Mohammad Sadegh, Norouzzadeh, Cloud Computing Access/Security Issues and Trends,
M.S., Computer Science Department, May, 2014.
Cloud systems have gotten considerable attention in recent years because they are cost ecient, easily accessible, and exible. Despite the popularity of cloud systems, there exist various concerns about their availability, security and privacy. In this paper I provide the history of cloud systems, discussion of advantages and disadvantages, and some security and privacy concerns along with possible remedies. These security concerns include trust, condentiality, integrity, availability, accountability and privacy. 1 CLOUD COMPUTING ACCESS/SECURITY ISSUES AND TRENDS by Norouzzadeh Mohammad Sadegh, B.S.E.E. A thesis submitted to the Computer Science Department and the University of Wyoming in partial fulllment of the requirements for the degree of MASTER OF SCIENCE in ELECTRICAL ENGINEERING Laramie, Wyoming May 2014 Contents List of Figures iii Chapter 1 Introduction 1 1.1 Denition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Cloud Computing Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.4 Cloud Computing Disadvantages . . . . . . . . . . . . . . . . . . . . . . . . 3 1.5 Cloud Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.6 Cloud Services Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Chapter 2 Security Concerns 7 2.1 Security and Privacy Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 Classication of Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chapter 3 Conclusion 11 3.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 References 12 ii List of Figures 1.1 Could computing models overview . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Cloud Services Architecture [7] . . . . . . . . . . . . . . . . . . . . . . . . . 6 iii Chapter 1 Introduction Cloud systems is one of the most growing disciplines in computer science and computer industry. In this paper rst I have given some backgrounds and denitions about the cloud system. Then I have reviewed known advantages and disadvantages of cloud systems. One of the great concerns about the cloud systems is security and privacy concerns, in this paper I have tried to give a general overview of security issues about cloud systems along with their solutions. 1.1 Denition There exist various denitions for cloud systems [4] [18] [12] [10] [3] [2] [1]. I have extracted common concepts of these denitions and tried to provide a simple and yet comprehensive denition of cloud systems. In general, cloud systems refer to any service that could be used over the Internet. These services could include data storage, computing service and etc. Just like electricity, when you want to use your electrical devices you do not need to have a generator for your own. You can pay a specied cost to electricity company and buy electricity for your needs. Similarly in cloud computing, people and organizations do not pay to have their own hardware, software and network; they instead could buy their computing services. 1 1.2 History As a most dependable story, the origin of the cloud computing term goes back to 1996, when a group of professionals tried to sketch Internet business in future and entitled it cloud computing. [11] Having centralized computing resource was not a completely new idea, in early days of computing there was mainframe computers and multiple users was sharing computing re- sources. Because of high expenses of computers, companies tend to share their computational resources with other companies to keep their expenses reasonable. 1.3 Cloud Computing Advantages Cloud systems have many advantages, here I list important advantages of cloud systems with their short description. Cost Eciency You can do more computations with less cost. To use cloud computing, you do not need to have an expensive PC with powerful CPUs and much of memory. Also you could perform more resource demanding computational jobs. Performance Using cloud computing, you have less application on your PC and your computer will perform faster. Less Software Costs You do not have to buy expensive software packages to fulll your requirements. For example consider free Google doc service versus Microsoft Oce. Rapid and Continues Software Upgrades You do not have to care about troubleshooting and updating your software. When you are using cloud computing service you could enjoy your up-to-date software without extra charges. 2 Less Compatibility Issues You no longer have to care about compatibility issues of your documents and software over various computers and operating systems. Unlimited Storage Capacity Cloud computing servers have hard disks with petabytes of capacity; therefore you can stores almost anything that you want without caring about capacity. Reliability Without any doubt you have been in a situation where your computer crashed and some of your valuable information are corrupted. Cloud computing service providers will care about regular backups and redundancy of your information and you can enjoy. Accessibility Whenever you have access to a computer and the Internet you could use your cloud services. Also you can easily share your information with others. Moreover you always have latest versions of your information and you do not have to synchronize multiple copy of them on various computers. Hardware Independent You are not limited to a specic network or a specic computer. Even if you change your computer, you could access to same information and computing resources. 1.4 Cloud Computing Disadvantages Cloud computing has some disadvantages too. You can see the main disadvantages of cloud computing with their short description below. Internet Connection You must always have a good quality Internet connection. If you do not have an Internet connection you are unable to access your own documents. In addition usually you need to a high-speed Internet connection to upload or download your information. 3 Maybe They Are Slow Even if you have access to high-speed Internet, web applications could be slower than desktop applications because everything must be exchanged between computers over the cloud. Limited Features This situation is going to change but currently web based applications do not have as many tools as their desktop peers have. For example Google doc does not support every features of Microsoft Oce. Security and Privacy Concerns Security and privacy issues are the main problems with cloud computing systems [9] [5] [6] [19]. Users stores their valuable information over the cloud and they want to ensure that their data will be safe and secure. In this paper I will review some main security concerns about the cloud computing systems along with their remedies on chapter 2. 1.5 Cloud Types Various Types of cloud computing are exist [1]. Here I have reviewed ve types of them. The general overview of these types could be seen on gure 1.1 . Figure 1.1: Could computing models overview Public Cloud 4 In this model, services are open to public use and services are dynamically rendered to users. Just like electricity or telephone companies, cloud providers send bills to customers. Privacy concerns are most important problem with public clouds, which prevent their widespread use in many business scenarios. Private Cloud Private clouds are used exclusively by a single company. Private clouds are the most exible, reliable and secure type of clouds. However, they could be more expensive and they are violating the primary purpose of cloud computing i.e cost eciency. Virtual Private Cloud (VPC) Virtual private clouds are a combination of public and private clouds which could address limitations of both types. a VPC is a private cloud which runs over a public cloud; therefore it could be exible, secure and cost ecient. Community Cloud When a group of organizations have similar requirements and issues, they could share their cloud infra-structure and utilize them with spending fewer costs. This models maybe more expensive than public cloud but it will be more secure, more condential and more compatible with requirements. Hybrid Cloud Hybrid cloud is another combination of public and private clouds to overcome limi- tations of both types. This model consist of multiple other cloud systems (private, public or community clouds). In hybrid clouds some parts of clouds are private cloud and some other parts are public clouds. However hybrid clouds require a very careful design to divide their parts between various types. 5 1.6 Cloud Services Architecture Clouds may oer various level of services. In general there exist three main levels of cloud services which usually referred to as cloud stack. The overall diagram of these level has been shown on gure 1.2 [7]. In Infrastructure-as-a-Service (IaaS), resources such as computational power or storage capacity are oered as services. In Platform-as-a-Service (PaaS) cloud provides an environment for programming or software execution. Software as a Service (SaaS) which is highest level of service, oers software applications as a service. Figure 1.2: Cloud Services Architecture [7] 6 Chapter 2 Security Concerns 2.1 Security and Privacy Concerns As mentioned before, security concerns is one of the great challenges of cloud systems. In this chapter I have reviewed various privacy and security concerns along with their remedies. Security and privacy concerns about cloud systems generally could be classied into six main areas based on their concepts. These six categories are related to trust, condentiality, integrity, availability, accountability and privacy. Xiao and Xiao have put a nice picture about classication of security threats on their paper [16]. Trust There exist various denition for trust [10]. Trust means that the customer is certain that the organization oers required services accurately and infallibly [19]. The notion of trust in cloud systems is highly depended on type of cloud and level of service. Zissis and Lekkas [19] have proposed Trusted Third Party (TTP) within a cloud to be certain about condentiality, integrity and authenticity of information. Condentiality Condentiality means that data and computations of users are kept from accessing by both cloud provider and other users. The risk of data closure in clouds is increases because of higher number of users, devices and programs involved. There exist various 7 threats and their solutions about condentiality [14] [15] [17]. Having strong authen- tication, authorization and encryption could reduce the risk of condentially threats. Xiao and Xiao [16] have given a nice classication of condentiality concerns and their defense strategies. Integrity In brief, integrity of data means that any change over data must be monitored by cloud system. On the other hand, computation integrity means that programs should be executed without any additions and changes (for example by malwares). Zissini and Lekkas [19] have given a good explanation of integrity, its threats and remedies. Availability One of the main advantages of cloud services is availability. Availability means that the cloud be accessible and usable upon customers demand. Cloud must be able to carry on operations even in case of misbehaving by users and probability of a security threat. Deny of Service (DOS) attack and Fraudulent Resource Consumption (FRC) attack are the main security concerns in this area. For more details information about these types of attacks and their defense strategies please refer to [16]. Accountability Accountability means ability to identifying responsible of events in cloud systems. Accountability could be very important from legal point of view. Privacy In cloud systems, data and programs of users are stored in cloud servers so there exist a potential risk of disclosure of these information. Privacy is the most important challenge of cloud computing systems [16]. 8 2.2 Classication of Attacks In this section I give a classication of known attacks along with their known solutions. These attacks have classied by National Institute of Science and Technology (NIST) [13] [8]. Cloud Abuse Attacker may access to the cloud and inject malicious codes to many computers. This threat is one of the most harmful threats about the cloud systems. Careful registration and validation of users along with continues inspection of online users could be a possible solution to this attack. Insecure Application Interface Application interfaces may lack of strong authentication, authorization and encryption. Therefore some detailed investigation must be used in order to make sure about security of application interfaces. Trust Transparency in providing services is one of the customers rights. Using well-known standards and protocols is a possible solution for this type of concerns. Vulnerability in Used Technology Cloud systems are using various technologies such as operating systems, network re- walls and etc. These technologies may have their own vulnerabilities. Continues mon- itoring and Updating this technologies could be a possible remedy for this concern. Information Theft Information theft could be another major concern about cloud systems. Having strong security consideration and constantly upgrading used technology could provide a rem- edy for this type of concern. Account, Service and Trac Hijack 9 Users always must be aware about possibility of hijacking their account, service and trac. Prevention from sharing accounts, using strong authentication techniques and active monitoring are possible ways to remedy this concern. Unknown Threats Always there exist probability of being attacked by novel methods. Constant moni- toring and researching about vulnerability of systems are two of the known possible solutions for this type of threats. 10 Chapter 3 Conclusion 3.1 Conclusion Cloud computing oers a lot of benets but it has its own limitations and drawbacks. Secu- rity and privacy concerns are the main challenge about cloud computing. In this paper I have briey reviewed some concepts about cloud computing. Also I have reviewed key security issues about cloud computing along with some possible solutions. Due to security concerns many business companies did not started to use cloud systems yet; therefore security prob- lems is the main obstacle to widespread use of cloud system. To overcome this obstacle continues research in addition to new secure standards and protocols would be necessary. If we could have strong standards and protocols, then large companies would trust in cloud computing and the world of computation will be revolutionized. 11 References [1] Michael Armbrust, Armando Fox, Rean Grith, Anthony D Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. A view of cloud computing. Communications of the ACM, 53(4):5058, 2010. [2] Rajkumar Buyya, James Broberg, and Andrzej M Goscinski. Cloud computing: Prin- ciples and paradigms, volume 87. John Wiley & Sons, 2010. [3] Borko Furht. Cloud computing fundamentals. In Handbook of cloud computing, pages 319. Springer, 2010. [4] Amit Goyal and Sara Dadizadeh. A survey on cloud computing. University of British Columbia Technical Report for CS, 508:5558, 2009. [5] Balachandra Reddy Kandukuri, V Ramakrishna Paturi, and Atanu Rakshit. Cloud security issues. In Services Computing, 2009. SCC09. IEEE International Conference on, pages 517520. IEEE, 2009. [6] Lori M Kaufman. Data security in the world of cloud computing. Security & Privacy, IEEE, 7(4):6164, 2009. [7] Alexander Lenk, Markus Klems, Jens Nimis, Stefan Tai, and Thomas Sandholm. Whats inside the cloud? an architectural map of the cloud landscape. In Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages 2331. IEEE Computer Society, 2009. [8] Peter Mell and Tim Grance. The nist denition of cloud computing. National Institute of Standards and Technology, 53(6):50, 2009. [9] Siani Pearson and Azzedine Benameur. Privacy, security and trust issues arising from cloud computing. In Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on, pages 693702. IEEE, 2010. [10] Siani Pearson and George Yee. Privacy and Security for Cloud Computing. Springer, 2013. [11] Antonio Regalado. Who coined cloud computing ? http://www.technologyreview. com/news/425970/who-coined-cloud-computing/, 2011. 12 [12] Bhaskar Prasad Rimal, Eunmi Choi, and Ian Lumb. A taxonomy and survey of cloud computing systems. In INC, IMS and IDC, 2009. NCM09. Fifth International Joint Conference on, pages 4451. Ieee, 2009. [13] Payam Sadeghzadeh, Davood Bahrepour, and Peyman Sadeghzadeh. Analysis of secu- rity challenges in cloud computing. In The 8th Symposium on Advances in Science and Technology, Mashhad, Iran, pages 111, 2012. [14] Hassan Takabi, James BD Joshi, and Gail-Joon Ahn. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6):2431, 2010. [15] Cong Wang, Sherman SM Chow, Qian Wang, Kui Ren, and Wenjing Lou. Privacy- preserving public auditing for secure cloud storage. Computers, IEEE Transactions on, 62(2):362375, 2013. [16] Zhifeng Xiao and Yang Xiao. Security and privacy in cloud computing. Communications Surveys & Tutorials, IEEE, 15(2):843859, 2013. [17] Jianfeng Yang and Zhibin Chen. Cloud computing research and security issues. In Com- putational Intelligence and Software Engineering (CiSE), 2010 International Conference on, pages 13. IEEE, 2010. [18] Qi Zhang, Lu Cheng, and Raouf Boutaba. Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1):718, 2010. [19] Dimitrios Zissis and Dimitrios Lekkas. Addressing cloud computing security issues. Future Generation Computer Systems, 28(3):583592, 2012. 13