addressing cloud computing security issues
Post on 05-Sep-2016
Embed Size (px)
smCloud computing securityTrusted Third PartyPublic key infrastructureInformation and communication securityTrust
relocation to the clouds, deteriorating much of the effectiveness of traditional protection mechanisms.As a result the aim of this paper is twofold; firstly to evaluate cloud security by identifying uniquesecurity requirements and secondly to attempt to present a viable solution that eliminates these potentialthreats. This paper proposes introducing a Trusted Third Party, tasked with assuring specific securitycharacteristics within a cloud environment. The proposed solution calls upon cryptography, specificallyPublic Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrityand confidentiality of involved data and communications. The solution, presents a horizontal level ofservice, available to all implicated entities, that realizes a security mesh, within which essential trustis maintained.
2010 Elsevier B.V. All rights reserved.
Throughout computer science history, numerous attempts havebeen made to disengage users from computer hardware needs,from time-sharing utilities envisioned in the 1960s, networkcomputers of the 1990s, to the commercial grid systems of morerecent years. This abstraction is steadily becoming a reality as anumber of academic and business leaders in this field of scienceare spiralling towards cloud computing. Cloud computing is aninnovative Information System (IS) architecture, visualized aswhatmay be the future of computing, a driving force demanding fromits audience to rethink their understanding of operating systems,clientserver architectures, and browsers. Cloud computing hasleveraged users from hardware requirements, while reducingoverall client side requirements and complexity.
As cloud computing is achieving increased popularity, concernsare being voiced about the security issues introduced through theadoption of this new model. The effectiveness and efficiency oftraditional protection mechanisms are being reconsidered, as thecharacteristics of this innovative deployment model, differ widelyfrom them of traditional architectures. In this paper we attemptto demystify the unique security challenges introduced in a cloud
Corresponding author.E-mail addresses: Dzissis@aegean.gr (D. Zissis), Dlek@aegean.gr (D. Lekkas).
environment and clarify issues from a security perspective. Thenotion of trust and security is investigated and specific securityrequirements are documented. This paper proposes a securitysolution, which leverages clients from the security burden, bytrusting a Third Party. The Third Party is tasked with assuringspecific security characteristics within a distributed informationsystem, while realizing a trust mesh between involved entities,forming federations of clouds. The research methodology adoptedtowards achieving this goal, is based on software engineeringand information systems design approaches. The basic stepsfor designing the system architecture include the collection ofrequirements and the analysis of abstract functional specifications.
2. Grid and cloud computing
Grid Computing emerged in the early 1990s, as high perfor-mance computers were inter-connected via fast data communi-cation links, with the aim of supporting complex calculations anddata-intensive scientific applications. Grid computing is defined asa hardware and software infrastructure that provides dependableconsistent, pervasive, and inexpensive access to high-end com-putational capabilities. Cloud Computing has resulted from theconvergence of Grid Computing, Utility Computing and SaaS, andessentially represents the increasing trend towards the externaldeployment of IT resources, such as computational power, storageor business applications, and obtaining them as services . CloudFuture Generation Computer
Contents lists available a
journal homepage: www
Addressing cloud computing security issuDimitrios Zissis , Dimitrios LekkasDepartment of Product and Systems Design Engineering, University of the Aegean, Syros 8
a r t i c l e i n f o
Article history:Received 14 May 2010Received in revised form11 December 2010Accepted 13 December 2010Available online 22 December 2010
a b s t r a c t
The recent emergence of clouarchitectures, software delivthe transition from mainfrencompasses elements frominnovative deployment archa critical issue for the succea security perspective, a nu0167-739X/$ see front matter 2010 Elsevier B.V. All rights reserved.doi:10.1016/j.future.2010.12.006Systems 28 (2012) 583592
t SciVerse ScienceDirect
d computing has drastically altered everyones perception of infrastructureery and development models. Projecting as an evolutionary step, followingame computers to client/server deployment models, cloud computinggrid computing, utility computing and autonomic computing, into an
itecture. This rapid transition towards the clouds, has fuelled concerns ons of information systems, communication and information security. Fromber of unchartered risks and challenges have been introduced from this
584 D. Zissis, D. Lekkas / Future Generation
computing is a model for enabling convenient, on-demand net-work access, to a shared pool of configurable computing resources,(e.g., networks, servers, storage, applications, and services) that canbe rapidly provisioned and releasedwithminimalmanagement ef-fort or service provider interaction .
The name cloud computing, was inspired by the cloud symbolthat is often used to represent the Internet in flow charts and di-agrams. A distinct migration to the clouds has been taking placeover recent years with end users, bit by bit maintaining a grow-ing number of personal data, including bookmarks, photographs,music files andmuchmore, on remote servers accessible via a net-work. Cloud computing is empowered by virtualization technol-ogy; a technology that actually dates back to 1967, but for decadeswas available only on mainframe systems. In its quintessence, ahost computer runs an application known as a hypervisor; this cre-ates one or more virtual machines, which simulate physical com-puters so faithfully, that the simulations can run any software,from operating systems, to end-user applications . At a hard-ware level, a number of physical devices, including processors,hard drives and network devices, are located in datacenters, in-dependent from geographical location, which are responsible forstorage and processing needs. Above this, the combination of soft-ware layers, the virtualization layer and the management layer,allow for the effective management of servers. Virtualization is acritical element of cloud implementations and is used to providethe essential cloud characteristics of location independence, re-source pooling and rapid elasticity. Differing from traditional net-work topologies, such as clientserver, cloud computing is able tooffer robustness and alleviate traffic congestion issues. The man-agement layer is able to monitor traffic and respond to peaks ordrops with the creation of new servers or the destruction of non-necessary ones. Themanagement layer has the additional ability ofbeing able to implement securitymonitoring and rules throughoutthe cloud. According to Merrill Lynch, what makes cloud comput-ing newand differentiates it fromGrid Computing is virtualization:Cloud computing, unlike grid computing, leverages virtualizationto maximize computing power. Virtualization, by separating thelogical from the physical, resolves some of the challenges faced bygrid computing . While Grid Computing achieves high utiliza-tion through the allocation of multiple servers onto a single task orjob, the virtualization of servers in cloud computing achieves highutilization by allowing one server to compute several tasks con-currently . While most authors acknowledge similarities amongthose two paradigms, the opinions seem to cluster around thestatement that cloud computing has evolved fromGrid Computingand that Grid Computing is the foundation for cloud computing.In cloud computing, the available service models are:
Infrastructure as a Service (IaaS). Provides the consumerwith thecapability to provision processing, storage, networks, and otherfundamental computing resources, and allow the consumer todeploy and run arbitrary software, which can include operatingsystems and applications. The consumer has control overoperating systems, storage, deployed applications, and possiblylimited control of select networking components.
Platform as a Service (PaaS). Provides the consumer with thecapability to deploy onto the cloud infrastructure, consumer-created or acquired applications, produced using programminglanguages and tools supported by the provider. The consumerdoes not manage or control the underlying cloud infrastructureincluding network, servers, operating systems, or storage,but has control over the deployed applications and possiblyapplication hosting environment configurations.
Software as a Service (SaaS). Provides the consumer with the ca-
pability to use the providers applications running on a cloud in-frastructure. The applications are accessible from various clientComputer Systems 28 (2012) 583592
devices, through a thin client interface, such as a web browser(e.g. web-based e-mail). The consumer does not manage orcontrol the underlying cloud infrastructure, including network,servers, operating systems, storage, or even individual applica-tion capabilities, with the possible exception of limited user-specific application configuration settings.
Four deployment models have been identified for cloud architec-ture solutions, described below: