Improving Data Security in Cloud Computing

  • Published on

  • View

  • Download

Embed Size (px)


  • 7/28/2019 Improving Data Security in Cloud Computing



    Cloud computing is clearly one

    of todays most enticing technology areas

    due, at least in part, to its cost-efficiency

    and flexibility. Cloud computing providing

    unlimited infrastructure to store and

    execute customer data and program. It is

    having Minimized Capital expenditure,

    Location and Device independence,

    Utilization and efficiency improvement,Very high Scalability, High Computing

    power .But the management of the data

    and services may not be fully trustworthy.

    Data security becomes more and more

    important in cloud computing.

    We need Security at following levels:

    Internet access security

    Database access security

    Data privacy security

    Program access Security

    Server access security

    This paper analyses the basic problem of

    cloud computing data security. With the

    analysis of HDFS ( Hadoop Distributed

    File System) architecture, we get the data

    security requirement of cloud computing

    and implemented a mathematical data

    model for cloud computing. Finally we

    build a data security model for cloud

    computing which satisfy confidentiality,integrity and availability of the three basic

    principles of data security.

    Keywords: Cloud computing, Scalability,

    Flexibility, Data security, Hadoop

    Distributed File System, Mathematical data

    model, Confidentiality, Integrity,







    9092437143, 9976169986,,
  • 7/28/2019 Improving Data Security in Cloud Computing



    Several trends are opening up the era of

    Cloud Computing, which is an Internet-

    based development and use of computer

    technology. As customers you do not need

    to own the infrastructure, they are merely

    accessing or renting, they can forego capital

    expenditure and consume resources as a

    service, paying instead for what they use.

    Cloud computing changes how we invent,

    develop, deploy, scale, update, maintain, and

    pay for applications and the infrastructure on

    which they run. . The ever cheaper and more

    powerful processors, together with the

    software as a service (SaaS) computing

    architecture, are transforming data centers

    into pools of computing service on a huge

    scale. The increasing network bandwidth

    and reliable yet flexible network

    connections make it even possible that users

    can now subscribe high quality services

    from data and software that reside solely on

    remote data centers. Moving data into the

    cloud offers great convenience to users since

    they dont have to care about the

    complexities of direct hardwaremanagement.

    Cloud computing has following segments,

    SaaS Software as a Service

    Network-hosted application

    PaaS Platform as a Service

    Network-hosted software

    development platform

    IaaS Infrastructure as a Service

    Provider hosts customer VMs or

    provides network storage

    DaaS Data as a Service

    Customer queries against providers


    IPMaaS Identity and Policy

    Management as a Service

    Provider manages identity and/or

    access control policy for customer

    NaaS Network as a Service

    Provider offers virtualized networks

    (e.g. VPNs)


  • 7/28/2019 Improving Data Security in Cloud Computing


    While IDC enterprise panel surveying about

    cloud computing, we got cloud demand

    model as shown above .Security (74.6%) is

    a demanding thing comparing others.

    While surveying about budget wise, in Jan

    2010, an Aberdeen Group study found that

    disciplined companies achieved on average

    an 18% reduction in their IT budget from

    cloud computing and a 16% reduction in

    data center power costs.


    When user use the cloud, user probably

    won't know exactly where your data is

    hosted, what country it will be stored in?

    Data should be stored and processed only in

    specific jurisdictions as define by user.

    Provider should also make a contractual

    commitment to obey local privacy

    requirements on behalf of their customers,

    Data-centered policies that are generated

    when a user provides personal or sensitive

    information, that travels with that

    information throughout its lifetime to ensure

    that the information is used only in

    accordance with the policy.


    We need Security at following levels:

    Server access security

    Internet access security

    Database access security

    Data privacy security

    Program access Security

    At a Broad level,

    Two major Questions in data security are:

    How much secure is the Data?

    How much secure is the Code?

  • 7/28/2019 Improving Data Security in Cloud Computing



    All the data security technique is built on

    confidentiality, integrity and availability of

    these three basic principles. Confidentiality

    refers to the so-called hidden the actual data

    or information, especially in the military and

    other sensitive areas, the confidentiality of

    data on the more stringent requirements. For

    cloud computing, the data are stored in "data

    center", the security and confidentiality of

    user data is even more important. The so-

    called integrity of data in any state is not

    subject to the need to guarantee

    unauthorized deletion, modification or

    damage. The availability of data means that

    users can have the expectations of the use of

    data by the use of capacity.



    CONFIDENTIALITY Ensuring that

    information is not

    decided to



    INTEGRITY Ensuring that

    information held

    in a system is a


    representation of

    the information

    intended and that

    it has not been

    modified by an



    AVAILABILITY Ensuring that



    resources are not

    made unavailable

    by malicious


  • 7/28/2019 Improving Data Security in Cloud Computing



    With the analysis of the HDFS (Hadoop

    Distributed File System), we get the data

    security model for cloud computing. HDFS

    is used in large-scale cloud computing in a

    typical distributed file system architecture,

    its design goal is to run on commercial

    hardware, due to the support of Google, and

    the advantages of open source, it has been

    applied in the basis of cloud facilities. HDFS

    is very similar to the existing distributed file

    system, such as GFS (Google File System);

    they have the same objectives, performance,

    availability and stability. HDFS initially

    used in the Apache Nutch web search engine

    and become the core of Apache Hadoop

    project. HDFS used the master/slave backup

    mode. The master is called Name node,

    which manages the file system name space

    and controls access to the client. Other slave

    nodes is called Data node, Data node

    controls access to his client. In this storage

    system, a file is cut into small pieces of

    paper, Name node maps the file blocks to

    Data nodes above. While HDFS does not

    have the POSIX compatibility, the file

    system still support the creation, delete,

    open, close, read, write and other operations

    on files. By analyzing of HDFS, data

    security needs of cloud computing can be

    divided into the following points:

    The client authentication requirements in

    login: The vast majority of cloud computing

    through a browser client, such as IE, and the

    users identity as a cloud computing

    applications demand for the primary needs.

    Name node: If name node is attacked or

    failure, there will be disastrous

    consequences on the system. So the

    effectiveness of Name node in cloud

    computing and its efficiency is key to the

    success of data protection, so to enhance

    Name nodes security is very important.

    The rapid recovery of data blocks and r/w

    rights control: Data node is a data storage

    node, there is the possibility of failure and

    cannot guarantee the availability of data.

    Currently each data storage block in HDFS

    has at least 3 replicas, which is HDFSs

  • 7/28/2019 Improving Data Security in Cloud Computing


    backup strategy. When comes to how to

    ensure the safety of reading and writing

    data, HDFS has not made any detailed

    explanation, so the needs to ensure rapid

    recovery and to make reading and writing

    data operation fully controllable cannot be

    ignored. In addition to the above three

    requirements, the other, such as access

    control, file encryption, such as demand for

    cloud computing model for data security

    issues must be taken into account.


    As cloud computing is achieving increased

    popularity, concerns are being voiced about

    the security issues introduced through

    adoption of this new model. The

    effectiveness and efficiency of traditional

    protection mechanisms are being

    reconsidered as the characteristics of this

    innovative deployment model can differ

    widely from those of traditional

    architectures. An alternative perspective on

    the topic of cloud security is that this is but

    another, although quite broad, case of

    "applied security" and that similar security

    principles that apply in shared multi-user

    mainframe security models apply with cloud


    The relative security of cloud computing

    services is a contentious issue that may be

    delaying its adoption. Physical control of the

    Private Cloud equipment is more secure than

    having the equipment off site and under

    someone elses control. Physical control andthe ability to visually inspect the data links

    and access ports is required in order to

    ensure data links are not compromised.

    Issues barring the adoption of cloud

    computing are due in large part to the

    private and public sectors' unease

    surrounding the external management of

    security-based services. It is the very nature

    of cloud computing-based services, private

    or public, that promote external management

    of provided services. This delivers great

    incentive to cloud computing service

    providers to prioritize building and

    maintaining strong management of secure

    services. Security issues have been

    categorized into sensitive data access, data

    segregation, privacy, bug exploitation,

    recovery, accountability, malicious insiders,

    management console security, account

  • 7/28/2019 Improving Data Security in Cloud Computing


    control, and multi-tenancy issues. Solutions

    to various cloud security issues vary, from

    cryptography, particularly public key

    infrastructure (PKI), to use of multiple cloud

    providers, standardization of APIs, and

    improving virtual machine support and legal



    As the development of cloud computing,

    security issue has become a top priority.This paper discusses the cloud computing

    environment with the safety issues through

    analyzing a cloud computing framework--

    HDFSs security needs. Finally we conclude

    a cloud computing model for data security.


    [1]Amazon EC2 Crosses the Atlantic.



    [2] Rajkumar Buyya Market-Oriented Cloud

    Computing : Vision ,Hype ,and Reality for

    Delivering IT Services as Computing

    Utilities 2008.

    [3] Jean-Daniel Cryans,Criteria to Compare

    Cloud Computing with Current Database

    Technology 2008.

    [4] Huan Liu, Dan Orban, GridBatch: Cloud

    Computing for Large-Scale Data-Intensive

    Batch Applications IEEE DOI


    [5] Mladen A. Vouk, Cloud Computing

    Issues, Research and Implementations

    Journal of Computing and Information

    Technology - CIT 16, 2008, 4, 235246.

    [6] Bob Gourley, Cloud Computing and Net

    Centric Operations Department of Defense

    Information Management and Information

    Technology Strategic Plan 2008-2009.


View more >