cloud computing security

Security in Cloud Computing

Indus Institute of Technology & Engineering

A DISSERTATION REPORT ON




SECURITY IN CLOUD COMPUTING By

Dhaval Dave (08MCA008)

M.C.A, Indus Institute of Technology & Engineering, Gujarat University, 2011

A Dissertation Submitted in Partial Fulfilment of the Requirements for the

degree of Master of Computer Application

In Computer Science.

Department of MCA, Indus Institute of Technology & Engineering,

January 2011



ACKNOWLEDGEMENT

Thanks to my Prof. Vrutik Shah who thoroughly introduced me to research.

He was always anxious to provide me with a Study environment suitable for developing

myself and always there to keep me on the right track.

And, infinite thanks to Prof. H.K. Desai, Head of Department of I.I.T.E. & My

All Prof., who never had any doubts that I�would succeed.�

Also thanks to the colleagues for allowing me to feel at home at College

Campus due to the excellent educational culture.

Further thanks to my parents who always gave me support that allowed me to

pursue my self-fulfillment. I acknowledge all the help I have received from so many

people in accomplishing this project and wish to thank them.

Acknowledged By:-

Dhaval Dave



PREFACE

“Security in Cloud Computing” was taken by us in Dissertation in our

Semester-V as our project for the partial fulfilment of MCA.

It is matter of pleasure for me to submit this documentation of the dissertation

work done during Semester-V of MCA.

By:-

Dhaval Dave �

�

�

�

�

�

�

�

�

�

�

�

�

�



�

�

Table of Contents 1. Introduction of Cloud Computing 8

1.1 Abstract 9 1.2 Introduction 10 1.3 Cloud Evolution 11 1.4 Comparison 13

2. What is Cloud Computing 14 2.1 Cloud Architecture 15 2.2 Cloud Components 16

2.2.1 Clients 17 2.2.2 DataCenter 18 2.2.3 Distributed Servers 18

3. Cloud Computing Deployment Models 19 3.1 Public Clouds 19 3.2 Private Clouds 21 3.3 Hybrid Clouds 22 3.4 Community Clouds 23

4. Cloud Computing Service Model 24 4.1 Software as a Service(SaaS) 25 4.2 Platform as a Service(PaaS) 25 4.3 Infrastructure as a Service(IaaS) 26 4.4 Anything as a Service(XaaS) 26 4.5 Virtualization & Private Clouds 27

5. Advantages of Clouds 29 6. Cloud Computing Reference Model 31 7. Security for Cloud Computing 33

7.1 Defining Security in Cloud 33 7.2 Security Issues and Challenges 34 7.3 Security Advantages in Cloud Environment 34 7.4 Security Disadvantages in Cloud Environment 35 7.5 Security Issues in Virtualization 37 7.6 Survey of Cloud Computing 38 7.7 Traditional Datacenter Security 39

8. Virtualization - The Catalyst of the Cloud 40 8.1 Confidentiality 40 8.2 Integrity 40 8.3 Authentication 41 8.4 Availability 41 8.5 Accountability 41 8.6 Assurance 42 8.7 Resilience 42

9. Cloud Computing Security Issues 43 10. Cloud Security Challenges 47

10.1 Administrative Access to Servers Applications 47 10.2 Dynamic Virtual Machines : VM State and Sprawl 47 10.3 Vulnerability Exploits and VM to VM Attacks 48



10.4 Encryption and Data Protection 48 10.5 Policy and Compliance 48 10.6 Patch Management 49 10.7 Perimeter Protection and Zoning 49 10.8 Rogue Corporate Resources 49

11. Data Protection, Identity Management, Security 50 11.1 Data Protection 50 11.2 Identity Management 50 11.3 Physical and Personnel Security 50

12. Availability 51 13. Application Securities, User Centric Access Control, Transparency 53

13.1 Application Securities 53 13.2 Centric Access Control 53 13.3 Transparency 54

14. New Opportunities 55 15. Conclusions 58 16. Vulnerabilities 60 17. References 61 18. Appendices 62



List of Figures Figure 1:- Cloud Computing 14 Figure 2:- Cloud Architecture 15 Figure 3:- Cloud Components 16 Figure 4:- Public Cloud Model 20 Figure 5:- Private Cloud Model 21 Figure 6:- Hybrid Cloud Model 22 Figure 7:- Cloud Computing Reference Model 32 Figure 8:- Security Architecture Design 43 List of Tables Table 1:- Cloud Computing Service Model 24 Table 2:- Major Cloud Service Providers 38 Table 3:- Summary of Security Mechanisms by Major Clouds Service Providers 39

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�



1. Introduction of Cloud Computing According to Gartner’s Hype Cycle Special Report for 2009, “technologies at

the ‘Peak of Inflated Expectations’ during 2009 include cloud computing, e-books…

and Internet TV, while social software and micro blogging sites…have tipped over the

peak and will soon experience disillusionment among enterprise users”. Is cloud

computing also heading for the trough of disillusionment?

The Internet is often represented as a cloud and the term “cloud computing”

arises from that analogy. Accenture defines cloud computing as the dynamic

provisioning of IT capabilities (hardware, software, or services) from third parties over

a network. McKinsey says that clouds are hardware-based services offering compute,

network and storage capacity where: hardware management is highly abstracted from

the buyer; buyers incur infrastructure costs as variable OPEX [operating expenditures];

and infrastructure capacity is highly elastic (up or down). The cloud model differs from

traditional outsourcing in that customers do not hand over their own IT resources to be

managed. Instead they plug into the cloud, treating it as they would an internal data

center or computer providing the same functions.

Large companies can afford to build and expand their own data centers but

small- to medium-sized enterprises often choose to house their IT infrastructure in

someone else’s facility. A collocation center is a type of data center where multiple

customers locate network, server and storage assets, and interconnect to a variety of

telecommunications and other network service providers with a minimum of cost and

complexity.



1.1Abstract

The Cloud Computing concept offers dynamically scalable resources

provisioned as a service over the Internet. Economic benefits are the main driver for the

Cloud, since it promises the reduction of capital expenditure and operational

expenditure. Organizations are increasingly looking to cloud computing to improve

operational efficiency and help with the bottom line. Cloud computing gets its name

from the drawings typically used to describe the Internet. Cloud computing comes in

many forms: There are Software-as-a-Service (SaaS) providers like salesforce.com;

platform-as-a-service (PaaS) like Amazon's, Infrastructure-as-a-Service (IaaS),

Software-plus-Service (SpS). Web services that offer application programming

interfaces (APIs) that enable developers to exploit functionality over the Internet.

Increasingly, businesses of all sizes are choosing to migrate their data, applications and

services to the cloud. The Advantages are clear-increased availability, Lightweight,

easy accessible applications, lower maintenance and administrative costs. But security

and privacy concerns present a strong barrier-to-entry. cloud computing to realise its

full potential and become mainstream member of IT portfolio & choices, a lot of

challenges are required to be tackled related to privacy & Security. This Dissertation is

concerned with discovery of the vulnerabilities in the landscape of clouds, discovery of

security solutions, and finding evidence that early-adopters or developers have grown

more concerned with security.



1.2 Introduction

We are entering into a new era of computing, and it's all about the “cloud”.

This immediately brings up several important questions, which deserve thoughtful

answers: “What is cloud computing?” “Is it real, or just another buzzword?” And most

important, “How does it affect me?”

Cloud computing as the dynamic provisioning of IT capabilities (hardware,

software, or services) from third parties over a network. The term cloud computing

refers to the delivery of scalable IT resources over the Internet, as opposed to hosting

and operating those resources locally, such as on a college or university network. Those

resources can include applications and services, as well as the infrastructure on which

they operate. By deploying IT infrastructure and services over the network, an

organization can purchase these resources on an as-needed basis and avoid the capital

costs of software and hardware

The coming shift to cloud computing is a major change in our industry. One of

the most important parts of that shift is the advent (The coming or arrival, especially of

something extremely important) of cloud platforms. As its name suggests, this kind of

platform lets developers write applications that run in the cloud, or use services

provided from the cloud, or both. Different names are used for this kind of platform

today, including on-demand platform and platform as a service (PaaS). Whatever it’s

called, this new way of supporting applications has great potential.

To see why, think about how application platforms are used today. When a

development team creates an on-premises application (i.e., one that will run within an

organization), much of what that application needs already exists. An operating system

provides basic support for executing the application, interacting with storage, and

more, while other computers in the environment offer services such as remote storage.

If the creators of every on-premises application first had to build all of these basics,

we’d have many fewer applications today.



The cloud is growing at a time when climate change and reducing emissions

from energy use is of paramount concern. With the growth of the cloud, however,

comes an increasing demand for energy. For all of this content to be delivered to us in

real time, virtual mountains of video, pictures and other data must be stored somewhere

and be available for almost instantaneous access. That ‘somewhere’ is data centres -

massive storage facilities that consume incredible amounts of energy.

1.3 Cloud Evolution

The evolution of cloud computing can be traced to grid computing. The concept

of “The Grid” exploded in popularity “The Grid: Blueprint for a new Computing

Infrastructure” by Ian Foster and Carl Kesselman was published in 1998. The basis of

the grid is the electric utility grid that provides electric power to your home and

business. Using the same concept, hardware and software would be provided from the

grid on-demand much like electricity to run lights and everything else that plugs into

the wall. What is interesting is that many of the same issues that plagued the grid also

plague cloud computing. Defining the grid, vendor lock-in, and forming standards were

just some of the issues. Cloud computing expands upon the grid, but still suffers from

some of the same issues.

The main focus of cloud computing from the provider's view as extraneous

hardware connected to support downtime on any device in the network, without a

change in the users' perspective. Also, the users' software image should be easily

transferable from one cloud to another. It proposes that a layering mechanism should

occur between the front-end software, middle-ware networking and back-end servers

and storage, so that each part can be designed, implemented, tested and ran independent

from subsequent layers. with its development challenges and industry research efforts.

it describes cloud computing security problems and benefits and showcases a model of

secure architecture for cloud computing implementation.



Critics argue that cloud computing is not secure enough because data leaves

companies' local area networks. It is up to the clients to decide the vendors, depending

on how willing they are to implement secure policies and be subject to 3rd party

verifications. Salesforce, Amazon and Google are currently providing such services,

charging clients using an on-demand policy.

Increasingly, businesses of all sizes are choosing to migrate their data,

applications and services to the cloud. The Advantages are clear-increased availability,

Lightweight, easy accessible applications, lower maintenance and administrative

costs—but so too are the risks.

Possible Benefits arising out of adopting cloud computing models have been

recently .well documented in literature and therefore these are not reproduced here.

However, for cloud computing to realise its full potential and become mainstream

member of IT portfolio & choices, a lot of challenges are required to be tackled related

to privacy & Security and associated regulation compliance, vendor Lock-in &

Standards, interoperability, latency, performance & Reliability Concerns.



1.4 Comparisons

Cloud computing can be confused with:

1. Grid computing — "a form of distributed computing and parallel computing,

whereby a 'super and virtual computer' is composed of a cluster of networked, loosely

coupled computers acting in concert to perform very large tasks"

2. Utility computing — the "packaging of computing resources, such as computation

and storage, as a metered service similar to a traditional public utility, such as

electricity";

3. Autonomic computing — "computer systems capable of self-management".



2.0 What is Cloud Computing?

As we said previously, the term

Internet and has become a familiar cliché. However, when “the cloud” is combined

with “computing,” it causes a lot of

sense, they contend that anything beyond the firewall perimeter is in the cloud. A more

tempered view of cloud computing considers it the delivery of computational resources

from a location other than the one from which you are computing.

Cloud computing is about mo

and business advantage

centralized facility or contractor. By making data available in the cloud, it can be more

easily and ubiquitously accessed, of

enabling opportunities for enhanced collaboration, integration, and analysis on a shared

common platform.

Cloud computing models that encompass a subscription

paradigm provide a service

existing capabilities. Many users have found that this approach provides a return on

investment that IT managers are more than willing to accept.

Figure 1 :- Cloud Computing



What is Cloud Computing?

As we said previously, the term the cloud is often used as a metaphor for the


” it causes a lot of confusion. To define the term using a very broad

contend that anything beyond the firewall perimeter is in the cloud. A more


from a location other than the one from which you are computing.

Cloud computing is about moving services, computation and/or data

and business advantage—off-site to an internal or external, location


easily and ubiquitously accessed, often at much lower cost, increasing its value by


Cloud computing models that encompass a subscription-based or pay

paradigm provide a service that can be used over the Internet and extends an IT shop’s


investment that IT managers are more than willing to accept.

Cloud Computing

is often used as a metaphor for the


define the term using a very broad

contend that anything beyond the firewall perimeter is in the cloud. A more


ving services, computation and/or data—for cost

site to an internal or external, location-transparent,


ten at much lower cost, increasing its value by


based or pay-per-use

that can be used over the Internet and extends an IT shop’s




2.1 Cloud Architecture

In Cloud architecture, the systems architecture(A system architecture or

systems architecture is the conceptual model that defines the structure, behaviour, and

more views of a system. An architecture description is a formal description and

representation of a system) of the software systems(The term software system is often

used as a synonym of computer program or software.) involved in the delivery of cloud

computing, typically involves multiple cloud components communicating with each

other over application programming interfaces, usually web services. This resembles

the Unix philosophy of having multiple programs each doing one thing well and

working together over universal interfaces. Complexity is controlled and the resulting

systems are more manageable than their monolithic counterparts.

Figure 2 :- Cloud Architecture



2.2 Cloud Components

Figure 3 :- Cloud Components

A cloud computing solution is made up of several elements: clients, the

datacentre, and distributed servers. As shown in Above Figure, these components make

up the three parts of a cloud computing solution.

Each element has a purpose and plays a specific role in delivering a functional

cloud-based application, so let’s take a closer look.



2.2.1 Clients

Clients are, in a cloud computing architecture, the exact same things that they

are in a local area network (LAN). They are, typically, the computers that just sit on

your desk. But they might also be laptops, tablet computers, mobile phones, or PDAs

(Personal digital assistant or Palmtop Computer)—all big drivers for cloud computing

because of their mobility. Anyway, clients are the devices that the end users interact

with to manage their information on the cloud. Clients generally fall into three

categories:

• Mobile -Mobile devices include PDAs or Smartphone’s, like a Blackberry, Windows

Mobile Smartphone or an iPhone.

• Thin -Clients are computers that do not have internal hard drives, but rather let the

servers do all the work, but then display the information.

• Thick -This type of client is a regular computer, using a web browser like Firefox

or Internet Explorer to connect to the cloud.

Thin clients are becoming an increasingly popular solution, because of their price and

effect on the environment. Some benefits to using thin clients include

• Lower hardware costs -Thin clients are cheaper than thick clients because they do not

contain as much hardware. They also last longer before they need to be upgraded or

become obsolete.

• Lower IT costs -Thin clients are managed at the server and there are fewer points of

failure.

• Security -Since the processing takes place on the server and there is no hard drive,

there’s less chance of malware invading the device. Also, since thin clients don’t work

without a server, there’s less chance of them being physically stolen.

• Data security -Since data is stored on the server, there’s less chance for data to be lost

if the client computer crashes or is stolen.



2.2.2 Datacenter

The datacenter is the collection of servers where the application to which you

subscribe is housed. It could be a large room in the basement of your building or a

room full of servers on the other side of the world that you access via the Internet.

A growing trend in the IT world is vitalizing servers. That is, software can be installed

allowing multiple instances of virtual servers to be used. In this way, you can have half

a dozen virtual servers running on one physical server.

The number of virtual servers that can exist on a physical server depends on the

size and speed of the physical server and what applications will be running on the

virtual server.

2.2.3 Distributed Servers

In Distributed Servers, the servers don’t all have to be housed in the same

location. Often, servers are in geographically disparate locations. But to you, the cloud

subscriber, these servers act as if they’re humming away right next to each other.

This gives the service provider more flexibility in options and security. For instance,

Amazon has their cloud solution in servers all over the world. If something were to

happen at one site, causing a failure, the service would still be accessed through

another site. Also, if the cloud needs more hardware, they need not throw more servers

in the safe room—they can add them at another site and simply make it part of the

cloud.



3.0 Cloud Computing Deployment models

Cloud computing architects provides three basic service models • Public cloud

• Private cloud

• Hybrid cloud

• Community Cloud

IT organizations can choose to deploy applications on public, private, or hybrid

clouds, each of which has its trade-offs. The terms public, private, and hybrid do not

dictate location. While public clouds are typically “out there” on the Internet and

private clouds are typically located on premises, a private cloud might be hosted at a

Collocation (share or designate to share the same place) facility as well.

A number of considerations with regard to which cloud computing model they

choose to employ, and they might use more than one model to solve different

problems. An application needed on a temporary basis might be best suited for

deployment in a public cloud because it helps to avoid the need to purchase additional

equipment to solve a temporary need. Likewise, a permanent application, or one that

has specific requirements on quality of service or location of data, might best be

deployed in a private or hybrid cloud.

3.1 Public clouds

Public clouds are run by third parties, and applications from different

customers are likely to be mixed together on the cloud’s servers, storage systems, and

networks. Public clouds are most often hosted away from customer premises, and they

provide a way to reduce customer risk and cost by providing a flexible, even temporary

extension to enterprise infrastructure.



If a public cloud is implemented with performance, security, and data locality

in mind, the existence of other applications running in the cloud should be transparent

to both cloud architects and end users.

Portions of a public cloud can be carved out for the exclusive use of a single

client, creating a virtual private datacenter. Rather than being limited to deploying

virtual machine images in a public cloud, a virtual private datacenter gives customers

greater visibility into its infrastructure. Now customers can manipulate not just virtual

machine images, but also servers, storage systems, network devices, and network

topology.

Figure 4: - Public Cloud Model



3.2 Private clouds

Private clouds are built for the exclusive use of one client, providing the utmost

control over data, security, and quality of service . The company owns the

infrastructure and has control over how applications are deployed on it. Private clouds

may be deployed in an enterprise datacenter, and they also may be deployed

at a collocation facility.

Private clouds can be built and managed by a company’s own IT organization

or by a cloud provider. In this “hosted private” model, a company such as Sun can

install, configure, and operate the infrastructure to support a private cloud within a

company’s enterprise datacenter. This model gives companies a high level of control

over the use of cloud resources while bringing in the expertise needed to establish and

operate the environment.

Figure 5: - Private Cloud Model



3.3 Hybrid clouds

Hybrid clouds combine both public and private cloud models. They can help to

provide on-demand, externally provisioned scale. The ability to augment a private

cloud with the resources of a public cloud can be used to maintain service levels in the

face of rapid workload fluctuations. This is most often seen with the use of storage

clouds to support Web 2.0 applications. A hybrid cloud also can be used to handle

planned workload spikes. Sometimes called “surge computing,” a public cloud can be

used to perform periodic tasks that can be deployed easily on a public cloud.

Hybrid clouds introduce the complexity of determining how to distribute

applications across both a public and private cloud. Among the issues that need to be

considered is the relationship between data and processing resources. If the data is

small, or the application is stateless, a hybrid cloud can be much more successful than

if large amounts of data must be transferred into a public cloud for a small amount of

processing.

Figure 6:- Hybrid Cloud Model



3.4 Community clouds

In Community Cloud the cloud infrastructure is shared by several

organizations and supports a specific community that has shared concerns (e.g.,

mission, security requirements, policy, or compliance considerations). It may be

managed by the organizations or a third party and may exist on-premises or

off-premises.



4.0 Cloud computing Service Model

In practice, cloud service providers tend to offer services that can be grouped

into three categories: software as a service, platform as a service, and infrastructure as

a service. These categories group together the various layers with some overlap.

Table 1: - Cloud Computing Service Model



4.1 Software as a service (SaaS)

Software as a service features a complete application offered as a service on

demand. A single instance of the software runs on the cloud and services multiple end

users or client organizations.

The most widely known example of SaaS is salesforce.com, though many other

examples have come to market, including the Google Apps offering of basic business

services including email and word processing.

Although salesforce.com preceded the definition of cloud computing by a few

years, it now operates by leveraging its companion force.com, which can be defined as

a platform as a service.

4.2 Platform as a service (PaaS)

Platform as a service encapsulates a layer of software and provides it as a

service that can be used to build higher-level services. There are at least two

perspectives on PaaS depending on the perspective of the producer or consumer of the

services:

• Someone producing PaaS might produce a platform by integrating an OS,

middleware, application software, and even a development environment that is then

provided to a customer as a service. For example, someone developing a PaaS offering

might base it on a set of Sun™ xVM hypervisor virtual machines that include a

NetBeans™ integrated development environment, a Sun GlassFish™ Web stack and

support for additional programming languages such as Perl or Ruby.

• Someone using PaaS would see an encapsulated service that is presented to them

through an API. The customer interacts with the platform through the API, and the

platform does what is necessary to manage and scale itself to provide a given level of

service. Virtual appliances can be classified as instances of PaaS. A content switch

appliance, for example, would have all of its component software hidden from the

customer, and only an API or GUI for configuring and deploying the service provided



to them.

PaaS offerings can provide for every phase of software development and

testing, or they can be specialized around a particular area such as content

management.

Commercial examples of PaaS include the Google Apps Engine, which serves

applications on Google’s infrastructure. PaaS services such as these can provide a

powerful basis on which to deploy applications, however they may be constrained by

the capabilities that the cloud provider chooses to deliver.

4.3 Infrastructure as a service (IaaS)

Infrastructure as a service delivers basic storage and compute capabilities as

standardized services over the network. Servers, storage systems, switches, routers,

and other systems are pooled and made available to handle workloads that range from

application components to high-performance computing applications. Commercial

examples of IaaS include Joyent, whose main product is a line of virtualized servers

that provide a highly available on-demand infrastructure.

4.4 Anything-as-a-Service (XaaS)

Which is also a subset of cloud computing? XaaS broadly encompasses a

process of activating reusable software components over the network. The most

common and successful example is Software-as-a-Service. The growth of

“as-a-service” offerings has been facilitated by extremely low barriers to entry (they are

often accessible for free or available as recurring charges on a personal credit card). As

a result, such offerings have been adopted by consumers and small businesses well

before pushing into the enterprise space. All “as-a-service” offerings share a number of

common attributes, including little or no capital expenditure since the required

infrastructure is owned by the service provider, massive scalability, multitenancy, and

device and location independence allowing consumers remote access to systems using

nearly any current available technology.



On the surface, it appears that XaaS is a potentially game-changing technology

that could reshape IT. However, most CIOs still depend on internal infrastructures

because they are not convinced that cloud computing is ready for prime time. Many

contend that if you want real reliability, you must write more reliable applications.

Regardless of one’s view on the readiness of cloud computing to meet corporate IT

requirements, it cannot be ignored. The concept of pay-as-you-go applications,

development platforms, processing power, storage, or any other cloud-enabled services

has emerged and can be expected to reshape IT over the next decade.

4.5 Virtualization and Private Clouds

Virtualization of computers or operating systems hides the physical

characteristics of a computing platform from users; instead it shows another abstract

computing platform. A hypervisor is a piece of virtualization software that allows

multiple operating systems to run on a host computer concurrently. Virtualization

providers include VMware, Microsoft, and Citrix Systems. Virtualization is an enabler

of cloud computing.

Recently some vendors have described solutions that emulate cloud computing

on private networks, referring to these as “private” or “internal” clouds (where “public”

or “external” cloud describes cloud computing in the traditional mainstream sense).

Private cloud products claim to deliver some of the benefits of cloud computing without

the pitfalls. Hybrid solutions are also possible: building internal clouds and connecting

customer data centers to those of external cloud providers. It has been reported that Eli

Lilly wants to benefit from both internal and external clouds3 and that Amylin6 is

looking at private cloud VMware as a complement to EC2. Other experts, however, are

skeptical: one has even gone as far as to describe private clouds as absolute rubbish.7

Platform Computing has recently launched a cloud management system, Platform ISF,

enabling customers to manage workload across both virtual and physical environments

and support multiple hypervisors and operating systems from a single interface.

VMware, the market leader in virtualization technology, is moving into cloud

technologies in a big way, with vSphere 4. The company is building a huge partner

network of service providers and is also releasing a “vCloud API”. VMware wants



customers to build a series of “virtual data centers”, each tailored to meet different

requirements, and then have the ability to move workloads in the virtual data centers to

the infrastructure provided by cloud vendors.

Cisco, EMC and VMware have formed a new venture called Acadia. Its

strategy for private cloud computing is based on Cisco’s servers and networking,

VMware’s server virtualization and EMC’s storage. (Note, by the way, that EMC owns

nearly 85% of VMware.) Other vendors, such as Google, disagree with VMware’s

emphasis on private clouds; in return VMware says Google’s online applications are

not ready for the enterprise.



5.0 Advantages of Cloud

• Agility improves with users' ability to rapidly and inexpensively re-provision

technological infrastructure resources

• Cost is claimed to be greatly reduced and capital expenditure is converted to

operational expenditure. This ostensibly lowers barriers to entry, as

infrastructure is typically provided by a third-party and does not need to be

purchased for one-time or infrequent intensive computing tasks.

• Device and location independence enable users to access systems using a

web browser regardless of their location or what device they are using (e.g.,

PC, mobile). As infrastructure is off-site (typically provided by a third-party)

and accessed via the Internet, users can connect from anywhere.

• Multi-tenancy enables sharing of resources and costs across a large pool of

users

• Reliability is improved if multiple redundant sites are used, which makes well

designed cloud computing suitable for business continuity and disaster

recovery.

• Scalability via dynamic ("on-demand") provisioning of resources on a

fine-grained, self-service basis near real-time, without users having to engineer

for peak loads. Performance is monitored, and consistent and loosely coupled

architectures are constructed using web services as the system interface

• Maintenance cloud computing applications are easier to maintain, since they

don't have to be installed on each user's computer.



• Metering cloud computing resources usage should be measurable and should

be metered per client and application on daily, weekly, monthly, and annual

basis. This will enable clients on choosing the vendor cloud on cost and

reliability

• Security could improve due to centralization of data, increased

security-focused resources, etc., but concerns can persist about loss of control

over certain sensitive data, and the lack of security for stored kernels. Security

is often as good as or better than under traditional systems, in part because

providers are able to devote resources to solving security issues that many

customers cannot afford. Furthermore, the complexity of security is greatly

increased when data is distributed over a wider area and / or number of devices.



6.0 Cloud Computing Reference Model

Understanding the relationships and dependencies between Cloud Computing

models is critical to understanding Cloud Computing security risks.

IaaS is the foundation of all cloud services, with PaaS building upon IaaS, and

SaaS in turn building upon PaaS as described in the Cloud Reference Model diagram.

In this way, just as capabilities are inherited, so are information security issues and risk.

It is important to note that commercial cloud providers may not neatly fit into the

layered service models. Nevertheless, the reference model is important for relating

real-world services to an architectural framework and understanding the resources and

services requiring security analysis. IaaS includes the entire infrastructure resource

stack from the facilities to the hardware platforms that reside in them. It incorporates

the capability to abstract resources (or not), as well as deliver physical and logical

connectivity to those resources. Ultimately, IaaS provides a set of APIs which allow

management and other forms of interaction with the infrastructure by consumers.

PaaS sits atop IaaS and adds an additional layer of integration with application

development frameworks; middleware capabilities; and functions such as database,

messaging, and queuing; which allow developers to build applications upon to the

platform; and whose programming languages and tools are supported by the stack.

SaaS in turn is built upon the underlying IaaS and PaaS stacks; and provides a

self-contained operating environment used to deliver the entire user experience

including the content, its presentation, the application(s), and management capabilities.



Figure 7:- Cloud Computing Reference Model



7.0 Security for Cloud Computing

There is a number of security issues associated with cloud computing but these

issues fall into two broad categories: Security issues faced by cloud providers

(organizations providing Software-, Platform-, or Infrastructure-as-a-Service via the

cloud) and security issues faced by their customers. In most cases, the provider must

ensure that their infrastructure is secure and that their clients’ data and applications are

protected while the customer must ensure that the provider has taken the proper security

measures to protect their information.

Security controls in cloud computing are, for the most part, no different than

security controls in any IT environment. Cloud computing may present different risks

to an organization than traditional IT solutions. Cloud computing is about gracefully

losing control while maintaining accountability even if the operational responsibility

falls upon one or more third parties.

While cloud security concerns can be grouped into any number of dimensions

these dimensions have been aggregated into three general areas Security and Privacy,

Compliance, and Legal or Contractual Issues.

7.1 Defining Security in the Cloud

If we wish to enable cloud-driven growth and innovation through security, we

must have a clear framing on what is meant by security. Security has been notoriously

hard to define in the general case. The canonical goals of information security are

Confidentiality, Integrity, and Availability. We borrow from NIST to include

Accountability and Assurance, and then add a sixth category of Resilience. We define

these terms below and map them to the cloud context, with a few examples of how they

can be supported by both technical and non-technical mechanisms.



To begin to answer these questions, let’s quickly look at the security of the

traditional datacenter and the impact of virtualization technology, which is enabling the

cloud computing revolution.

7.2 Security Issues and Challenges

IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS

(Software as a Service) are three general models of cloud computing. Each of these

models possess a different impact on application security. However, in a typical

scenario where an application is hosted in a cloud, two broad security questions that

arises are:

•••• How secure is the Data?

•••• How secure is the Code?

Cloud computing environment is generally assumed as a potential cost saver as well

as provider of higher service quality. Security, Availability, and Reliability is the major

quality concerns of cloud service users. Gens et. al., suggests that security in one of the

prominent challenge among all other quality challenges.

7.3 Security Advantages in Cloud Environments

Current cloud service providers operate very large systems. They have

sophisticated processes and expert personnel for maintaining their systems, which

small enterprises may not have access to. As a result, there are many direct and indirect

security advantages for the cloud users. Here we present some of the key security

advantages of a cloud computing environment:

• Data Centralization: In a cloud environment, the service provider takes care of

storage issues and small business need not spend a lot of money on physical

storage devices. Also, cloud based storage provides a way to centralize the data

faster and potentially cheaper. This is particularly useful for small businesses,



which cannot spend additional money on security professionals to monitor the

data.

• Incident Response: IaaS providers can put up a dedicated forensic server that

can be used on demand basis. Whenever a security violation takes place, the

server can be brought online. In some investigation cases, a backup of the

environment can be easily made and put onto the cloud without affecting the

normal course of business.

• Forensic Image Verification Time: Some cloud storage implementations

expose a cryptographic check sum or hash. For example, Amazon S3 generates

MD5 (Message-Digest algorithm 5) hash automatically when you store an

object. Therefore in theory, the need to generate time consuming MD5

checksums using external tools is eliminated.

• Logging: In a traditional computing paradigm by and large, logging is often an

afterthought. In general, insufficient disk space is allocated that makes logging

either non-existent or minimal. However, in a cloud, storage need for standard

logs is automatically solved.

7.4 Security Disadvantages in Cloud Environments

In spite of security advantages, cloud computing paradigm also introduces some

key security challenges. Here we discuss some of these key security challenges:

• Data Location: In general, cloud users are not aware of the exact location of

the datacenter and also they do not have any control over the physical access

mechanisms to that data. Most well-known cloud service providers have

datacenters around the globe. Some service providers also take advantage of

their global datacenters. However, in some cases applications and data might be

stored in countries, which can judiciary concerns. For example, if the user data

is stored in X country then service providers will be subjected to the security



requirements and legal obligations of X country. This may also happen that a

user does not have the information of these issues.

• Investigation: Investigating an illegitimate activity may be impossible in cloud

environments. Cloud services are especially hard to investigate, because data

for multiple customers may be co-located and may also be spread across

multiple datacenters. Users have little knowledge about the network topology of

the underlying environment. Service provider may also impose restrictions on

the network security of the service users.

• Data Segregation: Data in the cloud is typically in a shared environment

together with data from other customers. Encryption cannot be assumed as the

single solution for data segregation problems. In some situations, customers

may not want to encrypt data because there may be a case when encryption

accident can destroy the data.

• Long-term Viability: Service providers must ensure the data safety in

changing business situations such as mergers and acquisitions. Customers must

ensure data availability in these situations. Service provider must also make

sure data security in negative business conditions like prolonged outage etc.

• Compromised Servers: In a cloud computing environment, users do not even

have a choice of using physical acquisition toolkit. In a situation, where a server

is compromised; they need to shut their servers down until they get a previous

backup of the data. This will further cause availability concerns.

• Regulatory Compliance: Traditional service providers are subjected to

external audits and security certifications. If a cloud service provider does not

adhere to these security audits, then it leads to a obvious decrease in customer

trust.

• Recovery: Cloud service providers must ensure the data security in natural and

man-made disasters. Generally, data is replicated across multiple sites.



However, in the case of any such unwanted event, provider must do a complete

and quick restoration.

7.5 Security Issues in Virtualization

Full Virtualization and Para Virtualization is two kinds of virtualization in a

cloud computing paradigm. In full virtualization, entire hardware architecture is

replicated virtually. However, in para virtualization, an operating system Towards

Analyzing Data Security Risks in Cloud Computing Environments 259 is modified so

that it can be run concurrently with other operating systems.

VMM (Virtual Machine Monitor), is a software layer that abstracts the physical

resources used by the multiple virtual machines. The VMM provides a virtual processor

and other virtualized versions of system devices such as I/O devices, storage, memory,

etc.

VMM Instance Isolation ensures that different instances running on the same

physical machine are isolated from each other. However, current VMMs do not offer

perfect isolation. Many bugs have been found in all popular VMMs that allow escaping

from VM (Virtual machine). Vulnerabilities have been found in all virtualization

software’s, which can be exploited by malicious users to bypass certain security

restrictions or/and gain escalated privileges. Below are few examples for this:

• Vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow

a guest operating system user to run code on the host or another guest operating

system.

• Vulnerability was found in VMware’s shared folders mechanism that grants

users of a guest system read and write access to any portion of the host’s file

system including the system folder and other security-sensitive files.



• Vulnerability in Xen can be exploited by “root” users of a guest domain to

execute arbitrary commands.

7.6 Survey of Cloud Computing

We carry out a small survey of major cloud service providers to investigate the

security mechanisms to overcome the security issues discussed in this paper. We

consider ten major cloud service providers. These providers provide their services in all

major areas of cloud computing, including SaaS, PaaS and IaaS.

Table 1 shows the list of service providers that we studied in this survey. In

order to analyze the complete state of art of security in cloud computing, the survey

needs to be more exhaustive. However, due to the fact that the scope of our work is not

just to explore the state of art but to look at the major factors that affect security in cloud

computing. Therefore we have intentionally not considered other cloud service

providers in this survey.

Table 2:- Major Cloud Service Providers

Service Provider Type Names

IaaS Amazon EC2, Amazon S3, GoGrid

PaaS Google App Engine, Microsoft Azure Services,

Amazon

Elastic Map Reduce

SaaS Salesforce, Google Docs

In table 2, we present the results of the survey that depicts the current state of

security mechanisms. Information given in table 2 is based on the information available

online at the official websites of these providers



Table 3:- Summary of Security Mechanisms by Major Cloud Service Providers

Security Issue Results

Password Recovery 90% are using standard methods like other common

services,

while 10% are using sophisticated techniques.

Encryption Mechanism 40% are using standard SSL encryption, while 20% are

using encryption mechanism but at an extra cost. 40%

are using advance methods like HTTPS access also.

Data Location 70% have their datacenters located in more than one

country, while 10% are located at a single location.

20%

are not open about this issue.

Availability History In 40% there is a reported downtime alongwith a result

in data loss, while in 60% cases data availability is

good.

Proprietary/Open Only 10% providers have open mechanism.

Monitoring Services 70% are providing extra monitoring services, while

10%

are using automatic techniques. 20 % are not open

about

this issue.

7.7 Traditional Datacenter Security

The word ‘datacenter’ has long evoked images of massive server farms behind

locked doors, where electricity and cooling were as important as network security to

maintain reliability and availability of data. Perimeter security controls are the most

common approach taken for traditional datacenter security. This approach typically

includes perimeter firewall, demilitarized zones (DMZ), network segmentation,

network intrusion detection and prevention systems (IDS/IPS) and network monitoring

tools.



8.0 Virtualization – The Catalyst of the Cloud

Advancements in virtualization technologies enable enterprises to get more

computing power from the underutilized capacity of physical servers. The traditional

datacenter footprint is shrinking to enable cost savings and “greener” IT through server

consolidation. Enterprises and service providers are using virtualization to enable

multi-tenant uses of what used to be single-tenant or single-purpose physical servers.

Extending virtual machines to public clouds causes the enterprise network

perimeter to evaporate and the lowest-common denominator to impact the security of

all. The inability of physical segregation and hardware-based security to deal with

attacks between virtual machines on the same server highlights the need for

mechanisms to be deployed directly on the server, or virtual machines.

Deploying this line of defense at the virtual machine itself enables critical

applications and data to be moved to cloud environments.

8.1 Confidentiality

Confidentiality refers to keeping data private. Privacy is of tent amount

importance as data leaves the borders of the organization. Not only must internal

secrets and sensitive personal data be safeguarded, but metadata and transactional data

can also leak important details about firms or individuals. Confidentiality is supported

by, among other things, technical tools such as encryption and access control, as well as

legal protections.

8.2 Integrity

Integrity is a degree confidence that the data in the cloud is what is supposed to

be there, and is protected against accidental or intentional alteration without

authorization. It also extends to the hurdles of synchronizing multiple databases.



Integrity is supported by well audited code, well-designed distributed systems, and

robust access control mechanisms.

8.3 Authentication

User authentication is often the primary basis for access control, keeping the bad guys

out while allowing authorized users in with a minimum of fuss. In the cloud

environment, authentication and access control are more important than ever since the

cloud and all of its data are accessible to anyone over the Internet. The TPM can easily

provide stronger authentication than username and passwords. TCG’s IF-MAP

standard allows for real-time communication between the cloud provider and the

customer about authorized users and other security issues. When a user is fired or

reassigned, the customer’s identity management system can notify the cloud provider

in real-time so that the user’s cloud access can be modified or revoked within seconds.

If the fired user is logged into the cloud, they can be immediately disconnected. Trusted

Computing enables authentication of client PCs and other devices, which also is critical

to ensuring security in cloud computing.

8.4 Availability

Availability means being able to use the system as anticipated. Cloud

technologies can increase availability through widespread internet-enabled access, but

the client is dependent on the timely and robust provision of resources. Availability is

supported by capacity building and good architecture by the provider, as well as

well-defined contracts and terms of agreement.

8.5 Accountability

Accountability maps actions in the system to responsible parties. Inside the

cloud, actions must be traced uniquely back to an entity, allowing for integration into

organizational processes, conflict resolution and deterrence of bad behavior.



Accountability is supported by robust identity, authentication and access control, as

well as the ability to log transactions and then, critically, audit these logs.

8.6 Assurance

Assurance refers to the need for a system to behave as expected. In the cloud

context, it is important that the cloud provider provides what the client has specified.

This is not simply a matter of the software and hardware behaving as the client expects

but that the needs of the organization are understood, and that these needs are

accurately translated into information architecture requirements, which are then

faithfully implemented in the cloud system. Assurance is supported by a trusted

computing architecture in the cloud, and a by careful processes mapping from business

case to technical details to legal agreements.

8.7 Resilience

Resilience in a system allows it to cope with security threats, rather than failing

critically. Cloud technology can increase resilience, with a broader base, backup data

and systems, and the potential identify threats and dynamically counteract. However,

by shifting critical systems and functions to an outside party, organizations can

aggravate resilience by introducing a single point of failure. Resilience is supported by

redundancy, diversification and real-time forensic capacity.



9.0 Cloud Computing Security Issues

In order to ensure that data is secure (that it cannot be accessed by unauthorized

users or simply lost) and that data privacy is maintained, cloud providers attend to the

following areas in Security and Privacy issues.

Figure 8: - Security Architecture Design



A security architecture framework should be established with consideration of

processes (enterprise authentication and authorization, access control, confidentiality,

integrity, no repudiation, security management, etc.), operational procedures,

technology specifications, people and organizational management, and security

program compliance and reporting. A security architecture document should be

developed that defines security and privacy principles to meet business objectives.

Documentation is required for management controls and metrics specific to asset

classification and control, physical security, system access controls, network and

computer management, application development and maintenance, business continuity,

and compliance. A design and implementation program should also be integrated with

the formal system development life cycle to include a business case, requirements

definition, design, and implementation plans. Technology and design methods should

be included, as well as the security processes necessary to provide the following

services across all technology layers:

9.1 Authentication

9.2 Authorization

9.3 Availability

9.4 Confidentiality

9.5 Integrity

9.6 Accountability

9.7 Privacy

The creation of a secure architecture provides the engineers, data center operations

personnel, and network operations personnel a common blueprint to design, build, and

test the security of the applications and systems.

Design reviews of new changes can be better assessed against this architecture to

assure that they conform to the principles described in the architecture, allowing for

more consistent and effective design reviews.



• Secure Software Development Life Cycle (SecSDLC)

The SecSDLC involves identifying specific threats and the risks they represent,

followed by design and implementation of specific controls to counter those threats and

assist in managing the risks they pose to the organization and/or its customers. The

SecSDLC must provide consistency, repeatability, and conformance. The SDLC

consists of six phases, and there are steps unique to the SecSDLC in each of phases:

o Investigation: Define project processes and goals, and document them

in the program security policy.

o Analysis: Analyze existing security policies and programs, analyze

current threats and controls, examine legal issues, and perform risk

analysis.

o Logical design: Develop a security blueprint, plan incident response

actions, plan business responses to disaster, and determine the

feasibility of continuing and/or outsourcing the project.

o Physical design: Select technologies to support the security blueprint,

develop a definition of a successful solution, design physical security

measures to support technological solutions, and review and approve

plans.

o Implementation: Buy or develop security solutions. At the end of this

phase, present a tested package to management for approval.

o Maintenance: Constantly monitor, test, modify, update, and repair to

respond to changing threats.



In the SecSDLC, application code is written in a consistent manner that can

easily be audited and enhanced; core application services are provided in a common,

structured, and repeatable manner; and framework modules are thoroughly tested for

security issues before implementation and continuously retested for conformance

through the software regression test cycle. Additional security processes are developed

to support application development projects such as external and internal penetration

testing and standard security requirements based on data classification. Formal training

and communications should also be developed to raise awareness of process

enhancements.



10 Cloud Security Challenges

At first glance, the security requirements for cloud computing providers would

appear to be the same as traditional datacenters — apply a strong network security

perimeter and keep the bad guys out. However, as previously stated, physical

segregation and hardware-based security cannot protect against attacks between virtual

machines on the same server. The following outlines some of the primary concerns that

enterprises should be aware of when planning their cloud computing deployments.

10.1 Administrative Access to Servers and

Applications

One of the most important characteristics of cloud computing is that it offers

“self-service” access to computing power, most likely via the Internet. In traditional

datacenters, administrative access to servers is controlled and restricted to direct or

on-premise connections. In cloud computing, this administrative access must now be

conducted via the Internet, increasing exposure and risk. It is extremely important to

restrict administrative access and monitor this access to maintain visibility of changes

in system control.

10.2 Dynamic Virtual Machines: VM State and

Sprawl

Virtual machines are dynamic. They can quickly be reverted to previous

instances, paused and restarted, relatively easily. They can also be readily cloned and

seamlessly moved between physical servers. This dynamic nature and potential for VM

sprawl makes it difficult to achieve and maintain consistent security. Vulnerabilities or

configuration errors may be unknowingly propagated. Also, it is difficult to maintain an

auditable record of the security state of a virtual machine at any given point in time. In

cloud computing environments, it will be necessary to be able to prove the security state



of a system, regardless of its location or proximity to other, potentially insecure virtual

machines.

10.3 Vulnerability Exploits and VM-TO-VM Attacks

Cloud computing servers use the same operating systems, enterprise and web

applications as localized virtual machines and physical servers. The ability for an

attacker or malware to remotely exploit vulnerabilities in these systems and

applications is a significant threat to virtualized cloud computing environments. In

addition, co-location of multiple virtual machines increases the attack surface and risk

of VM-to-VM compromise. Intrusion detection and prevention systems need to be able

to detect malicious activity at the virtual-machine level, regardless of the location of the

VM within the virtualized cloud environment.

10.4 Encryption and Data Protection

Many regulations and standards such as the PCI DSS and HIPAA include

requirements for the use of encryption to protect critical information—such as

cardholder data and personally identifiable information (PII)—to achieve compliance

or safe harbor in the event of a breach. The multi-tenant nature of the cloud amplifies

these requirements and creates unique challenges with the accessibility and protection

of encryption credentials used to ensure data protection.

10.5 Policy and Compliance

Enterprises are experiencing significant pressure to comply with a wide range

of regulations and standards such as PCI, HIPAA, and GLBA in addition to auditing

practices such as SAS70 and ISO. Enterprises need to prove compliance with security

standards, regardless of the location of the systems required to be in scope of

regulation, be that on-premise physical servers, on-premise virtual machines or

off-premise virtual machines running on cloud computing resources.



10.6 Patch Management

The self-service nature of cloud computing may create confusion for patch

management efforts. Once an enterprises subscribes to a cloud computing

resource—for example by creating a Web server from templates offered by the cloud

computing service provider—the patch management for that server is no longer in the

hands of the cloud computing vendor, but is now the responsibility of the subscriber.

Keeping in mind that according to the previously mentioned Verizon 2008 Data Breach

Investigations Report, 90% of known vulnerabilities that were exploited had patches

available for at least six months prior to the breach, organizations leveraging cloud

computing need to keep vigilant to maintain cloud resources with the most recent

vendor supplied patches. If patching is impossible or unmanageable, compensating

controls such as “virtual patching” need to be considered.

10.7 Perimeter Protection and Zoning

In cloud computing, the enterprise perimeter evaporates and the

lowest-common denominator impacts the security of all. The enterprise firewall, the

foundation for establishing security policy and zoning for networks, can either no

longer reach cloud computing servers, or its policies are no longer in the control of the

resource owner, but the responsibility of the cloud computing provider. To establish

zones of trust in the cloud, the virtual machines must be self-defending, effectively

moving the perimeter to the virtual machine itself.

10.8 Rogue Corporate Resources

Eager for immediate computing resources and results, non-IT savvy individuals

and groups are jumping at cloud computing. Important corporate data and applications

are being deployed in the cloud, possibly oblivious to the security implications.



11 Data Protection, Identity Management, Security

11.1 Data Protection

To be considered protected, data from one customer must be properly

segregated from that of another; it must be stored securely when “at rest” and it must be

able to move securely from one location to another. Cloud providers have systems in

place to prevent data leaks or access by third parties. Proper separation of duties should

ensure that auditing and/or monitoring cannot be defeated, even by privileged users at

the cloud provider.

11.2 Identity Management

Every enterprise will have its own identity management system to control

access to information and computing resources. Cloud providers either integrate the

customer’s identity management system into their own infrastructure, using federation

or SSO technology, or provide an identity management solution of their own.

11.3 Physical and Personnel Security

Providers ensure that physical machines are adequately secure and that access

to these machines as well as all relevant customer data is not only restricted but that

access is documented. Finally, providers ensure that all critical data (credit card

numbers, for example) are masked and that only authorized users have access to data in

its entirety. Moreover, digital identities and credentials must be protected as should any

data that the provider collects or produces about customer activity in the cloud.



12 AvailabilityCloud providers assure customers that they will have regular and predictable access

to their data and applications.

For example, consider some of the cloud

outages which have been widely reported…

Bit bucket, DDoS'd Off The Air



12 Availability Cloud providers assure customers that they will have regular and predictable access

to their data and applications.

example, consider some of the cloud

outages which have been widely reported…

, DDoS'd Off The Air

Cloud providers assure customers that they will have regular and predictable access

example, consider some of the cloud-related



Maintenance Induced Cascading Failures



Maintenance Induced Cascading Failures



13 Application Securities, User Centric Access

Control, Transparency

13.1 Application Securities

Cloud providers ensure that applications available as a service via the cloud are

secure. Securing application software that is running on being developed in the cloud.

This includes items such as whether it’s appropriate to migrate or design an application

to run in the cloud, and if so, what type of cloud platform is most appropriate (SaaS,

PaaS, or IaaS). Some specific security issues related to the cloud are also discussed.

13.2 User Centric Access Control

The traditional model of application-centric access control, where each

application keeps track of its collection of users and manages them, is not feasible in

cloud based architectures. This is more so, because the user space maybe shared across

applications that can lead to data replication, making mapping of users and their

privileges a herculean task. Also, it requires the user to remember multiple

accounts/passwords and maintain them. Cloud requires a user centric access control

where every user request to any service provider is bundled with the user identity and

entitlement information. User identity will have identifiers or attributes that identity

and define the user. The identity is tied to a domain, but is portable. User centric

approach leaves the user with the ultimate control of their digital identities. User centric

approach also implies that the system maintains a context of information for every user,

in order to find how best to react to in a given situation to a given user request. It should

support pseudonyms and multiple and discrete identities to protect user privacy. This

can be achieved easily by using one of the open standards like OpenID or SAML.



13.3 Transparency

Security measures assumed in the cloud must be made available to the

customers to gain their trust. There is always a possibility that the cloud infrastructure is

secured with respect to some requirements and the customers are looking for a different

set of security. The important aspect is to see that the cloud provider meets the security

requirements of the application and this can be achieved only through 100%

transparency. Open Cloud Manifesto exerts stress on transparency in clouds, due the

consumer’s apprehensions to host their applications on a shared infrastructure, on

which they do not have any control. Transparency can be achieved by complete audit

logging and control.



14 New Opportunities

Combining the contemporary and historical viewpoints, we arrive at the

position that many cloud computing security problems are not in fact new, but often

will still require new solutions in terms of specific mechanisms. Existing contemporary

works already explore many pertinent topics; we highlight here several areas that

deserve more attention.

First, cloud providers should offer a choice of security primitives with

well-considered defaults. Cloud users know more about their applications, but cloud

providers potentially know more about the relevant security issues due to a higher

concentration of security expertise. The cloud user would ideally choose from a

spectrum of security levels and security subsystem boundaries. We believe this

flexibility could prove to be a major improvement if done well. One possible approach

would be to formulate the security primitives around defending different stakeholders

against different particular threat models. An additional feature might support “plug

and-play" services readily compliant with common standards such as those of HIPAA

or Payment Card Industry.

Another important research area concerns determining apt granularities for

isolation. Several are possible: isolate by virtual or physical machines, LANs, clouds,

or datacenters. We at present lack a good understanding of the tradeoffs between

security and performance for each of these options, but it would appear likely that cloud

providers can fruitfully offer different granularities of isolation as a part of their

spectrum of security.

Side channels and covert channels pose another fundamental threat, one which

interplays with the granularities of isolation discussed above. While not a panacea (e.g.,

it takes very few bits to steal a password), a helpful analysis could include when

appropriate a quantification of channel bit rates, coupled with an assessment of the bit

rate required to do harm.



One important area that has yet to receive much attention is mutual audit ability.

The auditing capabilities of most existing systems focus on one-way audit ability. In

cloud computing, providers and users may need to demonstrate mutual trustworthiness,

in a bilateral or multilateral fashion. As discussed above, such audit ability can have

major benefits with regard to fate-sharing, such as enabling cloud providers in search

and seizure incidents to demonstrate to law enforcement that they have turned over all

relevant evidence, and prove to users that they turned over only the necessary evidence

and nothing more. Recent work notes that implementing thorough auditing is not a

simple matter even for straightforward web services. In cloud computing, it remains an

open challenge to achieve thorough auditing without impairing performance. To

complicate matters even further, the auditor fundamentally needs to be an independent

third party, and a third-party auditor requires a setup quite different than today’s

practice, in which cloud providers record and maintain all the audit logs. In short,

mutual audit ability needs significant work. On the plus side, achieving it robustly

would constitute an important security feature.

More broadly, we see a need for research that seeks to understand the ecosystem

of threats. Current work in the literature generally focuses only single aspects of the

cloud security problem. As we begin to understand problems in isolation, we should

also start to put together an understanding of how different issues and threats combine.

For example, in web security we understand security problems at a high-level as an

ecosystem involving the interplay between worms, bots, scams, spam, phishing, active

content, browsers, usability, and other human factors. We argue that future work on

cloud security needs to similarly bridge established topic boundaries.

Lastly, we would highlight that breaking real clouds makes them stronger. Such

studies involve obvious ethical issues, but provide much more compelling results than

breaking hypothetical clouds. For example, the EC2 information leak study in triggered

a highly visible security effort by Amazon Web Services, and serves as a model for

similar future work in academia. Similarly, the Air Force Mastics security

enhancements originated from a companion effort to find security exploits. Such

coupled attack and defense approaches serve as a model for potential government cloud

security projects today, and cloud providers should sponsor internal adversarial efforts

to discover vulnerabilities before they become exposed in the wild. Needless to say,



stakeholders also need to continue to track black-hat perspectives. Finally, research

partnerships between different types of stakeholders will likely prove very beneficial to

advancing the field.



15 Conclusions

In cloud computing, end-to-end security is critical. Building blocks from TCG

and commercial products built on these principles will help make the cloud

environment more secure. Ongoing research from TCG and operating system or device

security vendors will take advantage of the TPM using additional software to enhance

its capability for cloud computing. Other research on cloud computing security is under

way at several companies. Today, the good news is that most cloud security issues can

be addressed with well-known, existing techniques.

The TPM can be an independent entity that works on behalf of cloud computing

customers. Inside every server in the cloud, the TPM and associated software can check

what is installed on each machine and verify the machine’s health and proper

performance. When it detects a problem, TNC technology can immediately restrict

access to a device or server. For securing data at rest in the cloud or in clients that

access cloud data, self-encrypting drives based on Trusted Storage provide the

ultimately secure solution.

Organizations that have already implemented TCG-based solutions can

leverage their corporate investment in hardware, software and policies and re-use them

for cloud computing. If cloud computing represents an organization’s initial

implementation of TCG-based technology (used by the cloud provider), the rest of the

organization should be re-evaluated for areas where TCG technology can provide

improved internal security, including: activating TPMs, use of self-encrypting drives

and network access control through TNC.

In an emerging discipline, like cloud computing, security needs to be analyzed

more frequently. With advancement in cloud technologies and increasing number of

cloud users, data security dimensions will continuously increase. In this paper, we have

analyzed the data security risks and vulnerabilities which are present in current cloud

computing environments.



The most obvious finding to emerge from this study is that, there is a need of

better trust management. We have built a risk analysis approach based on the prominent

security issues. The security analysis and risk analysis approach will help service

providers to ensure their customers about the data security. Similarly, the approach can

also be used by cloud service users to perform risk analysis before putting their critical

data in a security sensitive cloud.

At present, there is a lack of structured analysis approaches that can be used for

risk analysis in cloud computing environments. The approach suggested in this paper is

a first step towards analyzing data security risks. This approach is easily adaptable for

automation of risk analysis.



16 Vulnerabilities

Cloud computing shares in common with other network-based application, storage

and communication platforms certain vulnerabilities in several broad areas:

• Web application vulnerabilities, such as cross-site scripting and SQL injection

(which are symptomatic of poor field input validation, buffer overflow; as well

as default configurations or miss-configured applications.

• Accessibility vulnerabilities, which are vulnerabilities inherent to the TCP/IP

stack and the operating systems, such as denial of service and distributed denial

of services

• Authentication of the respondent device or devices. IP spoofing RIP attacks,

ARP poisoning (spoofing), and DNS poisoning are all too common on the

Internet. TCP/IP has some “unfixable flaws” such as “trusted machine” status

of machines that have been in contact with each other, and tacit assumption that

routing tables on routers will not be maliciously altered.

• Data Verification, tampering, loss and theft, while on a local machine, while in

transit, while at rest at the unknown third-party device, or devices, and during

remote back-ups.

• Physical access issues, both the issue of an organization’s staff not having

physical access to the machines storing and processing a data, and the issue of

unknown third parties having physical access to the machines

• Privacy and control issues stemming from third parties having physical control

of a data is an issue for all outsourced networked applications and storage, but

cloud architectures have some specific issues that are distinct from the usual

issues.



17 References

URL: http://en.wikipedia.org/wiki/Cloud_Computing

http://www.cloudsecurityalliance.org

http://cloudcomputing.sys-con.com/node/1330353

http://www.parc.com/content/attachments/ControllingDataInTheCloud-CCSW-09.pdf

http://www.trustedcomputinggroup.org

http://cloudsecurityalliance.org



Books:

• Amazon elastic computer cloud (2008), http://aws.amazon.com/ec2/

• Twenty Experts Define Cloud Computing (2008),

http://cloudcomputing.syscon.com/read/612375_p.htm

• Andert, D., Wakefield, R., Weise, J.: Trust Modeling for Security Architecture

Development (2002), http://www.sun.com/blueprints

• John, H.: Security Guidance for Critical Areas of Focus in Cloud Computing

(2009), http://www.cloudsecurityalliance.org/guidance/ (Accessed 2 July 2009)

• Two Factor Authentication, http://en.wikipedia.org/wiki/

• Public Key, http://en.wikipedia.org/wiki/Public_key_certificate

• Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I.: Cloud Computing

and Emerging IT Platforms: Vision, Hype, and Reality for delivering

Computing as the 5th Utility. Future Generation Computer Systems 25,

599–616

• Cachin, C., Keider, I., Shraer, A.: Trusting The Cloud. IBM Research, Zurich

Research laboratory (2009)

• Google App Engine (2008), http://appengine.google.com

• Microsoft Live Mesh (2008), http://www.mesh.com

• Brodkin, J.: Seven Cloud Computing Security Risks (2008),

http://www.gartner.com/DisplayDocument?id=685308

http://en.wikipedia.org/wiki/Cloud_Computing

http://www.cloudsecurityalliance.org/




18 Appendices TCG – Trusted Computing Group

LAN – Local Area Network

API – Application Programming Interface

TPI – Trusted Platform Module

DMZ - Demilitarized Zones

ID -Intrusion Detection

IPS- Intrusion Prevention Systems

cloud computing security

Technology

cloud security challenges

cloud environment34

cloud components16

cloud architecture15

cloud evolution

cloud computing14figure

survey of cloud computing

hybrid cloud model