Transcript
Page 1: Cloud Computing Security Issues

Cloud Security IssuesA comprehensive survey on mobile cloud computing security issues in convergence with energy consumption

MSc Candidate: Krasadakis Stelios

May 2, 2023

Technological Educational Institute Of Crete

Department of Informatics Engineering

MSc “Informatics & Multimedia

Page 2: Cloud Computing Security Issues

Sections:

I. Introduction

II. Cloud Computing background

III. Securing the Cloud

IV. Virtualization

V. Mobile Cloud Computing

VI. User safety & energy consumption

VII. Author’s proposal

VIII. Conclusion

Paper Structure

May 2, 2023

Page 3: Cloud Computing Security Issues

Cloud computing is a model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) .

Why aren’t more hosts/companies following this model? • A survey indicated that 80% enterprises hesitate to implement cloud due to

security and privacy issues[1].

Cloud data security is more complicated than data security in traditional information systems because data is scattered onto different machines.

In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].

We address the questions related to:(1) security concerns and threats over general cloud computing, (2) the solutions for these problems and (3) mobile users safety in convergence with energy consumption.

Introduction

May 2, 2023

Page 4: Cloud Computing Security Issues

IaaS, users are allowed to run any applications and operating systems they please. The principal unit of IaaS is the server, which can be physical or virtual. Cloud users are capable of configuring security policies, however cloud vendors must secure their systems to minimize other threats such as deletion, modification [8], [9].

PaaS, is used to motivate developers to create their own programs on top of the platform, while developers must take into account security measures for the applications they build and run [8].

SaaS, is the software that is accessed through the Internet via web browsers, from various devices. The application may be used free of charge or in a “pay as you go” model, depending on the provider’s policy. SaaS users have a limited control in security in comparison with the other two models [8].

PaaS and SaaS are on top of IaaS. All of them are inversely related. As a consequence of this dependency, any violation to any cloud layer can compromise the other layers as well.

Cloud Architecture Models

May 2, 2023

Page 5: Cloud Computing Security Issues

Providers ability to clearly demonstrate the core principles of information security (CIA) namely as:1. Data Confidentiality, 2. Data Integrity and 3. Data Availability

ConfidentialityEnsuring user data travelling along the cloud cannot be accessed by unauthorized parties but traditional solutions like identification and authentication are inadequate.

Solutions:1) Proper encryption techniques either symmetric or asymmetric with a fixed key

length [10]2) Zissis propose a combination of the two cryptographic, known as hybrid

cryptography [11]3) Homomorphic encryption, the best solution, since decryption is not needed in

users side[12], but its not applied because of having huge impact in power consumption and responsive time[7]

Securing the cloud

May 2, 2023

Page 6: Cloud Computing Security Issues

Integrity,Constitutes another crucial factor, since it refers to protecting data from illegal modification, deletion or fabrication.

Solutions:1) Message Authentication Code (MAC), where a symmetric key provides a

check sum appending in the data [10].2) Digital Signature, which relies on public key structure.3) Proofs of Retrievability (PoR), a protocol in which a server proves to a client

that the data is intact, by combining error correction and spot-checking [12]. Computationally obstacle for mobile devices.

4) Based on PoR, another approach which is a local client process of encrypting suitable metadata in each data block with a secret key, known only by the authorized user [13].

5) High Availability Integrity Layer (HAIL) is one more improved mechanism which also uses PoR and overcomes the mobile adversary [14].

Securing the cloud 2

May 2, 2023

Page 7: Cloud Computing Security Issues

Availability,Embodies the idea of anywhere and anytime access to data by users, even if there is some misbehavior in the system. Availability bows to three risks factors, which are difficult to detect, including hijacking, DNS attacks and denial of service.

Solutions:1. Bowers et al. advocate that HAIL could also be used for availability, other than

integrity [14]. 2. Author in [11] propose a Third Trusted Party which is a legal organization with

the aim to amplify security. The security requirement for availability, according to TTP is a combination of Public Key Infrastructure, Lightweight Directory Access Protocol and Single Sign On.

3. As we were conducting our research, we found out that there are no specific solutions for availability issues. The authors propose general solutions for integrity and confidentiality and they imply that availability is guaranteed, only if these two principles are protected.

Securing the cloud 3

May 2, 2023

Page 8: Cloud Computing Security Issues

Virtualization is an essential part of cloud computing. It can be applied to anything, including memory, networks, storage, hardware, operating systems. It allows users to move, copy, and manipulate Virtual Machines (VMs) at their will.

Keeping that in mind, virtualization is an extra layer in cloud that must be secured, since it is more vulnerable for attackers.

Issues in Virtualization:

1. The major problem that arises by introducing virtualization in cloud is that during migration, an attacker can compromise the hypervisor (Virtual machine monitor) and transfer VMs to malicious servers. Its after effect is that integrity is violated.

2. Confidentiality could also be compromised due to VM image files. These files are configuration files which are used to create VMs and they reside in the provider’s pool. Any attacker can take advantage of this public pool and create malicious VM images that can contaminate others who download it. A direct consequence of that is sensitive data leakage.

3. Last but not least, other types of attacks are also available, such as denial of service that can tamper with availability [15].

Virtualization

May 2, 2023

Page 9: Cloud Computing Security Issues

Solutions:

1. Hypervisor is a software, which is responsible for separating every VM (isolation). Hashizume et al. [8] suggest that keeping a hypervisor simple and small reduces the chances of violating CIA.

2. The writers in [3], [16] propose the hyper safe approach, which provides hypervisor control-flow integrity by using two techniques. The first one protects the hypervisor’s code and data by locking down write protected memory pages and the second one restricts indexing in order to convert the control data into pointer indexes.

3. Another accepted solution to prevent this is the Advanced Cloud Protection System (ACPS), which is suggested by Lombardi and Pietro [15]. The purpose of this framework is to monitor cloud components and defend VMs against intruders and attacks such as worms, Trojans and viruses.

Virtualization 2

May 2, 2023

Page 10: Cloud Computing Security Issues

MCC,refers to a new infrastructure platform for combining both, cloud computing and mobile devices where data storage and data processing happen outside of the mobile device [17], [18].

Regarding the definition, Cloud computing exists when tasks and data are kept on the Internet rather than on individual devices, providing on-demand access. Applications are run on a remote server and then sent to the user [17].

It can be thought of as a combination of the cloud computing and mobile environment. The cloud can be used for power and storage, as mobile devices don’t have powerful resources compared to traditional computation devices.

As the computing has been moved surrounding mobile cloud computing, the attacks and malware shifted their targets toward mobile cloud computing [19].

Mobile cloud computing

May 2, 2023

Page 11: Cloud Computing Security Issues

Since mobile cloud computing is a combination of mobile networks and cloud computing, the security related issues are then divided into two categories: • 1. Mobile user’s security on network.• 2. Cloud security issues (discussed before)

Offloading is one of the main advantages of mobile cloud computing to improve the battery lifetime for the mobile devices.

Most authors propose of using security software into the cloud for securing mobile clients and we agree partially with this philosophy. Before mobile users could use a certain application, it should go through some level of threat evaluation. All file activities to be sent to mobile devices will be verified if it is malicious or not.

However there are many related issues about efficiency under environmental changes. For example a code compilation, offloading might consume more energy in order to send data to the cloud, than that of local processing when the size of codes is small

Users safety and energy consumption

May 2, 2023

Page 12: Cloud Computing Security Issues

A research by A. Rudenko et al. [20] shows that offloading is not always the best way to save energy, and this is an issue for mobile users.

Solutions in security regarding energy consumption

1. K. Kumar suggests a partitioning program, based on the estimation of the energy consumption before the program execution. The optimal partitioning program for offloading is calculated based on the trade-off between the communication and computation costs [21]

2. Authors in [22], present a partitioning pattern to offload computational tasks on mobile devices. The idea of this pattern is a construction of a cost graph with objective to minimize the computation and data communication cost with an algorithm that prunes the search space to obtain an approximated solution.

Users safety and energy consumption 2

May 2, 2023

Page 13: Cloud Computing Security Issues

Based on mobile cloud computing definition and under its offload advantage, in order to secure clients we propose running security software on both client device and offloaded in cloud, instead of running anti-virus software just only locally or remote on cloud.

There will be a heuristic algorithm like genetic algorithm for solving the optimization problem between locally computation consumption and network communication energy consumption.

This algorithm should find the approximate best solution about energy efficiency for the mobile user. In case the local computation energy consumption is less that the network communication offload, the security software will run tasks locally and simultaneously the security software on cloud will be deactivated. In contrast, if the network communication offload consumption is less that local computation consumption then the local security software tasks will be disabled and the security software for the mobile clients will be running on cloud.

Authors perspective

May 2, 2023

Page 14: Cloud Computing Security Issues

Answers:• As an answer to our first question, we discussed concerns on cloud are

concentrated on violation of CIA and threats. • As for the second question, we demonstrated a number of solutions for each

section separately in order be obvious the insurance of each principle.• As for the third question, data security and client’s security coupled and

proposed a security method for mobile users without increasing the overall energy consumption.

Despite the huge evolution that cloud has brought in computer science, certain security hinders raise concerns. From our research we could claim that effective solutions for security already exist in all sections. However, some of them affect the performance of the systems, consequently they are not applied. Thus, instead of striving to find new solutions, researchers could focus on how the existing solutions can be implemented in cloud without deteriorating system performance and local power consumption.

Conclusion

May 2, 2023

Page 15: Cloud Computing Security Issues

[1] “80% of Enterprises Can’t Rely on Perimeter Security to Protect Cloud Infrastructures Survey Finds - CloudPassage.” [Online]. Available: https://www.cloudpassage.com/press-releases/80-of-enterprises-cant- rely-onperimeter-security-to-protect-cloud-infrastructures-survey-finds.[2] R. Latif, H. Abbas, S. Assar, and Q. Ali, “Cloud computing risk assessment:

a systematic literature review,” in Future Information Technology, pp. 285–295, Springer, Berlin, Germany, 2014.

[3] J. Scanlon and B. Wieners, “The internet cloud,” The Industry Standard, Tech. Rep., 1999.

[4] L.M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “A break in the clouds: towards a cloud definition,” SIGCOMM Comput. Commun. Rev., vol. 39, 2009, pp. 50–55.

[5] P. Mell and T. Grance, “The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology,” Natl. Inst. Stand. Technol. Inf. Technol. Lab., vol. 145, p. 7, 2011.[6] S. Ramgovind, M. M. Eloff, and E. Smith, “The management of security in

Cloud computing,” 2010 Inf. Secur. South Africa, pp. 1–7, 2010.[7] F. Sabahi, “Cloud computing security threats and responses,” 2011 IEEE

3rd Int. Conf. Commun. Softw. Networks, pp. 245–249, 2011.

References

May 2, 2023

Page 16: Cloud Computing Security Issues

[8] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” J. Internet Serv.

Appl., vol. 4, no. 1, p. 5, 2013.[9] B. R. Cyril and S. B. R. Kumar, “Cloud Computing Data Security Issues

Challenges , Architecture and Methods- A Survey,” pp. 848–857, 2015.[10] S. A. Almulla and C. Y. Yeun, “Cloud computing security management,”

Eng. Syst. Manag. Its Appl. (ICESMA), 2010 Second Int. Conf., pp. 1–7, 2010.[11] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,”

Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012.[12] X. Zhifeng and X. Yang, “Security and Privacy in Cloud Computing,” Commun.

Surv. Tutorials, IEEE, vol. 15, no. 2, pp. 843–859, 2013.[13] R. S. Kumar and A. Saxena, “Data integrity proofs in cloud storage,” Int.

Conf. Commun. Syst. Networks, pp. 1–4, 2011.[14] K. D. Bowers, A. Juels, and A. Oprea, “Hail,” Proc. 16th ACM Conf. Comput.

Commun. Secur. - CCS ’09, vol. 489, p. 187, 2009. K. D. Bowers, A. Juels, and A. Oprea, “Hail,” Proc. 16th ACM Conf. Comput.

[15] F. Lombardi and R. Di Pietro, “Secure virtualization for cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, 2011.

References

May 2, 2023

Page 17: Cloud Computing Security Issues

[16] Z. Wang and X. Jiang, “HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity,” Proc. - IEEE Symp. Secur.

Priv.,pp.380–395,2010. [17] H. T. Dinh, C. Lee, D. Niyato and P. Wang, "A survey of mobile cloud computing: architecture, applications, and approaches", Wireless Communications and Mobile Computing - Wiley, (2011) October[18] Fernando, Niroshinie, Seng W. Loke, and Wenny Rahayu. "Mobile cloud

computing: A survey." Future Generation Computer Systems 29.1 (2013): 84-106.

[19] K. H. Jashizume, D. Rosado, E. Fernandez-Medina, and B. nEduardo, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications, vol. 4, no. 5, pp. 1-13, 2013.

[20] A. Rudenko, P. Reiher, G. J. Popek, and G. H. Kuenning, “Saving portable computer battery power through remote process execution, “Journal of ACM SIGMOBILE on Mobile Computing and Communications Review, vol. 2, no. 1, January 1998.

[21] K. Kumar and Y. Lu,“Cloud Computing for Mobile Users: Can Offloading Computation Save Energy,”IEEE Computer Society, vol.43, no. 4, April 2010.

References

May 2, 2023

Page 18: Cloud Computing Security Issues

[22] Z. Li, C. Wang, and R. Xu, “Computation offloading to save energy on handheld devices: a partition scheme,” in Proceedings of the 2001 international conference on Compilers, architecture, and synthesis for embedded systems (CASES), pp. 238 - 246, November 2001

References

May 2, 2023


Top Related