Security Issues in Cloud Computing by rahul abhishek
Download as DOC, PDF0 likes431 views
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
Security Issues in Cloud Computing by rahul abhishek
- 1. Security Issues in Cloud Computing Rahul Abhishek . Student, Dept. of Information Technology. MITS, Rayagada, Orissa. . E-mail: [email protected] Abstract: In this paper, we discuss cloud computing security and its security issues. In particular, we discuss a scheme for secure publications of documents in a cloud. It will converse secure federated query processing, and discuss the use of secure co-processors for cloud computing. Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that's often used to represent the Internet in flowcharts and diagrams. There is a critical need to securely store, manage, share and analyze massive amounts of complex(e.g., semi-structured and unstructured) data to determine patterns and trends in order to improve the quality of healthcare, better safeguard the nation and explore alternative energy. Because of the critical nature of the applications, it is important that clouds be secure. The emerging cloud computing model attempts to address the explosive growth of web- connected devices, and handle massive amount of data. Key Words: IaaS, PaaS, SaaS , Cloud Module ,Data Encryption ,security concerns , Data security. 1. Introduction As a metaphor for the Internet, "the cloud" is a familiar cliché, but when combined with "computing," the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet (figure 1). Others go very broad, arguing anything you consume outside the firewall is "in the cloud," including conventional outsourcing. Cloud computing is a new consumption and delivery model for IT services. The concept of cloud computing represents a shift in thought, in those end users need not know the details of a specific technology. The service is fully managed by the provider. Users can consume services at a rate that is set by their particular needs. This on- demand service can be provided at any time. Fig1. Cloud Computing Data security involves encrypting the data as well as ensuring that appropriate policies are enforced for data sharing. In addition, resource allocation and memory management algorithms have to be secure. Finally, data mining techniques may be applicable to malware detection in clouds. We have extended the technologies and concepts we have developed for secure grid to a secure cloud. We have defined a layered framework for assured cloud computing consisting of the secure virtual machine layer, secure cloud storage layer, secure 1
- 2. cloud data layer, and the secure virtual network monitor layer (Figure 2). Cross cutting services are provided by the policy layer, the cloud monitoring layer, the reliability layer and the risk analysis layer. For the Secure Virtual Machine (VM) Monitor we are combining both hardware and software solutions in virtual machines to handle problems such as key logger examining XEN developed at the University of Cambridge and exploring security to meet the needs of our applications (e.g., secure distributed storage and data management). For Secure Cloud Storage Management, we are developing a storage infrastructure which integrates resources from multiple providers to form a massive virtual storage system. Figure2. Layered framework for assured cloud 2. Cloud Computing Models Cloud computing models can be broken into three basic designs, which are shown here and described below(Figure 3). Figure3. Cloud Computing Models 2.1 Infrastructure-as-a-Service (IaaS) – As the name implies, you are buying infrastructure. You own the software and are purchasing virtual power to execute as needed. This is much like running a virtual server on your own equipment, except you are now running a virtual server on a virtual disk. This model is similar to a utility company model, as you pay for what you use. An example is Amazon Web Services at http://aws.amazon.com. 2.2 Platform-as-a-Service (PaaS) – In this model of cloud computing, the provider provides a platform for your use. Services provided by this model include all phases of the system development life cycle (SDLC) and can use application program interface (APIs), website portals, or gateway software. Buyers do need to look closely at specific solutions, because some providers do not allow software created by their customers to be moved off the provider’s platform. An example of PaaS is GoogleApps. 2.3 Software-as-a-Service (SaaS) – This model is designed to provide everything and simply rent out the software to the user. The service is usually provided through some type of front end or web portal. While the end user is free to use the service from anywhere, the company pays a per use fee. Salesforce.com offers this type of service. 3. Cloud Computing Attacks As more companies move to cloud computing, look for hackers to follow. Some of the potential attack vectors criminals may attempt include: 3.1 Denial of Service (DoS) attacks - Some security professionals have argued that the cloud is more vulnerable to DoS attacks, because it is shared by many users, which makes DoS attacks much more damaging. Twitter suffered a devastating DoS attack during 2009. 3.2 Side Channel attacks – An attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack. 3.3 Authentication attacks – Authentication is a weak point in hosted and virtual services and is frequently targeted. There are many different ways to authenticate users; for example, based on what a person knows, has, or is. The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers. 2
- 3. 3.4 Man-in-the-middle cryptographic attacks – This attack is carried out when an attacker places himself between two users. Anytime attackers can place themselves in the communication’s path, there is the possibility that they can intercept and modify communications. 4. Security Concerns of Cloud Computing While cost and ease of use are two great benefits of cloud computing, there are significant security concerns that need to be addressed when considering moving critical applications and sensitive data to public and shared cloud environments. To address these concerns, the cloud provider must develop sufficient controls to provide the same or a greater level of security than the organization would have if the cloud were not used. Listed here are ten items to review when considering cloud computing. 5. Secure Data Publication Applied To Cloud Cloud computing facilitates storage of data at a remote site to maximize resource utilization. As a result, it is critical that this data be protected and only given to authorized individuals. This essentially amounts to secure publication of data that is necessary for data outsourcing, as well as external publications. We have developed techniques for publication of data in a secure manner. We assume that the data is represented as an XML document. This is a valid assumption as many of the documents on the web are now represented as XML documents. In the access control framework proposed in Bertino (2002), security policy is specified depending on user roles and credentials Users must possess the credentials to access XML documents. Security could improve due to centralization of data, increased security-focused resources, etc., but concerns can persist about loss of control over certain sensitive data, and the lack of security for stored kernels. Security is often as good as or better than under traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. However, the complexity of security is greatly increased when data is distributed over a wider area or greater number of devices and in multi-tenant systems that are being shared by unrelated users. In addition, user access to security audit logs may be difficult or impossible. Private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security. This essentially amounts to secure publication of data that is necessary for data outsourcing, as well as external publications. Since data in the cloud will be placed anywhere, it is important that the data is encrypted. We are using secure co-processor as part of the cloud infrastructure to enable efficient encrypted storage of sensitive data. Security is needed at server access internet access database access data privacy program access. Security concerns arising because both customer data and program are residing in provider premises. Security is used to save data and program from disrupts services, theft of information, loss of privacy, hostile program, hostile people giving instructions to good programs, bad guys corrupting or eavesdropping on communications. 6. Summary and Conclusion In this paper, we first discussed cloud computing then cloud module and its expansion secondly security issues for cloud. These issues include storage security, middleware security, data security, network security and application security. The main goal is to securely store and manage data that is not controlled by the owner of the data. We discussed how we may secure documents that may be published. There are several other security challenges including security aspects of virtualization. We believe that due to the complexity of the cloud, it will be difficult to achieve end-to-end security. However, the challenge we have is to ensure more secure operations even if some parts of the cloud fail. For many applications, we not only need information assurance but also mission assurance. 3
- 4. Figure2. Case study of Worldwide Spending Cloud Reference 1. Andy BechtolsheimChairman & Co- founder, Arista Networks. November 12th, 2008 2. Encrypted Storage and Key Management for the cloud. Cryptoclarity.com. 2009- 07-30. 3. http://www.cryptoclarity.com/CryptoClar ityLLC/Welcome/Entries/2009/7/23_Enc rypted_Storage_and_Key_Management_ for_the_cloud.html. Retrieved 2010-08- 22 4. Mills, Elinor (2009-01-27). "Cloud computing security forecast: Clear skies". CNET. 5. Michael Gregg, Global Knowledge Instructor, CISA, CISSP, CISM, MCSE, CTT+, CGEIT, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and SSCP. 6. Ashwin Alfred Pinto, Shvetank Verma, Satyam Singh, Prashant Srivastava, Rahul Gupta, and Vijay Chourasia. Proceedings of the World Congress on Engineering 2011 7. Vol I WCE 2011, July 6 - 8, 2011, London, U.K. 8. www.cloudbook.net/resources. 9. "Service-Oriented Computing and Cloud Computing: Challenges and Opportunities". IEEE Internet Computing. Retrieved 2010-12-04. 10. "The NIST Definition of Cloud Computing (Draft)". National Institute of Science and Technology. Retrieved 24 July 2011. 4