International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 10 - Apr 2014
A Proxy Based Collaborated Cloud Computing
Approach to Resolve Security and Privacy Issues in
Multicloud Architectures
Raghuram K#1,G Anil kumar *2
#1
Student,*2Associate Prof. Department Of CSE,
Channabasaveshwara Institiute Of Technology,Tumkur,Karanataka ,India
Abstract— When we come to security and privacy aspects, they
are still the biggest critical factors to adopt cloud services. This
leads to lots of research proposals to adress and mitigate the
targetted security threats. Along with this, one who adopted the
services of cloud should not face any kind of inconveniences like
data loss due to system complexity, loss of control over resources
and data due to asset migration in public domains and also data
privacy concerns due to multi tenancy. This paper provides a
survey on achievable security merits which intern includes
preserving confidentiality, integrity and availability perimeters
by making use of multiple distinct clouds simultaneously. An
architecture is introduced and discussed according to their
security and privacy capabilities, which includes a cloud system
with new set of unique features, techniques and architectural
prospects.
Keywords— Multicloud, collaboration, Proxies, Application and
data partitioning, Multi tenant.
I. INTRODUCTION
Cloud computing offers dynamically scalable software,
hardware, infrastructure and platform services for the end
users on the basis of pay-per-usage. and these cloud services
are provided on demand to the users without requiring heavy
investments or larger, unreasonable expenses to manage and
operate them. Clouds are categorized depending on user's
perspective as public, private and hybrid clouds[1]. A public
cloud is one where the services are rendered over a network
that is open for public usage and it involves the resources
outside the user's premises. In case of private cloud, the cloud
infrastructure is operated solely for a single organization and
it is managed internally and the set up is done in the own
datacenter of that organization. And the hybrid cloud is a
composition of two or more private, community or public
clouds that remain unique entities but are bound together and
they offers the beneficial multiple deployment models. This
paper will concentrate on public clouds, because of needful
resolving of major security issues arises in multitenant
environments.The public clouds offers three major services
SaaS, IaaS and PaaS which acts as reusable and fine-grained
components across a vendor's network. These as-a-Service
offerings will create number of issues among which security
threats are the biggest obstacles when considering the so
called Cloud computing adoption[2]. The following paragraph
ISSN: 2231-5381
shows top challenge-solution pairs for cloud computing
adoption. Each challenge is paired with the solution which can
overcome the respective challenge.

Data Lock-In :- Use of standardized API's and
making compatible software available to surge
computing.
 Data confidentiality and auditability :- Deploying
encryption, firewalls and VLANs.
 Availability of services :- Use multiple cloud
providers to provide business continuity; Use
elasticity to defend against DDoS attacks.
 Data transfer bottlenecks :- Data backup and
Archival techniques are implemented with lower
WAN router costs and higher bandwidth LAN
switches.
 Performance unpredictability :- Improved virual
machine support , Flash memory and gang
scheduling virtual machines.
 Scalable storage :- Invent scalable storage systems
with lower capital costs and reduced security
breaches.
 Bugs in large scale distributed systems :- invent
debugger that relies on distributed virtual machines.
 Reputation fault sharing :- Offers reputation guarding
services like those for emails.
 Quick scaling :- Invent auto scalar that relies on
machine learning; Snapshots to encourage cloud
computing conservationism.
 Software licensing :- Pay-per-use licenses.
The simultaneous use of multiple clouds can be a better on
go to resolve the security challenges and risk for data and
applications in public cloud.There are several approaches
which are proposed recently. They differ in methods and
technologies, the cryptographic techniques used, partitioning
and distributed patterns and security levels. This is an
extension of 10 and contains a survey on security aspects by
adopting multicloud approach and it address the security
issues including isolation management, data exposure and
confidentiality, virtual OS security, trust and compliance and
mission assurance [8]. In particular, the scheme propose and
mainly deals with issues pertaining to trust, policy and privacy
which are considered as greater concerns in multicloud
http://www.ijettjournal.org
Page 496
International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 10 - Apr 2014
computing environments. And this approach also address the
different categories of privacy protection methods (other
than encryption).
II. LITERATURE SURVEY
Security Paramaters:
Cloud computing offers a prominent service for data
storage known as cloud storage. The flow and storage of data
on the cloud environment in plain text format may be main
security threat. So, it is the responsibility of cloud service
providers to ensure privacy and security of data on storage as
well as network level. The following three parameters
confidentiality, integrity and availability decide whether
security and privacy of data stored on cloud environment is
maintained or not. Cloud computing is a distributed
computing style which offer integration of web services and
data centres. There are several major cloud computing
providers including Amazon, Google, Yahoo, Microsoft and
others that are providing cloud computing services[2].
Amazon web services was first to provide an architecture for
cloud based services in 2002 and after that advancements and
new models for cloud architecture had been proposed and
implemented. There have been many techniques of storing
data on server storage. Such data storages provided by cloud
service providers have to ensure client about Confidentiality,
Integrity and Availability of data. Confidentiality:
Confidentiality refers to keeping data private. Privacy is of
importance as data leaves the borders of the owner.
Confidentiality is supported by technical tools such as
encryption and access control, as well as legal protection.
Integrity: Integrity is a degree of confidence that what data is
supposed to be in cloud, what is actually there, and is
protected against accidental or intentional alteration without
authorization. Availability: Availability means being able to
use the system as anticipated by cloud user. Cloud
technologies can increase availability through widespread
internet-enabled access, but the client is dependent on the
timely and robust provision of resources. Availability is
supported by capacity building and good architecture by the
provider, as well as well-defined contracts and terms of
agreement. Cloud data storage security addresses the need of
enforcing selective data access by providing an approach that
supports the user in specification of access restrictions and
security measures.
Security Issues:
Cloud computing creates a large number of security
issues and challenges. A list of security threats to cloud
computing is presented in [5]. These issues range from the
required trust in the cloud provider and attacks on cloud
interfaces to misusing the cloud services for attacks on other
systems.
The main problem that the cloud computing
paradigm implicitly contains is that of secure outsourcing of
sensitive as well as business-critical data and processes. When
ISSN: 2231-5381
considering using a cloud service, the user must be aware of
the fact that all data given to the cloud provider leave the own
control and protection sphere. Even more, if deploying lkdataprocessing applications to the cloud (via IaaS or PaaS), a
cloud provider gains full control on these processes. Hence, a
strong trust relationship between the cloud provider and the
cloud user is considered a general prerequisite in cloud
computing.An attacker that has access to the cloud storage
component is able to take snapshots or alter data in the storage.
This might be done once, multiple times, or continuously. An
attacker that also has access to the processing logic of the
cloud can also modify the functions and their input and output
data. Even though in the majority of cases it may be legitimate
to assume a cloud provider to be honest and handling the
customers’ affairs in a respectful and responsible manner,
there still remains a risk of malicious employees of the cloud
provider, successful attacks and compromisation by third
parties, or of actions ordered by a subpoena.These cloud
security issues and challenges triggered a lot of research
activities, resulting in a quantity of proposals targeting the
various cloud security threats. Alongside with these security
issues, the cloud paradigm comes with a new set of unique
features that open the path toward novel security approaches,
techniques, and architectures. One promising concept makes
use of multiple distinct clouds simultaneously.
III. EXISTING SYSTEM
A model of different architectural patterns for distributing
resources to multiple cloud providers. This model is used to
discuss the security benefits and also to classify existing
approaches. The doubled cost of placing the same request
twice, this approach additionally relies on the existence of at
least two different cloud providers with equivalent service
offerings and comparable type of result. Depending on the
type of cloud resources used, this is either easily the case even
today there already exist many different cloud providers
offering equivalent services.Ristenpart presented some attack
techniques for the virtualization of the Amazon EC2 IaaS
service. In their approach, the attacker allocates new virtual
machines until one runs on the same physical machine as the
victim’s machine. Then, the attacker can perform cross-VM
side channel attacks to learn or modify the victim’s data. The
authors present strategies to reach the desired victim machine
with a high probability, and show how to exploit this position
for extracting confidential data, e.g., a cryptographic key,
from the victim’s VM. Gruschka and Iacono discovered that
the EC2 implementation for signature verification is
vulnerable to the Signature.Wrapping Attack. In this attack,
the attacker who eaves dropped a legitimate request message
can add a second arbitrary operation to the message while
keeping the original signature. Due to the flaw in the EC2
framework, the modification of the message is not detected
and the injected operation is executed on behalf of the
legitimate user and billed to the victim’s account.A major
incident in a SaaS cloud happened in 2009 with Google Docs.
Google Docs allows users to edit documents online and share
http://www.ijettjournal.org
Page 497
International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 10 - Apr 2014
these
documents
with
other
users.
The idea of making use of multiple clouds has been proposed
by Bernstein and Celesti. However, this previous work did not
focus on security. Since then, other approaches considering
the security effects have been proposed. These approaches are
operating on different cloud service levels, are partly
combined with cryptographic methods, and targeting different
usage scenarios.
Disadvantage:
Under Google Docs, once a document was shared with
anyone, it was accessible for everyone the document owner
has
ever
shared
documents
with
before.
Recent attacks have demonstrated that cloud systems of
major cloud providers may contain severe security flaws in
different types of clouds.
IV. PROPOSED SYSTEM
The basic underlying idea is to use multiple distinct clouds at
the same time to mitigate the risks of malicious data
manipulation,
disclosure,
and
process
tampering.
By integrating distinct clouds, the trust assumption can be
lowered to an assumption of non-collaborating cloud service
providers. This setting makes it much harder for an external
attacker to retrieve or tamper hosted data or applications of a
specific cloud user.The separation of application system's tiers
and their delegation to distinct clouds is proposed. In case of
an application failure, the data are not immediately at risk
since it is physically separated and protected by an
independent access control scheme. Moreover, the cloud user
has the choice to select a particular probably specially trusted
cloud provider for data storage services and a different cloud
provider for applications. In this paper our proposed
framework for generic cloud collaboration allows clients and
cloud applications to simultaneously use services from and
route data among multiple clouds. This framework supports
universal and dynamic collaboration in a multicloud system. It
lets clients simultaneously use services from multiple clouds
without prior business agreements among cloud providers, and
without adopting common standards and specifications. and
this approach work suitable strategies which are presented to
reach the desired victim machine with a high probability, and
show how to exploit this position for extracting confidential
data, a cryptographic key, from the victim's VM. Finally it is
proposed that, the usage of blinding techniques to fend CrossVM side-channel attacks.Proxies can be used for the purpose
of collaboration of multiple clouds. The basic idea is to enable
proxies that act on behalf of a subscribing client or a cloud to
provide a diverse set of functionalities: cloud service
interaction on behalf of a client, data processing using a rich
set of operations, caching of intermediate results, and routing,
among others. With these additional functionalities, proxies
can act as mediators for collaboration among services on
different clouds[7].
ISSN: 2231-5381
Fig1:Proposed Architecture
Advantages:
Partition of application System into tiers allows to
separate the logic from the data. This gives additional
protection against data leakage due to flaws in the application
logic.
Partition of application logic into fragments allows
distributing the application logic to distinct clouds. This has
two benefits. First, no cloud provider learns the complete
application logic. Second, no cloud provider learns the overall
calculated result of the application. Thus, this leads to data
and application confidentiality.Partition of application data
into fragments allows distributing fine-grained fragments of
the data to distinct clouds. None of the involved cloud
providers gains access to all the data, which safeguards the
data’s confidentiality.
V. CONCLUSIONS
The As a theme of gaining security and privacy benefits is
of more importance when we supposed to use multiple cloud
providers for security and privacy benefits. In the above
paper,the basic underlying idea is to use an optimal multiple
distinct cloud, at the same time to mitigate the risks of
unsecure malicious data manipulation, disclosure data loss,
and process tampering. By integrating distinct clouds, the trust
assumption can be lowerd to an assumption of non
collaborating cloud service providers.This setting makes it
much harder for an external attacker to retrieve or tamper
hosted data or applications of a specific user of the cloud.
However, two major indications for improvement can be
taken from the examinations performed in this paper. First of
all, given that for each type of security problem there exists at
least one technical solution approach, a highly interesting field
for future research lies in combining the approaches presented
here. For instance, using the n clouds approach (and its
integrity guarantees) in combination with sound data
encryption (and its confidentiality guarantees) may result in
approaches that suffice for both technical and regulatory
requirements. We explicitly do not investigate this field
here—due to space restrictions; however, we encourage the
http://www.ijettjournal.org
Page 498
International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 10 - Apr 2014
research community to explore these combinations, and assess
their capabilities in terms of the given evaluation dimensions.
Second, we identified the fields of homomorphic encryption
and secure multiparty computation protocols to be highly
promising in terms of both technical security and regulatory
compliance. As of now, the limitations of these approaches
only stem from their narrow applicability and high complexity
in use. However, given their excellent properties in terms of
security and compliance in multicloud architectures, we
envision these fields to become the major building blocks for
future generations of the multicloud computing paradigm.
[2]
REFERENCES
[7]
[1]
P. Mell and T. Grance, “The NIST Definition of Cloud
Computing,Version 15,” Nat’l Inst. of Standards and Technology,
InformationTechnology
Laboratory,
vol.
53,
p.
50,
http://csrc.nist.gov/groups/SNS/cloud-computing/, 2010.
ISSN: 2231-5381
[3]
[4]
[5]
[6]
[8]
F. Gens, “IT Cloud Services User Survey, pt.2: Top Benefits
&Challenges,” blog, http://blogs.idc.com/ie/?p=210, 2008.
Gartner, “Gartner Says Cloud Adoption in Europe Will Trail U.S.by at
Least Two Years,” http://www.gartner.com/it/page. jsp?id=2032215,
May 2012
J.-M. Bohli, M. Jensen, N. Gruschka, J. Schwenk, and L.L.L.
Iacono,“Security Prospects through Cloud Computing by Adopting
Multiple Clouds,” Proc. IEEE Fourth Int’l Conf. Cloud
Computing(CLOUD), 2011
D. Hubbard and M. Sutton,“Top Threats to Cloud Computing V1.0,”
Cloud
Security
Alliance,
http://www.cloudsecurityalliance.org/topthreats, 2010
M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, “On Technical
Security Issues in Cloud Computing,” Proc. IEEE Int’l Conf. Cloud
Computing (CLOUD-II), 2009.
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, You,Get
Off of My Cloud: Exploring Information Leakage in Third-Party
Compute Clouds,” Proc. 16th ACM Conf.Computer and Comm.
Security (CCS ’09), pp. 199-212, 2009.
Y. Zhang, A. Juels, M.K.M. Reiter, and T. Ristenpart, “Cross-VM Side
Channels and Their Use to Extract Private Keys,” Proc. ACM Conf.
Computer and Comm.Security (CCS ’12), pp. 305-316, 2012
http://www.ijettjournal.org
Page 499