cloud computing: security threats and solutions - … · cloud computing: security threats and...

4
Cloud Computing: Security Threats and Solutions Nityendra Nath Shukla 1 and Vijander Singh 2 Department of computer science Amity University Rajasthan, India e-mail 1 : [email protected] e-mail 2 : [email protected] Abstract Virtualization plays a major role in the handling of cloud technology. Cloud computing uses virtualization to the maximum extent to give cost- effective services to the customer. But, it leads to a major flaw the current cloud industry is facing. The issue related to security in cloud has always been a hot topic for research and debate between the technocrats. This paper identifies the problems in security in cloud computing and tries to magnify it in terms of cloud computing based on the analysis of security threats of a cloud and also the technical components are taken into account. Keywords: cloud computing, security problems, threats, cloud service user and cloud service provider. INTRODUCTION According to the National Institute of Standards and Technology (NIST), cloud computing is “... a model for providing on demand and convenient shared pool of resources to the customers. Networks, servers, services, storage, and so on can be the example of resources.[3] It can be instantly released with minimal management effort or service-provider interaction”. Cloud computing is a service where computing is given as a commodity, much similar to electricity or cable television. It is essential for the service provider to optimize cloud computing for everyone in the business of cloud, both from a cost perspective and a sustainability perspective. It is our objective to argue that the stakeholders could benefit from Operations Research due to the nature of the problems they face, and that similarly the OR community could benefit from an emerging field which has the potential to drive new research questions.[2] The providers are aiming to expand their on-promise infrastructure, by developing capacity on demand. Cloud computing simply extends an enterprise’s capability to meet the computing demands of its everyday operation.[1] Cloud offers flexibility and choice, mobility and scalability, all coupled with potential cost savings, there is significant benefit on using cloud computing. However, the area is causing organizations to hesitate most when it comes to moving business workloads into public cloud is security. The high dependency of security architecture and functions on the reference architecture makes this paper show the reference architecture first and the security issues concerning this architecture. 2 Cloud computing: A technical look on components The components are shown in the Figure A, key functions of a cloud management system is divided into four layers. Each layer includes a set of functions: The service delivery Layer manages the service demand , service catalog, levels of services. The Software Layer includes LCMS, SIS, ERP, LMS and others. The Platform Layer includes DBMS, Virtualized OS and Web services. The Infrastructure Layer includes Hyper visor, network, Storage and Supporting Infrastructure. Other functions such as Management, Privacy and Security are considered as cross-layer functions that covers all the layers. The foremost principle of this Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932 IJCTA | May-June 2014 Available [email protected] 929 ISSN:2229-6093

Upload: phamtruc

Post on 29-Jul-2018

229 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Cloud Computing: Security Threats and Solutions - … · Cloud Computing: Security Threats and Solutions . ... on-premise to cloud resources. ... Utility Framework and Optimal Provisioning”,

Cloud Computing: Security Threats and Solutions

Nityendra Nath Shukla1 and Vijander Singh2

Department of computer science

Amity University Rajasthan, India e-mail1: [email protected]

e-mail2: [email protected]

Abstract Virtualization plays a major role in the handling

of cloud technology. Cloud computing uses

virtualization to the maximum extent to give cost-

effective services to the customer. But, it leads to a

major flaw the current cloud industry is facing. The

issue related to security in cloud has always been a

hot topic for research and debate between the

technocrats.

This paper identifies the problems in security in

cloud computing and tries to magnify it in terms of

cloud computing based on the analysis of security

threats of a cloud and also the technical components are taken into account.

Keywords: cloud computing, security problems,

threats, cloud service user and cloud service provider.

INTRODUCTION

According to the National Institute of Standards and

Technology (NIST), cloud computing is “... a model

for providing on demand and convenient shared pool

of resources to the customers. Networks, servers,

services, storage, and so on can be the example of

resources.[3] It can be instantly released with

minimal management effort or service-provider

interaction”. Cloud computing is a service where

computing is given as a commodity, much similar to

electricity or cable television. It is essential for the

service provider to optimize cloud computing for

everyone in the business of cloud, both from a cost

perspective and a sustainability perspective. It is our

objective to argue that the stakeholders could benefit

from Operations Research due to the nature of the

problems they face, and that similarly the OR

community could benefit from an emerging field

which has the potential to drive new research

questions.[2]

The providers are aiming to expand their on-promise

infrastructure, by developing capacity on demand.

Cloud computing simply extends an enterprise’s

capability to meet the computing demands of its

everyday operation.[1] Cloud offers flexibility and

choice, mobility and scalability, all coupled with

potential cost savings, there is significant benefit on

using cloud computing. However, the area is causing

organizations to hesitate most when it comes to

moving business workloads into public cloud is

security.

The high dependency of security architecture and

functions on the reference architecture makes this

paper show the reference architecture first and the

security issues concerning this architecture.

2 Cloud computing: A technical look on

components The components are shown in the Figure A, key

functions of a cloud management system is divided

into four layers. Each layer includes a set of

functions:

The service delivery Layer manages the

service demand , service catalog, levels of

services.

The Software Layer includes LCMS, SIS,

ERP, LMS and others.

The Platform Layer includes DBMS,

Virtualized OS and Web services.

The Infrastructure Layer includes Hyper

visor, network, Storage and Supporting

Infrastructure.

Other functions such as Management, Privacy and

Security are considered as cross-layer functions that

covers all the layers. The foremost principle of this

Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

IJCTA | May-June 2014 Available [email protected]

929

ISSN:2229-6093

Page 2: Cloud Computing: Security Threats and Solutions - … · Cloud Computing: Security Threats and Solutions . ... on-premise to cloud resources. ... Utility Framework and Optimal Provisioning”,

architecture is that all layers are assumed to be

optional.[5]

3.1 Threats relating to cloud services users The users are confused with role of

providers which create ambiguity in

responsibility. Moreover, the flaws in

consistency of provided services could

produce anomaly, or incidents. However the

problem of which entity is the data

controller and which one is the data

processor still stays wide open for an

international scale debate.

Migrating a part of an enterprise’s own IT

system to a cloud infrastructure implies to

partially give control to the cloud service

providers. It results in a situation loss in

administration and depends on the cloud

service models. For instance, IaaS only

entrusts hardware and network management

to the provider, while SaaS also entrusts OS,

service integration and application in order

to provide a turnkey service to the cloud

service user.[4]

There is no measure of how to get and share

the provider’s security level in a formalized

manner. So, sometimes, it is difficult for a

user to recognize his provider’s trust level

because of the lack-box feature of the cloud

service. Moreover, the users have no

authorities to examine security

implementation level achieved through the

provider. Lack of sharing security level in

view of provider becomes a serious threat in

use of cloud services for the users.[3]

And so on the threats would be such as data

loss and leakage, lack in information in asset

management, unsecure cloud service user

access which are of a major concern for

cloud service users.[1]

3.2 Threats relating to providers Ambiguity of user roles such as cloud

service provider, cloud service user, client

IT admin, data owner,and responsibilities

definition related to data ownership, access

control, infrastructure maintenance, etc, may

induce business or legal dissention.

As the cloud has a decentralized

architecture, the protection mechanisms are

likely to be very inconsistency among

security modules which are distributed. For

example, an access denied by one IAM

module may be granted by another. This

threat may be profited by a potential attacker

which compromises both the confidentiality

and integrity.

The feature of cloud computing i.e “as a

service” allocates resources and delivers

them as a proper service.[1] The complete

cloud infrastructure together with its

business workflows relies on a big set of

services, which ranges from application to

hardware. However, the stop in continuity of

service delivery, such as black out or delay,

might bring out a drastic impact related to

the availability.

Migrating to the cloud service defines

moving huge amounts of data and major

configuration changes (e.g., network

addressing). Migrating a part of an IT

infrastructure to an external cloud service

provider needs handsome changes in the

infrastructure design (e.g. network and

security policies). Incompatible interfaces or

inconsistent policy enforcement causing bad

Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

IJCTA | May-June 2014 Available [email protected]

930

ISSN:2229-6093

Page 3: Cloud Computing: Security Threats and Solutions - … · Cloud Computing: Security Threats and Solutions . ... on-premise to cloud resources. ... Utility Framework and Optimal Provisioning”,

integration may evoke both functional and

non-functional impacts.

The basis of cloud infrastructure is

hypervisor technology. Multiple virtual

machines which are co-hosted on one

physical server share both memory resources

and CPU and hypervisor virtualizes it. This

threat could beused to launch a isolation

attack on a hypervisor to gain access in

illegal terms to other virtual machines’

memory.

Access to data for the integrity as well as its

confidentiality includes in Data protection.

Cloud service users have concerns regarding

about how the providers handle their data,

and is their data is disclosed or altered

illegally.

Threats such as data unreliability, service

unavailability, shared environment and

unsecured administration API prevail in the

list.

4 Solution Approaches Firewall- A bi-directional firewall can be

deployed on individual virtual machines and

they can provide centralized management of

server firewall policy.[2] Predefined

templates for common enterprise server

types should be included and enable the

following:

o Isolation of Virtual machine.

o Fine-grained filtering(Addresses of

Source and Destination, Port

Numbers)

o Coverage of all IP-based protocols

(TCP, UDP, ICMP, …)

o Coverage of all frame types (IP,

ARP, …)

o Prevention of Denial of Service

(DoS) attacks

o Ability to design policies per

network interface

o Location awareness to enable

tightened policy and the flexibility

to move the virtual machine from

on-premise to cloud resources.

Intrusion Prevention/Detection: Shield can

be used to achieve timely protection against

known and zero-day attacks. As previously

noted, same operating systems, enterprise

and web applications are used by virtual

machines and cloud computing servers as

physical servers. Thus, it will be helpful.

Integrity Monitoring of critical operating

system and application files is necessary for

detecting malicious and unexpected

modifications which could indicate

compromise of cloud computing resources.

Application of Integrity monitoring software

must be done at the virtual machine level.

Operating system and application logs are

collected by Log inspection and analyze

them for security events. Log inspection

rules enhance the identification of major

security events piled under multiple log

entries. Such events can be sent to a stand-

alone security system. Log inspection

capabilities must be applied at the virtual

machine level. Log inspection on cloud

resources enables:

o Suspicious behavior detection

o Collection of security-related

administrative actions

o Optimized collection of security

events across your datacenter

5 Conclusions After the discussion of the security issues and threats

that are to be faced in cloud both by cloud users and

cloud providers, one should be careful about the

security issues when handing their business into the

hand of cloud. These fields need so much of research

for the optimization of security in cloud. The security

as a service should be done for the cloud serviced

users. The security can be enhanced through new

techniques which are introduced in the technology.

Methods like firewall, intrusion detection, integrity

monitoring and log inspection which are mentioned

and discussed in the above matter can be therefore

used for the betterment of cloud security and a new

service would be added in the wings of cloud

services.

Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

IJCTA | May-June 2014 Available [email protected]

931

ISSN:2229-6093

Page 4: Cloud Computing: Security Threats and Solutions - … · Cloud Computing: Security Threats and Solutions . ... on-premise to cloud resources. ... Utility Framework and Optimal Provisioning”,

6 References

[1] P. A. Karger, “Multi-Level Security

Requirements for Hypervisors”, ISBN: 0-7695-2461-

3, 21st Annual Computer Security Applications

Conference, (2005) December 5-9, pp. – 275.

[2] T. Ormandy, “An Empirical Study into the

Security Exposure to Hosts of Hostile Virtualized

Environments”, Whitepaper, (2008).

[2] T. Garfinkel, M. Rosenblum, “A Virtual Machine

Introspection Based Architecture for Intrusion

Detection”, In Proc. Network and Distributed

Systems Security Symposium, (2003), pp. 191-206.

[3] O. Gerstel and G. Sasaki, “A General Framework

for Service Availability for Bandwidth-Efficient

Connection-Oriented Networks”, IEEE/ACM

Transactions on Networking, vol. 18, Issue 3, (2010)

June, pp. 985-995.

[4] W. Li and L. Ping, “Trust Model to Enhance

Security and Interoperability of Cloud Environment”,

Cloud Computing, Proceedings on First International

Conference, CloudCom 2009, Beijing, China,

December 1-4, 2009, Lecture Notes in Computer

Science, vol. 5931, (2009), pp. 69-79.

[5] D. Xu, Y. Li, M. Chiang and A. R. Calderbank,

“Elastic Service Availability: Utility Framework and

Optimal Provisioning”, IEEE Journal on Selected

Areas in Communications, vol. 26, no. 6, (2008)

August.

Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

IJCTA | May-June 2014 Available [email protected]

932

ISSN:2229-6093