepts concurrently meet services, and the cloud is either owned by the organization
customer demands while creating certain security flaws that or a third party, either on-site or off-site. Private clouds
the CSP must fix. reduce the security risks associated with public clouds, but
they also come with additional costs for provisioning,
As a consequence, while considering cloud security, it storage management, and capacity monitoring.
should include more than simply data security and should also
consider the security of the associated virtual machines  Community Cloud: The Cloud is offered just for a
(VMs). community of organizations with a common interest, and
it may be controlled by the organizations or by a third
It is challenging to distinguish between and categorize party, situated on or off premises (e.g., mission, security
the many aspects of cloud security due to the cloud's requirements, policy, or compliance issues). This paradigm
comprehensive design and how it varies from a conventional has a number of unsolved challenges, including issues with
on-premises system. Studying viable solutions and putting data being dispersed across many organizations and
Cloud security into the proper categories are this paper's main domains[7], contractual repercussions, and security
goals. ramifications.

II. CLOUD MODELS AND THEIR  Hybrid Cloud: This type of cloud infrastructure consists of
SPECIFICATIONS two or more distinct cloud infrastructures (private,
community, or public), each of which is still a distinct legal
 Model of cloud services entity, but which are linked by standardized or proprietary
The NIST categorization of Cloud includes three service technology that enables the portability of data and
types [2] that provide services at different levels of a business applications (such as cloud bursting for load balancing
model. between clouds) [6]. While simultaneously taking care of
the security and control of private clouds, hybrid clouds
 Software as a Service (SaaS): This phrase describes a cloud provide the benefits of cost and scalability comparable to
service that enables users to connect online to software those of public clouds.
applications that are hosted on a cloud infrastructure. SaaS
automates all the updates and doesn't need any setup or Data privacy and integrity issues emerge when data is
ongoing infrastructure maintenance expenditures. SaaS transferred from the public to the private environment or vice
provides the least level of client security control since the versa since the privacy regulations in the public cloud
user cannot access the execution platform and supporting environment are quite different from those in the private
infrastructure. cloud[6].

 Platform as a Service (PaaS) is a cloud-based computing In the section that follows, we go through the many
platform that is integrated and abstracted and makes it security issues that arise often in cloud environments.
easier to create, run, and manage applications.
III. CLOUD SECURITY PROBLEMS AND
IaaS, or infrastructure as a service, is the virtual supply REQUIREMENTS
of hardware, networking, and storage services for use with
computer resources. The operating system, deployed services, The degree to which a user trusts the Cloud Service
and selected network segments are all at the client's control Provider (CSP) and the services they provide is one of the key
under this paradigm. The infrastructure is solely under the determinants of whether they choose to utilize a cloud system
control of the CSP. IaaS gives customers greater security or a traditional one. Trust is determined by assessing whether
control over their data than older models did as a consequence. a provider has taken all necessary precautions, including those
relating to data security, virtual machine security, and other
B. Cloud Deployment Model legal and regulatory requirements. For this assessment of the
Based on the user's appropriateness and specific security of the Cloud system, confidentiality, integrity, and
purpose, NIST again separates the cloud into four deployment availability are the three factors that have been taken into
options. consideration (CIA). The primary goal of this part is to
generalize the security needs of an existing Cloud system
 Public Cloud: The cloud is kept on the end of the service within the CIA domain, which is a widely accepted norm for
provider and made accessible to regular individuals or defining the security issues with a conventional information
large corporations. The public cloud guarantees scalability system.
and reliability, but it also introduces a variety of issues that

IJISRT22AUG1287 www.ijisrt.com 1807

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
A. Security of information Cloud service providers who forbid data owners from
Confidentiality refers to the safeguarding of a specific encrypting their own data or information before putting it on
company asset against disclosure to unauthorized users. These the cloud pose a severe danger to the security of user data.
users in a cloud system can be clients who want to get Sensitive data, such as medical or health information,
unauthorized access to information that the CSP has kept in government or defense data, should not be kept in the cloud if
the same database as their own information. Additionally, the encryption options are not available.
CSP could employ some dishonest or inquisitive workers who
might look over or even tamper with the client's private and In certain cases, it is assumed that cloud service
crucial data. The virtual machine network, virtual machine providers are skeptics who are also trustworthy. They are more
image, and other items must adhere to confidentiality rules in interested in learning about user access rights and the
addition to client information. information included in user data files. In order to avoid such
situations, the owners should set up suitable access control
This article has addressed the following categories under procedures.
the different cloud system confidentiality criteria:
(2) Security of Virtualization
(1) Data Integrity IaaS runs user applications on virtual machines that CSP
Unencrypted data is regularly processed and kept at the hosts. The deployed service that is contained in each VM may
CSP end. As a consequence, CSP (SaaS) is in charge of be seen or modified by anybody with privileged access to the
safeguarding customer data during the whole course of its host in a cloud system. As a result, users are unable to protect
operation. Some issues with the confidentiality of data VM secrecy on their own. As a consequence, when
particular to clouds include: considering security problems related to the Cloud, the entire
virtualization layer exposes several security weaknesses that
Several cloud storage businesses enable shared access to cause serious concerns. Here are a few of those topics:
online folders that contain user data. This can result in a
potential loss of data confidentiality. Even if a file is shared in Someone acting as the system administrator of the CSP
a group using a cloud storage service, the owner of the file is able to remotely access any existing PC with root access.
must get frequent updates on any group modifications. The
CSP must essentially explicitly manage the separation of client The system administrator may then change this VM to
data from other data (competitor, unauthorised user). another one under her control that is outside the IaaS security
perimeter [6]. Such internal assaults can invariably harm the
The actual physical location of the user's data is another application or the privacy of consumer data.
factor that affects its confidentiality. Since the data might be
transported by CSP from one data center to another, the VM migration, particularly live migration, is the rapid
regulations that apply to it (if it crosses international function of cloud computing systems for load balancing,
boundaries) are constantly changed [8]. The exact rules that elastic scalability, fault tolerance, and hardware maintenance
must be followed when a user analyzes data in the UK, stores [6]. During and after the live migration, the CSP must take the
it on servers in the US, and transfers it through France are necessary precautions to preserve the privacy of the virtual
difficult to nail down. Naturally, this compromises the machine instances and their information.
confidentiality of the user's data [8].
In the virtualized context of a cloud system, several
Customers who requested service deactivation or whose workloads [9] share the same hardware environment, creating
membership time may have expired may have issues if the difficulties with workload isolation [9], which is essential for
CSP improperly or insufficiently erases their data. The diverse departments or domains that wish to keep their data
confidentiality of these users may be in danger due to the private and distinct from one another. Therefore, the proper
remnants of the erased data. principles should be followed for allocating resources among
all of the workloads in a datacenter.
On rare occasions, CSP enlists outside help to provide
data backup services. Such questionable outside service The VMM, a piece of simple software, is used to oversee
providers run the risk of using the client's private information and manage virtual machines (Virtual Machine Manager or
improperly, which eventually jeopardizes the privacy of her Hypervisor). It may have security flaws that jeopardize the
information. privacy of user data, just like any other kind of software. The
risk of security vulnerabilities is reduced when the VMM is as
Cloud customers usually ask for more monitoring or log brief and uncomplicated as feasible since it makes faults easier
data for their own convenience and security. Log data contains to see and fix.
the service provider's proprietary infrastructure information,
which the cloud should once again not compromise. Virtual Machine Images (VMI) are created by the user
or the supplier utilizing a variety of settings.
As a consequence, the CSP and the users must have
several talks about the details of log data that should be shared The hazardous VMIs that intruders upload might infect
with clients without endangering the anonymity of the CSP. other legitimate users (for instance, a VMI that contains a
Trojan horse that a valid user downloads and uses could harm

IJISRT22AUG1287 www.ijisrt.com 1808

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
that user's computer). These malicious programs might have The metadata spoofing attack modifies the contents of
been used to exploit the user's personal information. the WSDL (Web Service description document) files to do
certain operations for which she may not have authorisation.
Another issue with Virtual Machine Images (VMIs) or One of two variations exist for this: In WSDL spoofing,
Templates (VMTs) is the potential for information from changing the WSDL file's parameters is the primary objective.
previous owners to be preserved and exploited maliciously by ii) Reducing the proposed web service's security requirements
another user. Therefore, before providing VMIs to another by altering the WSDL file
user, the CSP should properly clean them.
[11]. An example of a WSDL spoofing attack is as
In other words, VM access to the local area network follows: An example of how a hacker may change a service's
should be managed and carried out using the necessary WSDL is to make a call to the deleteUser operation
processes in order to avoid unauthorized data flow over virtual syntactically similar to a call to the setAdminRights operation.
networks, or VLANs.
The wrapping attack is another frequent attack on web-
Additionally, it is possible to sniff or spoof such virtual based services, and it becomes more likely for cloud systems.
networks at any time [10]. At the TLS (Transport Layer Service) layer, the content and
signature of SOAP messages are duplicated during translation
B. Dependability and sent to the server as an authentic user. In order to stop the
A security element known as integrity verifies that an cloud servers from functioning properly, the attacker may
asset has not been changed by individuals from a third party interfere in the cloud and execute malicious malware [12].
who are not authorized to carry out such an activity. This
characteristic ensures that an asset's correctness and validity (2) Virtualization Integrity
with respect to its owner. The integrity of an asset is often In addition to confidentiality, consideration must be
assumed to be altered by append, remove, and edit operations. given to the integrity of the Virtual Machines and the VMIs
All web-based attacks—which may alter the contents of user since, as was already established, the virtualization layer itself
files, databases, virtual machine information, or even WSDL presents significant security problems that go beyond only
files—are particularly frequent in cloud settings since users secrecy.
access cloud-based services via web browsers.
Since the assigned VMs on the backend are completely
Under the different integrity standards of the cloud accessible to the CSP administrators, adequate security
system, the following categories have been addressed here: measures should be made to protect their integrity from insider
attacks.
(1) Integrity of the Data
Massive refers to Tera Bytes (TB) or even Peta Bytes Another method the cloud system might be exploited is
(PB) of data, and the Cloud system handles a sizable number if an incursion introduces its own malicious service instance
of processes with huge data needs that are strongly reliant on or virtual machine instance. A malicious service instance that
data. Because of this, platform as a service, software as a infects the whole system may be automatically selected by the
service, and data as a service data integrity concerns must be CSP to accept user requests as they come in. The system is
managed correctly. The following problems with data integrity then tricked into considering the instance as genuine by the
only pertain to clouds: attacker. It is crucial to verify the integrity of the 350 services
Data outsourcing at the CSP end clearly poses a danger or virtual machine instances that were impacted.
to the integrity of the data. A client would never be able to
demonstrate that CSP destroyed some valid tuples linked to Replication of virtual machines (VMs) is another
their data [11]. Without the client's knowledge, CSP may important component that, if managed incorrectly, might
provide even partial data sets to the client. cause data loss. It is suggested that the user appropriately
pauses/temporarily deactivates the virtual machines when
The SQL injection attack, which takes advantage of web replicating in order to preserve data integrity. Appropriate
servers' vulnerabilities to introduce malicious code into the controls should be put into place to limit the replication of
system and alter the data in user databases, is one of the well- sensitive VMs and control the migration of VMs into and out
known web-based attacks. of a controlled infrastructure [12].

Cross scripting attacks are another kind of malware A cloud computing phenomena known as VM rollback
injection attack in which cybercriminals insert malicious may reestablish certain integrity problems in the VM.
scripts (like JavaScript, VBScript, ActiveX, HTML, etc.) into Reverting virtual machines may enable passwords or accounts
vulnerable dynamic web pages so that the malicious code is that had been deactivated or restore security weaknesses that
executed on the client's browser and gives them access to the had previously been addressed. Therefore, it is necessary to
user's account and jeopardizes the security of her data and preserve VM snapshots [13].
information.

IJISRT22AUG1287 www.ijisrt.com 1809

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
The process of VM live migration must be managed, as server's hardware resources have been exhausted from
previously said, and the CSP should be in charge of both processing the flooding attack requests, the other service
protecting the integrity of the protected contents and the instances operating on the same physical machine may
maintenance metadata [13]. abruptly cease to function. The adverse effect might worsen if
the cloud system notices the lack of availability and tries to
The lifecycles and state changes of the VMs as they "evacuate" the affected service instances to other servers. The
move around the environment must be examined by the CSP. flooding assault extends to other service types and finally
VMs may be suspended, inactive, or active. Additionally, impacts the whole Cloud System as a result of the increased
VMs without a state or allotted space in storage are possible. load on those other servers.
For virtual machines (VMs) that are off, stopped, or without
any resources allocated, it's critical to frequently assess their Other cloud users may be impacted by some client
vulnerabilities and install security updates [13]. penetration testing, which might result in the temporary
suspension or reduction of certain services [14].
Virtual machines allow CSP to transfer them across
datacenters as required to gain greater processing power or It is conceivable for third-party WAN providers to
CPU capabilities, which is one of its key advantages. temporarily disrupt services. It is also feasible for software
However, security rules and baseline records are necessary for flaws to impact several copies of cloud data at once and make
such VMs to work. A VM travels without its security policy, them inaccessible to their original owners.
rendering it vulnerable to certain attacks [13].
Natural disasters like fire, flood, etc. are likely to have
On cloud security, VM hopping and VM escape both an effect on both the main and redundant copies of data in a
have negative implications. In the first case, the attacker's data center. Again, this puts availability at risk, thus the issue
malware takes advantage of environment vulnerabilities to has to be handled properly.
access the host or hypervisor where the VM is running. VM
hopping, on the other hand, describes the malware attacker (2) The availability of virtualization
rotating between VMs that are concurrently running on the As we've seen, sustaining high availability requires
same host or under the same hypervisor [13]. considering a variety of elements, such as network
vulnerability, multisite redundancy, and storage failure. But
C. Accessibility before thinking about cloud availability, virtualization should
Availability is one of the most important security be paired with it as it is one of the fundamental elements of the
elements that a CSP must maintain. The availability of the Cloud system.
services must be guaranteed by various commercial
organizations that utilize cloud-based services to offer for their One of the most significant challenges is IP failover [15].
consumers since even the slightest downtime may result in a The need to safeguard a production-grade IT system or service
significant financial loss that is irrecoverable. In a typical application against the failure of any node has been addressed
service-level agreement, the provider commits to fulfill the by several software technologies. The bulk of public cloud
promised availability and response times. The service level providers often fall short of providing the minimum standards,
could specify, for example, that resources will be accessible and many cloud services don't completely support these
99.999 percent of the time and that more resources will be software products.
made available upon request if more than 80 percent of any
given resource is being used. The next section discusses issues As a consequence, clients end up being reliant on highly
with data and VM availability: available solutions that are not cloud-based. To ensure that the
failure of one instance (IP in particular) may be immediately
(1) Availability of data and services made up for by another instance using some efficient
A denial of service attack is one of the primary causes of mechanism, it is thus required to safeguard virtual machine
service or data unavailability in the Cloud system. A target instances against such failures [15].
service is often inundated by the attacker with a huge number
of unclear requests. When the cloud computing operating The host system, or more specifically the Hypervisor or
system notices the high demand on the overloaded service, it VMM (for example, the ESX/ESXi host), may crash or fail at
begins to provide more processing capacity (more service any time, affecting all the virtual machines (VMs) operating
instances). On the one hand, CSP is fighting the attacker (by on it. In order to avoid such a disaster, the CSP must configure
continuously giving computing resources), but it may equally an alternate host machine for all the VMs that were previously
be argued that CSP is helping the attacker by enabling it to operating on the failed VMM.
prevent authorized users from accessing the intended service.
The aforementioned subjects address some of the most
An indirect denial of service attack on a cloud system is crucial aspects of cloud security. The section that follows has
also possible, and other services operating on the same server information on a few of the upcoming projects in the field of
as a flooded service may also suffer service outages. Once the cloud security.

IJISRT22AUG1287 www.ijisrt.com 1810

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
IV. PROPOSED SOLUTIONS OR APPROACHES A. The confidentiality of data
The two primary issues of data confidentiality in the
Some of the remarkable and beneficial methods that cloud that have previously been highlighted in the preceding
have been developed and implemented are included below section are the protection of user data from attackers and the
under the distinct topics of Confidentiality, Integrity, and assurance that CSP is oblivious of the data it is storing and
Availability. The different security criteria of the Cloud calculating. These confidentiality issues have been solved
System have been explored and implemented to meet them. using the several encryption methods indicated in Table 1.

Proposed Implemented Required Implemented encryption type Complexity Idea

Layout algorithms Keys

1.Onion 1.Data Randomized 1.RNDprovides O (T1.T2) To enable SQL

Encryption Encryption (RND) Indistinguishability under an where T1 = queries to be
(OE) algorithm Encryption adaptive Chosen-plaintext attack. Time spent for executed on
2.Query key, 2. For queries that choose on rewriting encrypted data,
execution Deterministic, equality to a specified value, queries, T2 = including ordering
Algorithm (DET) DET offers secured execution. Time required operations,
Encryption 3. OPE offers secured execution for encrypting aggregates, and
KeyOrder for queries including comparison- and joins, Curinoet al.
Preserving based selection decrypting (2011) [18]
(OPE) 4.HOM is used to run queries that payloads. introduced an
Encryption compute server-side aggregates. Experiments approach of
Key, have shown adjustable security
Homomorphic that the use of with different layers
(HOM) this scheme of encryption (like
Encryption induces an an onion) protecting
Key overall drop each value of a tuple.
of throughput The query
by 22.5%. processing is done
entirely at the CSP
side while
maintaining the
confidentiality of the
user data since
decryption only
occurs at the client
side. The only thing
to worry about in
this situation is
keeping distinct
encryption levels for
each column and
decrypting each one
to the right level
needed for the given
query.
2.Fully 1.Key Pk= Public key Asymmetric Encryption. O(λ3.5) per Homomorphic
Homomorphic generation used for 1.Additive gate for encryption, as
Encryption Algorithm encryption of Homomorphissm∼exponentiation ciphertext described by
(FHE) data. function refreshing Tebbaet al.
2.Encryption [15] (2012)[16], would
Algorithm Evk= Key used 2.Multiplicative λ=Security enable clients to
for evaluation Homomorphism∼RS A[15] Parameter encrypt their specific
3.Evaluation of circuits data before saving it
Algorithm at the CSP end. The
Sk= Private trick is buried in the
key used for fact that the CSP
data decryption may do the
necessary
computations on the

IJISRT22AUG1287 www.ijisrt.com 1811

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
client data without
decrypting it. The
secrecy of client data
is thus maintained
without impairing
data calculation
thanks to the use of
homomorphic
encryption.
4.Attribute 1.Setup PK- System 1. Hierarchical attribute-based User When fine-grained
based algorithm public key encryption (HABE). revocation access control [19] is
encryption for 2. Encryption MK- System 2. Proxy reencryption (Time Cost incurred required, the
secure Algorithm master based) by data aforementioned
scalable fine 3.Key key owner= 0 systems use
grained access generation S -Root secret Cost incurred cryptographic
control (ABE) algorithm key PKa- by CSP= techniques to
4. Decryption Initial public O(6N), where safeguard sensitive
Algorithm key of attribute N is the user data, but they
5. Proxy a Ska- Initial number of also place additional
Reencryption secret key of conjunctive burdens on the client
Algorithm attribute a clauses in an or data owner in
PKTa Time- access terms of key
based public structure. distribution and
key of attribute management as well
a. as data management.
PKu -User In addition to
public key addressing user data
SKu -User confidentiality, Yu et
identity secret al. (2010) transferred
key (UIK) 9. the majority of the
SKTuu,a - computational
Time-based workload associated
user attribute with the data access
secret key control scheme to
(UAK) cloud servers
without revealing the
underlying data
contents. They also
introduced a fine-
grained access
control scheme for
cloud environments.
4.Searchable 1.Data Secret number 1. Secret sharing Encryption O(s*n) per By combining the
Encryption Encryption xj, and Algorithm for numeric data 2. encryption ideas of searchable
(SE) Algorithm coefficients Non-numeric segment and encryption and
cj1, cj2in [- N, Encryption algorithm for text- decryption secret sharing, Jyun-
2.non- N] are used for based data (Uses secret sharing process. Yao Huang and I-En
numeric file encrypting the algorithm internally) Where s= no Liao (2012) [17]
search segmented user of segments suggested a method
Algorithm data where N into which by which a user
is a self- each alphabet could search the
defined could be split. encrypted tuples
integer. n= Limited (both numeric and
length of each non-numeric) from
word Detailed cloud databases and
cost analysis file storages without
could be disclosing the
found in [16]. content to CSP.
Table 1:- Analysis of Cloud Data Confidentiality Systems

IJISRT22AUG1287 www.ijisrt.com 1812

 Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Proposed Algorithms used Required Keys Hypervisor Agents Involved Idea
Scheme
1.TVDc 1. VMM No keys are used here. Xen i)Trusted Platform By establishing MAC
Authorization But security policies Module (TPM)[8] policy rules throughout the
Algorithm (MAC) exist ii) Virtual TPM whole Datacenter of the
Comprising of 1) iii)IBM hypervisor CSP and introducing the
2.Inter Labels, defining security architecture idea of workloads, IBM
VMcommunication Security (sHype) Trusted Virtual Datacenter
Algorithm classifications of (TVDc) technology
resources,VMs and iv) Management VM developed a methodology
3.Resource Access VMM. or Dom0 in 2008 that prevented each
Algorithm 2) Anti-collocation v) Access Mediation VM from accessing any
rules Hooks (2 sets) other random VM or
4.Network Isolation containing conflict sets vi) Access Control resource of its choice [9].
and Infrastructure for VMs Module (ACM), The protection provided by
Integrity algorithms present inside the this method prevents the
core hypervisor leaking of sensitive
information and the
transfer of harmful
software from one
workload to another.
2.TCCP 1. Node Registration vii) EkpTC/N= Xen i)Trusted Platform (Santos, Gummadi, and
Algorithm Endorsement Module (TPM) Rodrigues. 2009) [6]
2. VM launch private key of TC or N ii)External Trusted created the Trusted Cloud
Algorithm [5] Entity (ETE) Computing Platform
ii)EKPN = Public iii) Cloud Manager (TCCP) with the goal of
Endorsement (CM) maintaining the
key of N iv) Trusted Node N confidentiality of virtual
iii) EKPTC= Public v) Trusted machines, i.e., to stop CSP
Endorsement key of. Coordinator TC (more specifically,
iv)TKpN/TKpTC = (part of TPM) sysadmins with root
Private vi) Trusted Virtual privileges) from carrying
trusted keys of Node N Machine Monitor out attacks by moving the
and TC TVMM (part of targeted VM to a domain
v) TKPN/ TKPTC TPM) outside the IAAS’s
=Public security perimeter.
trusted keys of N and
TC
respectively.
vi) KVM = Session key
of VM
3. SSC 1. Create_Udom0 i)AIK =vTPM,s [20] Xen i)TPM [20] A self-service cloud
2.Create_Userdomain public (v3.4.0) ii)vTPM[20] computing system was
3. Create_MTSD key iii)TCB[20] presented by Ganapathy V
4. Grant_Privilege ii)freshSym= Client iv)Sdom0 (2015) in an effort to
5. Symmetric key v)Domain builder address the problems of
Bootstrapping_SSL iii)SSLpiv= SSL domB continuous CSP access to
Private Key vi)Udom0 the client CPU, registers,
vii)User Domain and memory. The key
UdomU issues that have been
viii) Service Domain highlighted in this study
SD i.e. the Security are the attack on Dom0
Service [20], the involvement of
ix)MTSD for hostile Cloud
Regulatory administrators, as well as
Compliance client dependence on CSP
for enabling or disabling
each and every innovative
service like VM
introspection, migration,
and check pointing.

IJISRT22AUG1287 www.ijisrt.com 1813

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
4.PALM 1. Migration Data vii). Global Migration Xen i)Migration A prototype system called
Protection Algorithm session Key/ Per page Data Protection PALM was created by
Random key used for Module Zhang et al. in 2008 [20]
2. Metadata encrypting and ii)Metadata and was intended to ensure
Migration decrypting secured Management security (confidentiality
Protection Algorithm memory pages before Module [20] and integrity) of protected
migration. iii)SecurityGuard user data as well as
ii) Private platform key iv) Migration protection metadata
issued for encrypting Manager (encryption keys and
the hash values of the v) Control VM or hashes, process identities,
protected pages along Dom0 process CPU contexts,
with the session keys. vi)Hypervisor (part process group info, system
iii) Public Platform key of TCB [20]) call info, and opened file
used to decrypt hash vii)Hardware (part of info) during and after VM
values of the protected TCB [20]) live migration [20].
pages along with the
session keys on the
target
machine
Table 2:- Comparison between Cloud Virtualization Confidentiality Schemes

Proposed Algorithms used Required Keys Utilised Complexity Idea

Scheme signature/encryption
scheme
1.Dynamic i)PrepareUpdate(F, No keys are Rank-based O(logn) A system based on the
Provable info) directly involved authenticated skip idea of dynamic
Data ii)PerformUpdate(Fi- in thus scheme. lists provable data
Possession 1,Mi-1, e(F), e(M)). Instead a rank possession (DPDP)
[25] iii)VerifyUpdate(F, value (r(v)) is and using a rank-
info, Mc, Mc′, PMc′) associated with based authenticated
iv) Challenge(n) each node (v) of dictionary constructed
v)Prove(Fi, Mi, c) the skip list over a skip list was
vi) Verify(Mc, c, P) denoting the proposed by Erway et
number of nodes al. in 2009 [25]. This
at the bottom level system provides
that can be client-verified cloud
reached from that data integrity as well
particular node. as dynamic data.
Block-less verification
is further assisted by
the concept of tag,
which stands in for
each block b.
2.Public i)KeyGen(1k) i)Secret key BLS signature [24]. Verification A Public Verifiability
Verifiability ii)SigGen(sk, F) sk=α.α← Zp [24]. cost is and Data Dynamics
and Data iii)GenProof(F,Φ, ii)Public key O(logn). strategy for ensuring
Dynamics chal) pk=v.v=gα [24] Communication the integrity of Cloud
scheme iv)VerifyProof(pk, cost is O(logn) data storage was
chal, P). proposed by Wanget
v)ExecUpdate(F,Φ, al in 2009. The
update) paradigm allows for
vi)VerifyUpdate(pk, dynamic data
sigsk(H(R)),update, operations
Pupdate) (Modification,
Insertion, and
Deletion) while
maintaining an
equivalent level of
integrity check, as
well as blockless [24]
and stateless [24]

IJISRT22AUG1287 www.ijisrt.com 1814

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
verification. It also
gives TPA control
over Cloud data
integrity verification.
The issue of data
privacy has not been
taken into account in
this plan, in contrast
to the prior one.

3.Privacy- i) KeyGen(1k) i)kprp= Random Public key based The total A privacy-preserving
Preserving ii)SigGen(sk, F) permutation key homomorphic communication public auditing
Public iii)GenProof(F,Φ, ii)fkprf=Randomly authenticator with cost = O(n/∈) approach for ensuring
Auditing chal,pk) chosen PRF key random masking [23].With an the accuracy and
scheme iv)VerifyProof(pk, iii) MACkey= Key [23] extra integrity of the data
chal,P) used for constant time stored in cloud storage
generating the factor R added was put forth by
MAC. for Wang et al. in 2010.
guaranteeing CSP is viewed as an
privacy unreliable/unfaithful
preservation. party since it may
delete blocks that the
client rarely or never
accesses in order to
conceal data loss or
even free storage. In
order to prevent such
integrity breaches, the
model offers a proper
data verification
mechanism [23].
4MHT i) Multi-Join [22] No specific keys Tree Signature Transmission A Merkle's Signature
ii) Single-Join[22] used. Radix path scheme[22] cost is O(log2n) Scheme was proposed
iii) Zero-Join[22] Identifiers[22] are where n= Total by Niaz M.S. and
iv)Range used. no. of data Saake Gin in 2015
Condition[22] blocks involved [22] as a way to
(if normal MHT guarantee user data
used) integrity in cloud
Transmission storage without the
cost is O(n) if hassle of keeping a
RPI based is (data+signature) table
MHT used. at the data owner end
or the danger that CSP
could delete some
valid tuples or send
some incomplete
information without
the user being able to
confirm the fact. As
the author noted, the
plan may be improved
by adding support for
multi-user
environments and
NoSQL databases.
Table 3:- Analysis of Cloud Data Integrity Systems

IJISRT22AUG1287 www.ijisrt.com 1815

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Proposed Algorithms used Keys Hypervisor Involved Agents
Scheme Involved
SSC Create_UDom0(BACKEND_ID, AIK Xen TPM [21], vTPM[20], TCB[20],
NONCE,ENC_PARAMS,SIGCLIENT) =vTPM,s SDom0, Domain builder domB,UDom0
This algorithm is used by Sdom0 to [21]
create public
client meta-domains. key
and
private
key.
MIRAGE Access Control (VMI, Owner), Image No VMware Retriever, publisher, Repository
Transformation(VMI, Type of filter), specific administrator [26]
Provenance Tracking(VMI, operation), keys, but
Image Maintenance(Cloud repository) Filters
[26] are
used in
this
scheme
PALM Migration Data Protection Algorithm, Private Xen Retriever, publisher, Repository
[20] Metadata Migration Protection and administrator [26]
Algorithm Public
(Already explained above) platform
key of
TPM
ACPS[27] Activity Checking, Activity logging, No Keys KVM Interceptor, Warning recorder,
Checksum/Hash Calculation, Alert Used. Evaluator, Warning pool, Security
Generation, Security Response management layer, Hasher
Generation
Table 4:- Cloud Virtualization Integrity Schemes Comparison

B. Discretion in Virtualization E. Data Accessibility

Along with data confidentiality concerns, CSPs and As was previously discussed in earlier parts, one of the
cloud customers should be concerned about the confidential major concerns affecting the accessibility of cloud data is
execution of VMs operating on the cloud platform. As a DDoS assaults. Numerous DDoS kinds may be realized in the
consequence, several strategies have been proposed to address cloud environment.
these issues; a few of them are examined in Table II.
In 2012, Kumar M.N. suggested an EDoS (Economic
C. Data Reliability Denial of Sustainability [28]) mitigation service called
The integrity of client data stored in the cloud is another Scrubber Service. It is built on cryptographic conundrums.
key part of cloud security that should be handled by the CSP
using the proper methods. The data owner initiated a recurrent Mousa M (2013) [29] created a method for DDoS attack
practice called data audits to assess the correctness, detection in a cloud environment based on measurements of
Kolmogorov Complexity.
value, and integrity of her data. Because it goes against
the concept of cloud storage as a whole, downloading all or Somani et al. (2015) [30] created a DDoS mitigation
part of the data from the CSP end and comparing it to the technique using the concept of DDoS Aware Resource
owner copy is a fairly unrealistic auditing strategy. As a Allocation in Cloud. (DARAC). Again, this approach
consequence, many methods—some of which are listed in concentrates on EDoS and protects against having an impact
Table III—have been developed for ensuring the accuracy of on the customer's financial security by controlling the Cloud's
cloud data. auto-scaling capabilities (distinguishing between legitimate
traffic and malicious traffic). The mitigation strategy used here
D. Integrity of Virtualization is based on an examination of behavioral patterns in people
The term "virtualization integrity" refers to problems (the number of page requests made from a specific source IP
with the integrity of the whole virtualization layer, including in a minute).
Virtual Machine data and Hypervisor issues. Various
strategies have been proposed to address these problems; some F. Availability of virtual machines
of them are included in Table IV. Additionally, it has been advised to deploy intrusion
detection systems in addition to virtualized DDoS attack
mitigation approaches. The availability of the VMs themselves
in the cloud is a significant concern as well. Another aspect of
cloud service availability is "IP failover."

IJISRT22AUG1287 www.ijisrt.com 1816

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
IBM SmartCloud business proposed the idea of virtual [4]. Chen D and Zhao H, "Data Security and Privacy
IP addresses in order to provide High Availability of the Cloud Protection Issues in Cloud Computing," 2012
service with reference to IP failover [15]. International Conference on Computer Science and
Electronics Engineering, Hangzhou, 2012, pp. 647-651.
V. AREAS OF CLOUD SECURITY THAT HAVE [5]. Chou TS. Security threats on cloud computing
BEEN LEAST EXPLORED vulnerabilities. International Journal of Computer
Science & Information Technology. 2013 Jun 1;5(3):79.
Despite the fact that the location of cloud data has long [6]. Santos N, Gummadi KP, Rodrigues R. Towards Trusted
been a contentious issue, no useful research has been done in Cloud Computing. HotCloud. 2009 Jun 15;9(9):3. [6]
this area. As indicated in section 3.1.1, a customer who is Goyal S. (2014). Public vs Private vs Hybrid vs
storing her important data or hosting her applications on the Community - Cloud Computing: A Critical Review.
Cloud is ignorant of its original location, thus it is still International Journal of Computer Network and
necessary to design appropriate location-based access control Information Security.
models for addressing such issues. Additionally, a lot of study [7]. Goyal S. (2014). Public vs Private vs Hybrid vs
has to be done before adequate access control methods can be Community – Cloud Computing: A Critical Review.
implemented for cross-domain or multidomain [31] of Cloud. International Journal of Computer Network and
Another crucial problem that is integrally tied to cloud security Information Security. 6. 20-
is mutual trust between the CSP and the Client. Although the 29.10.5815/ijcnis.2014.03.03
works of (Hwang, Li, 2010 [32]) based on Reputation systems [8]. Jansen W and Grance T, “Guidelines on Security and
(for CSP trust evaluation) and (Li-qin Chuang, Yang, 2010 Privacy in Public Cloud Computing”, NIST Special
[33]) for user trust evaluation are some of the few in this Publication 800-144, pp. 5, 2011 J. Clerk Maxwell, A
domain, it is anticipated that a thorough investigation and Treatise on Electricity and Magnetism, 3rd ed., vol. 2.
research in this area will be done in the near future. Data or Oxford: Clarendon, 1892, pp.68-73.
service compliance is another hard aspect of cloud computing. [9]. Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E,
Since the security and privacy of the data handled by the CSP Perez R, Schildhauer W, and Srinivasan D. 2008.
on behalf of the organizations eventually comes under their TVDc: managing security in the trusted virtual
purview, it is crucial that the CSP adhere to a specific datacenter. SIGOPS Oper. Syst. Rev. 42, 1 (January
jurisdiction and establish SLA rules that are acceptable for that 2008), 40-47.
jurisdiction. The inability of cloud users and CSPs to work [10]. Wu H, Ding Y, Winer C and Yao L, "Network security
together to identify and address security vulnerabilities is for virtual machine in cloud computing," 5th
another critical component of cloud security that has to be International Conference on Computer Sciences and
properly investigated. Convergence Information Technology, Seoul, 2010, pp.
18-21.
VI. CONCLUSION [11]. Wang Q, Wang C, Li J, Ren K, and Lou W. 2009.
Enabling public verifiability and data dynamics for
The study highlights both the critical security flaws and storage security in cloud computing. In Proceedings of
the need for security in an existing Cloud infrastructure. A the 14th European conference on Research in computer
broad overview of these concerns has been provided here to security (ESORICS'09), Michael Backes and Peng Ning
highlight the need of understanding the security issues in the (Eds.). Springer-Verlag, Berlin, Heidelberg, 355-370.
Cloud computing architecture and providing workable [12]. Kazi Z & S.V V. (2017). Security Attacks and Solutions
solutions for them. The discussion has concluded with a in Clouds.
framework for comparing different cloud security approaches. [13]. Hashizume, K., Rosado, D. G., Fernández-Medina, E.,
The general objective of the article is to provide a & Fernandez, E. B. (2013). An analysis of security
comprehensive overview of cloud security now and its issues for cloud computing. Journal of internet services
possibilities for the future. and applications, 4(1), 1-13.
[14]. Sen J, "Security and privacy issues in cloud computing",
REFERENCES Architectures and Protocols for Secure Information
Technology Infrastructures, pp.1- 45, 2013.
[1]. Md. Afroz, Birendra Goswami., “Energy-Efficient [15]. Security and high availability in cloud computing
Green Technology Cloud Computing”, Proceedings of environments in IBM Global Technology Services
2nd International E-Conference in Emerging Trends in Technical White Paper (2011).
Computer Science, Govt. Vijay Bhushan SinghDeo [16]. Tebaa M, El Hajji S, El Ghazi A. Homomorphic
Girls PG College Jashpur Nagar, Jashpur Chhattisgarh, encryption applied to the cloud computing security.
India: pp. 225–228, 2022 InProceedings of the World Congress on Engineering
[2]. Son, Seokho & Jung, Gihun & Jun, Sung. (2013). An 2012 Jul 4 (Vol. 1, pp. 4-6).
SLA-based cloud computing that facilitates resource [17]. Huang JY, Liao IE. A searchable encryption scheme for
allocation in the distributed data centers of a cloud outsourcing cloud storage. InCommunication,
provider. The Journal of Supercomputing. 64. Networks and Satellite (ComNetSat),2012 IEEE
10.1007/s11227-012-0861-z. International Conference on 2012 Jul 12 (pp. 142-146).
[3]. Mell, P., & Grance, T. (2011). The NIST definition of IEEE.
cloud computing.

IJISRT22AUG1287 www.ijisrt.com 1817

Volume 7, Issue 8, August – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[18]. Curino C, Jones E, Popa R, Malviya N, Wu E, Madden [31]. Xiong D., Zou P., Cai J., He J. (2015) A Dynamic Multi-
S, Balakrishnan H, and Zeldovich N. Relational Cloud: domain Access Control Model in Cloud Computing. In:
A Database Service for the Cloud. In CIDR, pages 235– Abawajy J., Mukherjea S., Thampi S., Ruiz-Martínez A.
240, 2011. (eds) Security in Computing and Communications.
[19]. Yu S, Wang C, Ren K, and Lou W. 2010. “Achieving SSCC 2015. Communications in Computer and
Secure, Scalable, and Fine-grained Data Access Control Information Science, vol 536. Springer, Cham
in Cloud Computing” In INFOCOM, 2010 Proceedings [32]. Hwang K, Li D. Trusted cloud computing with secure
IEEE , 1 - 9. San Diego: IEEE. resources and data coloring. IEEE Internet Computing.
[20]. Zhang F, Huang Y, Wang H, Chen H, Zang B: PALM: 2010 Sep;14(5):14-22.
Security Preserving VM Live Migration for Systems [33]. Tian L.Q, Lin C and Ni Y, "Evaluation of user behavior
with VMM-enforced Protection. In Trusted trust in cloud computing," 2010 International
Infrastructure Technologies Conference, 2008. Conference on Computer Application and System
APTC’08, Third Asia-Pacific. Washington, DC, USA: Modeling (ICCASM 2010), Taiyuan, 2010, pp. V7-567-
IEEE Computer Society; 2008:9–18 V7-572.
[21]. Ganapathy V. (2015) Reflections on the Self-service
Cloud Computing Project. In: Jajoda S., Mazumdar C.
(eds) Information Systems Security. ICISS 2015.
Lecture Notes in Computer Science, vol 9478. Springer,
Cham
[22]. Niaz M..S, Saake G, "Merkle hash tree based techniques
for data integrity of outsourced data", GvD, pp. 66-71,
2015
[23]. Wang C, Wang Q, Ren K, Lou W. Privacy-preserving
public auditing for data storage security in cloud
computing. InInfocom, 2010 proceedings ieee 2010
Mar 14 (pp. 1-9). Ieee.
[24]. Wang Q, Wang C, Li J, Ren K, Lou W. Enabling public
verifiability and data dynamics for storage security in
cloud computing. Computer Security–ESORICS 2009.
2009:355-70.
[25]. Erway C, Küpçü A, Papamanthou C, and Tamassia R.
2009. Dynamic provable data possession. In
Proceedings of the 16th ACM conference on Computer
and communications security (CCS '09). ACM, New
York, NY, USA, 213-222.
[26]. Wei J, Zhang X, Ammons G, Bala V, Ning P: Managing
Security of virtual machine images in a Cloud
environment. In Proceedings of the 2009 ACM
workshop on Cloud Computing Security. NY, USA:
ACM New York; 2009:91–96.
[27]. Lombardi F, Pietro R.D, Secure virtualization for cloud
computing, In Journal of Network and Computer
Applications, Volume 34, Issue 4, 2011, Pages 1113-
1122, ISSN 1084-8045.
[28]. Kumar MN, Sujatha P, Kalva V, Nagori R, Katukojwala
AK, Kumar M. Mitigating economic denial of
sustainability (edos) in cloud computing using in-cloud
scrubber service. InComputational Intelligence and
Communication Networks (CICN), 2012 Fourth
International Conference on 2012 Nov 3 (pp. 535-539).
IEEE.
[29]. Prangishvili AR, Shonia OT, Rodonaia IR, Rodonaia
VA. Formal security modeling in autonomic cloud
computing environment. InWSEAS/NAUN
International Conferences, Valencia, Spain 2013.
[30]. Somani G., Johri A., Taneja M., Pyne U., Gaur M.S.,
Sanghi D. (2015) DARAC: DDoS Mitigation Using
DDoS Aware Resource Allocation in Cloud. In: Jajoda
S., Mazumdar C. (eds) Information Systems Security.
ICISS 2015. Lecture Notes in Computer Science, vol
9478. Springer, Cham

IJISRT22AUG1287 www.ijisrt.com 1818