A Survey on Security and Privacy

in Cloud Computing
Mir Toornaw Islam
Virginia Commonwealth University
Department of Computer Science
Richmond, VA, USA
islammt@vcu.edu

Abstract—Cloud computing emerges as a new computing services based upon these that are accessed through Internet.
paradigm that aims to deliver reliable, customized and quality of Key features used are elasticity, multi-tenancy, maximal
service environments for cloud users. Applications and databases resource utilization and pay-per-use. Large infrastructures like
are moved to the large, centralized datacenters called cloud. Due data centers are leveraged through these exciting new features
to resource virtualization, global replication and migration, the with the help of virtualization or job management and resource
physical absence of data and machine in the cloud, the stored management, but these large pools of resources are not
data in the cloud and the computation results may not be well necessarily located in the same country nor even on the same
organized and fully trusted by the cloud users. On one side, an continent. Moreover, the dynamic expansion or shrinkage of a
individual has full control on data and processes in his/her
cloud makes it quite difficult to keep track of what resources
computer. On the other side, we have the cloud computing where
the service and data maintenance are provided by some vendor
are used and in which country. Therefore, compliance with
which leave the customer unaware of where the processes are regulations related to data handling is becoming difficult to
running or where the data is stored. So, the client has no control fulfill. Auditing is another challenging task due to the volatility
over it. The cloud computing uses the internet as the chief of the resources used. These new features make it hard – and
communication media. When we look at the security of data in sometimes impossible to reuse traditional security, trust and
the cloud computing, the vendor has to provide some assurance privacy mechanisms in the cloud. Furthermore, they raise
in service level agreements (SLA) to convince the client on issues and concerns that need to be fully understood and
security and privacy issues. Moreover, released acts on privacy addressed. Cloud services used currently pose an inherent
are out of date to give protection to users’ private information in challenge to data privacy. The reason is these services typically
the new environment. Multi located data storage and services in result in data being present in unencrypted form on a machine
the cloud make privacy issues even worse. So, security and owned and operated by a different organization from the data
privacy issues present a strong barrier for users to adapt into owner. There are threats of unauthorized uses of the data by
cloud computing. In this paper, a survey of the different security service providers as well as risks of theft of data from machines
risks and privacy issues that pose threats to the cloud are in the cloud.
presented. We have also discussed different solution approaches
that are being used extensively to get rid of these threats due to We have three types of cloud environments at present:
security and privacy risks. Besides, we have investigated several public, private and hybrid clouds. A public cloud is a standard
cloud computing system providers about their growing concerns model which providers make several resources, such as
on cloud computing security and privacy issues. We have applications and storage, available to the public. Public cloud
discussed in this survey some other attributes as well like data services may be free or not. Private Cloud refers to internal
availability, data confidentiality, data integrity and access control services of a business that is not available for ordinary people.
for cloud security and privacy. Essentially, private clouds are a marketing term for an
architecture that provides hosted services to a particular group
Keywords—Cloud Computing, Cloud Security, Cloud Privacy, of people behind a firewall. Hybrid cloud is an environment
Data Confidentiality, Data Integrity, Accountability, Availability,
that a company provides and controls some resources
Risk
internally. In hybrid cloud, cloud provider has a service that
has private cloud part which is only accessible by certified staff
I. INTRODUCTION and is protected by firewalls from outside access and a public
A cloud can be regarded as a large pool of resources which cloud environment which external users can access.
are unified through virtualization or job scheduling techniques. Cloud computing can be considered as a new computing
These resources can be organized to dynamically scale up to archetype that can provide services to consumers on demand at
match the load by using a pay-per resources business model. a minimal cost. Three well-known and commonly used service
Availability of these resources can be ensured through a new models in the cloud paradigm are software as a service (SaaS),
cloud computing paradigm that is being increasingly adopted platform as a service (PaaS), and infrastructure as a service
by numerous organizations. The resources include hardware (IaaS). In SaaS, software with the related data is deployed by a
and systems software on remote datacenters, along with the cloud service provider, and users can use it through the web
browsers. In PaaS, a service provider facilitates services to the Security is implicit within these capabilities, but further
users with a set of software programs that can solve the specific fundamental concerns exist that need attention. For example, is
tasks. In IaaS, the cloud service provider facilitates services to security solely the storage provider’s responsibility, or is it also
the users with virtual machines and storage to improve their necessary on the entity that leases the storage for its
business capabilities [1]. applications and data? Moreover, legal issues arise, such as e-
discovery, regulatory compliance (including privacy), and
Cloud computing is very promising for the IT applications. auditing. The range of these legal concerns reflects the range of
However, there are still some problems that need to be solved interests that are currently using or could use cloud computing.
for personal users and enterprises to store data and deploy These issues and their yet-to-be-determined answers provide
applications in the cloud computing environment. One of the significant insight into how security plays a vital role in cloud
most significant barriers is data security, which is accompanied computing’s continued growth and development.
by issues including compliance, privacy, trust and legal matters
[2,3]. The role of institutions and institutional evolution is close Security and privacy issues present a strong barrier for
to privacy and security in cloud computing [4]. Data security consumers to adapt into cloud computing systems. According
has consistently been a major issue in IT. Data security to an IDC survey in August 2008, which was conducted among
becomes particularly serious in the cloud computing 244 IT executives and their business colleagues about their
environment, because data are scattered in different machines companies’ use and views about cloud services, security was
and storage devices including servers, PCs, and various mobile regarded as the top challenge [8]. Moreover, users of cloud
devices such as wireless sensor networks and smart phones. computing services are worried about their business
Data security in the cloud computing is more complicated than information and critical IT resources in the cloud computing
data security in the traditional information systems. To make systems which are vulnerable to be attacked. Furthermore,
the cloud computing be adopted by users and enterprise, the cloud computing becomes a hot topic at the RSA security
security concerns of users should be rectified first to make conference in San Francisco in April 2009. Cisco CEO said
cloud environment more trustworthy. The trustworthy that cloud computing is inevitable, but it would shake-up the
environment is the basic prerequisite to win confidence of users way networks are secured. Besides, data protection, operational
to adopt such a technology. Latif et al. discussed the integrity, vulnerability management, business continuity,
assessment of cloud computing risks [5]. disaster recovery and identity management are top concerns of
security issues for cloud computing and privacy is another key
Even though cloud computing is reckoned as a promising concern [9]. Therefore, security and privacy of cloud
service platform for the Next Generation Internet [6], security computing systems become a key factor for clients to adapt
and privacy are the major challenges which inhibit the wide into it. Furthermore, many security and privacy incidents are
acceptance of cloud computing in practice [7]. Different from also seen in today’s cloud computing systems. For example:
the traditional computing model in which users have full Google Docs found a flaw that inadvertently shared users’ docs
control over data storage and computation, cloud computing in March 2009. A Salesforce.com employee fell victim to a
involves the management of physical data and machines that phishing attack and leaked a customer list that generated
are delegated to the cloud service providers while the users further targeted phishing attacks in October 2007. In late 2010,
only retain some control over the virtual machines. Thus, the Microsoft experienced a breach within its Business
correctness of data storage and computation might be Productivity Online Suite. The problem allowed non-
compromised due to the lack of the control of data security for authorized users of the cloud service to access employee
data owners. contact info in their offline address books. Apple suffered what
In the case of security, some cloud-computing applications may be the largest high-profile cloud security breach due to the
simply lack adequate security protection such as fine-grained victims involved. Jennifer Lawrence and other celebrities had
access control and user authentication. Since enterprises are their private photos leaked online. So, we can say many cloud
attracted to cloud computing due to potential savings in IT computing systems in the real world have security and privacy
outlay and management, it is necessary to understand the problems.
business risks involved. If cloud computing is to be successful, In this paper, we have investigated security and privacy
it must be trusted by its users. Therefore, we need to clarify
issues of current cloud computing systems. Since cloud
what the components of such trust are and how trust can be computing refers to both the applications delivered as services
achieved for security as well as for privacy. over the internet and the infrastructures that provide those
Within the cloud computing world, the virtual environment services, we will present security and privacy concerns in terms
lets users access computing power that is exceeded within their of the diverse applications and infrastructures. From our
own physical worlds. To enter this virtual environment, it investigation, we have found that security and privacy provided
requires to transfer data throughout the cloud. As a result, by the cloud providers nowadays are not adequate. Therefore,
several data storage concerns can arise. To ensure data users find it difficult to adapt to the existing cloud computing
confidentiality, integrity, and availability (CIA), the storage systems. So, concerns on security and privacy issues in terms
provider must offer capabilities that, at a minimum, include (1) of data availability, data confidentiality, data integrity and
a tested encryption schema to ensure the safeguard of all data access control needs to be taken care of. New techniques can
within the shared storage environment; (2) stringent access be developed and deployed into cloud computing systems to
controls to prevent unauthorized access to the data; and (3) make them more secure. We have also shown a few such
scheduled data backup and safe storage of the backup media. techniques in this paper. The target audience for this survey is
composed of business professionals, students and researchers
interested in (or already working in) the field of privacy and
security protection for the cloud.

II. CLOUD COMPUTING SECURITY ISSUES

There are many security issues associated with cloud
computing and they can be grouped into a number of
dimensions. According to Gartner [10], before making a
choice of cloud vendors, users should ask the vendors for
seven specific safety issues: privileged user access, regulatory
compliance, data location, data segregation, data recovery,
investigative support and long-term viability. In 2009,
Forrester Research Inc. [11] evaluated security and privacy
practices of some of the leading cloud providers (such as
Salesforce.com, Amazon, Google, and Microsoft) in three
major aspects: security and privacy, compliance, and legal and
contractual issues. Cloud Security Alliance (CSA) [12] is numerous benefits at hand, cloud systems also result in serious
gathering solution providers, non-profits and individuals to cloud-specific security issues. The people, whose concern is
hold discussions about the current and future best practices for the cloud security, feel hesitant to transfer their business to
information assurance in the cloud. The CSA has identified cloud. Security issues are becoming a dominant barrier of the
thirteen domains of concerns on cloud computing security development and widespread use of cloud computing. Zhifeng
[13]. Lifei Wei [14] proposed, SecCloud, a privacy-cheating and Yang [19] claimed that there are three main challenges for
discouragement and secure-computation auditing protocol for building a secure and trustworthy cloud system:
data security in the cloud. The authors claimed their work is
novel in a sense that they jointly consider both of data storage • Outsourcing – Outsourcing brings down both capital
security and computation auditing security in the cloud. They expenditure (CapEx) and operational expenditure for cloud
defined the concepts of uncheatable cloud computation and customers. However, outsourcing also means that customers
proposed SecCloud to achieve the security goals. Krešimir and physically lose control on their data and tasks. The loss of
Željko [15] elaborated security in cloud computing in a way control problem has become one of the root causes of cloud
that covers security issues and challenges, security standards insecurity. To address outsourcing security issues, first, the
and security management models. They claimed that security cloud provider shall be trustworthy by providing trust and
standards offer some kind of security templates which cloud secure computing and data storage; second, outsourced data
service providers (CSP) could obey. They found most and computation shall be verifiable to customers in terms of
promising security standard for the future would be OVF confidentiality, integrity, and other security services. In
format which promises creation of new business models that addition, outsourcing will potentially incur privacy violations,
will allow companies to sell a single product on premises, on due to the fact that sensitive or classified data is out of the
demand, or in a hybrid deployment model. S. Subashini and owners’ control.
V. Kavitha made an investigation of cloud computing security
issues from the cloud computing service delivery models (SPI • Multi-tenancy – Multi-tenancy means that the cloud
model) and provide a detailed analysis and assessment method platform is shared and utilized by multiple customers.
for each security issue [16]. Mohamed Al Morsy, John Grundy Moreover, in a virtualized environment, data belonging to
and Ingo Müller explored cloud computing security issues different customers may be placed on the same physical
from different perspectives, including security issues machine by certain resource allocation policy. Adversaries
associated with cloud computing architecture, service delivery who may also be legitimate cloud customers may exploit the
models, cloud characteristics and cloud stakeholders [17]. co-residence issue. A series of security issues such as data
Yanpei Chen, Vern Paxson and Randy H. Katz believed that breach [20], [21], [22], computation breach [23], flooding
two aspects are to some degree novel and indispensable to attack [24], etc., are incurred. Although Multi-tenancy is a
cloud: the complexities of multi-party trust considerations, and definite choice of cloud vendors due to its economic
the ensuing need for mutual auditability. They also find out efficiency, it provides new vulnerabilities to the cloud
some new opportunities in cloud computing security [18]. platform. Without changing the multi-tenancy paradigm, it is
According to the SPI service delivery models, deployment imperative to design new security mechanisms to deal with the
models and essential characteristics of cloud, there are security potential risks.
issues in all aspects of the infrastructure including network
level, host level and application level. • Massive data and intense computation – Cloud computing
is capable of handling mass data storage and intense
Cloud computing becomes a successful and popular computing tasks. Hence, traditional security mechanisms may
business model due to its charming features. In addition to the not be sufficient due to unbearable computation or
communication overhead. For example, to verify the integrity services are not abused, misappropriated, or stolen. Data
of data that is remotely stored, it is impractical to hash the integrity is easily achieved in a standalone system with a
entire data set. To this end, new strategies and protocols are single database [27]. Data integrity in the standalone system is
needed. maintained via database constraints and transactions, which is
usually finished by a database management system (DBMS).
Security often tops the list of cloud user concerns. Cloud Transactions should follow ACID (atomicity, consistency,
computing presents different risks to organizations than isolation, and durability) properties to ensure data integrity.
traditional IT solutions. There are a number of security issues Most databases support ACID transactions and can preserve
for cloud computing, some of which are new, some of which data integrity. Authorization is used to control the access of
are exacerbated by cloud models and others that are the same data. It is the mechanism by which a system determines what
as in traditional service provision models. The security risks level of access a particular authenticated user should have to
depend greatly upon the cloud service and deployment model. secure resources controlled by the system.
[25]. For example, private clouds can, to a certain extent,
guarantee security levels, but the economic costs associated Data integrity in the cloud system means preserving
with this approach are relatively high. At the network, host information integrity. It is expected that data should not be lost
and application levels, security challenges associated with or modified by unauthorized users. Data integrity is the basis
cloud computing are generally exacerbated by cloud to provide cloud computing service such as SaaS, PaaS, and
computing, but not specifically caused by it. Moreover, cloud IaaS. Moreover, data storage of large-scaled data in cloud
APIs are not yet standardized. Customer data security raises a computing environment usually provides data processing
number of concerns, including the risk of loss, unauthorized service. Data integrity can be obtained by techniques such as
collection and usage of cloud data. There are a number of RAID-like strategies and digital signature [27]. Due to the
different ways of categorizing security risks. Furthermore, large quantity of entities and access points in a cloud
these fit into a broader model of cloud-related risks. For environment, authorization is crucial in assuring that only
example, according to the Cloud Security Alliance [26], the authorized entities can interact with data. By avoiding
top threats to cloud computing are abuse and nefarious use of unauthorized access, organizations can achieve greater
cloud computing, insecure interfaces and APIs, malicious confidence in data integrity. The monitoring mechanisms offer
insiders, shared technology issues, data loss or leakage, greater visibility in determining who or what may have altered
account or service hijacking and unknown risk profile. They data or system information, potentially affecting their
were unable to reach a consensus on ranking the degree of integrity. Cloud computing providers are responsible for
severity of these risks. maintaining data integrity and accuracy. However, it is
necessary to build third party supervision mechanism along
Cloud applications are being run somewhere in the cloud with users and cloud service providers. Verifying the integrity
computing infrastructure through Internet. Consumers don’t of data in the cloud remotely is the perquisite to deploy
care about the data where they have been stored or services applications. Bowers et al. proposed a theoretical framework
where they have been provided. Cloud computing allows “Proofs of Retrievability” to realize the remote data integrity
providers to develop, deploy and run applications that can checking by combining error correction code and spot-
evolve in scalability, work rapidly and never fail. The checking [28]. The HAIL system uses POR mechanism to
penalties of obtaining these attributes of cloud computing are check the storage of data in different clouds and it can ensure
to store private data on the other side of the Internet and get the redundancy of different copies and realize the availability
service from cloud providers, and finally result in security and and integrity checking [29]. Schiffman et al. proposed trusted
privacy issues. Basically, cloud computing systems are secure platform module (TPM) remote checking to check the data
if users can depend on them in a way that the users actually integrity remotely [30].
expect those systems to act. By convention, five goals or
objectives which are data availability, data confidentiality, Zetta [31] provides Zetta system for storage service on
data integrity, access control and audit have to be met up in demand mainly by considering data integrity. Here, data
order to achieve adequate security in cloud systems. These integrity means that the system won’t corrupt or data won’t
five goals are integrated with each other in a systematic way lose, even at tremendous large scale and over long period of
and none of them could be forfeited to earn sufficient security, time. Zetta implements RAIN-6 (Redundant Array of
though very few cloud computing systems can attain these five independent Nodes - 6) in its Zetta system for primary data
goals altogether nowadays. hosting service. It is called RAIN – 6, because it has a similar
implementation like RAID – 6 and it eventually results in
similar capability for ensuring data integrity. RAIN – 6 is not
A. Data Integrity
only capable of tolerating hard drive failure and bit errors, but
Data integrity is one of the most critical elements in any also capable of recovering from node failure and bit errors for
information system. In general, data integrity is defined as causes like network failure, power supply shortage, memory
protecting data from unauthorized deletion, modification, or or hard drive corruption etc. This data integrity attribute is
fabrication. Managing entity’s admittance and rights to achieved by data placement in terms of node striping.
specific enterprise resources ensures that valuable data and
 System availability includes a system’s ability to carry out
operations even when some authorities misbehave. The system
must have the ability to continue operations even in the
possibility of a security breach. Availability refers to data,
software but also hardware being available to authorized users
upon demand. The network is now burdened with data
retrieval and processing. The cloud owner needs to guarantee
that information and information processing is available to
clients upon demand.

In simple terms, availability is the extent to which an

organization’s full set of computational resources is accessible
Figure 2. Zetta RAIN-6 system architecture
and usable. Availability can be affected temporarily or
permanently and a loss can be partial or complete. Denial of
Digital signature is a commonly used technique for data
service attacks, equipment outages, and natural disasters are
integrity testing. The widely adopted distributed file systems
all threats to availability. The concern is that most downtime is
like GFS [32], HDFS [33] etc. usually divide data of large
unplanned and can impact the mission of the organization.
volumes into a set of blocks each of which has a default size.
When a block of data is physically stored on, a digital
In a flooding attack that can cause Deny of Service (DoS),
signature is attached to it. This digital signature is useful for
a huge number of nonsensical requests are sent to a particular
future integrity testing and corruption recovery.
service to hinder it from working properly. In cloud
computing, there are two basic types [36] of flooding attacks:
Integrity checking on data is a long-term research topic.
However, traditional methods cannot be properly adopted to
• Direct DOS – the attacking target is determined and the
tackle the challenges of integrity checking presented in cloud
availability of the targeting cloud service will be fully lost.
storage. The main challenge of integrity checking is that
tremendous amounts of data are remotely stored on
• Indirect DOS – the meaning is twofold: 1) all services hosted
untrustworthy cloud servers. Therefore, methods that require
in the same physical machine with the target victim will be
hashing for the entire file become prohibitive. Besides, it is
affected; 2) the attack is initiated without a specific target.
not feasible to download the file from the server and perform
an integrity check due to the fact that it is computationally
The authors in [37] point out that one of the consequences
expensive as well as bandwidth consuming. Each of the
of a flooding attack is that if a certain cloud service is
former notions is not acceptable in cloud environments.
unavailable or the quality of service is degraded, the
Provable Data Possession, referred to as (PDP) [34], becomes
subscribers of all affected services may need to continue
employed through the process of checking the data integrity
paying the bill. However, the authors [38] have argued that
with cloud storage in order to answer the question” Is it
since cloud providers must have previously signed a Service
possible for customers to be sure that the outsourced data is
Level Agreement (SLA) with their clients, a responsible party
honestly stored in cloud?”
must be determined once the service level is degraded to some
threshold since clients will be aware of that degradation. The
For comparison purposes, a naive method is proposed in
most common abnormal behavior of untrusted storage is that
[35]. This idea consists of the client computing a hash value
the cloud service providers may discard part of the user’s
for file F with a key k (i.e., h (k, F)) and subsequently sending
update data, which is hard to be checked by only depending on
F to the server. Once the client finds a necessity to check the
the simple data encryption. Additionally, a good storage
file, it releases k and sends k to the server which is
agreement needs to support concurrent modification by
subsequently asked to re-compute the hash value based on the
multiple users. Mahajan et al. proposed Depot which can
F and k. After this, the server replies to the client with the hash
guarantee Fork-Join-Causal-Consistency and eventual
result for comparison. The client can initiate multiple checks
consistency [39]. It can effectively resist attacks such as
by keeping different keys and hash values. This approach
discarding and it can support the implementation of other
provides strong proof that the server still retains F. However,
safety protections in the trusted cloud storage environment
the negative aspect is the high overhead that is produced. This
(such as Amazon S3). Feldman et al. proposed SPORC [40],
overhead exists because each time of verification requires the
which can implement the safe and reliable real-time
server to run a hashing process over the entire file. The notion
interaction and collaboration for multiple users with the help
at this moment is computationally costly, even for lightweight
of the trusted cloud environment, and untrusted cloud servers
hashing operations.
can only access the encrypted data. However, operation types
B. Data Availability supported by reliable storage protocol support are limited, and
Availability refers to the property of a system being most of the calculations can only occur in the client side.
accessible and usable upon demand by an authorized entity.
 A DOS avoidance strategy called service migration [41] physical memory by sharing the memory pages with same
has been developed to deal with the new flooding attack. A contents. A memory disclosure attack is capable of detecting
monitoring agent located outside the cloud is set up to detect the existence of an application or a file on a co-residing VM
whether there may be bandwidth starvation by constantly by measuring the write access time that differs between
probing the cloud applications. When bandwidth degradation deduplicated pages and regular ones.
is detected, the monitoring agent will perform application
migration, which may stop the service temporarily and resume For diminishing the risk caused by shared infrastructure, a
it later. The migration will move the current application to few suggestions to defend the attack in each step are given in
another subnet of which the attacker is unaware. Experimental [48]. For example, cloud providers may confuse co-residence
results show that it only takes a few seconds to migrate a by having Dom0 not respond in traceroute, and/or by
stateless web application from one subnet to another. randomly assigning internal IP addresses to launched VMs. In
order to diminish the success rate of placement, cloud
providers might let the users decide where to put their VMs.
C. Confidentiality
However, this method does not prevent a brute-force strategy.
Data confidentiality is important for users to store their The final solution for cross-VM attack is to remove co-
private or confidential data in the cloud. Authentication and residency. Cloud customers (especially enterprise clients) may
access control strategies are used to ensure data require physical isolation that can be written into the Service
confidentiality. The data confidentiality, authentication, and Level Agreements (SLAs). However, cloud vendors may be
access control issues in cloud computing could be addressed reluctant to abandon virtualization that is beneficial to cost
by increasing the cloud reliability and trustworthiness [42]. saving and resource utilization. One of the options is to share
Since the users do not trust the cloud providers and cloud the infrastructure only with friendly VMs which are owned by
storage service providers are virtually impossible to eliminate the same customer or other trustworthy customers. To ensure
potential insider threat, it is very dangerous for users to store physical isolation, a customer should be enabled to verify its
their sensitive data in cloud storage directly. Simple VMs’ exclusive use of a physical machine. HomeAlone is a
encryption is faced with the key management problem and system [49] that detects co-residency by employing a side-
cannot support complex requirements such as query, parallel channel (in the L2 memory cache) as a detection tool. The
modification and fine-grained authorization. idea is to silence the activity of friendly VMs in a selected
portion of L2 cache for a certain amount of time and then
When dealing with cloud environments, confidentiality measure the cache usage to check if there is any unexpected
implies that a customer’s data and computation tasks are to be activity which indicates that the physical machine is co-
kept confidential from both the cloud provider and other resided by another customer.
customers. Confidentiality remains as one of the greatest
concerns with regards to cloud computing. This is largely
because of the fact that customers outsource their data and D. Access Control
computation tasks on cloud servers, which are controlled and Access control mechanism is a tool to ensure that
managed by potentially untrustworthy cloud providers. authorized user can access and prevent unauthorized access to
Ristenpart et al. [43] demonstrates the existence of Cross-VM information systems. Therefore, formal procedures should be
attacks in an Amazon EC2 platform. A Cross-VM attack developed to control the allocation of access rights to
exploits the nature of multi-tenancy that enables the VMs information systems and services. Such mechanisms should
belonging to different customers may co-reside on the same cover all stages in the lifecycle of user access, from the initial
physical machine. Aviram et al. [44] regards timing side- registration of new users to the final de-registration of users
channels as an insidious threat to cloud computing security who no longer require access to information systems and
due to the fact that a) the timing channels pervasively exist services. Special attention should be given, where appropriate,
and are hard to control due to the nature of massive to the need to control the allocation of privileged access rights,
parallelism and shared infrastructure; b) malicious customers which allow users to override system controls. The following
are able to steal information from other ones without leaving a are the six control statements that should be considered to
trail or raising alarms. Attackers can easily exploit L2 cache, ensure proper access control management [49]: 1. Control
due to its high bandwidth. Xu et al. has particularly explored access to information 2. Manage user access rights 3.
the L2 cache covert channel with quantitative assessment [45]. Encourage good access practices 4. Control access to network
It has been demonstrated that even the channel bit rate is services 5. Control access to operating systems and 6. Control
higher than the former work, the channel’s ability to exfiltrate access to applications and systems.
useful information is still limited and it is only practical to
leak small secrets such as private keys. Okamura et al. Decentralized information flow control and differential
developed a new attack, which demonstrates that CPU load privacy are integrated to render rigorous privacy and security
can also be used as a covert channel to encode information control in the computation for the individual data in the
[46]. Memory disclosure attack [47] is another type of cross- MapReduce framework [50]. It is able to pay particular
VM attack. In a virtualized environment, memory attention to the division of labor between the MapReduce
deduplication is a technique to reduce the utilization of framework, the distributed file system and the OS.
 that is instantly provided and it only takes a credit card if
public cloud services are used like those from Salesforce and
III. CLOUD COMPUTING PRIVACY ISSUES Google. Therefore, unless proper management procedures
Current cloud services pose an inherent threat to data exist, there is a danger that employees could switch to use
privacy, because they typically result in data being exposed in cloud computing services without considering the potential
an unencrypted form on a machine owned and operated by a consequences and risks for that particular situation.
different organization from the data owner. The major privacy User data may be abused by other users. Deduplication
issues relate to trust, uncertainty and compliance. When technology has been widely used in the cloud storage, which
considering privacy risks in the cloud, as considered already means that the same data often were stored once but shared by
within the introduction, context is very important as privacy multiple different users. This will reduce the storage space and
threats differ according to the type of cloud scenario. For cost of cloud service providers, but attackers can access the
example, there are special laws concerning treatment of data by knowing the hash code of the stored files. Then, it is
sensitive data and data leakage. Besides, loss of privacy is of possible to leak the sensitive data in the cloud. So, proof of
particular concern to users when sensitive data is processed in ownership approach has been proposed to check the
the cloud. Currently, this is so much of an issue that the public authentication of cloud users [51]. Attackers may lead to the
cloud model would not normally be adopted for this type of cost increase of cloud service. Fraudulent resource
information. More generally, public cloud is the most dominant consumption is a kind of attack on the payment for cloud
architecture when cost reduction is concerned, but relying on a service. Attackers can consume the specific data to increase the
cloud service provider to manage and hold one’s data in such cost for cloud service payment. Idziorek et al. proposed this
an environment raises big privacy concerns. question and researched on the detection and identification of
When we consider privacy risks in the cloud, context is fraud resource consumption [52].
very important as privacy threats differ according to the type of Cloud computing faces many of the same problems as
cloud scenario. Some cloud application areas and services traditional outsourcing. Yet the dynamic nature of cloud makes
might face a very low privacy threat, for example, if the service many existing provisions to address this in more static
is to process information that is public. It is only if the service environments which are obsolete or impractical to set up in
handles personal information in the sense of collecting, such a short timeframe. It is unclear which party is responsible
transferring, processing, sharing or storing it that there could be for ensuring legal requirements. Neither is it yet clear to what
a privacy risk and privacy needs to be taken into account. extent cloud sub-contractors involved in processing can be
However, services that are dynamically personalized based on properly identified, checked and ascertained as being
people’s location, preferences, calendar and social networks, trustworthy, particularly in a dynamic environment. It is also
would require privacy to be taken into account a great deal as unclear what rights in the data will be acquired by data
the potential risk is very high. processors and their sub-contractors, and whether these are
In the cloud, the privacy means when users visit the transferable to other third parties upon bankruptcy, takeover, or
sensitive data, the cloud services can prevent potential merger [53].
adversary from inferring the user’s behavior by the user’s visit Pearson et al. ([54] and [55]) proposed privacy manager
model. Researchers have focused on Oblivious RAM (ORAM) that relies on obfuscation techniques. The privacy manager can
technology. ORAM technology visits several copies of data to provide obfuscation and de-obfuscation service to reduce the
hide the real visiting aims of users. ORAM has been widely amount of sensitive information stored in the cloud. The main
used in software protection and has been used in protecting the idea is to only store the encrypted form of clients’ private data
privacy in the cloud as a promising technology. Stefanov et al. in the cloud end. The data process is directly performed on the
proposed that a path ORAM algorithm is state-of-the-art encrypted data. One limitation is that cloud vendors may not be
implementation [50]. willing to implement additional services for privacy protection.
User-centric control seems very incompatible with the Without provider’s cooperation, this scheme will not work.
cloud: as soon as a SaaS environment is used, the service Squicciarini et al. [56] explores a novel privacy issue that is
provider becomes responsible for storage of data, in a way in caused by data indexing. In order to tackle data indexing and to
which visibility and control is limited. So, how can a consumer prevent information leakage, the researchers propose a three-
take control over their data when it is stored and processed in tier data protection architecture to offer different levels of
the cloud? This is a legal requirement and also something that privacy to cloud customers.
consumers want. It can even be necessary in some cases to Sadeghi et al. [57] claims that pure cryptographic solutions
provide adequate trust for consumers to switch to cloud based on fully homomorphic and verifiable encryption suffer
services. In addition, people may have little understanding high latency for offering practical secure outsourcing of
about the privacy impact of decisions they make. Technology computation to a distrusted cloud service provider. They
in general worsens this problem as more employees are able to propose to combine a trusted hardware token with Secure
trigger privacy consequences and these can be further- Function Evaluation (SFE) in order to compute arbitrary
reaching: instead of protecting data on a server to which very functions on data when it is still in encrypted form. The
few people have access, employees can now leave sensitive computation leaks no information and it is verifiable. The focus
information unencrypted on a laptop or expose confidential of this work is to minimize the computation latency to enable
information at a flick of a switch. In the case of cloud, it is efficient, secure outsourcing in cloud computing. A hardware
relatively quick and easy to go to a portal to request a service
token is tamper-proof against physical attacks. If the token is [3] Zetta, “Zetta: Enterprise cloud storage on demand,”
under the assumption of being trusty, the clients’ data http://www.zetta.net/, 2008.
processing may be performed in the token that is attached to a [4] M. McCarthy, “USA Patriot Act,” Harv. J. on Legis., vol. 39, p. 435,
2002.
distrusted cloud server. The property of a token can guarantee
[5] P. Parsons and R. Frieden, The cable and satellite television industries.
that the data computation is confidential as well as verifiable. Allyn & Bacon, 1998
The solution presented in [58] only needs to deploy a
[6] Abrams, M. “A Perspective: Data Flow Governance in Asia Pacific &
tamperproof token in the setup pre-processing phase. In the APEC Framework” 2008.
follow-up online phase, only symmetric cryptographic [7] McKinley, P.K., Samimi, F.A., Shapiro, J.K., Chiping T.: Service
operations are performed in the cloud, without requiring further Clouds: A Distributed Infrastructure for Constructing Autonomic
interaction with the token. Communication Services. Dependable, Autonomic and Secure
Computing, IEEE, pp.341-348, 2006.
[8] Nielsen, J., “Trust or Bust: Communicating Trustworthiness in Web
IV. CONCLUSION Design”, Jacob Nielsen’s Alertbox, 1999. Available via
Cloud computing is a promising and emerging technology http://www.useit.com/alertbox/990307.html.
for the next generation IT applications. The obstacle and [9] Pearson, S., P. Rao, T. Sander, A. Parry, A. Paull, S. Patruni, V.
Dandamudi-Ratnakar and P. Sharma, “Scalable, Accountable Privacy
hurdles toward the rapid growth of cloud computing are data Management for Large Organizations”, INSPEC 2009, IEEE, pp. 168-
security and privacy issues. Reducing data storage and 175, September 2009.
processing cost is an indispensable need for any organization, [10] NEC Company Ltd and Information and Privacy Commissioner,
while analysis of data and information is always the most Ontorio, Canada, “Modelling cloud computing architecture without
important tasks in all the organizations for decision making. compromising privacy: A privacy by design approach”, June 2010.
So, no organization can transfer their data or information to [11] Ristenpart, T., E. Tromer, H. Shacham, and S. Savage, ”Hey, You, Get
Off of My Cloud: Exploring Information Leakage in ThirdParty
the cloud until the trust is built between the cloud service Compute Clouds”, CCS’09, ACM, Chicago, Illinois, November 2009.
providers and consumers. A number of techniques have been [12] W. Wei, J. Du, T. Yu, and X. Gu, “SecureMR: A Service Integrity
proposed by researchers for data protection and to attain Assurance Framework for MapReduce,” Proc. 2009 Annual Computer
highest level of data security in the cloud. However, there are Security Applications Conference, 2009, pp. 73-82.
still many gaps to be filled up by making these techniques [13] ] P. Saripalli, B. Walters, “QUIRC: A Quantitative Impact and Risk
Assessment Framework for Cloud Security,” Cloud Computing, IEEE
more resilient and effective. More work is needed in the area International Conference on, pp. 280-288, 2010 IEEE 3rd International
of cloud computing to make it a viable solution to the cloud Conference on Cloud Computing, 2010.
service consumers. This paper surveyed different techniques [14] ] F. Lombardi and R. Di Pietro, “Transparent security for cloud,” Proc.
about data security and privacy, focusing on the data storage 2010 ACM Symposium on Applied Computing, 2010, pp. 414-415.
and use in the cloud, for data protection in the cloud [15] S. Pearson, Y. Shen, and M. Mowbray, “A privacy manager for cloud
computing environments to build trust between cloud service computing,” Cloud Computing, 2009, pp. 90-106.
providers and consumers. [16] W. Itani, A. Kayssi, and A. Chehab, “Privacy as a Service:
PrivacyAware Data Storage and Processing in Cloud Computing
As described in the paper, though there are extreme Architectures,” IEEE International Conference on Dependable,
advantages in using a cloud-based system, there are yet many Autonomic and Secure Computing, 2009, pp. 711-716.
practical problems that need to be solved. Cloud computing is [17] D. Lin and A. Squicciarini, “Data protection models for service
a disruptive technology with profound implications not only provisioning in the cloud,” Proceeding of the 15th ACM symposium on
for internet services but also for the IT sector as a whole. Still, Access control models and technologies, 2010, pp. 183-192.
several issues exist, particularly related to service-level [18] S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4-sale: Surviving
organized ddos attacks that mimic flash crowds,” In Proc. NSDI (2005).
agreements (SLA), security and privacy and power efficiency.
[19] ] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public
As described in the paper, security has lot of loose ends which auditing for data storage security in cloud computing,” IEEE INFOCOM
scares away a lot of potential users nowadays. Until a proper 2010, San Diego, CA, March 2010.
security module is not in place, potential users will not be able [20] D. Walker and S. Latifi, “Partial Iris Recognition as a Viable Biometric
to leverage the advantages of this technology. Every element Scheme,” International J. Security and Networks, Vol. 6 Nos. 2-3, 2011,
pp. 147-152.
in the cloud should be analyzed at the macro and micro level
[21] K. Suzaki, K. Iijima, T. Yagi, and C. Artho, “Memory deduplication as a
and an integrated solution must be designed and deployed in threat to the guest OS,” in Proc. Fourth European Workshop on System
the cloud to attract and enthrall the potential consumers. Security, New York, NY, USA, 2011, p. 1:1-1:6.
[22] M. J. Sharma and V. C. M. Leung, “Improved IP Multimedia Subsystem
Authentication Mechanism for 3G-WLAN Networks,” International J.
REFERENCES Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 90-100.
[1] Peter Mell, and Tim Grance, “The NIST Definition of Cloud [23] Z. Wang and R. B. Lee, ”New cache designs for thwarting software
Computing,” Version 15, 10-7-09, http://www.wheresmyserver.co.nz/ cache-based side channel attacks,” In 34th International Symposium on
storage/media/faq-files/cloud-def-v15.pdf. J. Clerk Maxwell, A Treatise Computer Architecture, pages 494-505,June 2007.
on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, [24] L. Xu, S. Chen, X. Huang, and Y. Mu, “Bloom filter based secure and
pp.68-73. anonymous DSR protocol in wireless ad hoc networks,” International J.
[2] Muntés-Mulero V, Nin J. Privacy and anonymization for very large Security and Networks, Vol. 5, No.1 pp. 35 - 44, 2010.
datasets. In: Chen P, ed. Proc of the ACM 18th Int’l Conf. on [25] Y. Xiao, K. Meng, and D. Takahashi, “Accountability using Flow-net:
Information and Knowledge Management, CIKM 2009. New York: Design, Implementation, and Performance Evaluation,” (Wiley Journal
Association for Computing Machinery, 2009. 2117.2118. [doi: of) Security and Communication Networks, Vol.5, No. 1, pp. 29-49, Jan.
10.1145/1645953.1646333] 2012.
[26] R. Chow et al., Controlling Data in the Cloud: Outsourcing Computation [43] J. W.Rittinghouse and J. F.Ransome, Cloud Computing: Taylor and
without Outsourcing Control, ACM Workshop on Cloud Computing Francis Group, LLC, 2010.
Security, Chicago, IL, November 2009 [44] J. Geelan. “Twenty one experts define cloud computing,” Virtualization,
[27] S. King et al., SubVirt: Implementing Malware with Virtual Machines, August 2008. Electronic Mag., article available at http://
IEEE Symposium on Security and Privacy, Berkeley, California, May virtualization.sys-con.com/node/612375.
2006 [45] S. Subashini, V.Kavitha. A survey on security issues in service delivery
[28] D. Jacobs, S. Aulbach, Ruminations on Multi-Tenant Databases, models of cloud computing. Journal of Network and Computer
Fachtagung für Datenbanksysteme in Business, Technologie und Web, Applications 34(2011)1-11.
March 2007, http://www.btw2007.de/paper/p514.pdf [46] S. Kardas¸, S. C¸ elik, M. A. Bingol, and A. Levi, “A new security ¨ and
[29] R. McMillan, Hackers Find a Home in Amazon's EC2 Cloud, Infoworld, privacy framework for RFID in cloud computing,” in Proceedings of the
IDG News Network, December 10, 2009, 5th IEEE International Conference on Cloud Computing Technology
http://www.infoworld.com/d/cloud-computing/hackers-findhome-in- and Science (CloudCom '13), Bristol , UK, 2013.
amazons-ec2-cloud-742 [47] K. D. Bowers, A. Juels, and A. Oprea, “HAIL: a high-availability and
[30] L. M. Vaquero1, L. Rodero-Merino1, J. Caceres, M. Lindner, A Break integrity layer for cloud storage,” in Proceedings of the 16th ACM
in the Clouds: Towards a Cloud Definition, Computer Communication conference on Computer and Communications Security, pp. 187–198,
Review, January 2009, http://ccr.sigcomm.org/online/files/p50-v39n1l- ACM, Chicago, Ill, USA, November 2009.
vaqueroA.pdf [48] J. Krumm, “A survey of computational location privacy,” Personal and
[31] J. Oberheide, E. Cooke, F. Jahanian, Empirical Exploitation of Live Ubiquitous Computing, vol. 13, no. 6, pp. 391–399, 2009.
Virtual Machine Migration, Black Hat Security Conference, [49] A. Rao, “Centralized database security in cloud,” International Journal
Washington, DC, February 2008 of Advanced Research in Computer and Communication Engineering,
[32] N. Provos, M. A. Rajab, P. Mavrommatis, Cybercrime 2.0: When the vol. 1, pp. 544–549, 2012.
Cloud Turns Dark, Communications of the ACM, April 2009 [50] R. Neisse, D. Holling, and A. Pretschner, “Implementing trust in cloud
[33] A. Shah, Kernel-based Virtualization with KVM, Linux Magazine, issue infrastructures,” in Proceedings of the 11th IEEE/ACM International
86, January 2008, Symposium on Cluster, Cloud and Grid Computing (CCGrid ’11), pp.
http://www.linuxmagazine.com/w3/issue/86/Kernel_Based_Virtualizatio 524–533, IEEE Computer Society, May 2011.
n_Wi th_KVM.pdf [51] Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman, “Fade: secure
[34] S. Pearson, Taking Account of Privacy when Designing Cloud overlay cloud storage with file assured deletion,” in Security and Privacy
Computing Services, ICSE Workshop on Software Engineering in Communication Networks, pp. 380–397, Springer, New York, NY,
Challenges of Cloud Computing, May 23, 2009, Vancouver, Canada USA, 2010.
[35] N. Gruschka, L. L. Iacono, Vulnerable Cloud: SOAP Message Security [52] Z. Xiao, N. Kathiresshan, and Y. Xiao, “A Survey of Accountability in
Validation Revisited, IEEE International Conference on Web Services, Computer Networks and Distributed Systems,” (Wiley Journal of)
Los Angeles, CA, July 2009 Security and Communication Networks, accepted.
[36] W. Jansen, Directions in Security Metrics Research, Interagency Report [53] R. K¨onighofer, “A fast and cache-timing resistant implementation of
7564, National Institute of Standards and Technology (NIST), April the AES,” in Proc. 2008 The Cryptopgraphers’ Track at the RSA
2009 conference on Topics in cryptology, Berlin, Heidelberg, 2008, pp. 187-
[37] N. Leavitt. Is Cloud Computing Really Ready for Prime Time?, IEEE 202.
Computer, January 2009 [54] Pearson, A. Blumberg, M. Walfish, “Toward practical and unconditional
[38] T. Garfinkel, M. Rosenblum, When Virtual is Harder than Real, verification of remote computations,” in the 13th Workshop on Hot
HotOS’05, Santa Fe, NM, June 2005 Topics in Operating Systems, Napa, CA, USA 2011.
[39] Y. Keleta, J. H. P. Eloff, H. S. Venter, Proposing a Secure XACML [55] ] S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity
Architecture Ensuring Privacy and Trust, Research in Progress Paper, of interactive proof systems,” SIAM Journal on Comp., 18(1):186-208,
University of Pretoria, 2005, 1989.
http://icsa.cs.up.ac.za/issa/2005/Proceedings/Research/093_A rticle.pdf [56] Squicciarini, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “A
[40] B. Krebs, Salesforce.com Acknowledges Data Loss, Security Fix, The data outsourcing architecture combining cryptography and access
Washington Post, November 6, 2007 control,” Proc. 2007 ACM workshop on Computer security architecture,
2007, pp. 63-69.
[41] T. Mather. (2011). Data Leakage Prevention and Cloud Computing.
Available: http://www.kpmg.com/Globa1/Pages/default.aspx [57] Sadeghi. Calore, Ma.gnolia Suffers Major Data Loss, Site Taken
Offline, Wired Magazine, January 30, 2009,
[42] S. K. Tim Mather, and Shahed Latif, Cloud Security and Privacy:
http://www.wired.com/epicenter/2009/01/magnolia-suffer/
O'Reilly Media, Inc , 2009