Database as a Service (DaaS): Issues & Challenges
Content
International Journal of Computer Science and Management Research
eETECME October 2013 ISSN 2278-733X
Database as a Service (DaaS): Issues and Challenges
Prof. Pawan Katgaonkar. System Analyst Government Polytechnic, Amratwati [email protected] Mr.Vishnu Maske Mechanic Computer Hardware Government ITI,Mumbai. [email protected] Prof.Shyam Gupta Computer Department Siddhant college of Enineering,Pune [email protected]
Abstract— Abstract— info as a service has many major problems and issues, like information security, trust, expectations, rules, and performance problems. projected solutions embody risk management, higher written agreement agreements, info encoding, and believability techniques. info as a service (DaaS) could be a prime example of a service that’s each exciting and filled with tough security problems. this text considers info cloud computing problems and challenges and overcome from it once use as a technology in planet Keywords— Database, cloud, security, attack.
I. A.
INTRODUCTION
.Defining Cloud Computing:
The European Network and data Security Agency (ENISA) defines cloud computing as “an on demand service model for IT provision, usually supported virtualization and distributed computing technologies.” [1] It says that cloud computing architectures have extremely abstracted resources, near-instant quantifiability and suppleness, nearly instant provisioning, shared resources, service on demand, and programmatic management. B. what's info as a Service? The service supplier picks the management computer code and installs, runs, and manages it. DBMSs area unit custom applications the service supplier has developed.DaaS is especially well matched to several small- to medium-sized businesses that suppose information bases however realize their installation and maintenance prices restrictive relative databases are in serious use for many years as a result of they supply constraints and management and alter the management of huge amounts of connected data. C. design of info Cloud:
Fig.1 design DaaS [9]
Pawan Katgaonkar et.al.
106
www.ijcsmr.org
International Journal of Computer Science and Management Research
II. 2. EASE OF USE
eETECME October 2013 ISSN 2278-733X
PROBLEMS AND CHALLENGES IN DaaS
2.1 Outsourcing: Outsourcing brings down each cost (CapEx) and operational expenditure for cloud customers. However, outsourcing additionally means customers physically lose management on their information or tasks. The loss of management drawback has become one among the foundation causes of cloud insecurity. to handle outsourcing security problems, first, the cloud supplier shall be trustworthy by providing trust and secure computing and information storage; second, outsourced information and computation shall be verifiable to customers in terms of confidentiality, integrity, and different security services. additionally, outsourcing can probably incur privacy violations, as a result of the actual fact that sensitive/classified information is out of the owners’ management. Multi-tenancy: Multi-tenancy means the cloud platform is shared and used by multiple customers. Moreover, during a virtualized atmosphere, information happiness to completely different customers is also placed on a similar physical machine by bound resource allocation policy. Adversaries WHO might also be legitimate cloud customers could exploit the co-residence issue. A series of security problems like information breach [3], [4], [5], computation breach [5], flooding attack [6], etc., area unit incurred. though Multi-tenancy could be a definite alternative of cloud venders as a result of its economic potency, it provides new vulnerabilities to the cloud platform. while not ever-changing the multi-tenancy paradigm, it\'s imperative to style new security mechanisms to subsume the potential risks. 2.2 Massive information and intense computation: Cloud computing is capable of handling mass information storage and intense computing tasks. Therefore, ancient security mechanisms might not satisfy as a result of intolerable computation or communication overhead. as an example, to verify the integrity of information that\'s remotely keep, it\'s impractical to hash the complete information set. to the current finish, new ways and protocols area unit expected [2]. 2.3 Common purpose of failure - whereas not dissimilar to different existing shared points of failure (SAN, network, etc), the failure of the shared instance would have an effect on all dependent applications. 2.4 Failure to adopt - whereas a shared atmosphere offers variety of needed options, some easy conditions can have to be compelled to be met that application house owners would possibly see as a barrier. as an example, associate degree application owner would possibly decide they require management over the precise hardware wont to host their application. 2.5 Failure to recover prices - The thrust of this resolution will involve mercantilism several easy implementations with one implementation. This single
implementation can essentially embody some higher licensing prices and demand a high caliber of support. while not careful management, this value structure might outweigh the advantages. 2.6 Query improvement in encrypted databases. New techniques changes the method we have a tendency to method queries over encrypted databases. Thus, improvement of those reformulated queries must be rigorously studied. The improvement method ought to make sure that the users of the system, the purchasers, will take full advantage of the capabilities secure by DAS model. 2.7 Integrity of the info in encrypted databases. Once encryption is chosen as an answer to information privacy drawback, there area unit different problems during this context. one among the foremost necessary of these is guaranteeing the integrity of the users\' information. As a results of each malicious and non-malicious causes the integrity of the info is also compromised. once this happens, the consumer doesn't have any mechanism to find the integrity of the initial information. Therefore, new techniques ought to be developed to supply purchasers mechanisms to examine the integrity of their information hosted at the service supplier facet. 2.8 Key management problems in encrypted databases. Another issue to handle within the context of encrypted databases is essential management. All encoding techniques suppose secure and economical key management architectures. DAS model puts further complexness on key management architectures. Generation, registration, storage, and update of encoding keys area unit essential functions that ought to be handled with efficiency in DAS model. 3. REMOTE ATTESTATION
One use for associate degree RTM is remote attestation, that permits challenges to verify a distant system’s integrity just by inquiring for the values of a number of its PCRs. The remote attestation method for a difficult pc (bottom) attesting a server (top). Before the method starts, the server needs its TPM to make associate degree attestation identity key (AIK) try (step zero.1), obtains the general public key, so registers this key during a certification authority (CA) that problems a signed certificate (0.2). The remote attestation method formally starts with the difficult pc asking the CA for the certificate (1) so asking the server for attestation—that is, for the values of a collection of PCRs (2). The server obtains these PCR values signed with the AIK (3) from the TPM and sends them to the difficult pc (4). Finally, the difficult pc verifies the signature, that solely the TPM will create, and determines whether or not the PCR values correspond to a trustworthy configuration (5). However, remote attestation suffers from a serious problem: though a rival would possibly contemplate a computer code module as trustworthy however this doesn\'t mean that it\'s
Pawan Katgaonkar et.al.
107
www.ijcsmr.org
International Journal of Computer Science and Management Research
trustworthy. The module may well be troubled with bufferoverflow associate degreed command injection vulnerabilities that will let an wrongdoer subvert its operation. the amount of vulnerabilities in computer code is believed to be proportional to its size, therefore reducing the authenticated code size is a crucial goal. a lot of exactly, attestation ought to be done solely on security-critical computer code, the trustworthy Computing Base.4 this can be a tangle for SRTMs especially as a result of the entire software package kernel should be trustworthy for trust to be place in modules loaded later within the system. With a DRTM, it\'s potential to attest smaller modules. 3.1 Root of trust for measuring: Systems usually use the TPM and PCRs to supply a root of trust for measurement (RTM). the target is to allow reliable measurements for assessing whether or not the system is during a trustworthy state that\'s, to verify its integrity. These measurements area unit science hashes of bound code modules, like the master boot record. once a system like a server activates the PCRs area unit set to zero. within the boot method, many modules run in serially, all beginning following one - 1st the BIOS, then the MBR, the kernel, and so on. to make the foundation of trust, every module calculates and stores in one PCR the hash of following module. The BIOS provides a static RTM (SRTM) within the sense that it\'s trustworthy to supply the TPM with the proper hash of the primary module it executes. This method creates a collection of hashes within the TPM that the part will offer to challengers—processes in different computers charged with corroboratory whether or not the system is during a trustworthy state, which means the system is running an exact version of the MBR characterised by having an exact hash, an exact version of the kernel, and so on. As conferred, this method includes a serious vulnerability: when booting a configuration (MBR, kernel) that challengers don\'t contemplate trustworthy , the system modifies a number of the PCRs within the TPM to hashes that the challengers trust; this may trick the challengers into basic cognitive process that the configuration is that the one the hashes represent, once this can be not the case. To avoid this, the TPM doesn\'t have associate degree operation to jot down a worth into a PCR, solely to increase a PCR. So, rather than storing the hash provided by no matter calls the TPM during a PCR, the extension operation stores a hash of the PCR’s previous price concatenated with the input hash. as a result of the collision resistance property, it\'s not possible to increase a PCR so its state becomes a trustworthy hash. this implies that the TPM style itself avoids this vulnerability. The SRTM needs the BIOS to be trustworthy , that can be problematic as a result of it\'s potential to vary BIOS content. The notion of dynamic RTM (DRTM), that was created potential by AMD’s Secure Virtual Machine (SVM) and Intel’s trustworthy Execution Technology extensions to the x86 design, removes this limitation.4 the most distinction between SRTM and DRTM is that the latter allows the system to begin protected code at any time, not simply at boot time. For this to be potential, the extensions offer directions to place
eETECME October 2013 ISSN 2278-733X
the central processing unit during a clean state, such as a restart, however from that it\'s potential to come to traditional operation. This clean state represents a brand new root of trust. 4. CLOUD CONFIDENTIALITY
There are enough privacy violations outside the realm of cloud computing for there to be concern regarding any system—cloud-based or traditional—when storing, process or transmittal sensitive data. The cloud has its own examples also. In 2010, many cloud privacy data exposures occurred with variety of cloud-based services, as well as Facebook, Twitter and Google. Privacy issues inside the cloud model aren’t new. As a tenant with legal privacy obligations, your handling of privacy problems isn\'t any completely different if you employ the cloud. even as you wouldn’t store such data on a server while not adequate controls, you wouldn’t choose any cloud supplier while not corroboratory it meets a similar benchmarks for the way it protects information at rest, in transmission or whereas process. Storing and moving information on-line presents the chance for sneakily examining somebody else’s secrets. 5. CLOUD INTEGRITY:
There area unit completely different threat with the cloud computing area unit • Data loss/manipulation. • Dishonest computations in remote servers • Defense ways 6. CLOUD CONVENIENCE
Access Control: termination security and network access management area unit very necessary in today\'s world, wherever digital data is shared perpetually. To protect data from threats like virus attacks or unauthorized access, management measures like termination security have to be compelled to be place in situ. As opposition older ways of access management like firewalls and antivirus software’s, termination security is associate degree access management possibility that assumes every device is accountable for its own protection. termination security additionally ensures secure remote access and it doesn\'t matter whether or not the device in question is making an attempt to access information from inside the network or from while not - authorization from the termination security system can continually be needed before the it\'s granted network. access.[8]. 6.1 Trustworthy Service Metering: There area unit dierent tools, that facilitate cloud staff managing cloud infrastructure. These cowl virtual resource management, physical resource management, network management, cluster management, etc. Factors poignant on the Trustworthy Service Metering area unit
Pawan Katgaonkar et.al.
108
www.ijcsmr.org
International Journal of Computer Science and Management Research
1. 2. 3. 4. User Properties (Dynamic Properties) Infrastructure Properties (Static Properties) Infrastructure Policy Changes and Events
[6]
eETECME October 2013 ISSN 2278-733X
[7]
6.2 Assured Deletion of information base: Data files area unit for good inaccessible upon requests of deletion. Keeping information backups for good is undesirable, as sensitive data is also exposed within the future owing to information breach or incorrect management of cloud operators. Thus, to avoid liabilities, enterprises and government agencies sometimes keep their backups for a finite range of years and request to delete (or destroy) the backups after. as an example, the general assembly is formulating the net information Retention legislation in asking ISPs to retain information for two years, whereas in uk, firms area unit needed to retain wages and pay records for 6 years. Assured deletion aims to supply cloud purchasers associate degree possibility of dependably destroying their information backups upon requests. On the opposite hand, cloud suppliers could replicate multiple copies of information over the cloud infrastructure for fault-tolerance reasons. Since cloud suppliers don\'t publicize their replication policies, cloud purchasers don\'t skills several copies of their information area unit on the cloud, or wherever these copies area unit set. it\'s unclear whether or not cloud suppliers will dependably take away all replicated copies once cloud purchasers issue requests of deletion for his or her outsourced information. CONCLUSION : Throughout this paper, the authors have consistently studied the safety associate degreed privacy problems in cloud computing supported an attribute-driven methodology, we\'ve got known the foremost representative security/privacy attributes (e.g., confidentiality, integrity, convenience, answerability, and privacy), also as discussing the vulnerabilities, which can be exploited by adversaries so as to perform numerous attacks. we have a tendency to believe this review can facilitate form the longer term analysis directions within the areas of cloud security and privacy and to extra service the loops within the securities within the next paper we have a tendency to discuss. REFERENCES
[1] “Cloud Computing: Benefits, Risks, and Recommendations for information Security,” European Network and Information Security Agency, Nov. 2009; www.enisa. europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/ at_download/fullReport. Zhifeng Xiao and Yang Xiao, Senior “Security and Privacy in Cloud Computing” 2012 IEEE,pp 2-3. Google Docs experianced data breach during march 2009 http://blogs. wsj.com/digits/2009/03/08/1214 [5] T.Ristenpart F.Tomer,H.Shacham,and S.Savage,” Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” Proc. 16th ACM conference on Computer and communications security, 2009, pp. 199-212.[17] N. Santos, K.P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” Proc. 2009 conference on Hot topics in cloud computing, 2009[29].
[8] [9]
C. Dovrolis, P. Ramanathan, and D. Moore, “What do packet dispersion techniques measure?” In Proc. IEEE INFOCOM (2001), pp. 905914[26]. M. Jensen, J. Schwenk, N. Gruschka, and L.L. Iacono, “On technical security issues in cloud computing,” Cloud Computing, 2009.CLOUD’09. IEEE International Conference on, 2009, pp. 109 116[34 http://www.cryptzone.com/security/appgate-security-server.aspx. http://cloudcomputing.sys-con.com/node/1985543.
[2] [3] [4]
[5]
Pawan Katgaonkar et.al.
109
www.ijcsmr.org
eETECME October 2013 ISSN 2278-733X
Database as a Service (DaaS): Issues and Challenges
Prof. Pawan Katgaonkar. System Analyst Government Polytechnic, Amratwati [email protected] Mr.Vishnu Maske Mechanic Computer Hardware Government ITI,Mumbai. [email protected] Prof.Shyam Gupta Computer Department Siddhant college of Enineering,Pune [email protected]
Abstract— Abstract— info as a service has many major problems and issues, like information security, trust, expectations, rules, and performance problems. projected solutions embody risk management, higher written agreement agreements, info encoding, and believability techniques. info as a service (DaaS) could be a prime example of a service that’s each exciting and filled with tough security problems. this text considers info cloud computing problems and challenges and overcome from it once use as a technology in planet Keywords— Database, cloud, security, attack.
I. A.
INTRODUCTION
.Defining Cloud Computing:
The European Network and data Security Agency (ENISA) defines cloud computing as “an on demand service model for IT provision, usually supported virtualization and distributed computing technologies.” [1] It says that cloud computing architectures have extremely abstracted resources, near-instant quantifiability and suppleness, nearly instant provisioning, shared resources, service on demand, and programmatic management. B. what's info as a Service? The service supplier picks the management computer code and installs, runs, and manages it. DBMSs area unit custom applications the service supplier has developed.DaaS is especially well matched to several small- to medium-sized businesses that suppose information bases however realize their installation and maintenance prices restrictive relative databases are in serious use for many years as a result of they supply constraints and management and alter the management of huge amounts of connected data. C. design of info Cloud:
Fig.1 design DaaS [9]
Pawan Katgaonkar et.al.
106
www.ijcsmr.org
International Journal of Computer Science and Management Research
II. 2. EASE OF USE
eETECME October 2013 ISSN 2278-733X
PROBLEMS AND CHALLENGES IN DaaS
2.1 Outsourcing: Outsourcing brings down each cost (CapEx) and operational expenditure for cloud customers. However, outsourcing additionally means customers physically lose management on their information or tasks. The loss of management drawback has become one among the foundation causes of cloud insecurity. to handle outsourcing security problems, first, the cloud supplier shall be trustworthy by providing trust and secure computing and information storage; second, outsourced information and computation shall be verifiable to customers in terms of confidentiality, integrity, and different security services. additionally, outsourcing can probably incur privacy violations, as a result of the actual fact that sensitive/classified information is out of the owners’ management. Multi-tenancy: Multi-tenancy means the cloud platform is shared and used by multiple customers. Moreover, during a virtualized atmosphere, information happiness to completely different customers is also placed on a similar physical machine by bound resource allocation policy. Adversaries WHO might also be legitimate cloud customers could exploit the co-residence issue. A series of security problems like information breach [3], [4], [5], computation breach [5], flooding attack [6], etc., area unit incurred. though Multi-tenancy could be a definite alternative of cloud venders as a result of its economic potency, it provides new vulnerabilities to the cloud platform. while not ever-changing the multi-tenancy paradigm, it\'s imperative to style new security mechanisms to subsume the potential risks. 2.2 Massive information and intense computation: Cloud computing is capable of handling mass information storage and intense computing tasks. Therefore, ancient security mechanisms might not satisfy as a result of intolerable computation or communication overhead. as an example, to verify the integrity of information that\'s remotely keep, it\'s impractical to hash the complete information set. to the current finish, new ways and protocols area unit expected [2]. 2.3 Common purpose of failure - whereas not dissimilar to different existing shared points of failure (SAN, network, etc), the failure of the shared instance would have an effect on all dependent applications. 2.4 Failure to adopt - whereas a shared atmosphere offers variety of needed options, some easy conditions can have to be compelled to be met that application house owners would possibly see as a barrier. as an example, associate degree application owner would possibly decide they require management over the precise hardware wont to host their application. 2.5 Failure to recover prices - The thrust of this resolution will involve mercantilism several easy implementations with one implementation. This single
implementation can essentially embody some higher licensing prices and demand a high caliber of support. while not careful management, this value structure might outweigh the advantages. 2.6 Query improvement in encrypted databases. New techniques changes the method we have a tendency to method queries over encrypted databases. Thus, improvement of those reformulated queries must be rigorously studied. The improvement method ought to make sure that the users of the system, the purchasers, will take full advantage of the capabilities secure by DAS model. 2.7 Integrity of the info in encrypted databases. Once encryption is chosen as an answer to information privacy drawback, there area unit different problems during this context. one among the foremost necessary of these is guaranteeing the integrity of the users\' information. As a results of each malicious and non-malicious causes the integrity of the info is also compromised. once this happens, the consumer doesn't have any mechanism to find the integrity of the initial information. Therefore, new techniques ought to be developed to supply purchasers mechanisms to examine the integrity of their information hosted at the service supplier facet. 2.8 Key management problems in encrypted databases. Another issue to handle within the context of encrypted databases is essential management. All encoding techniques suppose secure and economical key management architectures. DAS model puts further complexness on key management architectures. Generation, registration, storage, and update of encoding keys area unit essential functions that ought to be handled with efficiency in DAS model. 3. REMOTE ATTESTATION
One use for associate degree RTM is remote attestation, that permits challenges to verify a distant system’s integrity just by inquiring for the values of a number of its PCRs. The remote attestation method for a difficult pc (bottom) attesting a server (top). Before the method starts, the server needs its TPM to make associate degree attestation identity key (AIK) try (step zero.1), obtains the general public key, so registers this key during a certification authority (CA) that problems a signed certificate (0.2). The remote attestation method formally starts with the difficult pc asking the CA for the certificate (1) so asking the server for attestation—that is, for the values of a collection of PCRs (2). The server obtains these PCR values signed with the AIK (3) from the TPM and sends them to the difficult pc (4). Finally, the difficult pc verifies the signature, that solely the TPM will create, and determines whether or not the PCR values correspond to a trustworthy configuration (5). However, remote attestation suffers from a serious problem: though a rival would possibly contemplate a computer code module as trustworthy however this doesn\'t mean that it\'s
Pawan Katgaonkar et.al.
107
www.ijcsmr.org
International Journal of Computer Science and Management Research
trustworthy. The module may well be troubled with bufferoverflow associate degreed command injection vulnerabilities that will let an wrongdoer subvert its operation. the amount of vulnerabilities in computer code is believed to be proportional to its size, therefore reducing the authenticated code size is a crucial goal. a lot of exactly, attestation ought to be done solely on security-critical computer code, the trustworthy Computing Base.4 this can be a tangle for SRTMs especially as a result of the entire software package kernel should be trustworthy for trust to be place in modules loaded later within the system. With a DRTM, it\'s potential to attest smaller modules. 3.1 Root of trust for measuring: Systems usually use the TPM and PCRs to supply a root of trust for measurement (RTM). the target is to allow reliable measurements for assessing whether or not the system is during a trustworthy state that\'s, to verify its integrity. These measurements area unit science hashes of bound code modules, like the master boot record. once a system like a server activates the PCRs area unit set to zero. within the boot method, many modules run in serially, all beginning following one - 1st the BIOS, then the MBR, the kernel, and so on. to make the foundation of trust, every module calculates and stores in one PCR the hash of following module. The BIOS provides a static RTM (SRTM) within the sense that it\'s trustworthy to supply the TPM with the proper hash of the primary module it executes. This method creates a collection of hashes within the TPM that the part will offer to challengers—processes in different computers charged with corroboratory whether or not the system is during a trustworthy state, which means the system is running an exact version of the MBR characterised by having an exact hash, an exact version of the kernel, and so on. As conferred, this method includes a serious vulnerability: when booting a configuration (MBR, kernel) that challengers don\'t contemplate trustworthy , the system modifies a number of the PCRs within the TPM to hashes that the challengers trust; this may trick the challengers into basic cognitive process that the configuration is that the one the hashes represent, once this can be not the case. To avoid this, the TPM doesn\'t have associate degree operation to jot down a worth into a PCR, solely to increase a PCR. So, rather than storing the hash provided by no matter calls the TPM during a PCR, the extension operation stores a hash of the PCR’s previous price concatenated with the input hash. as a result of the collision resistance property, it\'s not possible to increase a PCR so its state becomes a trustworthy hash. this implies that the TPM style itself avoids this vulnerability. The SRTM needs the BIOS to be trustworthy , that can be problematic as a result of it\'s potential to vary BIOS content. The notion of dynamic RTM (DRTM), that was created potential by AMD’s Secure Virtual Machine (SVM) and Intel’s trustworthy Execution Technology extensions to the x86 design, removes this limitation.4 the most distinction between SRTM and DRTM is that the latter allows the system to begin protected code at any time, not simply at boot time. For this to be potential, the extensions offer directions to place
eETECME October 2013 ISSN 2278-733X
the central processing unit during a clean state, such as a restart, however from that it\'s potential to come to traditional operation. This clean state represents a brand new root of trust. 4. CLOUD CONFIDENTIALITY
There are enough privacy violations outside the realm of cloud computing for there to be concern regarding any system—cloud-based or traditional—when storing, process or transmittal sensitive data. The cloud has its own examples also. In 2010, many cloud privacy data exposures occurred with variety of cloud-based services, as well as Facebook, Twitter and Google. Privacy issues inside the cloud model aren’t new. As a tenant with legal privacy obligations, your handling of privacy problems isn\'t any completely different if you employ the cloud. even as you wouldn’t store such data on a server while not adequate controls, you wouldn’t choose any cloud supplier while not corroboratory it meets a similar benchmarks for the way it protects information at rest, in transmission or whereas process. Storing and moving information on-line presents the chance for sneakily examining somebody else’s secrets. 5. CLOUD INTEGRITY:
There area unit completely different threat with the cloud computing area unit • Data loss/manipulation. • Dishonest computations in remote servers • Defense ways 6. CLOUD CONVENIENCE
Access Control: termination security and network access management area unit very necessary in today\'s world, wherever digital data is shared perpetually. To protect data from threats like virus attacks or unauthorized access, management measures like termination security have to be compelled to be place in situ. As opposition older ways of access management like firewalls and antivirus software’s, termination security is associate degree access management possibility that assumes every device is accountable for its own protection. termination security additionally ensures secure remote access and it doesn\'t matter whether or not the device in question is making an attempt to access information from inside the network or from while not - authorization from the termination security system can continually be needed before the it\'s granted network. access.[8]. 6.1 Trustworthy Service Metering: There area unit dierent tools, that facilitate cloud staff managing cloud infrastructure. These cowl virtual resource management, physical resource management, network management, cluster management, etc. Factors poignant on the Trustworthy Service Metering area unit
Pawan Katgaonkar et.al.
108
www.ijcsmr.org
International Journal of Computer Science and Management Research
1. 2. 3. 4. User Properties (Dynamic Properties) Infrastructure Properties (Static Properties) Infrastructure Policy Changes and Events
[6]
eETECME October 2013 ISSN 2278-733X
[7]
6.2 Assured Deletion of information base: Data files area unit for good inaccessible upon requests of deletion. Keeping information backups for good is undesirable, as sensitive data is also exposed within the future owing to information breach or incorrect management of cloud operators. Thus, to avoid liabilities, enterprises and government agencies sometimes keep their backups for a finite range of years and request to delete (or destroy) the backups after. as an example, the general assembly is formulating the net information Retention legislation in asking ISPs to retain information for two years, whereas in uk, firms area unit needed to retain wages and pay records for 6 years. Assured deletion aims to supply cloud purchasers associate degree possibility of dependably destroying their information backups upon requests. On the opposite hand, cloud suppliers could replicate multiple copies of information over the cloud infrastructure for fault-tolerance reasons. Since cloud suppliers don\'t publicize their replication policies, cloud purchasers don\'t skills several copies of their information area unit on the cloud, or wherever these copies area unit set. it\'s unclear whether or not cloud suppliers will dependably take away all replicated copies once cloud purchasers issue requests of deletion for his or her outsourced information. CONCLUSION : Throughout this paper, the authors have consistently studied the safety associate degreed privacy problems in cloud computing supported an attribute-driven methodology, we\'ve got known the foremost representative security/privacy attributes (e.g., confidentiality, integrity, convenience, answerability, and privacy), also as discussing the vulnerabilities, which can be exploited by adversaries so as to perform numerous attacks. we have a tendency to believe this review can facilitate form the longer term analysis directions within the areas of cloud security and privacy and to extra service the loops within the securities within the next paper we have a tendency to discuss. REFERENCES
[1] “Cloud Computing: Benefits, Risks, and Recommendations for information Security,” European Network and Information Security Agency, Nov. 2009; www.enisa. europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/ at_download/fullReport. Zhifeng Xiao and Yang Xiao, Senior “Security and Privacy in Cloud Computing” 2012 IEEE,pp 2-3. Google Docs experianced data breach during march 2009 http://blogs. wsj.com/digits/2009/03/08/1214 [5] T.Ristenpart F.Tomer,H.Shacham,and S.Savage,” Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” Proc. 16th ACM conference on Computer and communications security, 2009, pp. 199-212.[17] N. Santos, K.P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” Proc. 2009 conference on Hot topics in cloud computing, 2009[29].
[8] [9]
C. Dovrolis, P. Ramanathan, and D. Moore, “What do packet dispersion techniques measure?” In Proc. IEEE INFOCOM (2001), pp. 905914[26]. M. Jensen, J. Schwenk, N. Gruschka, and L.L. Iacono, “On technical security issues in cloud computing,” Cloud Computing, 2009.CLOUD’09. IEEE International Conference on, 2009, pp. 109 116[34 http://www.cryptzone.com/security/appgate-security-server.aspx. http://cloudcomputing.sys-con.com/node/1985543.
[2] [3] [4]
[5]
Pawan Katgaonkar et.al.
109
www.ijcsmr.org
