An Overview of Data Security in Cloud Computing |
_______________________
© 2012 NCIPA_VVIT
An Overview of Data Security in Cloud Computing Shaik Khaja Mohiddin1, Md. Khamruddin2, K Mohan Krishna2 1. Department of MCA VVIT, Nambur, Guntur, AP, India, 2. Department of CSE VVIT, Nambur, Guntur, AP, India,
KEYWORDS Cloud Computing [CSP], SaaS, PaaS, IaaS
Abstract: Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an idea for the complex infrastructure it contains in system diagrams. Cloud computing commend remote services with a user's data, software and computation, in this paper we traced out a complete overview of the security for the data in cloud computing and suggested certain effective measures to reduce them in order to make the services of cloud computing further close to the customers as to reach their potential.[1].
1. INTRODUCTION
C
loud computing is a sculpt for developing far and wide, convenient, demanding network access to a communal group of configurable computing resources for example networks, servers, storage space, application, and services that can be quickly accessed and developed with least management endeavor or service supplier interface.
Fig 1. An overview of CC Clients The cloud model is poised of five essential characteristics, which consists of four deployment models and has service models,Cloud computing has engrossed interest from both industry and Academia since 2007; this has been recognized as the new pattern of IT industry. Cloud computing * SHAIK KHAJA MOHIDDIN Department of MCA Vasireddy Venkadri Institute of Technology Nambur, Guntur, AP, India E-Mail:
[email protected]
provides users with lithe services in a transparent manner. Services are allocated in a “cloud”, which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. Clouds provide on-demand access to computing utilities, an abstraction of unlimited computing resources, and support for on-demand scale-up, scale-down, and scale-out. Cloud computing permits businesses and consumers and to use applications without access and mechanism of their personal files on any computer with internet facility. This technology allows for much more efficient computing by centralizing data storage; processing and bandwidth Cloud platforms are also rapidly becoming practical for scientific exploration and discovery, as well as education. As a result, it is critical to understand application formulations and usage modes that are meaningful in such a hybrid infrastructure, the fundamental conceptual and technological challenges, and ways that applications can effectively utilize clouds. 2. ESSENTIAL CHARACTERISTICS OF CC 2.1 On-demand self-service A customer can utilize various flavors of computing facilities, such as network storage and service time, depending on their need automatically with no requirement of human interaction with every service provider. 2.2 Broad network access
Int. J. of Advances in Computer, Electrical & Electronics Engg., Vol. 2 , Sp. Issue of NCIPA 2012, 10 th Dec. 2012 @ISSN: 2248-9584
37
Shaik Khaja Mohiddin., Md. Khamruddin., K Mohan Krishna |
The facilities which are on the network and which can be accessed using standard mechanisms that support user related to various broad and narrow platforms (e.g. internet hubs, cell phones and net books). 2.3 Resource pooling The trader who facilitates the computing resources are shared to a multiple number of customers with the help of multi-tenant model, which is provided with different virtual and physical resources vigorously assigned and reassigned according to the requirement of consumer demand. There lies wisdom of independence location concerned to the customer generally has no awareness or control on the correct location of the recourse provider but they may be capable to indicate the location at a higher level of abstraction (e.g., nation status, or data hub). Examples of resources include network bandwidth. Memory, storage and processing. 2.4 Rapid elasticity Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. The provisioning capabilities which are available frequently on customer side appear to be unlimited and can be appropriated with the required quantity at required time. 2.5 Measured service The resources are automatically controlled and Optimization of resources can be carried out by the Cloud systems fixed with a metering capability1 during some levels of appropriate abstraction related to the service type for example network bandwidth, processing, active user accounts and storage. Resource usage can be monitored, controlled, and reported, 3. SERVICE MODELS OF CC
Fig 2: Service models in Cloud computing
© 2012 NCIPA_VVIT
Cloud Computing provides different services in different flavors, depending upon the requirement and availability of resources they are categories into three main types as Cloud computing services can be divided into three classes, according to the abstraction level of the capabilities and resources provided and the service model of providers: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) 3.1 Software as a Service (SaaS). On a cloud infrastructure a consumer is provided with the capability to run applications which are provided by the CSP. With the help of thin client boundary, a consumer may access these applications which may be either related to web browsing, or a program interface. Here the consumer are not allowed to manage or control the original cloud infrastructure which includes individual application capabilities’, storage network,, with a slight limited user-specific application configuration settings possibly. 3.2 Platform as a Service (PaaS). Here the consumers are provided with the capability to organize onto the cloud infrastructure; using programming applications created in order to control the fundamental cloud infrastructure including storage network, operating systems, or operating systems, but the deployed applications can be controlled and application-hosting environment setting are possibly configuration settings for the. 3.3 Infrastructure as a Service (IaaS). Here the entire consumer deployable, arbitrary running software’s including operating system and applications are provided with the capability to provision to storage, processing and networks and all other fundamental computing recourses by the consumer. Here the underlying cloud infrastructure is not managed or controlled by the consumer but he is given the control over the deployed applications, operating systems and storage and also networking components are limitedly controlled by the consumer. 4. DEPLOYMENT MODELS OF CC: Each company chooses a deployment model for a cloud computing solution based on their specific business, operational, and technical requirements. There are four
Int. J. of Advances in Computer, Electrical & Electronics Engg., Vol. 2 , Sp. Issue of NCIPA 2012, 10 th Dec. 2012 @ISSN: 2248-9584
38
An Overview of Data Security in Cloud Computing |
primary cloud deployment models: private cloud, community cloud, public cloud, and hybrid cloud. Here is how each of the deployment models is defined as
fig3: Deployment models in cloud computing A. Public cloud: This is the deployment model that is most commonly described as cloud computing. In this model, all of the physical resources are owned and operated by a thirdparty cloud computing provider. The provider services multiple clients, usually individuals or corporations that access these resources through the public Internet. Services can be dynamically provisioned and billing is based on usage only. This model provides the highest degree of cost savings while requiring the least amount of overhead. It exists on the premises of the cloud provider. B. Private Cloud A private cloud describes computer services that are delivered to a single organization. This model shares many of the characteristics of traditional client-server architecture, while integrating features associated with other cloud computing models. Like the other cloud models, services are delivered on-demand from a distributed infrastructure. Unlike the client-server computing model, users do not access a particular resource in a known location and there are minimal hardware and software requirements for their client computer. The cloud computing resources may be situated on or off-site, and can be managed either inhouse or by a third party. This model addresses the security and privacy concerns that are inherent in other cloud computing models. It may be owned, managed, and
_______________________
© 2012 NCIPA_VVIT
operated by the organization, a third party, or some combination of them, and it may exist on or off premises C. Community cloud This model contains features of both the public and private cloud models. Like a public cloud, the community cloud may contain software, data storage, and computing resources used by multiple organizations. In this cloud model as the infrastructure which is used exclusively related to a group of organizations know to each other, makes it to be different from public cloud models. Similarly to a private cloud, these organizations are responsible for the operation of their own infrastructure. The community cloud model can provide greater cost savings than the private cloud while offering some of its security features. This model is best suited for organizations that share common requirements such as security or legal compliance policies. It can be managed by the member organizations or by a third-party provider. D. Hybrid cloud The hybrid cloud computing model employs aspects of all other cloud models and is the most commonly found cloud deployment method used within a large organization. A company may use internal resources in a private cloud to maintain total control over its proprietary data. It may then use a public cloud storage provider to back up less sensitive information. At the same time, it may even share computing resources with other organizations that have similar needs. By combining the advantages of the other models, the hybrid cloud offers organizations the most flexibility.
Int. J. of Advances in Computer, Electrical & Electronics Engg., Vol. 2 , Sp. Issue of NCIPA 2012, 10 th Dec. 2012 @ISSN: 2248-9584
39
Shaik Khaja Mohiddin., Md. Khamruddin., K Mohan Krishna |
Fig4. SPI, Deployment along with application domain of CC 5. THREATS EMERGING IN CC [4] Security issues come under many guises both technical and socio-technical in origin. To cover all the security issues possible within the cloud, and in-depth, would be phenomenal. The various commonly encountered threats in CC are A Abuse and Nefarious Use of Cloud Computing Legitimate CSPs can be abused for nefarious purposes, supporting criminal or other untoward activities towards consumers. The emphasis is that legitimate Services are used with malicious intent in mind. Other issues seen include the provision of purposefully insecure services used for data capture. Service providers may entice potential users with offers too good to be true. B. Insecure Interfaces and Application Programming Interfaces. Data placed in the Cloud will be accessed through Application Programming Interfaces (APIs) and other interfaces. Malfunctions and errors in the interface software, and also the software used to run the Cloud, can lead to the unwanted exposure of user’s data and impugn upon the data's integrity. For example a (fixed) aw in Apache, a popular HTTP server, allowed an Attacker to gain complete control over the web server. C. Malicious Insiders Although a CSP can be seen as being honest their employees may not be. A malicious insider is an employee of the CSP who abuses their position for information gain or for other nefarious Purposes e.g. disgruntled employee. D. Shared Technology Issues A more interesting form of confidentiality issue relates to the construction of a cloud and the Services themselves. This may include Virtualization Issues, Service Aggregation E. Data Loss or Leakage Although insecure APIs can lead to data loss or the unwanted exposure of information, consumers can also lose their information through other means such as Availability Issues when user’s data is made inaccessible to the consumer. The data has been made unavailable. Such a lack of availability can be a result of access privilege revocation, data
© 2012 NCIPA_VVIT
deletion or restricting physical access to the data itself. Data Leakage another form of data leakage stems from the disclosure of information that, though hidden, is deduced from freely available information F. Account or Service Hijacking When communicating with the CSP malicious entities may seek to affect the integrity and authenticity of the user's communication with the CSP and vice versa. There are several ways in which the integrity and authenticity of a user’s session can be impugned G. Unknown Risk Profile Risk Management is a business process that users can use to identify and mitigate threats. It allows users to determine their current stance towards the security of their data. Auditing information such as software version, code updates current security practices, intrusion attempts are used as a basis for determining this stance. The various threats encountered in cloud computing Threat description remedy 1.misuse and immoral use of cloud computing
2. Insecure Interfaces and APIs
3.Maliciou s Insiders
CSP as a way to make their services close to the customers they provide the access of their services which can be utilized by any person with a valid credit card due to which this threat may occur During the interaction of the customer with CC services, the CSP picture a set of software ,API interfaces this threat may occur
With the convergence of IT service and customers under single management domain, this
a. Strict initial registration , validation maintenance b.Better credit card fraud monitoring, coordination maintenance
a. By strongly authentication of encrypted transmitted data b. Analyzing the security model of the cloud provider understanding API dependency chain a. Transparency should be maintained on overall information security and management
Int. J. of Advances in Computer, Electrical & Electronics Engg., Vol. 2 , Sp. Issue of NCIPA 2012, 10 th Dec. 2012 @ISSN: 2248-9584
40
An Overview of Data Security in Cloud Computing | threat my occur, it is most common threat 4:Shared Technology Issues
When CSP vendors deliver their services in a scalable ways using certain hardware components for a multi tenant architecture this threat occurs
5.Data Loss or Leakage Descriptio n
. Deletion or alteration of records without a backup of the original content is the cause of this threat
6.Account or Service Hijacking
phishing, fraud, and exploitation of software vulnerabilities, reusing of ID’s and passwords are the cause of this threat
7. Unknown Risk Profile
Information about the sharing of infrastructure network intrusion logs, redirection attempts are the cause of this threat
practices b. Security breach should be determined a. Administrative access operations should be strongly authenticated for promotions b. Vulnerability scanning and configuration should be conducted a. Data protection for both the design and run time should be analyzed .API access control should be implemented strongly b. Provider backup and retention strategies a. Sharing account details between the user, services should be prohibited strictly. b.Employ proactive monitoring should be done continuously to avoid unauthorized users a. Infrastructure details should be disclosed. b. Necessary information should be altered and monitored continuously
6. FINDINGS The impact ratios of the threats defended by Cloud Computing were found as shown below from the recent analysis
_______________________
© 2012 NCIPA_VVIT
Fig5: comparisons of various threats in percetages The following four steps are used commonly for Data Breach Though Cloud Computing is an emerging area in the recent era, Hackers typically breach a cloud infrastructure using a four-step Process that closely resembles the plan of attack used to breach a traditional enterprise IT environment: [5]. Step 1: Incursion. Hackers gain remote access to the network. Step2: Discovery. Hackers map out the company’s systems and scan for confidential data. Step 3: Capture. Attackers take control of key systems and collect exposed data as it flows through these systems. Step 4: Exfiltration. The stolen data is sent out the front door to external servers under control of the attacker. 6. CONCLUSION Many security strategies only focus on stopping incursions. However, Cloud Computing provides computing services in today’s aggressive environment in a highly scalable way, the environments provided by the cloud strives to be trustworthy, customizable, energetic, elastic and robust with a guaranteed Quality of Services, in order to achieve this along with the suggested techniques that we have labeled in this paper with several other sophisticated methods CC can be made a powerful tool for providing services as well and easily overcoming the main obstacles for achieving goals in order to reach customers expectation in a desirable way. 7. REFERENCES: [1] http://csrc.nist.gov/publications /nistpubs
Int. J. of Advances in Computer, Electrical & Electronics Engg., Vol. 2 , Sp. Issue of NCIPA 2012, 10 th Dec. 2012 @ISSN: 2248-9584
41
Shaik Khaja Mohiddin., Md. Khamruddin., K Mohan Krishna |
[2] [3]
[4]
[5]
Bromberg J., Buyya, R., and Goscinski A., Cloud Computing: principles and Paradigms, Wiley Press, USA, 2011. Michael Armbrust, Armando Fox et al. Above the Clouds: A Berkeley View of Cloud Computing. Tech. rep. UCB/ EECS- 2009- 28. Electrical Engineering and Computer Sciences, University of California at Berkeley, Feb. 2009. Cloud Computing: Bene_ts, risks and recommendations for information security. Tech. rep. European Network & Information Security Agency (ENISA), Philippa J. Broadfoot and Andrew P. Martin. A Critical Survey of Grid Security Requirements and Technologies. Tech. rep. PRG-RR-03-15. WolfsonBuilding Oarks Road Oxford OX1 3QD: Oxford University ComputingLaboratory,2003.
[6]
[7]
[8]
© 2012 NCIPA_VVIT
Kunwadee, sripanidkulchai, sambit sahu, yaoping ruan, anees shaikh, and chitra dorai, “Are clouds ready for large distributed applications?,” in IBM T.J. Watson Research Center. Evaluation and Comparison of Security Issues on Cloud Computing Environment World of Computer Science and Information Technology Journal (WCSIT) ISSN: 2221-0741 Vol. 2, No. 5, 179-183, 2012 Guy Bunker, Farnam Jahanian, Aad van Moorsel and Joseph Weinman, ” Dependability in the cloud: Challenges and opportunities,” ‖ IEEE 2009.Boss G, Malladi P, Quan D, Legregni L, Hall H. Cloud computing. IBM White Paper (2007).
Int. J. of Advances in Computer, Electrical & Electronics Engg., Vol. 2 , Sp. Issue of NCIPA 2012, 10 th Dec. 2012 @ISSN: 2248-9584
42
