Volume IV, Issue VII, July 2015 IJLTEMAS ISSN 2278 - 2540 www.ijltemas.in Page 87 Cloud Computing Service Modelsand Solution to their Security Concerns Saritha K R Lecturer, Dept of ISE, Dr AIT Pushpalatha S Assoc. Prof, Dept of ISE, Dr AIT VidyaRani H J Assoc. Prof, Dept of ISE, Dr AIT Abstract— Cloud computing provides a major shift in the way companies see the IT infrastructure. This technology is primarily driven by the internet and requires rapid provisioning ,high availability, high scalability and virtualized environments. The cloud computing is the result of many factors such as traditional computer technology and communication technology and business mode. It is based on the network and has the format of service for the consumer. The cloud computing system provides the service for the user and has the character of high scalability and reliability. The resource in the cloud system is transparent for the application and the user do not know the place of the resource. The amount of resources provided in the cloud system for the users is increased when they need more and decrease when they need less. Keywords— Cloud computing,Service models, encryption mechanism, security, PKI technology. I. INTRODUCTION his section visualizes the different cloud models with respect to services .Clouded concerns beyond generic concerns regarding the cloud approach, each of the three models has its own security concerns. A. Software as a Service Saas concerns users must rely heavily on their cloud providers for security.The providermust protect the underlying infrastructure from break-ins and generally has responsibility for all authentication and encryption. Also the provider must do the work to keep multiple companies or users from seeing each other’s data without permission. It’s not easy for the customer to get the details that ensure that the right things are being done. In the same way, it’s difficult to get assurance that the application will be available when needed. B. Platform as a Service Paasconcerns,the provider might give some control to the people building applications atop its platform. For example, developers might be able to craft their own authentication systems and data encryption, but any security below the application level—such as host or network intrusion prevention— will still be completely in the provider’s hands. Usually, the provider will offer little or no visibility into its practices. Plus, the platform provider must be able to offer strong assurances that the data remains inaccessible between applications. Large banks don’t want to run a program delivered in the cloud that risks compromising their data through interaction with some other program. C. Infrastructure as a Service Iaasconcerns With IaaS, the developer has much better control over the security environment, primarily because applications run on virtual machines separated from other virtual machines running on the same physical machine, as long as there is no gaping security hole in the virtual machine manager. This control makes it easier to ensure that developers properly address security and compliance concerns—with the downside that building the application can be more expensive and time-consuming. Backing up data poses another concern. Even though some providers do their own backups for the customer, much can still go wrong. Maybe they increase their prices and make it difficult to get data off their network. II. CLOUD SERVICE MODELS AND THEIR SECURITY CONCERNS In this section, cloud service models and their security concerns are discussed. Each service has its own security issues. These models are based on different SLAs that are between providers and users. A. Security Issues in Saas Model In the SaaS model, the user buys a subscription to some software product, but some or all of the data and code resides remotely [1] and customers can access to this services via internet. In this model, applications could run entirely on the network, with the user interface living on a thin client. With SaaS, users must rely heavily on their cloud providers for security [2]. Degree of control by providers is high and they are responsible for confidentiality, integrity and availability of their services. Users have no responsibilities about anything. B. Security Issues in Paas Model This model provides the user to deploy user-built applications onto the cloud infrastructure that are built using programming languages and software tools supported by the provider (e.g., Java, python, .Net). The user does not manage the underlying cloud infrastructure T