Download - Cloud Compiting Security Issues
Mohammad Sadegh, Norouzzadeh, Cloud Computing Access/Security Issues and Trends,
M.S., Computer Science Department, May, 2014.
Cloud systems have gotten considerable attention in recent years because they are cost
efficient, easily accessible, and flexible. Despite the popularity of cloud systems, there exist
various concerns about their availability, security and privacy. In this paper I provide the
history of cloud systems, discussion of advantages and disadvantages, and some security
and privacy concerns along with possible remedies. These security concerns include trust,
confidentiality, integrity, availability, accountability and privacy.
1
CLOUD COMPUTING ACCESS/SECURITY
ISSUES AND TRENDS
by
Norouzzadeh Mohammad Sadegh, B.S.E.E.
A thesis submitted to theComputer Science Department
and theUniversity of Wyoming
in partial fulfillment of the requirementsfor the degree of
MASTER OF SCIENCEin
ELECTRICAL ENGINEERING
Laramie, WyomingMay 2014
Contents
List of Figures iii
Chapter 1 Introduction 1
1.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Cloud Computing Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Cloud Computing Disadvantages . . . . . . . . . . . . . . . . . . . . . . . . 3
1.5 Cloud Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.6 Cloud Services Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Chapter 2 Security Concerns 7
2.1 Security and Privacy Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Classification of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 3 Conclusion 11
3.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
References 12
ii
List of Figures
1.1 Could computing models overview . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Cloud Services Architecture [7] . . . . . . . . . . . . . . . . . . . . . . . . . 6
iii
Chapter 1
Introduction
Cloud systems is one of the most growing disciplines in computer science and computer
industry. In this paper first I have given some backgrounds and definitions about the cloud
system. Then I have reviewed known advantages and disadvantages of cloud systems. One
of the great concerns about the cloud systems is security and privacy concerns, in this paper
I have tried to give a general overview of security issues about cloud systems along with their
solutions.
1.1 Definition
There exist various definitions for cloud systems [4] [18] [12] [10] [3] [2] [1]. I have extracted
common concepts of these definitions and tried to provide a simple and yet comprehensive
definition of cloud systems. In general, cloud systems refer to any service that could be
used over the Internet. These services could include data storage, computing service and
etc. Just like electricity, when you want to use your electrical devices you do not need to
have a generator for your own. You can pay a specified cost to electricity company and buy
electricity for your needs. Similarly in cloud computing, people and organizations do not pay
to have their own hardware, software and network; they instead could buy their computing
services.
1
1.2 History
As a most dependable story, the origin of the ”cloud computing” term goes back to 1996,
when a group of professionals tried to sketch Internet business in future and entitled it cloud
computing. [11]
Having centralized computing resource was not a completely new idea, in early days of
computing there was mainframe computers and multiple users was sharing computing re-
sources. Because of high expenses of computers, companies tend to share their computational
resources with other companies to keep their expenses reasonable.
1.3 Cloud Computing Advantages
Cloud systems have many advantages, here I list important advantages of cloud systems with
their short description.
• Cost Efficiency
You can do more computations with less cost. To use cloud computing, you do not
need to have an expensive PC with powerful CPUs and much of memory. Also you
could perform more resource demanding computational jobs.
• Performance
Using cloud computing, you have less application on your PC and your computer will
perform faster.
• Less Software Costs
You do not have to buy expensive software packages to fulfill your requirements. For
example consider free Google doc service versus Microsoft Office.
• Rapid and Continues Software Upgrades
You do not have to care about troubleshooting and updating your software. When you
are using cloud computing service you could enjoy your up-to-date software without
extra charges.
2
• Less Compatibility Issues
You no longer have to care about compatibility issues of your documents and software
over various computers and operating systems.
• Unlimited Storage Capacity
Cloud computing servers have hard disks with petabytes of capacity; therefore you can
stores almost anything that you want without caring about capacity.
• Reliability
Without any doubt you have been in a situation where your computer crashed and
some of your valuable information are corrupted. Cloud computing service providers
will care about regular backups and redundancy of your information and you can enjoy.
• Accessibility
Whenever you have access to a computer and the Internet you could use your cloud
services. Also you can easily share your information with others. Moreover you always
have latest versions of your information and you do not have to synchronize multiple
copy of them on various computers.
• Hardware Independent
You are not limited to a specific network or a specific computer. Even if you change
your computer, you could access to same information and computing resources.
1.4 Cloud Computing Disadvantages
Cloud computing has some disadvantages too. You can see the main disadvantages of cloud
computing with their short description below.
• Internet Connection
You must always have a good quality Internet connection. If you do not have an
Internet connection you are unable to access your own documents. In addition usually
you need to a high-speed Internet connection to upload or download your information.
3
• Maybe They Are Slow
Even if you have access to high-speed Internet, web applications could be slower than
desktop applications because everything must be exchanged between computers over
the cloud.
• Limited Features
This situation is going to change but currently web based applications do not have
as many tools as their desktop peers have. For example Google doc does not support
every features of Microsoft Office.
• Security and Privacy Concerns
Security and privacy issues are the main problems with cloud computing systems [9] [5]
[6] [19]. Users stores their valuable information over the cloud and they want to ensure
that their data will be safe and secure. In this paper I will review some main security
concerns about the cloud computing systems along with their remedies on chapter 2.
1.5 Cloud Types
Various Types of cloud computing are exist [1]. Here I have reviewed five types of them.
The general overview of these types could be seen on figure 1.1 .
Figure 1.1: Could computing models overview
• Public Cloud
4
In this model, services are open to public use and services are dynamically rendered
to users. Just like electricity or telephone companies, cloud providers send bills to
customers. Privacy concerns are most important problem with public clouds, which
prevent their widespread use in many business scenarios.
• Private Cloud
Private clouds are used exclusively by a single company. Private clouds are the most
flexible, reliable and secure type of clouds. However, they could be more expensive
and they are violating the primary purpose of cloud computing i.e cost efficiency.
• Virtual Private Cloud (VPC)
Virtual private clouds are a combination of public and private clouds which could
address limitations of both types. a VPC is a private cloud which runs over a public
cloud; therefore it could be flexible, secure and cost efficient.
• Community Cloud
When a group of organizations have similar requirements and issues, they could share
their cloud infra-structure and utilize them with spending fewer costs. This models
maybe more expensive than public cloud but it will be more secure, more confidential
and more compatible with requirements.
• Hybrid Cloud
Hybrid cloud is another combination of public and private clouds to overcome limi-
tations of both types. This model consist of multiple other cloud systems (private,
public or community clouds). In hybrid clouds some parts of clouds are private cloud
and some other parts are public clouds. However hybrid clouds require a very careful
design to divide their parts between various types.
5
1.6 Cloud Services Architecture
Clouds may offer various level of services. In general there exist three main levels of cloud
services which usually referred to as cloud stack. The overall diagram of these level has been
shown on figure 1.2 [7]. In Infrastructure-as-a-Service (IaaS), resources such as computational
power or storage capacity are offered as services. In Platform-as-a-Service (PaaS) cloud
provides an environment for programming or software execution. Software as a Service
(SaaS) which is highest level of service, offers software applications as a service.
Figure 1.2: Cloud Services Architecture [7]
6
Chapter 2
Security Concerns
2.1 Security and Privacy Concerns
As mentioned before, security concerns is one of the great challenges of cloud systems. In
this chapter I have reviewed various privacy and security concerns along with their remedies.
Security and privacy concerns about cloud systems generally could be classified into six
main areas based on their concepts. These six categories are related to trust, confidentiality,
integrity, availability, accountability and privacy. Xiao and Xiao have put a nice picture
about classification of security threats on their paper [16].
• Trust
There exist various definition for trust [10]. Trust means that the customer is certain
that the organization offers required services accurately and infallibly [19]. The notion
of trust in cloud systems is highly depended on type of cloud and level of service. Zissis
and Lekkas [19] have proposed Trusted Third Party (TTP) within a cloud to be certain
about confidentiality, integrity and authenticity of information.
• Confidentiality
Confidentiality means that data and computations of users are kept from accessing by
both cloud provider and other users. The risk of data closure in clouds is increases
because of higher number of users, devices and programs involved. There exist various
7
threats and their solutions about confidentiality [14] [15] [17]. Having strong authen-
tication, authorization and encryption could reduce the risk of confidentially threats.
Xiao and Xiao [16] have given a nice classification of confidentiality concerns and their
defense strategies.
• Integrity
In brief, integrity of data means that any change over data must be monitored by
cloud system. On the other hand, computation integrity means that programs should
be executed without any additions and changes (for example by malwares). Zissini and
Lekkas [19] have given a good explanation of integrity, its threats and remedies.
• Availability
One of the main advantages of cloud services is availability. Availability means that
the cloud be accessible and usable upon customer’s demand. Cloud must be able to
carry on operations even in case of misbehaving by users and probability of a security
threat. Deny of Service (DOS) attack and Fraudulent Resource Consumption (FRC)
attack are the main security concerns in this area. For more details information about
these types of attacks and their defense strategies please refer to [16].
• Accountability
Accountability means ability to identifying responsible of events in cloud systems.
Accountability could be very important from legal point of view.
• Privacy
In cloud systems, data and programs of users are stored in cloud servers so there
exist a potential risk of disclosure of these information. Privacy is the most important
challenge of cloud computing systems [16].
8
2.2 Classification of Attacks
In this section I give a classification of known attacks along with their known solutions. These
attacks have classified by National Institute of Science and Technology (NIST) [13] [8].
• Cloud Abuse
Attacker may access to the cloud and inject malicious codes to many computers. This
threat is one of the most harmful threats about the cloud systems. Careful registration
and validation of users along with continues inspection of online users could be a
possible solution to this attack.
• Insecure Application Interface
Application interfaces may lack of strong authentication, authorization and encryption.
Therefore some detailed investigation must be used in order to make sure about security
of application interfaces.
• Trust
Transparency in providing services is one of the customer’s rights. Using well-known
standards and protocols is a possible solution for this type of concerns.
• Vulnerability in Used Technology
Cloud systems are using various technologies such as operating systems, network fire-
walls and etc. These technologies may have their own vulnerabilities. Continues mon-
itoring and Updating this technologies could be a possible remedy for this concern.
• Information Theft
Information theft could be another major concern about cloud systems. Having strong
security consideration and constantly upgrading used technology could provide a rem-
edy for this type of concern.
• Account, Service and Traffic Hijack
9
Users always must be aware about possibility of hijacking their account, service and
traffic. Prevention from sharing accounts, using strong authentication techniques and
active monitoring are possible ways to remedy this concern.
• Unknown Threats
Always there exist probability of being attacked by novel methods. Constant moni-
toring and researching about vulnerability of systems are two of the known possible
solutions for this type of threats.
10
Chapter 3
Conclusion
3.1 Conclusion
Cloud computing offers a lot of benefits but it has its own limitations and drawbacks. Secu-
rity and privacy concerns are the main challenge about cloud computing. In this paper I have
briefly reviewed some concepts about cloud computing. Also I have reviewed key security
issues about cloud computing along with some possible solutions. Due to security concerns
many business companies did not started to use cloud systems yet; therefore security prob-
lems is the main obstacle to widespread use of cloud system. To overcome this obstacle
continues research in addition to new secure standards and protocols would be necessary. If
we could have strong standards and protocols, then large companies would trust in cloud
computing and the world of computation will be revolutionized.
11
References
[1] Michael Armbrust, Armando Fox, Rean Griffith, Anthony D Joseph, Randy Katz, AndyKonwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. A view of cloudcomputing. Communications of the ACM, 53(4):50–58, 2010.
[2] Rajkumar Buyya, James Broberg, and Andrzej M Goscinski. Cloud computing: Prin-ciples and paradigms, volume 87. John Wiley & Sons, 2010.
[3] Borko Furht. Cloud computing fundamentals. In Handbook of cloud computing, pages3–19. Springer, 2010.
[4] Amit Goyal and Sara Dadizadeh. A survey on cloud computing. University of BritishColumbia Technical Report for CS, 508:55–58, 2009.
[5] Balachandra Reddy Kandukuri, V Ramakrishna Paturi, and Atanu Rakshit. Cloudsecurity issues. In Services Computing, 2009. SCC’09. IEEE International Conferenceon, pages 517–520. IEEE, 2009.
[6] Lori M Kaufman. Data security in the world of cloud computing. Security & Privacy,IEEE, 7(4):61–64, 2009.
[7] Alexander Lenk, Markus Klems, Jens Nimis, Stefan Tai, and Thomas Sandholm. What’sinside the cloud? an architectural map of the cloud landscape. In Proceedings of the2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages23–31. IEEE Computer Society, 2009.
[8] Peter Mell and Tim Grance. The nist definition of cloud computing. National Instituteof Standards and Technology, 53(6):50, 2009.
[9] Siani Pearson and Azzedine Benameur. Privacy, security and trust issues arising fromcloud computing. In Cloud Computing Technology and Science (CloudCom), 2010 IEEESecond International Conference on, pages 693–702. IEEE, 2010.
[10] Siani Pearson and George Yee. Privacy and Security for Cloud Computing. Springer,2013.
[11] Antonio Regalado. Who coined ’cloud computing’? http://www.technologyreview.
com/news/425970/who-coined-cloud-computing/, 2011.
12
[12] Bhaskar Prasad Rimal, Eunmi Choi, and Ian Lumb. A taxonomy and survey of cloudcomputing systems. In INC, IMS and IDC, 2009. NCM’09. Fifth International JointConference on, pages 44–51. Ieee, 2009.
[13] Payam Sadeghzadeh, Davood Bahrepour, and Peyman Sadeghzadeh. Analysis of secu-rity challenges in cloud computing. In The 8th Symposium on Advances in Science andTechnology, Mashhad, Iran, pages 1–11, 2012.
[14] Hassan Takabi, James BD Joshi, and Gail-Joon Ahn. Security and privacy challengesin cloud computing environments. IEEE Security & Privacy, 8(6):24–31, 2010.
[15] Cong Wang, Sherman SM Chow, Qian Wang, Kui Ren, and Wenjing Lou. Privacy-preserving public auditing for secure cloud storage. Computers, IEEE Transactions on,62(2):362–375, 2013.
[16] Zhifeng Xiao and Yang Xiao. Security and privacy in cloud computing. CommunicationsSurveys & Tutorials, IEEE, 15(2):843–859, 2013.
[17] Jianfeng Yang and Zhibin Chen. Cloud computing research and security issues. In Com-putational Intelligence and Software Engineering (CiSE), 2010 International Conferenceon, pages 1–3. IEEE, 2010.
[18] Qi Zhang, Lu Cheng, and Raouf Boutaba. Cloud computing: state-of-the-art andresearch challenges. Journal of internet services and applications, 1(1):7–18, 2010.
[19] Dimitrios Zissis and Dimitrios Lekkas. Addressing cloud computing security issues.Future Generation Computer Systems, 28(3):583–592, 2012.
13
