The research community found that a software system should be evolved once every few months to ensure it is adapted to the real-world environment. The system evolution requires regularly amendments that append, delete, or alter features. It also migrates or converts the software system from one operating platform to another. These amendments may result in requirements/ specifications that were satisfied in a previous release of a software system not being satisfied in the subsequent versions. As a result, software evolutionary changes violate security requirements, and then a system may become vulnerable to different kinds of attacks. In this paper, concepts and visions are presented to avoid/minimize the Cloud security issues.
TopIntroduction
Due to lack of control over the Cloud software, platform and/or infrastructure, several researchers stated that a security is a major challenge in the Cloud. In Cloud computing, the data will be virtualized across different distributed machines, hosted on the Web (M. Taylor, 2010), (R. Marchany, 2010). In business respective, the cloud introduces a channel to the service or platform in which it could operate (M. Taylor, 2010).
Thus, the security issue is the main risk that Cloud environment might be faced. This risk comes from the shortage of control over the Cloud environment. A number of practitioners described this point. For example, Stallman (Ch. Arthur, 2010) from the Free Software Foundation re-called the Cloud computing with Careless Computing because the Cloud customers will not control their own data and software and then there is no monitoring over the Cloud providers and subsequently the data owner may not recognize where data is geographically located at any particular time.
Threats in the Cloud computing might be resulted from the generic Cloud infrastructure which is available to the public; while it is possessed by organization selling Cloud services (R. Marchany, 2010), (R. Chow et al.,2009).
In Cloud computing, software and its data is created and managed virtually from its users and might only accessible via a certian cloud’s software, platform or infrastructure. As shown in Figure 1, there are three Cloud models that describe the Cloud architecture for applications and services (M. Taylor, 2010), (R. Marchany, 2010):
Figure 1. Models of Cloud environment
- 1.
The Software as a Service (SaaS) Model: The Cloud user rents/uses software for use on a paid subscription (Pay-As-You-Go).
- 2.
The Platform as a Service (PaaS) Model: The user rents a development environment for application developers.
- 3.
The Infrastructure as a Service (IaaS) Model: The user uses the hardware infrastructure on pay-per-use model, and the service can be expanded in relation to demands from customers.
In spite of this significant growth, a little attention has been given to the issue of Cloud security both in research and in practice. Today, academia requires sharing, distributing, merging, changing information, linking applications and other resources within and among organizations. Due to openness, virtualization, distribution interconnection, security becomes critical challenge in order to ensure the integrity and authenticity of digitized data (RG. Cárdenas et al., 2005), (H. Wang et al., 2005).
Cloud opts to use scalable architecture. Scalability means that hardware units that are added bringing more resources to the Cloud architecture (M. Taylor, 2010). However, this feature is in trade-off with the security. Therefore, scalability eases to expose the Cloud environment and it will increase the criminals who would access illegally to the Cloud storage and Cloud Datacenters as illustrated in Figure 2.
Figure 2. Taken from (R. Marchany, 2010):