IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 19, Issue 2, Ver. V (Mar.-Apr. 2017), PP 36-43 www.iosrjournals.org The Vulnerabilities of Cloud Computing: Security Threats Mr. Nagesh Salimath1, Dr. Jitendra Sheetlani2 1Research Scholar, Computer Science, Sri Satya Sai University of Technology & Medical Sciences, Sehore 2Dean & Associate Professor, SOCA, Sri Satya Sai University of Technology & Medical Sciences, Sehore Abstract: Clouds give an intense figuring stage that empowers people and associations to perform assortment levels of undertakings, for example, utilization of online storage room, selection of business applications, improvement of tweaked PC programming, and formation of a "practical" system condition. In earlier years, the quantity of individuals utilizing cloud administrations has drastically expanded and loads of information has been put away in Cloud computing situations. Meanwhile, information breaks to cloud administrations are likewise expanding each year because of programmers who are continually attempting to misuse the security vulnerabilities of the design of cloud. In this paper, three cloud benefit models were thought about; cloud security dangers and dangers were researched in light of the way of the cloud benefit models.True cloud assaults were incorporated to exhibit the methods that programmers utilized against Cloud computing frameworks. Likewise, countermeasures to cloud security ruptures are exhibited. Keywords: Cloud computing, cloud security threats and countermeasures, cloud service models I. Introduction Cloud computing has been included in everybody's life. It conveys applications and storage rooms as administrations over the Internet for practically no cost. The greater part of us use Cloud computing administrations regularly. For instance, we utilize electronic email frameworks (e.g. Hurray and Google) to trade messages with others; informal communication destinations (e.g. Facebook, LinkedIn, MySpace, and Twitter) to impart data and remain in contact to companions; on-request membership administrations (e.g. Netflix and Hulu) to sit in front of the TV shows and motion pictures; cloud stockpiles (e.g. Humyo, ZumoDrive, and Dropbox) to store music, recordings, photographs and reports on the web; joint effort apparatuses (e.g. Google docs) to work with individuals on a similar record continuously; and online reinforcement devices (e.g. JungleDisk, Carbonite, and Mozy) to consequently move down our information to cloud servers. Cloud computing has additionally been included in organizations; organizations lease administrations from Cloud computing specialist co-ops to decrease operational expenses and enhance income. For instance, the social news site, reddit, rents Amazon Elastic Compute Cloud (EC2) for their advanced announcement board benefit. The advanced photograph sharing site, Smug Mug, rents Amazon S3 (Simple Storage Service) for their photograph facilitating administration. The automaker, Mazda USA, rents Rackspace for their promoting ads. The product organization, HR Locker, rents Windows Azure for their HR programming administration. There is doubtlessly the comfort and minimal effort of Cloud computing administrations have changed our day by day lives; in any case, the security issues related with Cloud computing make us defenseless against cybercrimes that happen each day. Programmers utilize an assortment of procedures to access mists without legitimate approval or disturb benefits on mists keeping in mind the end goal to accomplish particular targets. Programmers could trap a cloud into regarding their illicit action as a substantial occasion, in this manner, increasing unapproved access to the data put away in the cloud. Once the correct area of information is found, programmers take private and touchy data for criminal exercises. As indicated by Data Loss DB, there were 1,047 information rupture episodes amid the initial nine months of 2012, contrasted with 1,041 occurrences amid the whole year of 2011. Epsilon and Stratford were two information rupture casualties. In the information spillage mischance, Epsilon released a large number of names and email addresses from th card numbers and 860,000 client names and passwords were stolen. Programmers could likewise exploit the huge registering energy of mists to flame assaults to clients who are in the same or diverse systems. For example, programmers leased a server through Amazon's done an assault to Sony's PlayStation Network. In this manner, a great comprehension of cloud security dangers is essential with a specific end goal to give more secure administrations to cloud clients. In this paper, area 2 displayed an outline of cloud administration models. Area 3 examined the cloud security dangers and dangers from three different viewpoints. Related genuine cloud endeavors were incorporated. Area 4 acquainted countermeasures with cloud security breaks. At long last, the conclusions and future work were exhibited in the last area. DOI: 10.9790/0661-1902053643 www.iosrjournals.org 36 | Page The Vulnerabilities of Cloud Computing: Security Threats II. Cloud Service Models Cloud computing includes conveying processing assets (e.g. servers, stockpiles, and applications) as administrations to end clients by Cloud computing specialist organizations. End clients access on-request cloud benefits through web programs. Cloud computing specialist co-ops offer particular cloud benefits and guarantee the nature of the administrations. Essentially, Cloud computing incorporates three layers: the framework layer, the stage layer, and the application layer. The base layer is the framework layer, which incorporates computational assets, for example, foundation of servers, system gadgets, memory, and capacity. It is referred to as Infrastructure-as-an administration (IaaS). The computational assets are made accessible for clients as on-request benefits. With the utilization of virtualization innovation, IaaS gives virtual machines that permit customers to assemble complex system frameworks. This approach not just lessens the cost in purchasing physical gear for organizations, it additionally facilitates the heap of system organization since IT experts are not required to constantly screen the wellbeing of physical systems. A case of a Cloud computing specialist co-op of IaaS is Amazon'sEC2. It gives a virtual figuring condition with web benefit interfaces; by utilizing the interfaces, clients can send Linux, Solaris or Windows based virtual machines and run their own particular custom applications. The center layer is the stage layer and is referred to as Platform-as-a-Service (PaaS). It is intended to give an improvement stage to clients to plan their particular applications. Administrations gave by this cloud display incorporate apparatuses and libraries for application improvement, permitting clients to have control over the application arrangement and design settings. With PaaS, engineers are not required to purchase programming advancement instruments, in this manner diminishing the cost. GoogleApps is a case of PaaS; it is a suite of Google apparatuses that incorporates Gmail, Google Groups, Google Calendar, Google Docs, Google Talk, and Google Sites. It permits clients to redo these devices all alone area names. Windows Azure is another PaaS supplier. It empowers clients to assemble applications utilizing different dialects, apparatuses or structures. Clients can then incorporate the applications into their current IT situations. At long last, the top layer is the application layer, otherwise called Software-as-a-Service (SaaS). This layer permits clients to lease applications running on mists as opposed to paying to buy these applications. In view of its capacity to decrease costs, SaaS is prominent among organizations that convey their organizations. Groupon is an illustration that utilizations SaaS. With the utilization of the online bolster arrangements gave by Groupon, Zendesk forms its a huge number of every day client tickets all the more proficiently, consequently giving a superior client benefit. Marathon Data Systems is another case that offers SaaS. It gives answers for field administrations, for example, bug control, grass and arranging, warming, ventilating, plumbing, janitorial, house keeper, and cover cleaning administrations. Table 1 indicates cases of Cloud computing specialist co-ops concentrated on three cloud benefit models. Table 1. Cloud Computing Service Providers on Cloud Service Models Cloud Service Models Cloud Service Providers Antenna Software, Cloud9 Analytics, CVM Solutions, SaaS Exoprise Systems, Gageln, Host Analytics, Knowledge Tree, LiveOps, Reval, Taleo, NetSuite, Google Apps, Microsoft 365, Salesforce.com, Rackspace, IBM, and Joyent PaaS Amazon AWS, Google Apps, Microsoft Azure, SAP, SalesForce, Intuit, Netsuite, IBM, WorkXpress, and Joyent Amazon Elastic Compute Cloud, Rackspace, Bluelock, CSC, IaaS GoGrid, IBM, OpenStack, Rackspace, Savvis, VMware, Terremark, Citrix, Joyent, and BluePoint III. Taxonomy Of Cloud Security Threats Three cloud benefit models (SaaS, PaaS and IaaS) not just give distinctive sorts of administrations to end clients additionally unveil data security issues and dangers of Cloud computing frameworks. To start with, the programmers may mishandle the strong processing ability gave by mists by directing unlawful exercises. IaaS is situated in the base layer, which specifically gives the most effective usefulness of a whole cloud.