چالش های امنیتی اخیر در محاسبات ابر
Abstract
1- Introduction
2- Security challenges
3- Security challenges faced by the entities in cloud
4- Communication level
5- Computational level
6- Data level challenges
7- Service level agreements (SLA's)
8- Conclusion
References
Abstract
Cloud computing is an archetype that enables access to a shared pool of computing resources for cloud users in an on-demand or pay-per-use, fashion. Cloud computing offers several benefits to users and organizations, in terms of capital expenditure and savings in operational expenditure. Despite the existence of such benefits, there are some obstacles that place restrictions on the usage of cloud computing. Security is a major issue that is always considered. The lack of this vital feature results in the negative impact of the computing archetype thus resulting in personal, ethical, and financial harm. This paper will focus and explore the security challenges that are faced by cloud entities. These entities include Cloud Service Provider, the Data Owner and Cloud User. Focusing on the crypto-cloud that constitutes of different Communication, Computation, and Service Level Agreement. Studying the causes and effects of various cyber attacks it will provide the necessary upgrades.
Introduction
Cloud computing creates a network-based environment vision to the users, which paves way for the sharing of calculations and resources regardless of location. The National Institute of Standards and Technology's (NIST) defines cloud computing [1] as, “A template for providing the suitable and when needed access to the internet, to a collective pool of programmable grids, storage, servers, software, and amenities that can be rapidly emancipated, with little communication and supervision from the provider”. The characteristics of the type of processing are exhibited in Fig. 1 as On-demand self-service, High-performance network access, Rapid Elasticity, Resource Pooling and Measured Service. It also depicts four deployment models namely Hybrid, Community, Private and Public clouds. This is then coupled with the three service models, which are, PAAS (Platform as a Service), IAAS (Infrastructure as a Service), and SAAS (Software as a Service). NIST's cloud computing definition provides the needed framework and common characteristics depicted such as Virtualization, Homogeneity, Geographic Distribution and Service Orientation among others. With all the layers of the cloud service models depicted in Fig. 2, security issues need to be addressed. When the layers are to be compared the high dependence of the browser position's it at the top whereas, the bottom layers are more web services oriented. Overall, a decrease in investment and operational expenses is achieved this is also followed by an increase in efficiency and scalability through the layers The service model deployed can be private, public, hybrid or community cloud as per the user requirements. Organization: The next two sections that follow indicate the security challenges. Sections 4–7 address the security challenges in communication, computational, data level and Service Level Agreement (SLA) level.