Cloud Computing: Security Threats and Solutions - … · Cloud Computing: Security Threats and...
Transcript of Cloud Computing: Security Threats and Solutions - … · Cloud Computing: Security Threats and...
Cloud Computing: Security Threats and Solutions
Nityendra Nath Shukla1 and Vijander Singh2
Department of computer science
Amity University Rajasthan, India e-mail1: [email protected]
e-mail2: [email protected]
Abstract Virtualization plays a major role in the handling
of cloud technology. Cloud computing uses
virtualization to the maximum extent to give cost-
effective services to the customer. But, it leads to a
major flaw the current cloud industry is facing. The
issue related to security in cloud has always been a
hot topic for research and debate between the
technocrats.
This paper identifies the problems in security in
cloud computing and tries to magnify it in terms of
cloud computing based on the analysis of security
threats of a cloud and also the technical components are taken into account.
Keywords: cloud computing, security problems,
threats, cloud service user and cloud service provider.
INTRODUCTION
According to the National Institute of Standards and
Technology (NIST), cloud computing is “... a model
for providing on demand and convenient shared pool
of resources to the customers. Networks, servers,
services, storage, and so on can be the example of
resources.[3] It can be instantly released with
minimal management effort or service-provider
interaction”. Cloud computing is a service where
computing is given as a commodity, much similar to
electricity or cable television. It is essential for the
service provider to optimize cloud computing for
everyone in the business of cloud, both from a cost
perspective and a sustainability perspective. It is our
objective to argue that the stakeholders could benefit
from Operations Research due to the nature of the
problems they face, and that similarly the OR
community could benefit from an emerging field
which has the potential to drive new research
questions.[2]
The providers are aiming to expand their on-promise
infrastructure, by developing capacity on demand.
Cloud computing simply extends an enterprise’s
capability to meet the computing demands of its
everyday operation.[1] Cloud offers flexibility and
choice, mobility and scalability, all coupled with
potential cost savings, there is significant benefit on
using cloud computing. However, the area is causing
organizations to hesitate most when it comes to
moving business workloads into public cloud is
security.
The high dependency of security architecture and
functions on the reference architecture makes this
paper show the reference architecture first and the
security issues concerning this architecture.
2 Cloud computing: A technical look on
components The components are shown in the Figure A, key
functions of a cloud management system is divided
into four layers. Each layer includes a set of
functions:
The service delivery Layer manages the
service demand , service catalog, levels of
services.
The Software Layer includes LCMS, SIS,
ERP, LMS and others.
The Platform Layer includes DBMS,
Virtualized OS and Web services.
The Infrastructure Layer includes Hyper
visor, network, Storage and Supporting
Infrastructure.
Other functions such as Management, Privacy and
Security are considered as cross-layer functions that
covers all the layers. The foremost principle of this
Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932
IJCTA | May-June 2014 Available [email protected]
929
ISSN:2229-6093
architecture is that all layers are assumed to be
optional.[5]
3.1 Threats relating to cloud services users The users are confused with role of
providers which create ambiguity in
responsibility. Moreover, the flaws in
consistency of provided services could
produce anomaly, or incidents. However the
problem of which entity is the data
controller and which one is the data
processor still stays wide open for an
international scale debate.
Migrating a part of an enterprise’s own IT
system to a cloud infrastructure implies to
partially give control to the cloud service
providers. It results in a situation loss in
administration and depends on the cloud
service models. For instance, IaaS only
entrusts hardware and network management
to the provider, while SaaS also entrusts OS,
service integration and application in order
to provide a turnkey service to the cloud
service user.[4]
There is no measure of how to get and share
the provider’s security level in a formalized
manner. So, sometimes, it is difficult for a
user to recognize his provider’s trust level
because of the lack-box feature of the cloud
service. Moreover, the users have no
authorities to examine security
implementation level achieved through the
provider. Lack of sharing security level in
view of provider becomes a serious threat in
use of cloud services for the users.[3]
And so on the threats would be such as data
loss and leakage, lack in information in asset
management, unsecure cloud service user
access which are of a major concern for
cloud service users.[1]
3.2 Threats relating to providers Ambiguity of user roles such as cloud
service provider, cloud service user, client
IT admin, data owner,and responsibilities
definition related to data ownership, access
control, infrastructure maintenance, etc, may
induce business or legal dissention.
As the cloud has a decentralized
architecture, the protection mechanisms are
likely to be very inconsistency among
security modules which are distributed. For
example, an access denied by one IAM
module may be granted by another. This
threat may be profited by a potential attacker
which compromises both the confidentiality
and integrity.
The feature of cloud computing i.e “as a
service” allocates resources and delivers
them as a proper service.[1] The complete
cloud infrastructure together with its
business workflows relies on a big set of
services, which ranges from application to
hardware. However, the stop in continuity of
service delivery, such as black out or delay,
might bring out a drastic impact related to
the availability.
Migrating to the cloud service defines
moving huge amounts of data and major
configuration changes (e.g., network
addressing). Migrating a part of an IT
infrastructure to an external cloud service
provider needs handsome changes in the
infrastructure design (e.g. network and
security policies). Incompatible interfaces or
inconsistent policy enforcement causing bad
Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932
IJCTA | May-June 2014 Available [email protected]
930
ISSN:2229-6093
integration may evoke both functional and
non-functional impacts.
The basis of cloud infrastructure is
hypervisor technology. Multiple virtual
machines which are co-hosted on one
physical server share both memory resources
and CPU and hypervisor virtualizes it. This
threat could beused to launch a isolation
attack on a hypervisor to gain access in
illegal terms to other virtual machines’
memory.
Access to data for the integrity as well as its
confidentiality includes in Data protection.
Cloud service users have concerns regarding
about how the providers handle their data,
and is their data is disclosed or altered
illegally.
Threats such as data unreliability, service
unavailability, shared environment and
unsecured administration API prevail in the
list.
4 Solution Approaches Firewall- A bi-directional firewall can be
deployed on individual virtual machines and
they can provide centralized management of
server firewall policy.[2] Predefined
templates for common enterprise server
types should be included and enable the
following:
o Isolation of Virtual machine.
o Fine-grained filtering(Addresses of
Source and Destination, Port
Numbers)
o Coverage of all IP-based protocols
(TCP, UDP, ICMP, …)
o Coverage of all frame types (IP,
ARP, …)
o Prevention of Denial of Service
(DoS) attacks
o Ability to design policies per
network interface
o Location awareness to enable
tightened policy and the flexibility
to move the virtual machine from
on-premise to cloud resources.
Intrusion Prevention/Detection: Shield can
be used to achieve timely protection against
known and zero-day attacks. As previously
noted, same operating systems, enterprise
and web applications are used by virtual
machines and cloud computing servers as
physical servers. Thus, it will be helpful.
Integrity Monitoring of critical operating
system and application files is necessary for
detecting malicious and unexpected
modifications which could indicate
compromise of cloud computing resources.
Application of Integrity monitoring software
must be done at the virtual machine level.
Operating system and application logs are
collected by Log inspection and analyze
them for security events. Log inspection
rules enhance the identification of major
security events piled under multiple log
entries. Such events can be sent to a stand-
alone security system. Log inspection
capabilities must be applied at the virtual
machine level. Log inspection on cloud
resources enables:
o Suspicious behavior detection
o Collection of security-related
administrative actions
o Optimized collection of security
events across your datacenter
5 Conclusions After the discussion of the security issues and threats
that are to be faced in cloud both by cloud users and
cloud providers, one should be careful about the
security issues when handing their business into the
hand of cloud. These fields need so much of research
for the optimization of security in cloud. The security
as a service should be done for the cloud serviced
users. The security can be enhanced through new
techniques which are introduced in the technology.
Methods like firewall, intrusion detection, integrity
monitoring and log inspection which are mentioned
and discussed in the above matter can be therefore
used for the betterment of cloud security and a new
service would be added in the wings of cloud
services.
Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932
IJCTA | May-June 2014 Available [email protected]
931
ISSN:2229-6093
6 References
[1] P. A. Karger, “Multi-Level Security
Requirements for Hypervisors”, ISBN: 0-7695-2461-
3, 21st Annual Computer Security Applications
Conference, (2005) December 5-9, pp. – 275.
[2] T. Ormandy, “An Empirical Study into the
Security Exposure to Hosts of Hostile Virtualized
Environments”, Whitepaper, (2008).
[2] T. Garfinkel, M. Rosenblum, “A Virtual Machine
Introspection Based Architecture for Intrusion
Detection”, In Proc. Network and Distributed
Systems Security Symposium, (2003), pp. 191-206.
[3] O. Gerstel and G. Sasaki, “A General Framework
for Service Availability for Bandwidth-Efficient
Connection-Oriented Networks”, IEEE/ACM
Transactions on Networking, vol. 18, Issue 3, (2010)
June, pp. 985-995.
[4] W. Li and L. Ping, “Trust Model to Enhance
Security and Interoperability of Cloud Environment”,
Cloud Computing, Proceedings on First International
Conference, CloudCom 2009, Beijing, China,
December 1-4, 2009, Lecture Notes in Computer
Science, vol. 5931, (2009), pp. 69-79.
[5] D. Xu, Y. Li, M. Chiang and A. R. Calderbank,
“Elastic Service Availability: Utility Framework and
Optimal Provisioning”, IEEE Journal on Selected
Areas in Communications, vol. 26, no. 6, (2008)
August.
Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932
IJCTA | May-June 2014 Available [email protected]
932
ISSN:2229-6093