Advanced Topics in SE ______________________________________________________________________________________ Cloud Security Threats and issues Nasreen Iqbal De Montfort University Abstract Cloud computing recently exploited and exploring hosted services operated by the Internet, comprised statistic provided to the computer or many other devices. Indeed, Cloud technology allowing companies to divert their attention away from the systems infrastructure and applications management. However, besides the benefits, there are major issues in the cloud environment Is, cloud security that become the enormous obstacle for cloud adoption and initiates user anxious about safety, reliability and efficiency of migration to the cloud. This paper presents current results and critical analysis of the review “Cloud Security for cloud forensic capability”. Aims to identify the most vulnerable security threats in cloud computing, which will enable the awareness of the key security threats associated with cloud computing and thereafter critical analysis about the different security models and tools with the elucidated comparisons, in order to gain a better understanding of some of the key questions of the new field. The paper concluded with future work and security issues, considerations for the engineering, so let's see what we can assess in this study. Keyword: IPS (IaaS, PaaS, SaaS), DOS (denial of service), VM (Virtual Machine)
1.
INTRODUCTION
The shift from sequential to parallel computing marked the beginning of a new era, where the essence of computing shifted from a centralized model to a de-centralized distributed model. This development and change in paradigm opened up a very fertile avenue for research, growth and innovation. The National Institute of Standards and Technology (NIST) [2] conceptually defines cloud computing as: “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”
Virtualization [1, 2] brought a great revolution in the cloud computing era with its unique features like availability, multi-tenancy, scalability, flexibility and elasticity, introduced a logical system acts like physical recourses, made loud a dominant platform in today’s technology. However, the industries have been pushing cloud security agenda at a high pace and emphasized as, the most significant obstruction for adopting cloud environment [29, 30]. 1
This paper categorized the Cloud computing security issues in SPI Model , and identified the most important vulnerabilities and threats in the cloud system, where Threats are defined as a potential attack which exploit the information/resources and identified, vulnerability is a source that allow attackers to be successful. The relationship between Threats and vulnerability examined ‘how vulnerabilities can be exploited to perform an attack’, and finally countermeasures which are related to these Threats that try to improve these issues. 1.1. Objectives and Aim Merge diverse knowledge thru examining the cloud computing security information and motivates the viewpoint in a critical literature review of cloud security, coupled with a review of real time sharing system and virtual machine. Aim to expose the security concerns which of course “new”, relative to computing of the past decade. The case, build on few of vital security vulnerabilities and discussed solutions, which required reengineering with the concept of new future considerations. Develop the algorithm to convert raw data collected from number of expertise in knowledge, to evaluate the success, construct a theoretical framework for the implementation of security issues on a cloud, reports on research finding of investigative study conducted and the literature. However, the objective is to investigate within the main frame of research is:
1
SaaS, PaaS, IaaS
Copyright © 2014, De Montfort University. All Rights Reserved 1
Advanced Topics in SE ______________________________________________________________________________________
Explore the properties and research problems, study the scientific and engineering principle, business methods, gather requirement, identify the need of new research emerged.
Evaluating security issues, exploiting tangible and non-tangible effects based on the identified list of cloud security and risk issues, which evaluate the vulnerable analysis opportunities by the organization.
Explore the relationship between risk, vulnerable and its countermeasure.
Explore the critical literature review based on the security risk observing, evaluate the existing relevant bodies of research and establish a comparison.
To achieve success with the establishment of scientific techniques and principles related to the cloud security.
To establish efforts to pursue cloud risk management, motivate the future work and challenges, efforts to apply critical things and scientific principle on the observation or problem in real world.
1.2. Cloud Security Criteria: According to [2], The cloud securities achieved through third party controls and similar to traditional outsourcing arrangements, with almost no security criteria. The current trend dictated cloud security as per their own choice and defined their own property standards and security technology based on their own security model, differ with each other, that required to evaluate and bring them on the same platform. Thus the group who willing to use cloud services, have identical requirements as in their internal in house management. In this paper throughout, we will emphasize the following criteria and examine the risks and their mitigation around these criteria [40]: 2
Physical Security: according to Vrison’s data [40] DBIR , almost 1/3 breaches in cloud security due to the lack of physical security at the actual data center. A way to address this concern is to lock down security, which required 24/7 monitoring and outside secured access. Data Segregation: in hybrid and public environment the data stored in hared environment, controlled by the provider. To ensure about data protection the providers must offer data segregation and encryption. General Security: includes software update, antivirus and security policies, secure authentication methodology and firewall for hardwares.
2. EVOLUTION OF CLOUD SECURITY The computing is being transferred to a new Cloud computing modelling, according to an IDC report, the cloud computing market services were 16bn in 2008 and will rise about $42bn in 2012, a rise in cloud computing workshops and conferences indicating academic interest in the new research challenges in the cloud, involved 3 4 through a number of implementations, included, ASP , grid and utility computing, and SaaS , since its popularity of cloud begin from 2007 initiated by IBM and Google initiated their collaboration in this domain. 2.1.
Essential characteristics
Cloud computing demonstrated its five characteristics, exhibits its relations and measured with traditional computing approaches such as on-demand self-service:an automated process where the user can individually provision computing capabilities in the field of network storage and server time; a broad network access: capabilities are available for the divers thin and thick client platform that accessible through a standard mechanism; resource pooling: computing resource pools provided by the service providers are available to the user for their multi tenant model, assigning physical and virtual resources; rapid elasticity: capabilities to rapidly provision, quick scale out and in mostly automated; measured service: the cloud system adopted automated control and optimize resource usage by control a measuring capability at some level of abstraction appropriate to the type of services, usage can be monitored, reported and can control, with the transparency between provider and customer.
2
breach investigation report application service provider 4 software as a service 3
Copyright © 2014, De Montfort University. All Rights Reserved 2
Advanced Topics in SE ______________________________________________________________________________________ 2.2.
Cloud Services Delivery Moduls - (IPS)
A spectrum of offering services has emerged for moving compute workloads out of a company’s data center ranging from:
Infrastructure as a Service – IaaS: Infrastructure service can be thought of as pools of basic resources, such as compute power and storage, which are delivered as a service over the internet. An example would be Amazon’s Enterprise Compute Cloud (EC2). Platform as a Service – PaaS: PaaS is on-demand development platforms on which to build new application functionality, targeted at developers and simplifies the application development and deployment process. Examples of PaaS are Microsoft’s Azure, Salesforce’s Force.com, and Google’s AppEngine. Software as a Service – SaaS: SaaS delivers complete, functional applications as a service over the internet. Examples are Salesforce.com Sales Force Automation applications, SuccessFactors’ performance management applications, Taleo talent management applications, Citrix’s Online for Collaboration and web conferencing, and office productivity applications like Zoho, Google Apps.
Figure 1: Cloud Computing Services
2.3.
Cloud Service Deployment & Consumption Model
Erdogmus described SaaS as a core concept for cloud, he pointed that “it’s all software at the end” and no matter what different level service they have. The service model defines as per NIST:
Private Cloud: St Andrew’s Cloud Computing Co-laboratory and Concur Technologies [21] are the set example for organization have private cloud, operated by one organization or third party, within the premises, a setup for one organization. Public Cloud: A large setup for the general public, required investment and owned by corporations like Microsft and Google. Community Cloud A setup with a specific requirement, shared by several organizations. Open cloud testbed [22] set as an example of this model, aim to support research in cloud computing. Hybrid Cloud: A mixed setup of all above models that allow each organization to manage independently, but data and application would move across the hybrid cloud.
Copyright © 2014, De Montfort University. All Rights Reserved 3
Advanced Topics in SE
Measured Service On-Demand Self Service Recourse Pooling Software as Service (SaaS) Platform as Service (PaaS) Infrastructure as Service (IaaS)
Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud
Service Model
Rapid Elasticity
Deployment Models
Broad Network Access
Essential Characteristics
______________________________________________________________________________________
Figure 2: Cloud Computing Viual Model and Definition
3. DEFINITION OF RESEARCH PROBLEM The software Engineering is the process that manages the creation of the concept of one or more formal release. The cloud computing and its security are on controversy since this technology introduced and several researches and inventions worked to mitigate its threats and risks. The cloud engineering research issues concern security related risk factors such as external data storage, depending on the public internet, minimal control, multi-tenant with isolation and integration with internal security. Cloud Computing and Security issues: The cloud environment, working on primitive security, a set of physical and programmatic policies that provide the level of protection against remote malicious activities. The essential for the organization is who and what is accessing the assets of the organization, exploits the protection from the Threat. Jensen et al [19], presented the overview of the cloud issues, mostly related to web services and browser security problems, as cloud using 5 these services and rely on them, therefore these become a significant problem for the cloud. ENISA [20], in their publication on cloud security risk, identified 35 risk factors, split into the categories: policy and organization risk, technical risk, legal risk and network and access risk. Here we will focus on the core area of the cloud computing issues, along with above discussion the security issues of these technologies are applied to the cloud, such as the Network interconnected to the cloud has to be secure, mapping the VM and physical machine has to be secure, data encryptions and enforced policies for shared data, resource management and memory management and its algorithm has to be secure, data mining 6 for the malware detections, adopted by the IDS . The figure below demonstrates the six specific areas in the cloud environment where software and hardware equipment required special attention, followed by “Trust Computing Group’s White Paper” [4],
2. Data Transit Security
1. Data Security 4. Data separation between customers
3. Application Authentication
5. Legal Regularity Issues
6. Incidence Response
Figure 3: Areas of security concerns in cloud computing 5
European Network and Information Security Agency 6 intrusion detection system
Copyright © 2014, De Montfort University. All Rights Reserved 4
Advanced Topics in SE ______________________________________________________________________________________
3.1.
Data security cryptographic: encryption mechanism for hardriven manufacturers that deliver encrypted drives, similarly software encryption can also consider as safe and protected data.
The data transit: follow the encrypted option, authentication and integrated protection mechanism, ensuring the data delivered to the concerned customer and it has not been modified in transit.
User Authentication: access control and authentications are more important than before. IF-MAP the 7 TCG’s standard allow real-time communications between the user, cloud service provider and the customer identify management.
The data separation: the available technology for security improvement on VM and Virtual Network, 8 TPM for hardware based verification process ensuring strong network separations.
Security and privacy of user data and Cloud legal and regulatory issues: The law and regularity related to third party security that must improve and establish strong legal security provision.
Incident response: there is the possibility of breach of security and user misbehavior and therefore IF9 10 MAP by the TCG enabling the integration of different security system and provides real time notification of incident and misbehavior.
Virtualization Technology: the virtualization platform has become new security exposure, offering flexible resource configuration become the security challenge. This concept allows single file server concept running the physical machine and can easily hack. Therefore administrator privileges must regulate and increase to protect the file servers.
Cloud standard and lists perfection: independence and variety of manufactures invent their own application standard and data set, forcing users to deploy their business with their set framework. Cloud security stander provides need to make sure that not to fall in isolated development process. Threat Vectors –Concern in cloud Security
The Threat vector in the cloud has different approaches and dynamic, as per IT traditional architecture the internal PC’s are more at risk of a host of attackers using local browser and accessing the targeted materials. To identify the Threats [18] in the cloud environment, we must study the various related vulnerabilities and find the answer for the question: What security vulnerabilities and Threats are important in the cloud environment, that needs to be added in software engineering principles?
To answer this question the following below table created for the understanding of cloud security terminology and interrelate them to understand the vectors. Risk Vulnerabilities Threads Countermeasure
Figure 4: Cloud Security Terminology
3.2.
Security Risks:
The security risk governed by the cloud delivery model and involved with various factors, including confidential assets, cloud architecture and security control. The following risk factors are discussed: Risk Privilege / user access
Descriptions Facilitate the unlimited data access to the user is normal by the cloud provider which required to address the risk.
Data Location and Separation
Customers generally may not know when and where their data stored, that indicates to a
7
trusted computing group’s 8 trusted platform module 9 Metadata Access Control 10 Trust Computing Group
Copyright © 2014, De Montfort University. All Rights Reserved 5
Advanced Topics in SE ______________________________________________________________________________________
Assurance of Security
risk. Cloud is providing dynamic disk space in data storage, removing data from the disk is not guaranteed to remove absolutely, which generates risk factor. Customers cannot assure the security of the systems that they do not directly control.
Investigation and Proactive monitoring
The limitation on invoking their own monitoring system on a cloud infrastructure and dependency on the cloud service provider to support / investigations of their system.
Data Removal
Table 1: Major Security Risk for the cloud computing
3.3.
Vulnerability in the Cloud
Vulnerabilities
Description
Layers )
V0A
Unsecure API’s and interfaces
API’s are the source for the cloud offering services (SOAP, or HTTP with XML). These Interfaces are required security in order to secure cloud environment, some related issues are: a) Weak credential b) Insufficient authorization verifications c) Inadequate input-data validation We also have to realize that these cloud API’s frequently updating because of its immaturity. Therefore, one bug fixing can welcome another security hole.
SaaS, PaaS, IaaS
V0B
Unlimited resources allocation
Inaccurate resources modelling usage can clue to overfilling or over-provisioning
V0C
Data, and related vulnerabilities
a) Weak separation may mix-up with the unknown data owners such as industries . b) Data may be located in different authorization which applied different law. c) Data cleaning may not complete d) Data backup process completed by the un-trusted third-party providers e) Data location information is usually unavailable or may not disclose to users f) Use of clear plain text data transferred, often data store, processed
V0D
Virtual Machines (VM)
a) VM received covert channels b) Resources frequently allocation and deallocation with VMs c) Unrestrained Migration of VMs from one server to another server due to hardware maintenance, fault tolerance, load balance. d) Unrestricted snapshots – flexibility in VMs data copy can be lead to data leakage e) Rollback of VM could clue to reset vulnerabilities, with the condition of patches or changes will be disappear applied after the rollback. f) Cloud VMs IP addresses are visible to cloud users, so using cloud cartography attackers may map the target VM location.
V0E
Virtual Machine Images
a) Unlimited VM images stored in public repositories b) VM images are unable to patch since they are hidden objects
V0F
Hypervisors
a) Complex hypervisor code b) Flexible configuration of VM to meet organizational needs, that can be exploited
IaaS
V0G
Virtual Networks
Sharing of virtual bridges by various virtual machines
Table 2: Major cloud computing vulnerabilities
Copyright © 2014, De Montfort University. All Rights Reserved 6
IaaS
IaaS SaaS, PaaS, IaaS
SaaS, PaaS, IaaS
ID
IaaS
The following bellow existing security Vulnerabilities and Threats of cloud computing, identify what cloud services (SPI) are affected by the security issues. According to, the virtualization and data storage are the most critical and most effective area of the attack, as lower layer is more effective than the other layer.
Advanced Topics in SE ______________________________________________________________________________________ 3.4.
Threats in Cloud
Threat Account service / traffic hijacks
Description Accounts can be trapped by social engineering and weak credentials, which can access sensitive information and can perform malicious activities
T0B
Data Hunting
Attackers may recover data from the formatted disk.
T0C
Data Leak / loss
Leakage or data loss can be performed by data transfer, process, auditing.
T0D
Services Renunciation
Malicious attacker may take control of all resources and unavailability of resources may not perform request activity from the users.
T0E
User Data Control
Command injections, cross site scripts, insecure object references can be a clue to the attackers for the data manipulation.
T0F
VM escape
Designed to exploit the hypervisor in order to take underlying infrastructure
T0G
VM Hopping
Happen when one VM able to access another VM
T0H
Malicious VM creation
Attackers can create a VM image that contained malicious codes such as Trojan and store in the provider’s source.
T0I
Insecure VM Migration
Live migration exposes the contented over the internet and attackers can do the following activities: a) Access data b) VM transfer to unstructured host c) Creation of several VM may lead to DoS (denial of service)
IaaS
Layers
T0J
Sniffing Virtual Network
Malicious VM can interact with the virtual network or redirect the packets from / to VP using ARP spoofing.
IaaS
IaaS
IaaS
SaaS
SaaS, PaaS, IaaS
SaaS, PaaS, IaaS
SaaS, PaaS, IaaS
SaaS, PaaS, IaaS
ID T0A
IaaS
This table will present the overview of Threats in a cloud environment, will focus on data storage, virtualization and resources being used, and data processing remotely.
Table 3: Major Security Threats in the cloud computing
The relationship between Threats and volunteers are described that how a Threat can take advantage to compromise a system, aim to reach to the existing defenses that can defeat these threats. Threat T0A
Vulnerabilities V0A
Incidence Attackers get access to the user accounts and control the targeted resources.
Countermeasure Identity and Access management guide / ACL / Dinamic Credential
T0B
V0Ca / V0Cc
T0C
SLA (Server Level Agreement keeping specific distributed strategies FRS Techniques / Digital Signature / Encryption
T0D
V0Ca / V0Cc / V0Cf / V0Da-f / V0G V0A / V0B
Shared data from the disk cannot recover, if compromised. Side channels
T0E T0F
V0A V0Fa-b
Legal users facing resources availability issue, when Illegal requests increases. SQL command injections and cross site scripts. Zero day exposes the hyperVM virtualise application, that destroy 100,000 websites
T0G T0H
V0Db / V0Fb V0Ea – b
Limit the resources in the policies by the cloud service providers Web Apps scanners HyperSafe / TCCP (Trust Cloud Computing Platform), TVD’s (Trust Virtual Datacentre Mirage Mirage
Security flows in VM monitored Create VM image contain malware and publish in public sites
Copyright © 2014, De Montfort University. All Rights Reserved 7
Advanced Topics in SE ______________________________________________________________________________________ T0I
V0Dd
T0J
V0G
Xen and VMware virtualization products used for the migration process Sniffing / spoofing in Virtual Network
PALM / TCCP / VNSS A framework based on Xen network modes ‘bridge and related’
Table 4: relationship between Security Threats and Vulenaribilities for the cloud computing
4. CRITICAL LITERATURE REVIEW / MECHANISM AVAILABLE / COMPARISON 4.1.
Countermeasure comparison for T0A Group – Account Highjack:
4.1.1.
Access Control
Access control is a methodology over the cloud security, ensuring that data access provided to the authenticated user, that enables firewall, intrusion detection and duties breakup enabled at various layers of 11 the network over the cloud, using various ACL .The ACL is classified into black and white list, which is based on their privileges by the The Defense in depth method. The deployed firewall over the internet only filters the 12 piece of data that's been set by the policies for the ACL users. The BMC Remedy software facilitated the alert messaging scheme integrate with the incident management system that required IP address for various sites to be set. The cloud provision for access control policy centered to the hypervisors, provided to the multitenant cloud environment, adopting scalability and simplicity methodology. The MacAfee and the Fujitsu access control methods are compared. The McAfee has provision or access 13 control by using several methods, such as Web Gateway, MacAfee one Time Password, and CSSO method provided access control. Fujitsu offered a solution for unauthorized access, mainly for injection attack and cross site scripts, the schemes is provided Central Management Authorization and Virtual Management System Authorization, acceptable solutions for the cloud access control. Authenticated Model Compared
McAfee Fujitsu
Encryption Techniques McAfee Web Gateway, MacAfee One Time Password, Single Sign-On
Advantage Policy Management, Prevent for data loss
Central Mang. Authorization, Virtal Management Authorosization
Injection attack provision, Crosssite scripting
Table 6. Comparisons between the different access control models
4.1.2.
Cloud Authentication Policy:
Cloud provided single factor authentication policy, ensuring that authorized users is accessing data by 14 providing their valid credentials and details in order to access a variety of data in the cloud. AWS emphasis virtual private cloud, in order to provide confidential data exchange active between web browser and web services using various authorization methods like, multifactor authorization. Open ID [5] being used, which is an open standard and doesn't require separate adhoc network, follows third party services in order to maintain the different user authentication. RSA [6] in consideration of separate authentication schema for the private and public cloud, followed by single login using trust policies and strong authentication methods, offered centralized virtual management console for the private cloud protection from the unauthorized access. Schemes adopted by RSA are knowledge based authentication, two factor authentication and adaptive authentication, aim to reduced costs and improved security provision. Authentication Model Compared Authentication Mechanisims RSA Knowledge based, two factor authentication and Adaptive authentication
Advantage Low cost, Improved security mechanism manipulating a single login policy.
11
Access Control List Business Service Management 13 Single Sign-On 12
14
Amazon Web service
Copyright © 2014, De Montfort University. All Rights Reserved 8
Advanced Topics in SE ______________________________________________________________________________________ 13
AWS
Multifactor, Open ID
Denote required, separate adhoc network, exchanging confidential data, issuing web browser, an economical approach
Table 7: Authentication Mechanism comparison, adopted for the cloud security
4.1.3.
Authorization:
Schemes that allow user to login into a particular allowed server and its service, followed by after authentication step. The proposed Oracle Database Vault by Oracle [9], which protect application data with the various administrators and offers authorization, the Roll base access [10] adopted multi-tenancy method to protect cloud data, which segregate in administrative authentication adopted rules that single sign-on administrative for a specific domain. A policy based authorization scheme [11] providing infrastructure as a service model ensuring protection of user privacy and authorization access, sanctioning create own place by the individual user, safeguard the user data from the un-authorization access. The OASIS [12] cloud authorization maintaining logs of each user for storing user’s and their device details. VMwars [13] is one of the strongest methods by integrating corporate directories endeavors policies with the service provider policies, using hard and soft certified token for the authorized users in order to make sure unauthorized access. Authentication Model Compared Authentication Mechanisims Oracle Oracle Database Vault,
Advantage Providing single sign on authentication for the administrators from unauthorized access.
VMware
Hard and soft factors, grouping corporate directory with the service provider policies
Prevents unauthorized access
OASIS Cloud
Logs system for each user
Maintaining details included devises information.
Table 8: Authorisation Comparison, adopted for the cloud data security
4.1.4.
Dynamic credentials:
An algorithm [33] for mobile cloud users that create or remove dynamic credentials when the data packet exchange, that limits the attackers for malicious activity after one attempt, which is extremely invasive to repetitively monitor whenever the credential revise. The most obvious is for the attackers that they find difficult to counterfeit the credential develop with time. Function Algorithm: According to proposed Algorithms, after packet transmit successfully the user and cloud execute the following Algorithm1 to generate confidential Xu and Xc: Algorithm 1: Dynamic confidential generation IF a packet ni is sent and received THEN packet counter cnt = cnt + 1 if ni is sent by the user then Xu = Xu ⊕ HASH(ni) if pi is sent by the cloud then Xc = Xc ⊕ HASH(ni)
Where, - ⊕ is the bitwise-XOR operator, - HASH(·) can be numerous consistent hash functions such as SHA or MD5. Hash function loss the attacker’s information. Once the user’s device request data channel from the base station, the communication device sends packet to notify the cloud. Then a cloud and the device, execute the following algorithm 2 to renew the dynamic
Copyright © 2014, De Montfort University. All Rights Reserved 9
Advanced Topics in SE ______________________________________________________________________________________ credential X and also affects when the user continued with the cloud communication at the same station and the packet counter y surpasses a customizable level yth: Algorithm 2: Credential update IF user request data channel or y ≥ yth THEN X = X ⊕ HASH(Xu||Xc) Xu = Xc = 0 ; y = 0
Example: -X(tm) denotes the dynamic credential at time tm, -an attacker acquires the time value of X(tm0) and may tap the user and cloud communication, -so the attacker plan for an attack at a time tm1>tm0, which required tap between tm0 and tm1 to expose X(tm1). Therefore, If the tapping is on the wireless signals, then the information loss to the attackers easily. If the tapping within the stations, then the attacker must forecast the user’s action, which is unrealistic. As result, The communication between ISP and within the cloud is secure. A security breach to this structure is more critical than imitation attack. Comparison: Account is hacking critically assessed in various aspects and analyzed the emergence of methodology, each methodology has its own pros and cons, but the technology which applying precautions before and after process would be successful. Here authentication, authorization, access control and dynamic credential discussed with comparisons of different methods. Each one has its own objectives and success, but the dynamic credential methodology is best suitable for the account hacking because of its dynamic nature which is representing the authentication and authorization Threat controls, policies all together, also with its algorithm we can challenge to the hacker by stoping malicious activities. In access control Fujitsu has strong capabilities than McAfee because of its centralized management policies, similarly RSA and AWS are providing a low cost methodology, but AWS is applying multifactor authorization, open ID without using the separate adhock Network. Likewise VMware applying local policies with corporate policy, adopting network directory which support authenticated access. 4.2. 4.2.1.
Countermeasure for T0C & T0D– Data leak/Loss: Encryption:
An adopted process to convert data into an unreadable format, essentially converted into cipher text, which subsequently decrypted on the receiving side. This process achieved before the data stored into the cloud, confirming that the data remain encrypted from the cloud service providers against any modification or interpretation. In this provision the Dell [14] offering database, hardware and software encryption policy, allowing to store user data using external tape drive, indemnities user privacy and data protection, without user intervention. The Transparent file encryption methodology allows control over the various users accessible data are maintained, provided a whitelist of authorized users with their access privileges for the services and sharing files, which reduced monitoring, usage audits and compliance. Wuala Cloud [15] facilitated encrypted data on personal computer before transfer to the cloud to ensure the owner can access this data. Full Disk encryption by Online Techniue [16], introducing method of full disk encryption during the booting process, using advanced encryption standard algorithm, where a bit locker password encryption, is guaranteeing data protection even disk stolen, such as Linux disk encryption used within the kernel, which encrypted partition data, offering great data security provision. Authentication Model Compared Authentication Mechanisims
Advantage
Copyright © 2014, De Montfort University. All Rights Reserved 10
Advanced Topics in SE ______________________________________________________________________________________ Dell
Hardware / Software based encryption, Transparent file encryption
No User intervention required, easy to deploy, user access data control, compliance workload reduction
Wuala
Devices and database encryption policies, transparent file encryption policy
Allow user to store their data on the external drive, maintaining whitelists for the authorized users and their access details, reducing compliance and monitoring process.
Online Tech
Full Disk Encryption during system boot, bit lock password encryption
Protects data even loosing tape disk.
Table 9: Comparison of Encryption Process, adopted by the cloud environment
4.2.2.
Homomorphic encryption:
Cloud operating transfer, store and process for the cloud data, the encryption adopted for transferring data from-to cloud, ensuring data security and privacy, concerning privacy cloud providers has to decrypt cipher data in order to process it. Homophobic encrypted data without knowing secret key and the client is the only owner of the key. The [35] proposed system, based on the application of entirely homomorphic encryption to the cloud security, consents executing arbitrary estimation on ciphertexts without being decrypted. Existing homomorphic encryption orders provision a partial number of homomorphic actions such as addition and multiplication. According to [36] defines: Encrypted homomorphic, if from Encr (x) and Encr(y) likely to calculate Encr (fun (x, y)), where fun can be: +, ×, ⨶ and without private key. 4.2.3.
Fragmentation-Redundancy-Scattering (FRS) Technique [34]:
Aims to provide intrusion tolerance and in consequence and secure storage, consist in a first breaking down confidential data into insignificant fragments, in order to hide insignificant information of a fragment from itself and dispersed in a redundant manner across the sites of the distributed system. According to [33], the data reduced into fragments which has self identified name with hidden fragments information, each fragment is encrypted in a chain cypher order, ensuring fragment is decoded. On the other hand the storage servers are using pseudo-random algorithm to decide authentication to access the stored data, applying agreement protocol to meet the reliability. The hash stored in the server security using a secret shared area, that enable the user to determine the name of the fragment. 4.2.4.
Digital Signature:
RSA [37] algorithm activates the digital signature for data movement across the network, and its authentication applicable to the cloud environment, involving digital signature and public key cryptography. The digital signature crunch data into fewer lines by hashing algorithm, called message digits encrypted, into a private key to avail digital signature. Further software encrypts the digital signature into message digits with the sender's public key, a powerful method for critical financial transaction over the internet. The author proposes Function: 1. 2. 3.
Sender A take document from cloud for receiver B. The document crunch data into fewer lines by hashing algorithm. A software encrypt the message digits with the private key Hash Message Digits Encrypt with private Key Message Signature Digits
Figure: Hashing and encrypt message digest into the signature
Copyright © 2014, De Montfort University. All Rights Reserved 11
Advanced Topics in SE ______________________________________________________________________________________ 4.
RSA algorithm A encrypt Digital signature with B’s Public Key, B decrypt the cypher text to plain text with B private key along with A public key for verification of signature. Encrypt Sign
Private Key Sender
DFER34 BBE76Y
Verify Decrypt
Receiver Public Key
Figure: Digital signature encrypted in Cipher Text
Authentication Model Authentication Mechanisims Homomorphyc Application of entirely homomorphic, executing encryption arbitrary estimation on ciphertexts
Advantage Provision a partial homomorphic action, such as addition and multiplication without being decrypted
FRS
Intrusion tolerance and in consequence and secure storage, breaking down confidential data into insignificant fragments
Only users can determine the name of the fragment to access the data
Digital Signature
Algorithm for the digital signature and public key cryptography
A powerful method for financial transaction over the internet
Table 9: Comparison of data leak process, for the cloud security
4.3.
Countermeasure for T0E- User Data Control:
4.3.1.
Web Application Scanner:
This program identifies the security vulnerabilities by scanning web applications using front-end web application. The other is a web application firewall that routs all Threats deducted web traffic. 4.4.
Countermeasure for T0F – VM escape:
4.4.1.
HyperSafe:
Type-I hypervisor related to [38] two techniques, one is, non-by passable memory lockdown which control write protected memory pages from being modified, and second techniques produces a pointer index convert data to expand protection to include control flow enforcement, thus the hypervirsor’s code integrity. The four tests performed in order to measure their effectiveness, included injected code and page modification, but the performance wise it recorded as slow. The concept system developed to motivate two open-source systems, such as Type-I hypervisors: BitVisor and Xen. The research demonstrated various hypervisor attacks and benchmarking programs proves that HyperSafe is fairly secure and guarantee with good results with unique self-protection competence. 4.4.2.
Trust Cloud Computing Platform (TCCP):
Providing close box environment for deploying VM ensure its authentication and security, carrying two 15 16 17 elements TVMM and TC . TC establishes trust nodes for the TVMM, also actively act in migration VM and ensuring that VM running on a secure platform. Reported the downtime due to its verification of all 18 transactions and then the DAA privacy CA scheme to handle this situation. An attachers can read the file during VM migration process, as a set example of misuse patter. This can be possible because the VM migration can be done by the network and the network has weak security. This issue can be mitigated by using techniques TCCP [32], provides confidential and integration of computing that are outsourced to IaaS services and provide secure migration. TCCP delivers the close box implementation environment by spreading the concept of trusted platform to an IaaS background, allow user to determine up 15
Trust Virtual Machine Monitoring
16
Trust Coordinator
17
Virtual Machine
18
direct anonymous attestation
Copyright © 2014, De Montfort University. All Rights Reserved 12
Advanced Topics in SE ______________________________________________________________________________________ front even IaaS doesn't enforce this property. Each TVMM running at each trust node on VM,in cooperate with TC in order to:
Confine the execution of the VM to a trusted node Protect VM against inspection or modification while transit on network.
Example Live Migration: Migration the state of an executing VM transfer between two nodes, a sources N s and destination Nd, for the secured operation both the nodes must be trusted, and VM must remain confidential and unmodified while transit over the network. Following the notation used for cryptographic operation:
P
(KP, K ) pair presents private, the public key of an asymmetric cryptographic key pair. x x (y)K , y is encrypted with K EKx, as endorsement key TKx, as trust key Kx , as session key Nx, a unique number generated by x, help deducts message reply P 1. {{Nd, Ns1} TKNP , Ns} TKTC P
P } TK P } TK TC 2. {{ns1, TK Nd Ns CM
Nd
P , Ns} TK P 3. {{Ks, ns2} TK Ns Nd P , Nd} TK P 4. {{Ns, Nd} TKNd TC
Ns
TC
P } TK P } TK P 5. {{nd, TK Ns Nd TC 6. {Nd} Ks 7. {VMid, ≠ VMid} KS
Where Step 1: and 2: Ns requested TC check the Nd is trusted. Step 3: Ns negotiates a session key Ks with Nd, will be use for secure transfer of the VM state. Step 4 & 5: Nd, first verified that Ns before accepting the key If both the Nodes authenticate successfully Step 6: Nd acknowledges the acceptance of the session key to the KS Step 7: Ns finally the encrypted and hashed VM state to the Nd, guaranteeing the integrated and confidentiality of the VM.
Authentication Model Comparison Authentication Mechanisims Hypersafe Relay on two Hyperversion techniques, memory lock and pointer index system to convert data, data integrity. TCCP
TVMM and TC node method, runs on user VM
Advantage Hypervisor’s code and static data protection from attack even in the case of memory exploitation virus, control call or return targets. Limit the execution of the VM to a trusted node, Protect VM against review or editing while transit on network
Table 10: Comparison of VM Scape for the cloud security
4.5. 4.5.1.
Countermeasure for T0G – VM Hopping: Mirage:
Propose virtual image management system in a cloud environment [27], included access control framework, Provences tracking image filter and repository maintenance system, with the limited scanning facility on images malware remover and also privacy is concurrent to scan user private images. However the one
Copyright © 2014, De Montfort University. All Rights Reserved 13
Advanced Topics in SE ______________________________________________________________________________________ weakness of this system that it may not remove all information from the data or may not scan fewer malware. Experiment results says that the filters run at the repository, that exploit parallel images. For example, an update report method may intimate a consumer when an image repaired by the user. 4.6.
Countermeasure for T0I – Insecure VM Migration:
4.6.1.
Protect Aegis for Live Migration (PALM):
A secure live migration framework [39] and ensures the integration and privacy protected during and even after migration, a prototype based on GNU Linux and Xen, as a result the minor migration and downtime noted just because of encryption and decryption process. The experiment produced results; the system migrated with no workload, http was running in the background and the VM downtime 7 times compared, resulting very short approx. 10s to 100s milliseconds and the absolute overhead still very low. 4.6.2.
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (DoS)
This security update resolves the privately reported vulnerability in windows server 2008 R12 Hyper-V, this vulnerability allow DoS [24] of service, if a malformed sequence of machine instructions is run by an authenticated user hosted by Hyper-V server, an attacker must have valid credential and able to log on locally into the guest VM server to exploit that vulnerability, that cannot exploit remotely or anonymous user, address the vulnerability by correcting the v-Hyper validates encoding of machine instructions executed inside its guest virtual machines. This security automatically downloaded and update, or update manually by the administrator. Authentication Model Authentication Mechanisims Palm A prototype based on LINUX and Xen applying to VMM system DoS
Security update Hyper-V mechanism
Advantage Secured migration over the VM with almost low downtime migration, with no workload Alow authenticate users to run, protecting server attackers, auto download and update provision
Table 11: Comparison of VM Migration
4.7. 4.7.1.
The countermeasure for T0J - Sniffing Virtual Network: Virtual Network Security (VNS):
Wu an et [25] al presented a framework that secures the communication among VM, which is based on Xen, that offering two notes, “bridges” and “router”, consists of three layers: routing, firewall and shared network, preventing from sniffing and spoofing. The web services are the most important technology in the cloud, along with web services the cloud needs to address these issues. The security web services already implemented interfaces for use [26] , authorization and network integration. Such standards are Security assertion Markup language (SAML), Extensible Access Control Markup (XACML), XML digital signature and encryption, WS Secure Conversation, TW Trust, and Secre Places. The NIST introduced standard Roadmap Working Group that relevant to cloud. Mike et al [28] described that risk arises when adopting cloud computing models like XML attackers, browser’s. Authentication Model VNS
Authentication Mechanisims A prototype based on LINUX and Xen applying to VMM system
Advantage Secured migration over the VM with almost low downtime migration, with no workload
Table 12: Comparison of Sniffing VM Network
Copyright © 2014, De Montfort University. All Rights Reserved 14
Advanced Topics in SE ______________________________________________________________________________________
5. STANDREDS IN CLOUD COMPUTING: Together, as above formalization will focus on the activities undertaken on the cloud environment by different standards development organizations (SDOs), adopted around the world with regards to the domain of cloud application and their service development in the field of security and privacy issue. There re several on the list such as Internet Engineering Task Force (IETF), Alliance for Telecommunications Industry Solutions (ATIS), Association for Retail Technology Standards (ARTS), International Telecommunication Union (ITU), Object Management Group (OMG), TM Forum, Storage Networking Industry Association (SNIA), The European Telecommunications Standards Institute (ETSI) [2], but we will focus on few important standards in the field of security of cloud environment. 5.1.
NIST Cloud Standreds:
According to Badger et al., 2011, NIST has associated with several standards in the cloud such as the report on ‘standard guidelines for the public cloud’, as security and privacy of cloud consideration involved, highlighted cloud related risks, Threats and their defenses around the cloud environment, observes the grown-up cloud computing in the technology, included SOA, Web 2.0, virtualization and computing utilities, viewed as known problematic cast in a new setting. The NIST identified the security and privacy issues are: Governance, Trust, Data protection, Hardware and software architecture, Availability. 5.2.
Distributed Management Task Force (MTF)
A standard for interoperable IT solution management, working on the open virtualization format (OVM), Open cloud standard Incubator for cloud interaction on protocols, Cloud Audit Data Federation (CADF), allow a sharing of audit logs ad information. DMTF established collaboration with CSA to propagate the cloud security standard. 5.3.
Open Cloud Consortium (OCC)
An organization, supports standards development, benchmark development, reference of implementation for open source in the cloud, workshop sponsor for cloud, carried four groups, large data cloud group, open cloud test-bed group, standard for performance management. 5.4.
Organization For The Advance Structure Information Standred (OASIS):
An international group called not-for-profit that drives development, convergence and adoption of e-business standard, group produced largely web services than other groups with security standards. The following technical committees defind the objectives and goals by the OASIS: Advance message query protocol (AMQP) that defind ubiquitous and open sources protocols, Cloud Application Management for Plateformn (CAMP) TC that standerelizing SaaS services, Cloud Authorisation (CloudAuthz) TC that enabling contextual attributes, Identitiy of Cloud TC that involved in development of profiles or open standred, Open Data Protocol (OData), Privacy management reference Model (PMRM).
6. FUTURE SECURITY CONSIDERATION AND SECURITY IMPLICATION REQUIREMENTS Towards advance cloud computing in security perspective, the software engineering must take proactive measures to ensure the tightest security.
Privacy and Security Requirement: reformation in law and regularity required that needs to be comply with the telecommunication providers, included single set data protection, users right to access their data, data transfer from one to another service, cryptography technology essential for data confidentiality, prevention with network attacks using cloud connections, user authentication improvement, the availability issue included DOS attacks, loss of data control, internal virtual machine and VM image protection.
Activity partners need to protect [23]: sharing resources over the cloud exposing activity of cloud user to other users using the same resources, may lead to covert or side channel constructions,
Copyright © 2014, De Montfort University. All Rights Reserved 15
Advanced Topics in SE ______________________________________________________________________________________ where activity partners have to establish their own confidential business information, and in case of divulging them the reverse–engineering will lead,
Sharing resources are also welcome the unethical activities, establishing a longer trust chain from one service to another service on the cloud.
The other important issue is to watch participants of subverts, who seem to be regular cloud users, but actually doing cybercrimes, for example service providers selling confidential data which is breaching of contracts.
Competitive businesses can end up with the conflicts of using a common platform for all competitors enforcing to lose trust and interest on the providers, and disagree about storing the confidential information with their competitors using a common platform.
Conclusion: Cloud prone to various security issues such as, Danial of Services (DoS) attacks, storage and computation, Eavesdropping, insecure authentication, distributed DoS. The paper identified the most important vulnerabilities and threats and established critical literature review, evaluated that Threats are potential attack. Measured, relationship between Threats, risk and vulnerability, assessed vulnerabilities and associated attack. Since last few years the evolution of cloud computing recorded business growth been as a fastest in the IT industries, but as more and more information transferring to the cloud environment, concern for data privacy and protection issues. It is true the professional service providers with professional equipment and security personnel that can offer better secured services and more cost effective, but also cannot neglect that the centralized services will become targets of the hackers. According to several reports the cloud service providers have been subject to have lots, security threat issues from a different factors and levels. In October 2007 and February 2008, an Amazon service provider experienced a breakdown, subject to thunder stroke, July 2009 the Amazon EC2 has biggest security failure, Google, on March 2009 came into controversy of leaking customer information. Consequently, Data leak or loss is a common Threat for cloud users and creating big concern for all. According to the above critical assessment, we understand that data security and related methodologies are the best solution for these Threats, but the question is how and what methodology is best suitable which improve the security of the cloud environment. These findings, we must documentation for the re- engineering.
Copyright © 2014, De Montfort University. All Rights Reserved 16
Advanced Topics in SE ______________________________________________________________________________________ References: [1] H. Keiko, R. G. David, F.M. Eduardo, B.F. Eduardo, “An analysis of security issues for cloud computing”, Hashizume et al. Journal of Internet Services and Applications 2013, http://www.jisajournal.com/content/4/1/5 [2] S. Jaydee, “Security and Privacy Issues in Cloud and commuting”, Innovation Labs, Tata Consultancy Services Ltd., Kolkata, INDIA. [3+ Z. Dimitroize, L. Dimitroize, “Addressing cloud computing security issues”, Department of Product and Systems Design Engineering, University of the Aegean, Syros 84100, Greece, 2010. *4+ Y. Zhang, Y. O. Zhang , “Cloud Computing and Cloud Security Challenges”, School of Information Science and Engineering of Shandong Normal University, Shandong Provincial Key Laboratory for Novel Distributed Computer Software Technology Jinan 250014, China zhangyandong_
[email protected] [5] D. Zissis and D. Lekkas, “Addressing Cloud Computing Security Issues”, Future Generation Computer Systems, (2012), Vol. 28, Issue 3, pp.583-592. [6] http://www.druva.com/documents/Druva-inSync-Security-Q115-R54-10062.pdf (2014) *7+ J. Barr, A. Narin, and J. Varia, “Building Fault-Tolerant Applications on AWS”, Amazon Web Services (2011), pp.1-15. *8+ T. Acar, M. Belenkiy and A. Kupcu, “Single Password Authentication” Computer Networks, (2013), vol. 57, no. 13, pp. 2597-2614. [9] J. B. Bernabe, J. M. Marin Perez, J. M. Alcaraz Calero, F. J. Garcia Clemente and G. M. Perez, “Semantic- Aware – multitenancyauthorization system for cloud architectures”, Future Generation Computer Systems, (2014), vol. 32, pp. 154-167. *10+ D. W. Chadwick and K. Fatema, “A privacy preserving authorization system for the Cloud”, Journal of Computer and System Sciences, (2012), vol. 78, no. 5, pp. 1359-1373. [11] A. Saldhana, R. Marian, A. Barbir and S. A. Jabbar, OASIS Cloud Authorization (CloudAuthZ) TC [DB/OL]. [12] http://www.vmware.com/files/pdf/partners/vmware-public-cloud-security-wp.pdf?src=vcld-2012-1-blog-PCSA%20whitepaper-ex-41 (2012) [13] http://www.dell.com/learn/us/en/04/campaigns/dell-data-protection-solutions, (2013-11-06) [14] http://www.wuala.com/en/learn/technology, (2014-01-03) [15] G. Wang, Q. Liu, J. Wu and M. Guo, “Hierarchical Attribute Based Encryption and Scalable User Revocation for Sharing Data in Cloud Servers”, Computers and Security, (2011), vol. 30, no. 5, pp. 320-331. [16] L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy and I. Stoica, “CloudPolice: taking access control out of the Network”, ACM Sigcomm Workshop, (2010). *17+ J. Q. Allen, W. K. Jaspher, V. Rohit , “Cloud Security Mechanisms for Data Protection: A Survey”, 1School of Computer Science and Technology Karunya University Coimbatore, India. International Journal of Multimedia and Ubiquitous Engineering, Vol.9, No.9 (2014), pp.81-90 *18+ H. Keiko, G.R. David, F.M. Eduardo, B.F. Eduardo, “An analysis of security issues for cloud computing”, Hashizume et al. Journal of Internet Services and Applications, 2013 [19] Jensen, M., Schwenk, J. O., Gruschka, N. and Iacono, L. L. 2009. On Technical Security Issues in Cloud Computing. In IEEE International Conference on Cloud Computing (CLOUD-II 2009), Bangalore, India, September 2009, 109-116. [20] Catteddu, D. and Hogben, G. 2009. Cloud Computing: benefits, risks and recommendations for information security. Technical Report. European Network and Information Security Agency. [21] LEMOS, R. 2009. Inside One Firm's Private Cloud Journey. Retrieved December 1, 2009, from http://www.cio.com/article/506114/Inside_One_Firm_s_Private_Cloud_Journey [22] Open CirrusTM: the HP/Intel/Yahoo! Open Cloud Computing Research Testbed. Retrieved December 1, 2009, from https://opencirrus.org/ [23] C. Yanpei, P. Vern, H.K. Rand , “What’s New About Cloud Computing Security?” Electrical Engineering and Computer Sciences, University of California at Berkeley, 2010 [24] “Microsoft Security Bulletin MS10-010 - Important”, Security TechCenter , Version 1.1., http://blogs.vmware.com/security/2010/01/announcingvsphere- 40-hardening-guide-public-draft-release.html [25] Wu H, Ding Y, Winer C, Yao L (2010) Network Security for virtual machines in Cloud Computing. In: 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society, Washington, DC, USA, pp 18–21 [26] EB. Fernandez,O. Aja, I. Buckley,N. Delessy-Gassant, K. Hashizume,” A survey of patterns for Web services Security and reliability standards”, Future Internet 4(2):430–450, Larrondo- Petrie MM, 2012 *27+ J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning, “ Managing Security of virtual machine images in a Cloud environment.”, ACM workshop on Cloud Computing Security. ACM New York, NY, USA, pp 91–96, 2009
Copyright © 2014, De Montfort University. All Rights Reserved 17
Advanced Topics in SE ______________________________________________________________________________________ [28] J. Meik, S. Jörg, G. Nils, L.I. Luigi, "On Technical Security Issues in Cloud Computing," in IEEE ICCC, Bangalore 2009, pp. 109-116. [29] P. Mell and T. Grance. “Effectively and securely using the cloud computing paradigm”, National Institute of Standards and Technology. October 7, 2009. [30] S. Shankland. HP’s Hurd dings cloud computing, IBM, CNET News. October 20, 2009. *31+ EN. Fernandez, N. Yoshioka, H. Washizaki, “Modeling Misuse Patterns. In: Proceedings of the 4th Int. Workshop on Dependability Aspects of Data Warehousing and Mining Applications” (DAWAM 2009), in conjunction with the 4th Int.Conf. on Availability, Reliability, and Security (ARES 2009), Fukuoka, Japan. IEEE Computer Society, Washington, DC, USA, pp 566–571, 2009. *32+ N. Santos, KP. Gummadi, R. Rodrigues, “ Towards Trusted Cloud Computing. In: Proceedings of the 2009 conference on Hot topics in cloud”, 2009 [33] D. Yves, L. Blain, C.F. Jean.” Intrusion tolerance in distributed computing systems”, IEEE Symposium on Security and Privacy (Oakland, CA, 20-22 May 1991), pages 110-121, 1991. [34] Wylie J, Bakkaloglu M, Pandurangan V, Bigrigg M, Oguz S, Tew K, Williams C, Ganger G, Khosla P, “Selecting the right data distribution scheme for a survivable Storage system”, CMU-CS-01-120, Pittsburgh, PA, 2001 [35] Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption method applied to Cloud Computing. In: National Days of Network Security and Systems (JNS2). IEEE Computer Society, Washington, DC, USA, pp 86–89 [36] Fong E, Okun V (2007) Web application scanners: definitions and functions.In: Proceedings of the 40th annual Hawaii International conference on system sciences. IEEE Computer Society, Washington, DC, USA [37] Somani U, Lakhani K, Mundra M (2010) Implementing digital signature with RSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In: 1st International conference on parallel distributed and grid Computing (PDGC). IEEE Computer Society Washington, DC, USA, pp 211–216 [38] Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE symposium on Security and privacy. IEEE Computer Society, Washington, DC, USA, pp 380–395 [39] Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection. In: Trusted Infrastructure Technologies Conference, 2008. APTC’08, Third Asia-Pacific. IEEE Computer Society, Washington, DC, USA, pp 9–18 *40+ P. Joe, “Three Security Criteria to Consider When Selecting Your Cloud Hosting Provider”, expedient ata center, http://www.expedient.com/three-security-criteria-to-consider-when-selecting-your-cloud-hosting-provider-2/
Copyright © 2014, De Montfort University. All Rights Reserved 18