SREYAS INSTITUTE OF ENGINEERING AND TECHNOLOGY

(Affiliated to JNTUH, Approved by A.I.C.T.E and Accredited by NAAC, New Delhi)

Bandlaguda, Beside Indu Aranya, Nagole,Hyderabad-500068, Ranga Reddy Dist.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

A Technical Seminar Report

On
SECURITY ISSUES IN
CLOUD COMPUTING
In partial fulfillment of requirements for the degree of

Bachelor of Technology

In

Computer Science and Engineering

Submitted by
Y.SAI SNEHITH (18VE1A05J0)

(2018-2022)

I
 SREYAS INSTITUTE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CERTIFICATE

This is to certify that the Technical Seminar Report on “SECURITY ISSUES IN CLOUD COMPUTING”

submitted by Y.SAI SNEHITH bearing Hall Ticket Number 18VE1A05J0 in partial fulfillment
of the requirements for the award of the degree of Bachelor of Technology in Computer Science
and Engineering from Jawaharlal Nehru Technological University, Kukatpally, Hyderabad for
the academic year 2021-2022 is a record of bonafide work carried out by her under our guidance
and Supervision.

HEAD OF THE DEPARTMENT

DR. ABDUL NABI SHAIK

II
 ACKNOWLEDGEMENT

The successful completion of any task would be incomplete without mention

of the people who made it possible through their guidance and encouragement
crowns all the efforts with success.
A Special vote of Thanks to DR. ABDUL NABI SHAIK (Head of the
Department, CSE) and Mr.K.KRISHNA REDDY (Seminar Co-Ordinator) who
has been a source of Continuous motivation and support. They had taken time and
effort to guide and correct me all through the span of this work.
I owe very much to the Department Faculty, Principal and the Management
who made my term at Sreyas Institute Of Engineering and Technology a Stepping
stone for my career. I treasure every moment I had spent in the college.
Last but not the least, my heartiest gratitude to my parents and friends for their
continuous encouragement and blessings. Without their support this work would not
have been possible.

Y.SAI SNEHITH
(18VE1A05J0)

III
 ABSTRACT
Cloud computing has become one of the most interesting topics in the IT world today.
Cloud model of computing as a resource has changed the landscape of computing as it
promises of increased greater reliability, massive scalability, and decreased costs have
attracted businesses and individuals alike. It adds capabilities to Information Technology’s.
Over the last few years, cloud computing has grown considerably in Information
Technology. As more and more information of individuals and companies are placed in the
cloud, there is a growing concern about the safety of information. Many Companies that
are considered to be giants in software industry like Microsoft are joining to develop Cloud
services [1]. Despite the hype about the cloud, customers are reluctant to deploy their
business in the cloud. Security issues is one of the biggest concerns that has been affecting
the growth of cloud computing. It adds complications with data privacy and data protection
continues to affect the market. Users need to understand the risk of data breaches in the
cloud environment. The paper highlights issues related to cloud computing.

Keywords - Cloud computing, security Issue

IV
 PAGE INDEX

Chapter-1 INTRODUCTION…………………………………………………..7

Chapter-2 LITERATURE SURVEY…………………………………………..9

2.1 CLOUD COMPUTING DEPLOYMENT MODELS………….…9

Chapter-3 SOFTWARE REQUIREMENTS SPECIFICATIONS………….11

3.1 CLOUD COMPUTING SERVICE MODELS…………………...11

Chapter-4 IMPLEMENTATION……………………………………………..12

4.1 THREATS IN CLOUD COMPUTING………………………..….13

Chapter-5 CONCLUSION ……………………………………………………16

Chapter-6 FUTURE SCOPE………………………………………………….17

Chapter-7 REFERENCES…………………………………………………….18

V
 FIGURE INDEX

Fig. No. NAME OF FIGURE Page No.

2.1 Privacy issues 8
2.1.1 Challenges in cloud computing 10
3.1.1 Service models 10
3.1.2 Cloud computing models 11
3.1.3 Security issues in deployment models 12
4.1 Security problems in cloud computing 13
4.1.1 Security attack 14
4.1.2 Data security 14
4.1.3 Cloud security 15
4.1.4 Security levels 16
4.1.5 Hierarchy of cloud computing 17

VI
 CHAPTER – 1

INTRODUCTION
Software Developers describe Cloud in a different way than a System Administrator, while a
Database Administrator may have different definition. Cloud means a wide range of scalable
services that users can access via an Internet connection. Providers like Microsoft, Amazon,
Google and many more provide various cloud-based services for which users can pay on the
basis of service subscription and consumption. Many providers offer a wide range of Cloud
services like Messaging, Social Computing, Storage, CRM, Identity management, Content
Management etc. Cloud computing is dependent on resource sharing. Using these internets
enabled devices, cloud computing permits the function of application software. Cloud computing
is also known as the cloud. Cloud computing serves a wide range of functions over the Internet
like storage. Taking advantage of resource sharing, cloud computing is able to achieve
consistency and economies of scale. Types of cloud computing can be classified on basis of two
models. Cloud computing service models and cloud computing deployment models. It is a file
backup shape. It also allows working on the same document for several jobs of different types.
Cloud computing simplifies usage by allowing overcoming the limitations of traditional
computer. Cloud computing also provides more agility because it allows faster access. These
hosted services are normally separated into three broad categories: Infrastructure-as-a-Service
(IaaS), Platform-as-a Service (PaaS) and Software-as-a-Service (SaaS). A cloud service is used
by clients as and when needed, usually on hourly basis. This pay as you go approach has made
the cloud flexible such that where end user can have services the way they desire at any point of
time and the cloud services is entirely monitored by the provider. There are some of the basic
security threats that have exploited the usage of Cloud Computing. An example of security threat
is botnets, the use of botnets to spread spam and malware. Of the 761 data breaches investigated
in 2010 by the U.S. Secret Service, almost 63% occurred at companies with 100 or fewer
employees. And a 2011 survey by security systems provider Symantec Corp. around 2,000 plus
small and midsize enterprises indicated that close to 73% had been breached by a cyber-attack.
One of the best features of cloud computing is pay-as-you-go model of computing as a resource.
This model of computing has enabled businesses and organizations in need of computing power
to purchase as many resources as they need without the need to put forth a large capital
investment in the IT infrastructure. Other advantages of cloud computing are scalability and
increased flexibility for a relatively constant price. . Cloud is the new trend in the evolution of
7
the distributed systems. The user does not need knowledge or expertise to control the
infrastructure of clouds, it provides abstraction.

CHAPTER – 2
LITERATURE SURVEY
Cloud hosting deployment models are classified by the proprietorship, size and access. It tells about
the nature of the cloud. Most of the organizations are willing to implement cloud since it reduces
the expenditure and controls cost of operation.

Fig2.1 privacy issues

2.1Cloud computing deployment models

Public Cloud
It is a type of cloud hosting in which the cloud services are delivered over a network that is open
for public usage. This model is actually true representation of cloud hosting. In this the cloud
model service provider provides services and infrastructure to various clients. Customers do not
have any control over the location of the infrastructure. There may be very little or no difference
between public and private clouds structural design except the level of security that are offered for
various services given to the public cloud subscribers by the cloud hosting providers. Public cloud
is suited for business which require managing load. Due to the decreasing capital overheads and
operational cost the public cloud model is economical. Dealers may provide the free service or
license policy like pay per user. The cost is shared by all the users in public cloud. It profits the
customers by achieving economies of scale. Public cloud facilities may be available for free an e.g.,
of a public cloud is Google.
8
Private Cloud
It is also known as internal cloud. This platform for cloud computing is implemented on cloud-
based secure environment and it is safeguarded by a firewall which is governed by the IT
department that belongs to a particular corporate. Private cloud permits only the authorized users
and gives the organization greater control over their data. The physical computers may be hosted
internally or externally they provide the resources from a distinct pool to the private cloud services.
Businesses having unanticipated or dynamic needs, assignments which are critical management
demands and uptime requirements are better suited to adopt private cloud. In private cloud there is
no need for additional security regulations and bandwidth limitations that can be present in a public
cloud environment. Clients and Cloud providers have control of the infrastructure and improved
security, since user’s access and the networks used are restricted. One of the best examples is
Eucalyptus Systems [4].

Hybrid Cloud
It is a type of cloud computing, which is integrated. It could constitute an arrangement of two or
more cloud servers, i.e., either of the combination of private, public or community cloud that is
bound together but remain individual entities. Hybrid clouds are capable of crossing isolation and
overcoming boundaries by the provider; therefore, it cannot be simply categorized into public,
private or community cloud. It allows the user to increase the capacity as well as the capability by
assimilation, aggregation and customization with another cloud package / service. In a hybrid cloud,
the resources are managed either in-house or by external providers. It is an adaptation between two
platforms in which the workload exchanges between the private cloud and the public cloud as per
the needs and demand of organization. Resources which are non-critical like development and test
workloads can be housed in the public cloud that belongs to a third-party provider. While the
workloads that are critical or sensitive should be housed internally. Organizations may use the
hybrid cloud model for processing big data. Hybrid cloud hosting has features like scalability,
flexibility and security.

Community Cloud
It is a type of cloud hosting in which the setup is mutually shared between a lot of organizations
which belong to a particular community like banks and trading firms. It is a multi-tenant setup that
is shared among many organizations that belong to a group which has similar computing
apprehensions. Theses community members usually share similar performance and security
9
concerns. The main intention of the communities is to achieve business related objectives.
Community cloud can be managed internally or can be managed by third party providers and
hosted externally or internally. The cost is shared by specific organizations within the community;
therefore, community cloud has cost saving capacity. Organizations have realized that cloud
hosting has a lot of potential. To be the best one must select the right type of cloud hosting
Therefore, one need to know the business and analyze his/her demands. Once the appropriate type
of cloud hosting is selected, one can achieve business related goals easily.

Fig2.1.1 challenges in cloud computing

CHAPTER – 3
SOFTWARE REQUIREMENTS SPECIFICATIONS

3.1: Cloud computing service models

Fig.3.1.1 Service models

10
 Fig3.1.2 cloud computing models

Software as a Service (SaaS)

Software as a Service (SaaS) is growing rapidly. SaaS makes uses the web to provide applications
which are managed by a third-party vendor and whose interface is accessed on the client side. SaaS
applications can be run from a web browser without the need to download or installation, but these
require plugins. The cloud provider provides the consumer with the ability to deploy an application
on a cloud infrastructure Because of this web delivery model SaaS removes the need to install and
run applications on individual computers. In this model it is easy for enterprises to improve their
maintenance and support, because everything can be managed by vendors: applications, runtime,
data, middleware, OS, virtualization, servers, storage and networking.
Popular SaaS services include email and collaboration, healthcare-related application. SaaS
providers usually offer browser-based interfaces. APIs are also normally made available for
developers. The key benefit of SaaS is that it requires no advance investment in servers or licensing
of software. The application developer, have to maintain one application for multiple clients.

Infrastructure as a Service (IaaS)

Infrastructure as a Service, are used for monitoring, and managing remote datacentre infrastructures,
such as compute (virtualized or bare metal), storage, Users can purchase IaaS based on
consumption, similar to other utility billing. IaaS users have the responsibility to be in charge
applications, data, runtime and middleware. Providers can still manage virtualization, servers,
storage, and networking. IaaS providers offer databases, messaging queues, and other services
above the virtualization layer as well.

11
Platform as a Service (PaaS)
Platform as a service (PaaS) is a kind of cloud computing services that provides a platform that
allows customers to develop, run, and manage applications without the problem of building and
maintaining the infrastructure. One need not be bothered about lower-level elements of
Infrastructure, Network Topology, Security all this is done for you by the Cloud Service Provider.
With this technology, third-party providers can manage OS, virtualization, and the PaaS software
itself. Developers manage the applications. Applications using PaaS inherit cloud characteristic
such as scalability, multi-tenancy, SaaS enablement, high availability and more. Enterprises benefit
from this model because it reduces the amount of coding, automates business policy, and help in
migrating applications to hybrid model.

Fig3.1.3 security issues in deployment models

CHAPTER – 4
IMPLEMENTATION
Cloud service models not only provide different types of services to users but they also
reveal information which adds to security issues and risks of cloud computing systems. IaaS which
is located in the bottom layer, which directly provides the most powerful functionality of an entire
cloud. IaaS also enables hackers to perform attacks, e.g., brute-forcing cracking, that need high
computing power. Multiple virtual machines are supported by IaaS, gives an ideal platform for
hackers to launch attacks that require a large number of attacking instances. Loss of data is another
security risk of cloud models.

12
 Fig4.1 Security problems in cc
Data in cloud models can be easily accessed by unauthorized internal employees, as well as
external hackers. The internal employees can easily access data intentionally or accidently.
External hackers may gain access to databases in such environments using hacking techniques like
session hijacking and network channel eavesdropping. Virus and Trojan can be uploaded to cloud
systems and can cause damage. It is important to identify the possible cloud threats in order to
implement a system which has better security mechanisms to protect cloud computing
environments.

4.1Threats in cloud computing

Compromised credentials and broken authentication

Organizations/companies at times struggle with identity management as they try to grant
permissions appropriate to the user’s job role. They sometimes forget to remove user access when a
job function changes or a user leaves the organization. The Anthem breach exposed more than 80
million customer records, was the result of stolen user credentials. Anthem had failed to deploy
multifactor authentication, so when the attackers obtained the credentials, it was all over. Many
developers have made the mistake of embedding credentials and cryptographic keys in source code
and have them in public-facing repositories.

13
 Fig4.1.1 security attack

Data breaches
Cloud environments face many of the same threats as traditional corporate networks, but since a
large amount of data is stored on cloud servers, providers have become an attractive target. The
severity of the damage tends to depend on the sensitivity of the data that is exposed. Personal
financial information grabs the headlines, but breaches involving government information, trade
secrets can be more devastating. When a data breach takes place, a company may be subjected to
legal action. Breach investigations and customer notifications can rack up significant costs. Indirect
effects may include brand damage and loss of business can impact organizations future for years.

Fig4.1.2 data security

Hacked interfaces and APIs

Today every cloud service and application now offer APIs. IT teams use these interfaces and APIs
to manage and interact with cloud services, including those that offer cloud provisioning,
management and monitoring. The security and availability of cloud services depend on the security
of the API. Risk is increased with third parties who rely on APIs and build on these interfaces, as
organizations may need to expose more services and credentials. APIs and Weak interfaces may
expose organizations to security related issues such as confidentiality, accountability, availability
14
APIs and interfaces are the very much exposed part of the system because they can be accessed
from open.

Exploited system vulnerabilities

Vulnerabilities in system, exploitable bugs in programs have become a bigger problem with
the advent of multitenancy in cloud computing. Organizations share memory, databases and
resources in close proximity to one another, creating new attack surfaces. The costs of mitigating
system vulnerabilities are relatively small compared to other IT expenditures. The expense of
putting IT processes in place to find and repair vulnerabilities is small when compared to the
potential damage.

Fig4.1.3 cloud security

Account hijacking
Phishing, fraud, and software exploits are highly prevalent today, and cloud services add a new
dimension to the threat because attackers can eavesdrop on activities, manipulate transactions, and
modify data. Attackers may be able to use the cloud application to launch other attacks.
Organizations must prohibit sharing of account credentials between users and services and must
enable multifactor authentication schemes where available. Accounts, must be monitored so that
every transaction should be traced to a human owner. The key is to protect account credentials from
being stolen.

Permanent data loss

Hackers have in the past have permanently deleted data from cloud to cause harm businesses and
cloud data centres are as vulnerable to natural disasters as any facility. Cloud providers may
recommend distributing applications and data across multiple zones for better protection. Adequate
data backup measures and disaster recovery are very important. Daily data backup and off-site
storage are very important with use of cloud environments. The burden of preventing data loss is
15
not only of cloud service provider, but also of data provider. A customer may encrypt data before
uploading it on the cloud, then that customer has to be careful to protect the encryption key. If the
key is lost then the data will also be lost. Compliance policies many a times specify how long
organizations must retain records of audit and other documents. Losing such sensitive data may
have serious consequences.

Inadequate diligence
Organizations accepting cloud computing without having complete understanding of the
environment and risks associated with it may encounter a great number of commercial, financial,
technical, legal, and compliance risks. Diligence is needed whether the organization is trying to
migrate to the cloud or merging with another company in the cloud. For example, organizations
that fail to examine a contract may not be aware of the provider’s liability in case of data loss or
breach. Operational and architectural issues could arise if an organization development team isn’t
familiar with cloud technologies as apps are deployed to a particular cloud. An organization should
do adequate research before moving to cloud computing because of the risk associated with it .

Cloud service abuses

Cloud services may be used to support activities like using cloud computing resources to break an
encryption key in order to launch an attack. Examples of these attacks include launching DDoS
attacks, sending spam and phishing emails. Providers need to recognize kind of abuse to recognize
DDoS attacks and offer tools for customers to monitor the health of their cloud environments.
Customers should make sure that providers offer them a mechanism for reporting abuse. Even
though customers may not be direct prey for malicious actions, cloud service abuse can still result
in unavailability of service and data loss.

Fig4.1.4 security levels

16
DoS attacks
DoS attacks have been around for a long time and have gained prominence again thanks to cloud
computing because they often affect availability. Systems may run slow or simply time out. These
DoS attacks consume large amounts of processing power, a bill the customer may ultimately have
to pay. High-volume DDoS attacks are very common, but organizations should also be aware of
asymmetric and application-level DoS attacks, which target Web server and database
vulnerabilities. Cloud providers are better poised to handle DoS attacks than their customers. The
key here is to have a plan to mitigate the attack before it occurs, so administrators have access to
those resources when they need them.
The table below shows represents the schematic diagram showing the hierarchy other cloud
computing with security challenges on both the cloud computing models: Deployment and Service
models

Fig.4.1.5 Hierarchy of cloud computing

CHAPTER – 5
CONCLUSION

Cloud Computing is a new concept that presents quite a number of benefits for its users. But it also
raises some security problems which may affect its usage. Understanding about the vulnerabilities
existing in Cloud Computing will help organizations to make the shift towards using the Cloud.
17
Since Cloud Computing leverages many technologies and it also inherits their security issues.
Traditional web applications, virtualizations have been looked over but some of the solutions
offered by cloud are immature or inexistent. We have presented security issues for cloud models:
IaaS, PaaS, and IaaS, which differ depending on the model. As described in this paper, storage and
networks are the biggest security concerns in Cloud Computing. Virtualization that allows multiple
users to share a physical server is a major concern for cloud users. Virtual networks are target for
some attacks. We have focused on this distinction, where we consider important to understand
these issues. Another core element of cloud computing is multitenancy.

CHAPTER – 6
FUTURE SCOPE

 In short, the cloud of the future is going to be a digital fortress, more robust and resilient
than ever. Cloud security will be more intelligent, more automated, and more discerning,
driven by advances in AI, machine learning, quantum computing, and other transformative
technologies.
 Cloud Security's future encompasses many high-end advancements and capabilities using
modern technologies such as IoT (Internet of Things) and AI (Artificial Intelligence). Small
and medium-sized businesses are likely to combine cloud services from different service
providers, which will change the way we do the job. Expanding cloud adoption by almost
all types of companies will improve smart workflows and reduce dependency on foreigners.
 One thing is for sure: Cloud adoption will increase day by day to offer benefits to both
businesses and consumers. Technologies will improve faster and they would also need the
cloud to manage and simplify their work.

 There will probably be more integration into real technologies like modes of transportation,
smart elevators, restaurant automation, autonomous cars, etc. Cloud computing will be
necessary for every type of job and professional requirement.

18
 CHAPTER – 7
REFERENCES

 Mohamed Magdy Mosbah, “Current

 Services in Cloud Computing: A Survey,” International Journal of Computer
Science, Engineering and Information Technology
 (IJCSEIT), Vol.3, No.5, October 2013
 Armbrust, M. et. al., (2009), “Above the clouds: A Berkeley view of Cloud
Computing”, UC Berkeley EECS, Feb 2010.

 Lizhe Wang, Jie Tao, Kunze M., Castellanos A.C., Kramer D., Karl W.,
 “Scientific Cloud Computing: Early Definition and Experience,” 10th IEEE Int.
 Conference on High Performance
 Computing and Communications, pp. 825830, Dalian, China, Sep. 2008, ISBN:
9780-7695-3352-0.
 B. R. Kandukuri, R. Paturi V, A. Rakshit, “Cloud Security Issues”, In Proceedings of
IEEE International Conference on Services
 Computing, pp. 517-520, 2009
 National Institute of Standards and Technology, NIST Definition of Cloud
Computing, Sept 2011.
 Jamil and H. Zaki, “Security Issues in
 Cloud Computing and Countermeasures,”
 International
 Journal of Engineering Science and Technology, Vol. 3 No. 4, pp. 2672-2676, April
2011
 http://www.infoworld.com/article/3041078
 Rittinghouse JW, Ransome JF: Security in the Cloud. In Cloud Computing.
Implementation, Management, and
 Security, CRC Press; 2009.
 Garfinkel T, Rosenblum M: When virtual is harder than real: Security challenges in
virtual machine-based computing environments. In Proceedings of the 10th
conference on Hot Topics in Operating Systems, Santa Fe, NM. volume 10. CA,
USA: USENIX Association Berkeley; 2005:227–229.
19
 Morsy MA, Grundy J, Müller I: An analysis of the Cloud Computing Security
problem. In Proceedings of APSEC 2010 Cloud Workshop. Sydney, Australia:
 APSEC; 2010.
 Farzad Sabahi, “Cloud Computing Security Threats and Responses”, 978-1-61284-
486-
 2, IEEE, 2011, pp: 245 – 249.
 Intel IT Centre, “Preparing your Virtualized
 Data Centre for the Cloud”, pp: 1 – 20
 Rajnish Choubey, Rajshree Dubey, Joy Bhattacharjee, “A Survey on Cloud
Computing Security”.

20