IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763 International Journal of Engineering & Science Research

CLOUD COMPUTING: DATA SECURITY, PRIVACY ISSUES AND SOLUTIONS Diksha Jain* 1 1Asst. Prof, Indraprastha College for Women, Delhi University, Delhi, India. ABSTRACT Cloud computing is a recently emerged fast-growing concept focused on effective and efficient utilization of computing, processing and storage capabilities. This new paradigm is based on providing IT-related capabilities as service hiding all the internal details of the underlying technologies. Organizations are shifting from traditional computational concepts to cloud based systems in order to reduce their operational costs, maintenance overheads and up-front investments. However, the loss of control makes these organizations skeptical about the security and privacy issues confronted by them in cloud environment. This paper presents the overview of concept of cloud computing. The definition, essential characteristics, types of service models and different cloud deployment models has been discussed. This paper also mentions some of the recently reported cloud breach examples that highlight the importance of security in clouds and need of security solutions to be devised. Major security issues and privacy concerns have been briefly discussed. Currently, there are no one-size-fits-all solutions. This motivates investigation and serious research for security solutions that will foster the growth of cloud environment. 1. INTRODUCTION Cloud computing is a recently emerged fast-growing concept focused on effective and efficient utilization of computing, processing and storage capabilities. The reason for tremendous success of this new concept is rapid development of processing and storage technologies and the most important is the “ubiquitous” Internet. The resources for computations, processing and storage have become much cheaper, highly powerful and widely available than before. As per this new computing concept the resources i.e. computational power, storage spaces and software environments/applications can be rented or leased through the Internet on an on-demand and pay-per-use basis. Organisations are moving from traditional computing approach towards the Cloud computing so as to reduce their operational costs and maintenance overheads. The companies can dynamically increase or decrease capabilities without making any upfront investment in acquiring new infrastructure, new personnel or new software and their licenses. Despite of such a great extent of power and flexibility offered in this new paradigm, the organisations are skeptical about making a shift into this new concept. As with the cloud, the concerns are also growing. There are several many challenges present in this new environment. Security and privacy are the most important factors that definitely slow down the growth of cloud. In this paper, I have discussed about some of the major security issues and their possible solutions present in this new paradigm. 2. OVERVIEW OF CLOUD Over past few years, CC has made a tremendous impact on the Information Technology industry. The IT giants like Google, Amazon, Microsoft etc. are competing to provide high-end and cutting-edge cloud platforms. Such reliable, powerful and cost-effective solutions have attracted many business enterprises to make a shift and draw benefits from this new concept. Cloud computing has evolved from the existing technologies like grid computing, distributed computing, parallel computing, virtualization technology and utility computing [1]. The US National Institute of Standards and Technology (NIST) define the key characteristics of cloud as on-demand self-service, rapid elasticity and pay as per the usage of business models [2]. The features that make cloud a promising and attractive solution form its business are (i) No up-front investment : being based on pay-per-use costing, the businesses need not invest in acquiring servers, data centres or software before starting the real business. (ii) Lowering operating cost : the customers can reduce or de-allocate the resources in use in the times of low demand, thus lowering the costs when service is not in demand. (iii) Highly scalable : the service providers can easily expand their services during peak loads and when the demand is high. (iv) Easy access : Since cloud majorly operates through Internet, thus cloud solutions are easy to access. (v) Reducing business risks and maintenance expenses : the cloud providers are better equipped for handling failures and

*Corresponding Author www.ijesr.org 230

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

providing maintenance to the resources. This lowers the overhead for maintaining the equipment on the service consumers [3]. 2.1 Definition The US National Institute of Standards and Technology defines Cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” .[6] The essential elements of Cloud computing are: On-demand self-service, broader network access, resource pooling, rapid elasticity and measured service[5,6].Cloud computing is synonymous to distributed computing and utility computing. The services provided via cloud are network-based services. A very useful concept called “Virtualization” is the enabling technology for cloud computing. Virtualization enables hiding the details of lower level hardware through simulating software running on one or more real machines. [4] The virtual servers do not exist actually physically. Thus, they can be easily moved around and scaled up or down as per the demand. The advantages of cloud includes: efficient sharing of resources, economies of scale, pay-per-use costing models, reduced operational costs, higher availability, reliability and scalability. 2.2 Characteristics of Cloud Computing The cloud computing paradigm exhibits the following key characteristics that make it different from conventional service computing models: a) Multi-tenancy: Multi-tenancy is an essential attribute of cloud computing.[7] The concept of virtualization allows multiple users to be running separate applications on the same physical server without seeing each other's data. Multi- tenancy facilitates optimal resource utilization, reduces the management burden, effective and reliable resource provisioning. However, simultaneously working users presents critical security and privacy concerns and vulnerabilities. Since due to virtualization the virtual servers may move around different physical servers, the transportation of data and process exacerbate the security issues and complexity of the problem. b) Shared resource pooling: The infrastructure providers are a host of pools of resources (hardware, storage, network, processing power etc.). The various service providers consuming the services from the infrastructure providers can simultaneously make use of these resources parallel. This dynamic nature of resource allocation among consumers creates flexibility for the infrastructure providers and lowers their maintenance costs. c) Broad network access: Since clouds are available mainly through the Internet, therefore they become widely available across all the devices that are connected to the Internet. The consumers can promptly access clouds via heterogeneous devices like: mobile phones, PDAs, iPads, laptops etc. Also, various service providers are hosting their data centres across the globe, network optimization and localization can be used to increase the performance and availability of cloud applications. d) Service Oriented: Cloud computing adopts the service-oriented approach. The various service providers provide services to their customers on a pre-negotiated Service Level Agreement (SLA). The SLAs will contain all the terms and conditions that both provider and consumer have to abide by. e) On-fly resource provisioning: The power of scalability offered in the cloud allows its consumers to dynamically scale up or down the amount of resources required at any point of time. Unlike traditional computing environments, where resources were provisioned as per the demands at peak load, cloud gives the elasticity to relinquish resources when demands are not very high, thus reducing the operational costs. f) Pay-per-use pricing model: Cloud computing is based on pay-per-use pricing scheme. Different cloud offerings have different schemes to charge their customers. For example: a business enterprise may rent a virtual machine from an infrastructure provider on a per-hour basis, a software service provider can charge its customers on the number of clients it serves. The utility-based pricing concept lowers the operational costs for its consumers but it also introduces certain challenges that include: re-designing software that were for single tenant systems or designing strategic and viable costing models etc.

Copyright © 2013 Published by IJESR. All rights reserved 231

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

2.3 Cloud Service Models Cloud computing is based on a service-driven business model. It offers hardware, software tools, platform-level resources like software tools, development environments and software applications as on-demand services. Conceptually, the cloud services can be categorized into three types of service delivery models: i) Infrastructure as a service (IaaS) The cloud owners that provide IT infrastructures like: processing, storage, networks and other fundamental computing resources as on-demand utility services are known as IaaS providers. Amazon EC2 [10], GoGrid, and Flexiscale [11] are some examples of IaaS providers. In an IaaS cloud the service is usually provided in terms of virtual servers also called virtual machine (VM). Virtualization forms core of the IaaS cloud computing as it enables pooling of computing resources from multiple servers. It allows dynamic allocation and de-allocation of resources to applications as per demand [3]. Xen, KVM and VMware are some examples of virtualization technologies. The IaaS cloud provides only basic security (perimeter firewall, load balancing, etc.) and applications moving into the cloud will need higher levels of security provided at the host [8]. ii) Platform as a service (PaaS) PaaS clouds aim at providing operating system support and software development tools and frameworks as a service. Paas clouds are one layer above the IaaS and they abstract all details of underlying operating systems, middleware etc. Some examples of PaaS providers are: Google App Engine [9], Microsoft Windows Azure [13], Force.com [14] etc. The VMs operating in the underlying layer of IaaS act as catalyst for PaaS layer services. The Virtual machines must be protected against malicious attacks such as cloud malware. Accurate authentication checks and authorization mechanisms must be employed to maintain the integrity of the running applications and the data that is moving across the network channels [8]. iii) Software as a service (SaaS) Saas is delivery model for providing software applications on pay-as-you-go concept to the customers over a network, typically the Internet. The applications are usually accessed via thin clients like web-browsers or client applications. One of the major reasons behind popularity of SaaS clouds is that the companies can significantly reduce their IT support costs by outsourcing hardware and software maintenance overheads to the SaaS providers. The SaaS based applications are specifically designed to support multiple users working concurrently. Since, SaaS services are provided majorly over the Internet, the web browser security becomes paramount. Web Services (WS) security, Extendable Markup Language (XML) encryption, Secure Socket Layer (SSL) are used in enforcing data protection transmitted over the Internet. [8]

Fig 1: The NIST cloud definition framework [24]

Copyright © 2013 Published by IJESR. All rights reserved 232

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

2.4 Cloud Deployment Models The cloud infrastructure can be classified into three major types on the basis of its accessibility to its customers. i) Private Cloud A private cloud is the cloud infrastructure set up within the organization's internal data centre. All the organization's resources are pooled together and managed as a cloud by the organization itself. This increases the efficient utilization of in-house resources. The cloud resources are consumed on per-transaction basis. The private cloud infrastructure is very secure from privacy point of view as it has no external exposure. The resources are accessible within the organization or only authorized users. ii) Public Cloud It is the dominant form of cloud deployment model. The resources and services are provided over the Internet usually via web applications or web services on a self-service basis. The cloud owner has full control over the resources, usage policy, data and charging models. Public cloud offer high economies of scale and flexibility for changes in the demands. However, these clouds are far less secure than private or hybrid clouds. iii) Hybrid Cloud Hybrid clouds are combination of two or more clouds of heterogeneous nature (private or public). For example: an organization may link its private cloud with one or more external cloud services. Hybrid clouds enable the organization to optimize their resources by controlling critical business operations on their secure private clouds while reducing overheads by using public cloud services for less intense activities. Standardisation of applications and their interoperability is important for smooth functioning of different clouds operating together. 3. SIGNIFICANCE OF SECURITY IN CLOUD COMPUTING Security being the major barrier for cloud adoption, many researchers and organizations are working to address the variety of security and privacy challenges still open in front of the cloud computing. Lack of security and loss of control make organizations skeptical about shifting into this new environment. According to the technology researchers at Gartner, the cloud services are expected to grow to $210 million by 2016. However, cloud computing is vulnerable to several security breaches and cyber-attacks. The fact that the cloud hosts a tremendous amount of data makes them an attractive target for the cyber criminals. There have been several incidents in the past where cyber criminals have tried to carry out cyber-attacks on companies’ cloud services to compromise customer data. A major security breach took place earlier this year, in which a group of hackers used Amazon cloud services to scrape thousands of LinkedIn member profiles. In spite of several security controls in place, the hacker group managed to break into LinkedIn and copy information from thousands of member profiles. As we know, LinkedIn holds the personal information of highly professional members from various industries, data that can be extremely valuable to the attackers. With so much personal information in their hands, they can carry out spear phishing and identity theft attacks. [15] In 2008, Gartner identified seven security issues that need to be addressed before enterprises consider switching to the cloud computing model. They are as follows: (1) privileged user access - as cloud services are delivered primarily through the Internet, it poses a certain degree of risk, because of issues of data ownership; (2) regulatory compliance - clients are accountable for the security of their solution, as they can choose between providers that allow to be audited by third party organizations that check levels of security and providers that don't (3) data location – location transparency and location independence characteristic of cloud causes the clients to never know about what country or what jurisdiction their data is located (4) data segregation - encrypted information from multiple companies may be stored on the same hard disk, so a mechanism to separate data should be deployed by the provider. (5) recovery - every provider should have a disaster recovery protocol to protect user data (6) investigative support - if a client suspects faulty activity from the provider, it may not have many legal ways pursue an investigation (7) long-term viability - refers to the ability to retract a contract and all data if the current provider is taken over by another firm. [8, 16] 4. SECURITY THREATS IN CLOUD As the cloud computing services are based on many technologies including networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory

Copyright © 2013 Published by IJESR. All rights reserved 233

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

management, there are numerous security issues associated with it. Therefore, security issues for many of these systems and technologies are applicable to cloud computing. [17]

Abuse of Cloud Malevolence Computation Computing Security

Cloud Computing Unauthorized Access Control

Virtualization Data Security and Insecure Interfaces Threats Integrity and APIs

Fig 2: Classification of Security Threats 4.1 Data Security and Integrity For the enterprises that trust the cloud provider for storage of their crucial data, the security of their data is a paramount. The PaaS providers do not have access to the physical security of the data centre. They depend on the corresponding IaaS provider to ensure full security of the data hosted on their devices. Data security is a typical issue because (i) data is stored away from the customer's site; (ii) multiple customers' data co-exists and being accessed. [19] Improper deletion of data may result into Data Leakage . Incorrect or incomplete data backup may cause permanent loss of data. The infrastructure provider must ensure the following objectives: (1) confidentiality, for secure data access and transfer, and (2) auditability, for attesting whether security setting of applications has been tampered or not. [3] The data security is one the primary security issues in the public clouds. Data integrity and its long-term correctness is also a vital issue when moving data to the cloud platforms. [18] 4.2 Computation Security As I have already discussed that cloud computing allows computational power to be rented as a utility, this introduces the problem of revealing both the data and the computed results to the infrastructure provider. This is big concern when the computational workloads contain sensitive information like business financial records, proprietary research data or any personal information. [18] Untrusted clouds may return incorrect results due to software bugs or outsider attacks due to compromised security measures. 4.3 Unauthorized Access Control Usually, organizations authorize different users to access selective data. Different users have different privileges and roles while making access to sensitive data. The traditional access control mechanisms are insufficient to meet the challenges present when the data is stored over the clouds. Because users and data can be located at different locations, a single trusted server to monitor controlled access is not a viable solution. 4.4 Virtualization Threats Multi-tenancy is an essential attribute of cloud computing. [6] The concept of virtualization is the underlying concept for this primary feature. Virtualization lets multiple users run their separate applications simultaneously on same hardware and operating environment. [18] Virtualization increases the resource utilization and reduces the maintenance overheads on part of the cloud service providers. Despite its advantages, virtualization environment opens a doorway to many privacy threats and vulnerabilities. Virtualization threats are: i) Isolation Failure In a virtualized environment, the concurrently running VMs and the host virtual machine monitor VMM should appear to run in isolation. Each VM has its own set of physical resources like: memory, disk, CPU, network resources etc. This

Copyright © 2013 Published by IJESR. All rights reserved 234

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

attribute of isolation is essential for ensuring security among VMs. However, if a VM is attacked and taken over by a malicious user, then it will be able to gain control over the host VM and thus control other guest VMs. This may result in issues like: data spoofing, denial-of-service etc. [20] ii) Inter-VM attacks Inter-VM attacks occur when traditional network security solutions cannot detect the suspicious between any of the guest VMs or between the VMM and any VM. The compromise of a guest VM residing on a physical host can enable the attacker to compromise all other guest VMs on the same host. [20] Also, if the hypervisor is attacked, the attacker can easily compromise all other user VMs operating on the physical infrastructure. iii) VM-Escape The Virtual machine monitor is responsible to ensure isolation and separation between the operating guest VMs. However, if a virtual machine bypasses the VMM and gets control over the physical host machine, a VM-Escape is said to occur. . The VMM is the core of any virtualized environment. The attacker now gets capable of gaining access over every other VM on the physical host. This is also known as “hyperjacking”. [20] iv) Denial of Service (DoS) Denial of service attacks are severe threat to cloud computing environment. These attacks may occur when s single malicious VM consumes all the available resource of host machine thus starving other VMs on the same physical host. Malicious VMs may flood the host machine with requests that appear legitimate. 4.5 Abuse of Cloud Computing The hackers and malicious users can take advantage of the power and flexibility that cloud platforms offers to generate attacks against the cloud itself. They may conduct susceptible activities like spamming and phishing. The virtual machines VMs concurrently operate in the cloud environment. Each VM has its own IP address as well. A malicious user can track the IP address of victim VM and launch an attack. If an attacker is able to take full control over the victim VM, all the users connected to this VM will be affected. Their data might get stolen, damaged or used for wrong purposes. [19] 4.6 Insecure interfaces and APIs To provide cloud services, the cloud providers implement a set of software interfaces or APIs that customers use to manage and interact with cloud services. Thus, the security of cloud services heavily depends on the security of these interfaces as an unauthorized user gaining control of them could alter delete or modify user data. These interfaces must be designed in such a way that they protect against malicious attacks. 4.7 Malevolence It has been often discovered that security risks and incidents arising from the internal staff. [21] Malevolence occurs when cloud insider like cloud employee or user is able to access data in an unauthorized manner. He may tamper data or use it for wrong purposes. An attacker may force an employee for providing confidential credentials. For instance, a disgruntled employee may intentionally modify a program to fail when certain conditions are met or when a certain time is reached.[22] Such incidents must be controlled or avoided via enforcing strict rules across the organization and strong authorization rules and policies. 5. SECURITY SOLUTIONS AND MECHANISMS There is no one blanket solution or technique that addresses all the security and privacy concerns present in different types of cloud providing various kinds of services. Every cloud provider needs to identify the potential threats and vulnerabilities for the cloud system it is hosting. The security mechanisms should be designed while keeping in mind the elastic nature of clouds, flexibility, computational performance, feasibility of implementation and trade-off between cost and amount of security offered. Many traditional security mechanism need to be tailored for this new paradigm of cloud computing. Security solutions that have been designed have their own limitations.

Copyright © 2013 Published by IJESR. All rights reserved 235

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

5.1 Encryption techniques Encryption of data is one of the traditional solutions to secure data. Deploying encryption techniques suggests that the user will encrypt the data before sending it to the cloud. However, in cloud paradigm using ordinary encrypting data limits the efficiency of cloud systems. The encrypted documents must be decrypted before they can query, searched, indexed or manipulated. The problem amplifies if the amount of data is huge. Homomorphic encryption technique is a special technique that answers this problem. (i) Homomorphic encryption Cloud systems that host ciphertexts (generated via homomorphic encryption) can perform operations on these ciphertexts as if they were performed on corresponding plaintexts. In case of simple homomorphic encryption, for just one operation on the plaintext has a corresponding operation on the ciphertext. Plain RSA method has this property. However, plain RSA is not a secure encryption method. Pallier encryption is a secure method, in this multiplication of ciphertexts corresponds to addition of plaintexts. Use of such encryption algorithms allows multiple parties to cooperatively generate a piece of ciphertext without knowing the plaintext that others work on. (ii) Fully Homomorphic Encryption Fully homomorphic encryption techniques are those techniques that allow every operation on plaintexts to have a corresponding operation on ciphertexts. Fully homomorphic encryption techniques appear to give promising solution for security in cloud systems. However, they have their limitations too. (a) When any desired operation is applied on the ciphertexts, it yields the encrypted results. These results can only be decrypted by the user. Thus, the cloud system cannot take any decision or further conclusions with these encrypted results. This means that the user will be continually called for performing the decryption task. (b) Fully homomorphic encryption techniques are quite inefficient for huge data and large number of operations. [23] 5.2 Using Trusted Platform Module The trusted platform module (TPM) is an industry standard. It is a special kind of hardware that allows storing keys and making them available to only particular programs. This inhibits clouds to manipulate or steal data from any other program as only designated programs can use the key to decrypt the data. TPM is basically used to enforce security at the hardware level, since it is the lowest most layer. Intel's TXT (Trust Execution Technology) is an example of such technology. 5.3 Trusted Cloud Computing Platform (TCCP) TCCPs are used to address the threats present in the virtualized environment. TCCP enables providers to offer closed box execution environments for guest VMs and allows users to remotely ensure that the environment is secure before launching their VMs. It prevents the superuser or administrators from accessing guest VMs data or tampering the data. 5.4 Trusted Virtual Data Center (TVD) Virtualization technology coupled with TVDs form a security layer around each of the executing VMs, regardless of the physical machine or network topology configuration of those VMs. Thus, each VM's internal execution is isolated from malicious interference of outsider applications or any malicious VM executing in parallel. Guest VMs are protected from damage due to a misbehaving other VM. Isolation among entities is enforced via controlled access schemes; hypervisor based isolation and secure communication channels like VLANs. 5.3 Using Trusted Third Party Recently, D.Zissis et al. [22] suggested the use of trusted third party within clouds will help in overcoming the issues of trust, confidentiality, integrity and authenticity of data stored in clouds. The trusted third party (TTP) is an entity that is responsible for establishing secure interactions between two distinct parties that trust this third party. The TTP is responsible for providing scalable, standards-based, interoperable end-to-end security services. They propose IPSec, which is a IP layer protocol that enables sending and receiving of cryptographically protected packets of any kind, for secure communication among different hosts in the cloud. The Secure Socket layer (SSL) protocol provides encrypted communication channels between the cloud hosts (i.e. servers) and the cloud users (i.e. clients). The certificates issued by

Copyright © 2013 Published by IJESR. All rights reserved 236

IJESR/April 2014/ Vol-4/Issue-4/230-237 e-ISSN 2277-2685, p-ISSN 2320-9763

the TTP can be used for authentication and authorization purpose. These certificates contain information about the access control information about a user. An end user can use his personal digital certification to authenticate himself with a cloud service. He may also encrypt and decrypt data within his access rights. As a cloud system can be using other cloud systems at different levels, each cloud layer will have its own digital certificate to handle the data appropriately. This system ensures authentication, integrity and confidentiality of data at every level in layered cloud architecture. 6. CONCLUSION AND FUTURE SCOPE OF WORK Cloud computing has made a significant break-through in the way IT-related services are being delivered. It has realized the long-held dream of utility computing. It has allowed the organization to reduce their operating costs and increase efficiency. The organizations can focus on their core business activities rather than acquiring and setting up IT infrastructures. In this paper, I have discussed the essential concepts, advantages and classifications of the cloud computing. Key security considerations and challenges which are currently faced in the Cloud computing have been highlighted. REFERENCES [1] Kantarcioglu M, Bensoussan A, SingRu. Impact of Security Risks on Cloud Computing Adoption. IEEE 2011; 670- 674. [2] Kalagiakos P, Karampelas P. Cloud Computing Learning. IEEE, 2011. [3] Zhang Q, Cheng L, Boutaba R. Cloud computing: state-of-the-art and research challenges. The Brazilian Computer Society, 2010. [4] Vouk A, Mladen. Cloud computing–issues, research and implementations. CIT Journal of Computing and Information Technology 2008; 16(4): 235-246. [5] Dillon T, Chen W, Chang E. Cloud computing: issues and challenges. Advanced Information Networking and Applications (AINA), 24 th IEEE International Conference on. IEEE, 2010. [6] Mell P, Grance T. The NIST definition of cloud computing (draft). NIST special publication 2011; 800(145): 7. [7] Ren K, Wang C, Wang Q. Security challenges for the public cloud. IEEE Internet Computing 2012; 16(1): 69-73. [8] Kuyoro S. Cloud computing security issues and challenges. International Journal of Computer Networks 2011. [9] Google App Engine, URL http://code.google.com/appengine [10] Amazon Elastic Computing Cloud, URL aws.amazon.com/ec2 [11] Flexiscale Cloud Comp and Hosting, URL www.flexiscale.com [12] Amazon Web Services, URL aws.amazon.com. [13] Windows Azure, URL www.microsoft.com/azure [14] Salesforce CRM, http://www.salesforce.com/platform [15] How Can Enterprises Ensure Security Against Cloud Security Breaches?, URL https://spideroak.com/privacypost/cloud-security/how-can-enterprises-ensure-security-against-cloud-security-breaches/ [16] J. Brodkin. (2008, Jun.). “Gartner: Seven cloud-computing security risks. Infoworld, http://www.infoworld.com/d/security-central/gartner-seven-cloudcomputing-security-risks-53[Mar. 13, 2009]. [17] Hamlen K et al. Security issues for cloud computing. International Journal of Information Security and Privacy (IJISP) 2010; 4(2): 36-48. [18] Kui R, Wang C, Wang Q. Security challenges for the public cloud. IEEE Internet Computing 2012; 16(1): 69-73. [19] Farzad S. Cloud computing security threats and responses. Communication Software and Networks (ICCSN), IEEE 3rd International Conference on. IEEE 2011. [20] Bazargan F, Yeun CY, Zemerly MJ. State-of-the-Art of Virtualization, its Security Threats and Deployment Models. International Journal for Information Security Research (IJISR) 2012; 2(3/4). [21] Sengupta S, Kaulgud V, Sharma VS. Cloud computing security--trends and research directions. Services (SERVICES), IEEE World Congress on. IEEE 2011. [22] Zissis D, Lekkas D. Addressing cloud computing security issues. Future Generation Computer Systems 2012; 28(3): 583-592. [23] Ryan MD. Cloud computing security: The scientific challenge, and a survey of solutions. The Journal of Systems and Software, February 2013. [24] Peter M, Tim G. Effectively and securely using the cloud computing paradigm; 2011.

Copyright © 2013 Published by IJESR. All rights reserved 237