INTRODUCTION

 

Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider
interaction. In addition it has some other advantages like providing low cost
infrastructure ,flexibility ,scalability, collaboration and ease of use and
also on-demand access   from
anywhere   through the internet is being
used by commercial entities and  also by conventional
users.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Characteristics
of cloud computing

According to the definition of NIST ,the cloud computing services have some
characteristics: on demand self service, broad network access , resource
pooling , rapid elasticity and measure service.1

 

As per NIST cloud computing  is described
using  three service models and four Deployment
models

Deployment
models :There are
four Deployment models in cloud11

·       Private cloud is deployed inside the boundary of the organization and its data
and  services cannot be accessed from
outside of an organization

·       Public cloud  has mega scalable infrastructure.
Is owned and managed by academic, business or government organizations
which  provides cloud services for open
use to the public.

·       Hybrid cloud is a combination of  both private
and public cloud usually private for sensitive data and strategic applications

·       Community cloud has a infrastructure and services that are provisioned for use by the
specific community of the customers.

 

                                                        

                                                          
Figure 1: Cloud deployment model

  

Cloud service
models

There are three types of service models in he cloud environment. User can select any one this three services based on their need 10
They are:

 

SaaS(Software as Service):
It is giving the ability to use the software and its functions on demand
remotely through the internet.It  removes
the huge responsibility of organizations such as set up, handling the
installations, maintenance , and daily preservations. Ex: Face book, Whatsapp,
Gmail etc.

PaaS (Platform as Service):
it can be described as application development environments offered by the
cloud provider as a service. It gives the user ability to deploy his
application on to the clouds infrastructure of provider. The development
execution environment should be programming language, operating system and
database. Example: Google App Engine.

IaaS(Infrastructure as Service):It provides the infrastructure such as servers, hardware, storage,
router and other networking modules to the users.

                                     

                                 Figure  2 : Cloud Service models

 

2. CLOUD ARCHITECTURE:

Cloud computing is a collection of resources
which can be availed on demand based. It is available over the internet in a
self service model with no interaction with the service provider. 

Cloud provides various products and services
with innovative , technical and pricing opportunities. As per NIST’s cloud
computing reference  architecture there
are five important actors that can influence and are impacted by cloud computing
along with its security implications.

1.    
Cloud
consumer – A person or organization that maintains a business relationship with ,
uses services from cloud providers

2.    
Cloud
provider – A person , organization or entity responsible for making a service available
to interested parties.

3.    
Cloud
auditor- A party that can conduct independent assessment of cloud services.
information system operations , security and performance of cloud
implementation

4.    
Cloud
broker – An entity that manages the use, performance and delivery of cloud
services and negotiates relationship between cloud consumers and providers.

5.    
Cloud
carrier- An intermediary  that provides
connectivity and transport of cloud services from cloud providers to cloud
consumers 2

 

            

              
Figure 3: NIST reference cloud architecture2

3. SECURITY OPEN ISSUES AND THREATS

 

The adaption of cloud has been reached to the
peak point and it is expected that more workloads will move from traditional
local storage to cloud,  ranging from
internet users  to commercial
organizations. While there are many security problems to be identified and
analysed in various aspects like  1)
Privileged  User Access Management  2) Regulatory 
Compliance 3) Data Location 4) Data 
Segregation 6) Data protection and recovery support 7)Investigative
support and 8) Long Term Viability.

 

Cloud computing  provides many benefits on other side  it suffers from security issues which cannot
be ignored.  In the  recent report of ENISA ,  thirteen technical risks were identified   

As per NIST’s report cloud computing is
facing some security challenges which are resulting from the cloud’s wide range
of outsourcing , Network Dependency, 
multi tenancy ,and scalability.

Fernandes et al.3 6provided thorough review
of the research literature to define cloud security open issues and challenges.

Main security challenges are

·      
Shared technologies vulnerabilities

·      
Data breach

·      
Account or service traffic hijacking

·      
Denial of service (DOS)

·      
Malicious insiders

                         

                                Figure 4: cloud
platform attack vectors6

 

The above mentioned open issues can be
caused by three main vectors of attack : Network, Hypervisor and Computing
Hardware and the various attackers are 
internal users, External users and cloud provider itself(malicious
employee)

Network is one of the most important
vector in cloud platform with which the application can run

Hypervisor: It is a program that would enable you to host
several different virtual machines on a single hardware. The Hypervisor is also
known as Virtual Machine Monitor(VMM).The Hypervisor presents the guest
operating Systems with a virtual operating platform and it manages the
execution of the guest operating systems. Hypervisor is the fundamental part
that guarantee the multi tenancy feature in the cloud computing, The  memory bus, disk bus,   data and instruction caches and other VM
instances  are some of the physical
recourses.

External users can attack against the
cloud infrastructure through the network. 
They can effect data integrity , confidentiality by tampering  the communication channels. They can effect
the availability of cloud provider data centres.

Internal Users  (owners of VM instance) can exploit the
hypervisor to attack another VM 
instance   which is by the multi
tenancy feature ie both the attacker and victim share the same host. It may
lead to breaches of confidentiality of sensitive information6

The Cloud provider itself might be an
attacker. The employees could exploit their privileged position  to steal the sensitive user information either
by physical or logical manipulation of hardware platform .

Table 1: 4  Cloud threats and attacks

 

TYPES

EFFECTS

SOLUTIONS

Threats

Different service
delivery/receiving model

Loss of control over the
infrastructure of the cloud

Offering services under the
control and monitoring

Abusive use of cloud computing

 validation loss, fraud service , stronger
attack due to unidentified sign-up

Observe the network status,
provide robust registration and authentication technique

Insecure interface and API

Improper authentication and
authorization, wrong transmission of the content

Data transmission is in encrypted
form, strong access control and authentication mechanism

Malicious insiders

Penetrate organizations resources,
damage assets, loss of productivity, affect an operation

Use agreement reporting and breach
notifications, transparent security and management process

Shared technology issues

Interfere one user services to
other user services by compromising hypervisor

Audit configuration and
vulnerability, for administrative task use strong authentication and access
control mechanisms

Data loss and leakage

Personal sensitive data can be
deleted, destructed, corrupted or modified

Provide data storage and backup
mechanisms

Service/Account hijacking

Stolen user account credentials,
access the critical area of the cloud, allowing the attacker to compromise
the security of the services

Adoption  of 
strong  authentication  mechanisms, 
security policies, and secure communication channel

Risk profiling

Internal security operations,
security policies, configuration breach, patching, auditing and logging

Acknowledge partial logs, data and
infrastructure aspect, to secure data use monitoring and altering system

Identity theft

An aggressor can get identity of a
valid user to access that user resources and take credits or other benefits
in that user name

Use strong multi-tier passwords
and authentication mechanisms

Attacks

Zombie attack(DoS/DDoS attack)

Service  availability  affected, 
may  be create a fake service

Strong  authentication  and 
authorization

Service injection attack

Service integrity distressed,
Malicious service provided to users instead of valid service

Strong  isolation 
mechanisms  between VMs, use
hash function to check service integrity, Web service  security, 
adopt  secure  web browsers and API

Attack on
virtualization/hypervisor

Access  the credentials  and control to another user

Need a hypervisor security
solutions, monitor hypervisor activities, VM isolation required

User to root attacks

Affect  the 
privacy  of  user’s 
sensitive information and services

Use  strong 
password,  better  authentication mechanism

Port scanning

Abnormal behaviour of the service,
affect service availability

Required strong port security

Man-in-middle attack

Penetrate the data privacy and
security

Required a proper secure Secure
Socket Layer (SSL) architecture

Metadata spoofing attack

Abnormal behaviour of the service,
affect privacy of the service

Service functionality and other
details should be kept in encrypted form, to access the file required a
strong authentication mechanism

Phishing attack

Affect the privacy of the user
credentials that should not be revealed

Use secure web link (HTTPS)
 

Backdoor channel attack

Affect the service availability
and data privacy, provides rights for gaining valid user’s resources

Required strong authentication, and
isolation mechanisms

Table 2:
classification of the cloud computing security issues

Post Author: admin

x

Hi!
I'm Eileen!

Would you like to get a custom essay? How about receiving a customized one?

Check it out