Cloud Computing Security Issues

Download Cloud Computing Security Issues

Post on 06-Apr-2017

60 views

Category:

Engineering

1 download

TRANSCRIPT

Cloud Security Issues

Cloud Security IssuesA comprehensive survey on mobile cloud computing security issues in convergence with energy consumption MSc Candidate: Krasadakis Stelios

January 25, 2016Technological Educational Institute Of CreteDepartment of Informatics EngineeringMSc Informatics & Multimedia

Sections:

Introduction

Cloud Computing background

Securing the Cloud

Virtualization

Mobile Cloud Computing

User safety & energy consumption

Authors proposal

Conclusion

Paper StructureJanuary 25, 2016

Cloud computing is a model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) .

Why arent more hosts/companies following this model? A survey indicated that 80% enterprises hesitate to implement cloud due to security and privacy issues[1].

Cloud data security is more complicated than data security in traditional information systems because data is scattered onto different machines.

In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].

We address the questions related to:security concerns and threats over general cloud computing, (2) the solutions for these problems and (3) mobile users safety in convergence with energy consumption.IntroductionJanuary 25, 2016

IaaS, users are allowed to run any applications and operating systems they please. The principal unit of IaaS is the server, which can be physical or virtual. Cloud users are capable of configuring security policies, however cloud vendors must secure their systems to minimize other threats such as deletion, modification [8], [9].

PaaS, is used to motivate developers to create their own programs on top of the platform, while developers must take into account security measures for the applications they build and run [8].

SaaS, is the software that is accessed through the Internet via web browsers, from various devices. The application may be used free of charge or in a pay as you go model, depending on the providers policy. SaaS users have a limited control in security in comparison with the other two models [8].

PaaS and SaaS are on top of IaaS. All of them are inversely related. As a consequence of this dependency, any violation to any cloud layer can compromise the other layers as well.Cloud Architecture ModelsJanuary 25, 2016

Providers ability to clearly demonstrate the core principles of information security (CIA) namely as:Data Confidentiality, Data Integrity and Data Availability

ConfidentialityEnsuring user data travelling along the cloud cannot be accessed by unauthorized parties but traditional solutions like identification and authentication are inadequate.

Solutions:Proper encryption techniques either symmetric or asymmetric with a fixed key length [10]Zissis propose a combination of the two cryptographic, known as hybrid cryptography [11]Homomorphic encryption, the best solution, since decryption is not needed in users side[12], but its not applied because of having huge impact in power consumption and responsive time[7]Securing the cloudJanuary 25, 2016

Integrity,Constitutes another crucial factor, since it refers to protecting data from illegal modification, deletion or fabrication.

Solutions:Message Authentication Code (MAC), where a symmetric key provides a check sum appending in the data [10].Digital Signature, which relies on public key structure.Proofs of Retrievability (PoR), a protocol in which a server proves to a client that the data is intact, by combining error correction and spot-checking [12]. Computationally obstacle for mobile devices.Based on PoR, another approach which is a local client process of encrypting suitable metadata in each data block with a secret key, known only by the authorized user [13].High Availability Integrity Layer (HAIL) is one more improved mechanism which also uses PoR and overcomes the mobile adversary [14].Securing the cloud 2January 25, 2016

Availability,Embodies the idea of anywhere and anytime access to data by users, even if there is some misbehavior in the system. Availability bows to three risks factors, which are difficult to detect, including hijacking, DNS attacks and denial of service.

Solutions:Bowers et al. advocate that HAIL could also be used for availability, other than integrity [14]. Author in [11] propose a Third Trusted Party which is a legal organization with the aim to amplify security. The security requirement for availability, according to TTP is a combination of Public Key Infrastructure, Lightweight Directory Access Protocol and Single Sign On.As we were conducting our research, we found out that there are no specific solutions for availability issues. The authors propose general solutions for integrity and confidentiality and they imply that availability is guaranteed, only if these two principles are protected.

Securing the cloud 3January 25, 2016

Virtualization is an essential part of cloud computing. It can be applied to anything, including memory, networks, storage, hardware, operating systems. It allows users to move, copy, and manipulate Virtual Machines (VMs) at their will.

Keeping that in mind, virtualization is an extra layer in cloud that must be secured, since it is more vulnerable for attackers.

Issues in Virtualization:

The major problem that arises by introducing virtualization in cloud is that during migration, an attacker can compromise the hypervisor (Virtual machine monitor) and transfer VMs to malicious servers. Its after effect is that integrity is violated.

Confidentiality could also be compromised due to VM image files. These files are configuration files which are used to create VMs and they reside in the providers pool. Any attacker can take advantage of this public pool and create malicious VM images that can contaminate others who download it. A direct consequence of that is sensitive data leakage.

Last but not least, other types of attacks are also available, such as denial of service that can tamper with availability [15].

VirtualizationJanuary 25, 2016

Solutions:

Hypervisor is a software, which is responsible for separating every VM (isolation). Hashizume et al. [8] suggest that keeping a hypervisor simple and small reduces the chances of violating CIA.

The writers in [3], [16] propose the hyper safe approach, which provides hypervisor control-flow integrity by using two techniques. The first one protects the hypervisors code and data by locking down write protected memory pages and the second one restricts indexing in order to convert the control data into pointer indexes.

Another accepted solution to prevent this is the Advanced Cloud Protection System (ACPS), which is suggested by Lombardi and Pietro [15]. The purpose of this framework is to monitor cloud components and defend VMs against intruders and attacks such as worms, Trojans and viruses.Virtualization 2January 25, 2016

MCC,refers to a new infrastructure platform for combining both, cloud computing and mobile devices where data storage and data processing happen outside of the mobile device [17], [18].

Regarding the definition, Cloud computing exists when tasks and data are kept on the Internet rather than on individual devices, providing on-demand access. Applications are run on a remote server and then sent to the user [17].

It can be thought of as a combination of the cloud computing and mobile environment. The cloud can be used for power and storage, as mobile devices dont have powerful resources compared to traditional computation devices.

As the computing has been moved surrounding mobile cloud computing, the attacks and malware shifted their targets toward mobile cloud computing [19].Mobile cloud computingJanuary 25, 2016

Since mobile cloud computing is a combination of mobile networks and cloud computing, the security related issues are then divided into two categories: 1.Mobile users security on network.2.Cloud security issues (discussed before)

Offloading is one of the main advantages of mobile cloud computing to improve the battery lifetime for the mobile devices.

Most authors propose of using security software into the cloud for securing mobile clients and we agree partially with this philosophy. Before mobile users could use a certain application, it should go through some level of threat evaluation. All file activities to be sent to mobile devices will be verified if it is malicious or not.

However there are many related issues about efficiency under environmental changes. For example a code compilation, offloading might consume more energy in order to send data to the cloud, than that of local processing when the size of codes is small

Users safety and energy consumptionJanuary 25, 2016

A research by A. Rudenko et al. [20] shows that offloading is not always the best way to save energy, and this is an issue for mobile users.

Solutions in security regarding energy consumption

K. Kumar suggests a partitioning program, based on the estimation of the energy consumption before the program execution. The optimal partitioning program for offloading is calculated based on the trade-off between the communication and computation costs [21]

Authors in [22], present a partitioning pattern to offload computational tasks on mobile devices. The idea of this pattern is a construction of a cost graph with objective to minimize the computation and data communication cost with an algorithm that prunes the search space to obtain an approximated solution.Users safety and energy consumption 2January 25, 2016

Based on mobile cloud computing definition and under its offload advantage, in order to secure clients we propose running security software on both client device and offloaded in cloud, instead of running anti-virus software just only locally or remote on cloud.

There will be a heuristic algorithm like genetic algorithm for solving the optimization problem between locally computation consumption and network communication energy consumption.

This algorithm should find the approximate best solution about energy efficiency for the mobile user. In case the local computation energy consumption is less that the network communication offload, the security software will run tasks locally and simultaneously the security software on cloud will be deactivated. In contrast, if the network communication offload consumption is less that local computation consumption then the local security software tasks will be disabled and the security software for the mobile clients will be running on cloud.Authors perspectiveJanuary 25, 2016

Answers:As an answer to our first question, we discussed concerns on cloud are concentrated on violation of CIA and threats. As for the second question, we demonstrated a number of solutions for each section separately in order be obvious the insurance of each principle. As for the third question, data security and clients security coupled and proposed a security method for mobile users without increasing the overall energy consumption.

Despite the huge evolution that cloud has brought in computer science, certain security hinders raise concerns. From our research we could claim that effective solutions for security already exist in all sections. However, some of them affect the performance of the systems, consequently they are not applied. Thus, instead of striving to find new solutions, researchers could focus on how the existing solutions can be implemented in cloud without deteriorating system performance and local power consumption.ConclusionJanuary 25, 2016

[1] 80% of Enterprises Cant Rely on Perimeter Security to Protect Cloud Infrastructures Survey Finds - CloudPassage. [Online]. Available: https://www.cloudpassage.com/press-releases/80-of-enterprises-cant- rely-onperimeter-security-to-protect-cloud-infrastructures-survey-finds.[2] R. Latif, H. Abbas, S. Assar, and Q. Ali, Cloud computing risk assessment: a systematic literature review, in Future Information Technology, pp. 285295, Springer, Berlin, Germany, 2014.[3] J. Scanlon and B. Wieners, The internet cloud, The Industry Standard, Tech. Rep., 1999.[4] L.M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, A break in the clouds: towards a cloud definition, SIGCOMM Comput. Commun. Rev., vol. 39, 2009, pp. 5055.[5] P. Mell and T. Grance, The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology, Natl. Inst. Stand. Technol. Inf. Technol. Lab., vol. 145, p. 7, 2011.[6] S. Ramgovind, M. M. Eloff, and E. Smith, The management of security in Cloud computing, 2010 Inf. Secur. South Africa, pp. 17, 2010.[7] F. Sabahi, Cloud computing security threats and responses, 2011 IEEE 3rd Int. Conf. Commun. Softw. Networks, pp. 245249, 2011.

ReferencesJanuary 25, 2016

[8] K. Hashizume, D. G. Rosado, E. Fernndez-Medina, and E. B. Fernandez, An analysis of security issues for cloud computing, J. Internet Serv. Appl., vol. 4, no. 1, p. 5, 2013.[9] B. R. Cyril and S. B. R. Kumar, Cloud Computing Data Security Issues Challenges , Architecture and Methods- A Survey, pp. 848857, 2015.[10] S. A. Almulla and C. Y. Yeun, Cloud computing security management, Eng. Syst. Manag. Its Appl. (ICESMA), 2010 Second Int. Conf., pp. 17, 2010.[11] D. Zissis and D. Lekkas, Addressing cloud computing security issues, Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583592, 2012.[12] X. Zhifeng and X. Yang, Security and Privacy in Cloud Computing, Commun. Surv. Tutorials, IEEE, vol. 15, no. 2, pp. 843859, 2013.[13] R. S. Kumar and A. Saxena, Data integrity proofs in cloud storage, Int. Conf. Commun. Syst. Networks, pp. 14, 2011.[14] K. D. Bowers, A. Juels, and A. Oprea, Hail, Proc. 16th ACM Conf. Comput. Commun. Secur. - CCS 09, vol. 489, p. 187, 2009. K. D. Bowers, A. Juels, and A. Oprea, Hail, Proc. 16th ACM Conf. Comput.[15] F. Lombardi and R. Di Pietro, Secure virtualization for cloud computing, J. Netw. Comput. Appl., vol. 34, no. 4, pp. 11131122, 2011.

ReferencesJanuary 25, 2016

[16] Z. Wang and X. Jiang, HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity, Proc. - IEEE Symp. Secur. Priv.,pp.380395,2010. [17] H. T. Dinh, C. Lee, D. Niyato and P. Wang, "A survey of mobile cloud computing: architecture, applications, and approaches", Wireless Communications and Mobile Computing - Wiley, (2011) October[18] Fernando, Niroshinie, Seng W. Loke, and Wenny Rahayu. "Mobile cloud computing: A survey." Future Generation Computer Systems 29.1 (2013): 84-106.[19] K. H. Jashizume, D. Rosado, E. Fernandez-Medina, and B. nEduardo, An analysis of security issues for cloud co...