Security Paradigms for Cloud Computing

Akhil Behl Centre of Excellence, Advance Services

Cisco Systems New Delhi, India

e-mail: akbehl@cisco.com

Kanika Behl Assistant Professor – IT

Jagan Institute of Management Studies New Delhi, India

e-mail: kanika.behl@jimsindia.org

Abstract— Cloud Computing – some treat it as a catchphrase, others as the next step in evolution of their organization and the Internet. However, what is for sure is that, it is a way of leveraging less expensive services based environment providing cost-effective solutions to various organizations to cater for their computing needs, without investing in computing infrastructure. However, cloud computing, just like other formats of computing, is not free from issues. One of the major barriers in adoption of cloud is security. Once migrated to cloud, you do not know where your data is physically stored, what laws and regulations govern the same and most important of all, who has access to it. This paper explores security issues related to cloud computing and proposes a paradigm for securing cloud. The paper investigates some of the key research challenges of implementing cloud-aware security solutions which can plausibly secure the ever-changing and dynamic cloud environment, followed by conclusion where we try to entail the whole research and try to formulate a practical security paradigm, which will enable the cloud providers and consumers to ensure that their data and valuable assets are safe from otherwise prying eyes.

Keywords- Cloud, security, Cloud Computing, Security Challenges, distributed computing, Security Paradigm

I. INTRODUCTION Cloud computing [1] stirs up different perceptions for

people from various backgrounds, be it technology, manufacturing, ITES etc. To some, it is merely a mean to access software and data stored in the “cloud”, as another representation of the Internet. For others it is value addition to their existing services and how they can benefit from the distributed model [4] of "Cloud Computing". The Internet as it exists today evolved from small networks, and has grown mammoth such that there is no end to it. Somewhat similar is the next Internet of Cloud phenomena waiting to happen. Cloud computing can best be defined as a style of computing where IT allied capabilities are provided “as a service” using internet technologies to multiple external customers”. The most famous examples are Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) [1, 4].

However, with the benefits of cloud computing, what may not be immediately apparent are the repercussions. When you place the data on cloud, it is off your premises and located somewhere [3] which you are not aware of (as cloud providers do not reveal the location of storage). Additionally,

porting data to cloud is as good as porting your valuable assets in open, guarded by an obscure fence which may be breached, if not secured otherwise. Organizations lose control over physical and logical security [3, 5] of their data. Since, in a typical cloud model e.g. public cloud [4], where everyone shares resources in a common virtual space, an organization would be skeptical of the security of the information they have or would be porting to cloud and moreover, who can access it. In other words, who has the control on management of encryption and decryption keys [6]? These and many more apprehensions remain to be answered. The IDC survey in August 2008 has shown that security is the foremost concern that customers have attributed to the cloud computing [2].

This paper is organized as follows. Section 2 explores the cloud relevant technical and process related security issues. In section 3, we explore the key research challenges of mediating the security issues that pester cloud environment. Finally, section 4 concludes the paper with conclusion and future work.

II. KEY RESEARCH CHALLENGES - CLOUD SECURITY ISSUES

In this research paper, Cloud computing is defined as per following attributes:

� Multi-tenancy � Scalability � Elasticity � Access to resources on the go

Cloud computing has a lot to offer to an organization to

an individual to a small business with its very architecture of pay as you go provisioning, flexibility of opting for or opting out of a service, and primarily cost effectiveness as compared to hosting one’s own computing resources [4]. Amidst all these benefits, is hidden a dark however factual truth that, as useful as Cloud services are for the legitimate owner and consumer, they are open for hackers and attackers which see public and hybrid clouds as their playgrounds to carry out malicious intended activities. No network is a 100% secure and neither is ‘The Cloud’ [3, 4]. Cloud security is mutually is de-facto between the cloud provider and the cloud consumer, where both need to have a trust relationship and complement each other when it comes to

2012 Fourth International Conference on Computational Intelligence, Communication Systems and Networks

978-0-7695-4821-0/12 $26.00 © 2012 IEEE

DOI 10.1109/CICSyN.2012.45

200

2012 Fourth International Conference on Computational Intelligence, Communication Systems and Networks

978-0-7695-4821-0/12 $26.00 © 2012 IEEE

DOI 10.1109/CICSyN.2012.45

200

secure information at rest and in transit. There are numerous security issues which beleaguer Cloud providers and consumers alike. This paper focuses on following research challenges:

A. Confidentiality and Integrity of Information B. Availability of Information C. Repudiation of Information D. Shared Platform Issues E. Service hijacking F. Loss of Control G. Security standards for Cloud

A. Confidentiality and Integrity of Infromation When an organization ports its valuable data and

information to cloud, it interests the provider with security of the same. While, a cloud provider may have deployed security controls within its premises and at the edge, it doesn’t mean that some other customer who has a shared platform cannot get access to competitor’s information by means of Virtual Machine (VM) tunneling/exploitation [5]. Moreover, it becomes close to impossible to keep a check on what information is accessed by whom and is accessible from the likes of Internet search engines when the cloud expands. There is often very limited to no visibility for the consumer about employee hiring standards adopted by cloud provider [8], and of who is sharing the platform (hardware or software) within the cloud. In such case, how does an organization or a small business or an individual ever know if the information they are accessing has been changed in transit or while it was rest, to show metrics which will only help the competitor to succeed! This is a drastic situation for the consumer who’s kept unaware of his own belongings in the cloud space. In a nutshell, the issues are various when it comes to confidentiality and integrity of the information resident in cloud provider’s environment [9]. As shown in figure 1, the incidents reported by US-CERT clearly indicate the rise of information manipulation.

Figure 1. Information leak incidents by CERT [15]

Some of the major annoyance factors are: � Insufficient authentication, authorization, and

accounting (AAA) controls � Inconsistent use of encryption and decryption keys

� Information persistence, disposal and reminisce challenges

B. Availability of Information It all seems well when things are going as planned. It is

when things go down the wrong lane that one realizes, the impact, which can be devastating. The information ported to cloud very well meant working on cost saving and off-premises storage leverage strategy. However, do cloud consumers and cloud providers for that matter think about the impact when this information goes unavailable in an unlikely event of Denial of Service (DoS) or Distributed DoS (DDoS) attack [11]? This puts the consumer in a spot wherein the information which could be the very bloodline for the organization is not available when most needed [7, 10]. Typical examples are IaaS and PaaS offerings, where, due to insecure API’s and typical selling model of cloud provider are the biggest culprits. IaaS and PaaS offerings have hosted the botnets and trojan horses. Botnets have used IaaS servers for command and control functions i.e. exploiting server’s reach to use itself as a hub and launch attack against connected machines/virtual machines [2, 9].

C. Repudiation of Information Afore addressed issues of information Confidentiality,

Integrity and Availability become even more antagonistic when they are supplemented with the problem of ‘repudiation’. How can a consumer prove that the data/information he/she was seeking was tampered on the way? On the other hand, how can a cloud provider claim that the information transmitted was intact? Even if the integrity (e.g. CRC checksum) approves, could it be the case that someone peeped into the information and even modified the same? The problem of information repudiation is not a new one and amplifies in cloud environment where information has to pass through various physical, logical networks/links and is possible exposed to inquisitive audience.

D. Shared Platform issues Cloud works on the very model of ‘multi-tenancy’ [2, 4].

Cloud vendors, specifically, IaaS providers deliver their services in a scalable way by sharing infrastructure. Often, the underlying components which make up this infrastructure (e.g., CPU, GPUs, RAM etc.) were not designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. However, hypervisors have exhibited flaws [14] that allow the guest operating systems to gain unsuitable levels of control or influence on the underlying physical platform.

E. Service Hijacking Service hijacking allows hackers/attackers to

compromise the services like communication streams,

201201

sessions, ecommerce transactions and email transactions thereby launching malicious attacks such as phishing, fraud, and exploitation of known vulnerabilities [8]. Now, if an attacker gains illicit access to a cloud consumer’s login, he can eavesdrop the sessions or sniff the data in transit or modify and replay transactions. The latter allows redirecting the consumer’s (organization's) clients to otherwise illegal look-a-like sites. Session hijacking allows the attacker to launch a DoS or DDoS attack. Even worse still a legit account or service instance can be leveraged as a base for the attacker from where, he may leverage the power of the organization’s reputation to launch subsequent attacks [7] on the current and future clients. Such attacks which will go unnoticed by cloud provider and consumer alike, will ultimately warrant a business closure. In cloud, attack surface is huge and amplifies the effect of attack. The risk of VM-to-VM attacks or compromised Zombie VM as a hub for future attacks is greatly enhanced [10].

F. Loss of Control When an organization ports its data or information or

client/internal audience facing services to cloud, it is no longer in control of security controls implemented for that data except for the user-end [7, 10]. This poses a grave disquiet from a consumer perspective since, within their environment the data is within their reach and under strict organization security controls (governed by organization’s security policy/strategy). As depicted in figure 2 Loss of control of data is a primary concern for organizations to move their valued assets to cloud [12]

Figure 2. Loss of control over vital data is one of the top concerns [13]

G. Security Standards for Cloud As of today, while security standards are well developed

and defined for on premise deployments (Data Centers, Ecommerce, coding) there are no formal standards for defining a security framework for cloud, whether it is private, public, community or hybrid cloud. In lack of any governing body to define a concrete standard for cloud, many organizations, SMB’s, individuals hesitate to move their data/information to cloud provider hosted

infrastructure. While at first this may seem skeptical, it makes sense when you have to move something to cloud on which your business or survival will depend. You would not like to see the data been leaked to competition or detained by a government of some country where it was stored and the laws now forbid export of data beyond physical bounds (and you were not even aware of it!)

H. Compliance Issues As briefly mentioned in risk aversion section, compliance

with established security standards for software or processes is the line between success and failure for many organizations to adopt and leverage Cloud. Since, today, not all cloud providers are ready to provide internal/external integration or points of contact or storage/access mechanisms conforming to established standards, it becomes a crucial issue to address before cloud can be adopted at large and in the longer run to have customer/organization’s data exposed to a degree of known or unknown threats. As shown in figure 3, customers have shown their interests in having cloud provider conform to certain characteristics, some of which are highly desirable while others are taken as lower priority (default in scope) inclusion.

Figure 3. Security Compliance wishlist [18]

I. Security Management With the adoption of Cloud as a platform (IaaS, SaaS, or

SaaS) [4, 5] it is implicit that a large part, if not all of one's network, system, applications, and data will move under third-party provider control i.e. cloud provider. The cloud services delivery model will create islands (clouds) of virtual perimeters as well as a security model with responsibilities shared between the customer and the cloud service provider. This shared responsibility model [17] brings new security management challenges to the organization’s IT staff. The most potent question is whether the organization has adequate transparency from cloud services to manage the governance (shared responsibilities) and implementation of security management processes (preventive and detective

202202

controls) to assure the business continuity and that the data in the cloud is appropriately protected.

III. RESEARCH RESULTS AND DISCUSSIONS

Cloud is something which is ever changing (morphing) and dynamic [1, 3] and is very complex, primarily because of various factors such as: The processing power demand, storage complexity, elastic computing needs, virtualization, multi tenant environments, multiple applications executing at same time and so on. Because of the fact that virtual machine based architecture of cloud defies the physical bounds that are used for demarcating outside hostile world from (otherwise considered) inside sanitized domain, it becomes very tactical and difficult to be able to apply security controls at the right places, ensure processes are meticulously followed and a paradigm is achieved within above stated limitations.

To be able to build and realize a security paradigm which is adopted by cloud’s virtual, dynamic and elastic requirements, multiple security characteristics and attack vectors need to be addressed. These key characteristics would safeguard the cloud consumer and provider from aforementioned security issues.

A. Confidentiality and Integrity of Infromation The relationship of mutual trust only works when both

provider and consumer complement each other and support the security such that the whole ecosystem works seamlessly. To achieve confidentiality and integrity of information in transit or at rest, proper authentication, authorization and accounting (AAA) controls should be implemented by the cloud service provider and the end consumer alike. The credentials to access information on cloud should be individual, secure (One Time Password or RSA Tokens) and should not be shared [10] even within the entities (employees) of the consumer organization. Additionally, an authorization level associated with each individual’s job role/payroll would minimize the chances of exposure of information beyond what the organization security policy mandates. Implementing AAA services however is only one aspect of containing exposure of information. The other side of coin is as much important i.e. to effectively manage the keys used for encrypting/decrypting or hashing the data and, to have viable policies guiding revocation, erasure, and sanctity of information (in transit or at rest). The key lies in maintaining a key management system [9, 10] whereby, know-how of the keys is only available either with provider or consumer (sharing of mutual asymmetric keys). On the other front, the processes which are non-technical in nature play a crucial role in defining the time period for retention of data, rules for classifying data eligible for sanitization or revocation. An organization should port its data/information with mutual understanding with cloud provider i.e. their security policies and controls will be implemented, at least where it matters.

B. Avalibility of Information When porting services or applications to cloud,

organizations seldom think of disaster recovery (DR) and give up on planning for any local resources in lieu of cost saving. While, in a way, it is expected behavior (since moving to cloud had cost as one of the motivation factors), one way to achieve a degree of resiliency is to define a Service Level Agreement (SLA) [7, 11]. An SLA is a trust bond between cloud provider and consumer. It defines a maximum time for which the network resources or applications will not be available for use by the consumer, thereby setting expectations beforehand on both provider and consumer sides. An ideal way to resolve unavailability of resources/applications – due to unforeseen circumstances e.g. cloud provider connectivity disruption, hacker DoS attack etc., is to have a backup eventuality plan to cover an outage event. A local resource for most crucial information, synced with cloud server is an ideal proposition. On cloud provider side, active monitoring using Intrusion Prevention System (IPS) and strict access controls should be implemented. Additionally, a notification system based on email or SMS should be deployed to let the consumer(s) know of the possible/imminent down time.

C. Repudiation of Information Repudiation is an ongoing issue not only in conventional

however, also in cloud environment. A consumer or provider for that matter find themselves in a deep-hole when it comes to prove that the transaction they did was indeed them, or may decline that it was them (to prevent revealing a truth which will compromise their interests). To prevent the issue of repudiation at cloud level, the cloud provider has to ensure that a non-repudiation [17] enabled protocol or handshake is deployed whereby, the engaging parties cannot dismiss their participation in an argued transaction. A successful non-repudiating protocol would ensure that once the transaction begins, both sides agreed on the integrity of the data shared, downloaded or uploaded, and each side owned the MD5 and MD5 signature generated by the opposite site [16]. This will ensure that the transaction only succeeded when neither of MD5 signatures were tampered and both were accepted by either parties.

D. Shared Platform Issues Multi-tenancy is the core of Cloud and de-lining it

means, diluting Cloud IaaS, PaaS and SaaS services [2, 4]. Instead, cloud provider should implement meaningful and holistic security controls to monitor the VM environment for unauthorized changes and activity. Additionally, a process should be in place to define requirement and iterations for patching and vulnerability remediation. Finally, vulnerability scanning and configuration audits should be carried out at regular pre-defined intervals to ensure that, any new OS, BIOS, hardware or GPU level vulnerability can be detected and remediated. It is most desirable to have a logical, correlation [7, 9] topology for cloud VM and other process

203203

interaction, thereby, allowing security access, encryption, key management controls to be effectively distributed.

E. Service Disruptions As described earlier, service disruption [2] can land

almost any business/organization into a difficult situation wherein, the information required is not available when it is most desirable. To mitigate this threat/unpleasant behavior caused by DoS, DDoS attack(s), Defense-in-Depth technique should be employed in order to have security controls implemented at various layers throughout the cloud access path as well as within the consumer and provider network. Sharing of account credentials between consumers should be strictly denied [8]. The provider should deploy AAA for strong authentication and consequent authorization for legit consumer session. Security in a Cloud environment is responsibility of both provider and consumer thus, the consumer should allow implementation of Host Intrusion Prevention System (HIPS) at consumer endpoints, to curb all 0-day attacks and attack attempts. On the other hand, the provider should be flexible to accept consumer intended security strategy and help consumer port it to their VM’s in cloud.

F. Loss of Control Loss of control on information can spell disaster for an

organization. This (as illustrated earlier) is one of the major concerns of CIO’s before they can take a decision to move their data/information to cloud. To minimize the effect of losing the control on data in cloud, the organizations must understand cloud provider’s security policies, storage policies and SLAs [6]. This will enable in mutual understanding between provider and consumer about the way consumer’s data will be handled in cloud [4, 5]. Moreover, use of access controls with strong encryption to encrypt consumer data while at rest ensures that even if the data is detained say for example due to a country’s changing political environment (where the data was stored) it becomes useless without the right decryption keys. Thus, this mitigates the very fact that the consumer would ever lose control on their critical applications or data.

G. Security Standards for Cloud In absence of a single regulatory body for cloud security,

it becomes essential to liaise with cloud provider on the security controls they offer or intend to provide. Cloud Security controls are important and mostly resemble the details followed in any regular in-house hosted IT environment. Compliance environments [17] which can support and sustain privacy and integrity of consumer data include:

� SAS 70 - SAS 70 refers to “Statement on Auditing Standards 70: Service Organizations,” which issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA).

It is seen as an operational certification to help satisfy HIPAA requirements

� HIPAA - Health Insurance Portability and Accountability Act (HIPAA) mandates the requirements to be suitably secure both physically and logically, and that the data is protected

� PCI DSS – Payment Card Industry Data Security Standards (PCI) responsibilities of the CP include firewalls, intrusion detection, disaster recovery, physical controls and appropriate segmentation of staff duties

Therefore, it is important that a consumer should validate with its cloud provider about the standards which they support in order to safeguard their information assets.

H. Compliance Issues Compliance [18], especially PCI and HIPAA, may likely

continue to be a security issue, as organizations still often need to come to grips with completely different processes that they have for managing data and apps in the cloud, as compared to their on-premise Data Centers. The possible solution lies in use of a SaaS based product [3] and managed methods to secure and govern Cloud services and APIs in both public and private cloud infrastructure could provide a reasonable level of security which is compliant and in line with international standards. It’s necessary for comprehensive security (authentication, authorization, single sign on (SSO), user access management etc.) and monitoring (SLA management) and auditing that proper standard security controls [4] and interfaces [7] are part of Cloud provider's offer.

I. Security Management The answer to successful security management [18, 19]

in Cloud has two parts to it: � What security controls must the customer provide

over and above the controls inherent in the cloud platform

� How must an organization’s security management tools and processes adapt to manage security in the cloud

Both answers must be continually reevaluated [17] based on the sensitivity of the data and the service-level changes over time. As a customer of the cloud, you should start with the exercise of understanding the trust boundary of your services in the cloud. You should understand all the layers you own, touch, or interface with in the cloud service—network, host, application, database, storage, and web services including (not limited to) identity, authorization and accounting services. There are established security standards which can be leveraged for security management. The standards that are relevant to security management practices in the cloud are ITIL and ISO/IEC 27001 and 27002 Cloud Survey Report [19] – Security & Compliance.

204204

Figure 4. Security Management [19]

IV. CONCLUSION AND FUTURE WORK Cloud being a dynamic, ever-changing and virtualized

environment [4] faces many issues, despite of its merits. The most serious of all these issues is that of security of information – at rest or in transit. There are numerous security issues pertinent to cloud architecture of which, this paper has tried to address the most common and critical ones. While a 100% secure network is not realizable, cloud is no different and shares the same story. To build a secure paradigm for cloud, the consumer and provider have to be in harmony, with their needs and expectations chalked out. To achieve a secure paradigm, this paper focused on vital issues and at a minimum, from technology view point, the cloud security mechanisms should have the intelligence to be self-defending as well as have the ability to provide monitoring, attack detection and prevention of known and unknown threats. It is important to establish zones of trust [5, 8] within the cloud provider’s premises, at consumer endpoints and most importantly, on access paths to information resident or in transit through cloud.

This paper explores the plausibility of data/information security in cloud computing [1, 2, 4] environments. We have revealed the existing issues as they exist, in today’s cloud services and platforms due to non-availability of central governance for security standards for cloud, open access from anywhere, privilege escalation and connection eavesdropping or manipulation, weak security controls for access controls, incoherence between provider and consumer leading to misconceptions and influx of consumers to leverage power of cloud without thinking of the ultimate business goals and associated consequences.

Building a working security paradigm could be stepping stone for central regulatory body governing [17] legit use of cloud and standards build specifically for cloud providers. Moreover, it will be a motivation for various cloud security agencies to enforce the right set of security controls which are more suited to the dynamic cloud architecture, building on multiple layers of security. This can be achieved by implementing the right compliance standards, homogenous security controls, transparency of terms and privacy

agreements between cloud provider and customer, mandate audits and published results, secure interconnections etc.

It is interesting future work to have the Cloud security paradigm aligned with published security processes by CSA and NIST.

REFERENCES [1] Luis Vaquero, Luis Rodero-Merino, Juan Caceres, et al, "A break in

the clouds: towards a cloud definition," ACM SIGCOMM Computer Communication Review, vol. 39, pp. 50-55, 2009.

[2] F. Gens, “IDC on ‘the Cloud’: Get Ready for Expanded Research” http://blogs.idc.com/ie/?p=189, Sept. 23, 2008

[3] Wesam Dawoud, Ibrahim Takouna and Christoph Meinel, "Infrastructure as a service security: Challenges and solutions," in 2010 The 7th International Conference on Informatics and Systems, 2010, pp. 1-8.

[4] Cloud Computing – A Practical Approach by Velte, Tata McGraw-Hill Edition (ISBN-13:978-0-07-068351-8)

[5] Research paper – “Private Virtual Infrastructure (PVI) Model for Cloud Computing” International Journal of Software Engineering Research & Practices Vol.1, Issue 1, Jan, 2011

[6] Data Integrity and Availability http://www.mitre.org/work/areas/research/2011iebriefings/05MSR160-JA.pdf

[7] “Cloud Computing Bible” by Barrie Sosinsky, Wiley Publishing Inc. (ISBN-13: 978-0470903568)

[8] Wikipedia – Cloud computing security http://en.wikipedia.org/wiki/Cloud_computing_security

[9] Information: Confidentiality, Integrity and availability http://www.symantec.com/connect/blogs/information-integrity-confidentiality-availability

[10] ISACA (auditor’s perspective journal) http://www.isaca.org/Journal/Past-Issues/2009/Volume-6/Pages/Cloud-Computing-An-Auditor-s-Perspective1.aspx

[11] Research paper – “Cloud Computing and Security - A Natural Match” http://www.trustedcomputinggroup.org/resources/cloud_computing_and_security__a_natural_match

[12] Research paper – “Security Issues and Solutions in Cloud Computing” http://wolfhalton.info/2010/06/25/security-issues-and-solutions-in-cloud-computing/

[13] Trusted client to cloud access article http://soaexpressway.wordpress.com/2011/03/01/trusted-client-to-cloud-access/

[14] Cloud computing security forum http://cloudsecurity.org/

[15] Gov't Infosec Incidents Soar by 650% in 5 Years http://www.govinfosecurity.com/articles.php?art_id=4114

[16] Introduction to Signed Request http://wiki.opensocial.org/index.php?title=Introduction_To_Signed_Requests

[17] IT Regulatory Compliance Programs http://www.systemexperts.com/compliance-programs.html

[18] Cloud Survey Report – Security & Compliance http://blog.gogrid.com/2011/06/21/gogrid-cloud-survey-report-security-compliance-part-4/

[19] Cloud Security and Privacy Oreilly, Tim Mather, Subra Kumaraswamy

205205