Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network. Today, cloud computing generates a lot of hype; it’s both promising and scary. In cloud computing, clouds can be described at different layers, i.e., SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service). Although applications for clouds are in development phase, however security requirements for the data and services on the clouds are getting attention of researchers and it has become necessary to consider each layer of a cloud for possible attacks. Thus, it is important to address the security issues and problems in cloud systems, and to find a solution for the widespread acceptance of these solutions. Current system provides the whole security solutions for each and every layer. It leads to waste of energy. We suggested a new mode of security after analysis. The Major idea behind our survey is to concentrate on the particular issues or attacks on the cloud layers instead of focusing whole efforts of security solutions for each and every action. It makes us to build a proper wall against the attackers. Instead of providing all security oriented solutions for all layers, we propose a dynamic security solution according to the corresponding attacks of related layers. It improves cloud service’s performance and saves energy of the resources, so that the same can be utilized for more services.

Cloud computing security, Layers based Security in Cloud, SaaS, Iaas/Paas, Development Services

[1] S.S. Yeo, J.H. Park, Security considerations in cloud computingvirtualization environment, Grid Pervasive Comput. LectureNotesComput. Sci. 7861 (2013) 208–215.
[2] H. Yu, N. Powell, D. Stembridge, X. Yuan, Cloud computingand security challenges, in: Proc of the 50th Annual SoutheastRegional Conference (ACM-SE12), ACM, New York, USA,2013, pp. 298–302.
[3] P. Arora, R.C. Wadhawan, E.S.P. Ahuja, Cloud computingsecurity issues in infrastructure as a service, Int. J. Adv. Res.Comput. Sci. Softw. Eng. 2 (1) (2012) 1–7.
[4] S. Bugiel, S. Nurnberger, T. Poppelmann, A.R. Sadeghi, T.Schneider, AmazonIA: when elasticity snaps back, in: Procofthe 18th ACM Conference on Computer and CommunicationsSecurity (CCS11), ACM, 2011, pp. 389–400.
[5]J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N.Gruschka, L.L. Iacono, All your clouds are belong to us:security analysis of cloud management interfaces, in: Proc. of the3rd ACM workshop on Cloud Computing Security Workshop(CCSW11), ACM, 2011, pp. 3–14.
[6] M. Hussain, H. Abdulsalam, SECaaS: security as a service forcloud-based applications, in: Proc. of the Second KuwaitConference on e-Services and e-Systems (KCESS11), ACM,2011, pp. 1–4.
[7] R. Laborde, F. Barre`re, A. Benzekri, Toward authorization as aservice: a study of the XACML standard, in: Proceedings of the16th Communications & Networking Symposium, Society forComputer Simulation International, 2013, pp. 1–7.
[8]G. Pek, L. Buttyan, B. Bencsath, A survey of security issues inhardware virtualization, ACM Comput. Surveys 45 (3) (2013) 1–34ACM.
[9]M. Pearce, S. Zeadally, R. Hunt, Virtualization: issues, securitythreats, and solutions, ACM Comput. Surveys 45 (2) (2013) 1–39ACM.
[10]L. Ponemon, Ponemon 2014 SSH security Vulnerability Report Retrieved from http://www.venafi.com/collateral/wp/ponemon-2014-ssh-security-vulnerability-report2014.
[11]Zeua, Zeus Botnet Controller Retrieved from http://aws.amazon.com/security/zeus-botnet-controller/2009.
[12]T. Ristenpart, E. Tromer, H. Shacham, S. Savage, Get off of mycloud: exploring information leakage in third-party computeclouds, in: ACM Conference on Computer and CommunicationsSecurity, ACM, 2009.
[13]Zeua, Attacks on Virtual Machine Emulators, White Paper Symantec Corporation http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf2007.
[14]J. Idziorek, Exploiting Cloud Utility Models for Profit and RuinGraduate Theses and Dissertations, Lowa State University,2012.
[15]R.A. Popa, J.R. Lorch, D. Molnar, H.J. Wang, L. Zhuang,Enabling security in cloud storage SLAs with CloudProof, in:Proc. of the 2011 USENIX Conference on USENIX AnnualTechnical Conference, 2011, 31-31.
[16]J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning, Managingsecurity of virtual machine images in a cloud environment, in:ACM Cloud Computing Security Workshop (CCSW?09),ACM, 2009.