Professional Documents
Culture Documents
Cloud Security Paper
Cloud Security Paper
net/publication/301348543
CITATIONS READS
0 6,447
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Salam Ismaeel on 24 May 2016.
2
sectors; growing adoption of cloud services - Access: representing physical ac-
in government departments; Rise in cloud cess, credentials, authentication, au-
service-specific attacks; Growing usage of thorization, identity management, and
cloud services for critical data storage; Rise anonymization.
in employee mobility.
This paper gives an introduction about But according to the Cloud Security Al-
the security issues in cloud environments liance (CSA), the top threats to cloud com-
with some possible treatments. In the paper, puting are: Abuse and nefarious use of
we put more focus on data encryption in cloud computing; Insecure interfaces and
the cloud. Additionally, OpenStack security APIs, Malicious insiders, Shared technol-
considerations will be covered in the last ogy issues, Data loss or leakage, Account or
section of this work. service hijacking and Unknown risk profile
[2, 5]. The next subsections describe each
threat separately.
3 Security Issues in Cloud A. Gap in Security In the cloud
environment, customers cede control to
There are numbers of security issues for the cloud provider; there is a related risk
cloud computing, some of which are new, that the Cloud Service Provider (CSP) will
which are exacerbated by cloud models, and not adequately handle the responsibility
others are similar to traditional service pro- of addressing security the way they are
vision models. supposed to, or even that Service Level
The security risks depend greatly on the Agreements (SLAs) do not include any
cloud service and the deployment model. provision of the necessary security services.
Security issues in the cloud can be classified This risk is dependent on the service model
into [4]: used in the cloud.
3
or co-hosted customers; and Attackers may hybrid storage cloud. However, in general,
also use de-anonymization techniques. cloud services can be more resilient than
The damage that can be caused in traditional services.
these cases can be greater than non-cloud
environments, due to the scale of operation G. Isolation Failure In SaaS model, the
and the presence of certain roles in cloud customers are users of multi-tenant appli-
architectures with potentially extensive cations developed by CSPs, where personal
access including CSP system administra- data and even financial data are stored by
tors and managed security service providers. CSP in the cloud, and it is the responsibility
of the CSP to secure that data. There is a
C. Vendor Lock-In As there is no risk that the mechanisms that separate stor-
standardized communication between and age, memory or routing between different
within cloud providers and no standardized tenants might fail, and hence, for example,
data export format, it is difficult to migrate other tenants could access sensitive infor-
from one cloud provider to another or bring mation that belong to other customers.
back data and process it in-house. Virtual machines (VMs) are sandboxed
environments and therefore completely
D. Inadequate Data Deletion The isolated from each other. This assumption
problem lies in ensuring that data that makes it safe for users to share the same
should be deleted is actually wiped securely hardware. The use of virtualization can
cannot be recovered by a CSP. This introduce new security vulnerabilities, such
problem is exacerbated in cloud because: as: (a) Attackers can escape the boundaries
(a) multiple copies of the data is available of this sandboxed environment and have
on the cloud (b) it might be impossible full access to the host. (b) Cross-VM
to destroy a disk since it is storing other side-channel attacks, where the attacker
customers data. These risks of data breaches the isolation between VMs
exposure vary according to the service allowing extraction of data via information
model. leakage due to the sharing of physical
resources. (c) Virtual network attacks,
E. Compromise of the Management which occur with inadequate data deletion
Interface This poses an increased risk before memory is assigned to a different
compared to traditional hosting providers customer or escape to the hypervisor, where
because remote access and web browser an attacker uses a guest virtual machine
vulnerabilities can be introduced and hence, to attack vulnerabilities in the hypervisor
access can be given via these interfaces to software.
larger sets of resources.
H. Missing Assurance and Trans-
F. Backup Vulnerabilities This serves parency Cloud customers need to obtain
as a form of backup, although it can lead assurance from cloud service providers that
to additional liabilities and threats from their data will be protected properly. They
attackers. There is still potential for the may also require that they are notified about
data to be lost, particularly with Storage as security and privacy incidents. However, in
a Service. A popular solution is a type of some cases, taking this approach can be
4
difficult, particularly in cases of multiple (i) Data leakage: API access control
transfers of data. should be implemented strongly. En-
Cloud-based storage of data that requires cryption techniques should be enabled to
privacy assurance (such as personal data) protect the integrity of data in transit as
is almost always deployed in private clouds. well as at rest. Furthermore, the protection
Heterogeneous cloud infrastructures make of data should be analyzed at the time of
it difficult to have effective controls to check design as well as run time.
privacy compliance in an automated way,
and the end user has no means to verify (ii) Abuse of cloud : Enforcing strict
that his/her privacy requirements are being initial registration with validation processes,
fulfilled. enhanced service for coordination and
An open problem is finding a balance monitoring of credit card fraud, service for
between data provenance and related monitoring blacklists (public) for one’s own
privacy or other regulatory constraints in network blocks.
the cloud, where physical perimeters are
not clearly delimited. (iii) Insecure Interfaces and
APIs:Proper analysis of the security
I. Inadequate Monitoring, Compli- model of the interfaces is important. Also,
ance and Audit If a cloud customer mi- Ensuring that strong access control and
grates to the cloud, their previous invest- authentication methods are incorporated
ment in security certification may be put with the encrypted transmission.
at risk if the CSP cannot provide evidence
of their compliance with the relevant re-
(iv) Malicious Insiders: Supply chain
quirements and does not enable the cloud
management should be enforced strictly
customer to audit its processing of the cus-
and comprehensive supplier assessment
tomers’ data. Furthermore, it may be diffi-
should also be conducted a as part of
cult to evaluate how cloud computing affects
legal contracts specified in human resource
compliance with internal security policies.
requirements. Transparency is needed to
CSPs need to implement internal compli-
be maintained in all information security
ance monitoring controls, in addition to an
practices and compliance reporting. Deter-
external audit process.
mination of a security breaches notification
However, provisioning of a full audit trail processes is needed.
within the cloud, particularly in public
cloud models, is still an unsolved issue.
(v) Shared Technology Issues: Se-
curity should be implemented during
4 Possible Treatment configuration. Environment activity
should be monitored effectively. Powerful
Full protection of the enterprise or its cus- authentication and control access should be
tomers’ personal information in the IaaS promoted for the process of administration
cloud is difficult, but not impossible [6]. and activities. Service level agreements
This section summarizes some possible treat- (SLA) should be enforced for the remedy
ments for the security problems listed in the of patching and vulnerability. Scanning
previous section [7]. of vulnerability and configuration audits
5
should have to be conducted.
6
suitable type of encryption based on application functionality. The power
business requirements and specifying the of such encryption is that no practical
algorithm within that class [11]. attacker can crate a valid ciphertexts
or modify a legitimate ciphertext with-
Full Disk Encryption (FDE) is one of the out the user noticing . However, this
well known techniques in which encryption sacrifices search, document preview, and
of the entire hard drive occurs while the other types of an application’s functionality.
device it is installed in is powered off
or first powered on, before the user or II. Selective encryption: It is done
administrator provides authentication to by encrypting only sensitive data such
enable the device to boot up. It protects as social security numbers or account
data from being compromised if the server numbers. Selective encryption is often
or its storage is lost or stolen. But FDE used in sharing applications when content
does absolutely nothing to protect a Server inspection and identification capability is
Area Network (SAN) that is powered on used to determine sensitive data, enabling
and running on a cloud data center from users to encrypt based on a policy. Search
Malware, insider threats, and other current functionality in this type of encryption may
threats. not be available.
7
attacks possible. (3) Search by prefix : by 6 Encryption Key Manage-
leveraging a local search tokenization index,
ment
i.e. local plaintext index of search word
as data is sent to a cloud provider. The One of the most difficult processes in public
main problem in this approach is that cloud computing is key management. When-
the user requires access to the local index ever, we have strong key management we
before going to the cloud. Also, this local should get strong security. Because key
index represents a good target for attackers. generation and management for cloud com-
puting paradigm is not standardized, in this
section the best practices for encryption key
management are summarized [5, 13, 14]:
V. Order-Preserving Encryption (OPE):
in this type, the ciphertexts preserve order - Maintain control of all private/secret
of plaintexts. This make it easy to search, encryption keys. It’s fine to use en-
sort, query the ciphertexts. But totally cryption services offered by the cloud
effects the confidentiality of the ciphertext provider or a reputable third party, as
because of the leakage of the relative long as the party offering the services
distance between it and the underlying do not get access to the encryption
plaintexts. keys.
8
data in a matter that they maintain control Dashboard (horizon) It is a public
over the encryption keys. These keys should facing manner with all the usual security
be stored separately from the encrypted concerns of public web portals. Identity
data to prevent a single compromise from (keystone) Security concerns here related
granting access to both the keys and the to trust in authentication, management of
data they protect. Moreover, encryption authorization tokens, and secure communi-
should be configured to be transparent to cation.
users so that it does not affect usability. Image (glance) Trusted processes for
managing the life cycle of disk images
are required, as are all the previously
7 OpenStack: Security Do- mentioned issues with respect to data
mains security.
Data processing (sahara) Security con-
This section gives an overview of OpenStack siderations for data processing should focus
Services security considerations and Open- on data privacy and secure communications
Stack security domains. All these part need to provisioned clusters.
further studying and analysis. The goal is to
give a brief idea about these topics. All the- Other Consideration OpenStack re-
sis information are mainly given by Open- lies on messaging for internal communica-
Stack Organization, specially from [15]. tion between several of its services. By de-
fault, OpenStack uses message queues based
7.1 OpenStack Security on the Advanced Message Queue Protocol
Consideration (AMQP). The message queuing system is a
primary security concern for any OpenStack
OpenStack components’ security considera- deployment.
tions are: At last, securing the access to the
Compute (nova) The security of databases and their contents is yet another
Compute is critical for an OpenStack security concern.
deployment. The techniques used should
include support for strong instance iso-
7.2 OpenStack Security Domains
lation, secure communication between
Compute sub-components, and resiliency A security domain includes users, applica-
of public-facing API endpoints. tions, servers or networks that share com-
Object Storage (swift) and Block mon trust requirements and expectations
Storage (Cinder) In the two modules, within a system. Typically they have the
security should focus on access control and same authentication and authorization re-
encryption of data in transit and at rest. quirements and users.
Other concerns may relate to system abuse, Although you may desire to break these
illegal or malicious content storage, and domains down further, generally these four
cross authentication attack vectors. distinct security domains (Public, Guest,
Networking (neutron) Security concerns Management and Data) form the minimum
with the networking service include network that is required to deploy any OpenStack
traffic isolation, availability, integrity and cloud securely. These security domains
confidentiality. can be mapped independently or combined
9
to represent the majority of the possible is considered trusted. However, when
areas of trust within a given OpenStack considering an OpenStack deployment,
deployment. there are many systems that bridge this
domain with others, potentially reducing
Public The public security domain is the level of trust you can place on this
an entirely untrusted area of the cloud domain.
infrastructure. It can refer to the Internet
as a whole or simply to networks over which Data The data security domain is
you have no authority. Any data that concerned primarily with information
transits this domain with confidentiality or pertaining to the storage services within
integrity requirements should be protected OpenStack. Most of the data transmitted
using compensating controls. This domain across this network requires high levels
should always be considered untrusted. of integrity and confidentiality. In some
cases, depending on the type of deployment
there may also be strong availability
Guest Typically used for compute
requirements.
instance-to-instance traffic, the guest
security domain handles compute data
generated by instances on the cloud but Bridging security domains A bridge
not services that support the operation is a component that exists inside more than
of the cloud, such as API calls. Public one security domain. Any component that
and private cloud providers that do not bridges security domains with different trust
have stringent controls on instance use levels or authentication requirements must
or allow unrestricted internet access to be carefully configured. These bridges are
VMs should consider this domain to be often the weak points in network architec-
untrusted. Private cloud providers may ture. A bridge should always be configured
want to consider this network as internal to meet the security requirements of the
and trusted, only if the proper controls are highest trust level of any of the domains
implemented to assert that the instances it is bridging. In many cases the security
and all associated tenants are to be trusted. controls for bridges should be a primary
concern due to the likelihood of attack.
10
esting platform during our course,security risk and remedy,” in Computational In-
considerations in OpenStack Services were telligence and Networks (CINE), 2015
given. But still, the chapter should cover International Conference on. IEEE,
more details about Keystone project that 2015, pp. 192–193.
provides Identity, Token, Catalog and Pol-
icy services for use specifically by projects [8] M. Stihler, A. O. Santin, A. L. Mar-
in the OpenStack family. con Jr, and J. D. S. Fraga, “Integral fed-
erated identity management for cloud
computing,” in New Technologies, Mo-
References bility and Security (NTMS), 2012 5th
International Conference on. IEEE,
[1] T. G. Peter M. Mell. (2011) The nist 2012, pp. 1–5.
definition of cloud computing.
[9] J. Reavis, “How intel cloud sso works,”
[2] S. Pearson and G. Yee, Privacy and Tech. Rep., 2015. [Online]. Available:
security for cloud computing. Springer http://www.opendatacenteralliance.org
Science & Business Media, 2013.
[10] T. Eid, “Cloud single sign-on for saas
[3] V. Chary and A. Krishna. (2012) providers,” Tech. Rep., 2015. [Online].
Cloud security. [Online]. Available: Available: https://www.intralinks.com
http://www.slideshare.net/VenkateshChary/cloud-
[11] A. Boldyreva and P. Grubbs, “Making
security-ppt encryption work in the cloud,” Network
Security, vol. 2014, no. 10, pp. 8 – 10,
[4] D. Fernandes, L. Soares, J. Gomes,
2014.
M. Freire, and P. Incio, “Security
issues in cloud environments: a [12] S. Ruj and R. Saxena, “Securing cloud
survey,” International Journal of data,” Cloud Computing with e-Science
Information Security, vol. 13, no. 2, Applications, p. 41, 2015.
pp. 113–170, 2014. [Online]. Available:
http://dx.doi.org/10.1007/s10207- [13] M. Ali, S. U. Khan, and A. V. Vasi-
013-0208-7 lakos, “Security in cloud computing:
Opportunities and challenges,” Infor-
[5] C. S. Alliance. (2011) Security guid- mation Sciences, vol. 305, pp. 357–383,
ance for critical areas of focus in cloud 2015.
computing v3.0. [Online]. Available:
https://cloudsecurityalliance.org [14] K. Scarfone, “The true story of
data-at-rest encryption and the cloud,”
[6] H. Albaroodi, S. Manickam, and Tech. Rep., 2015. [Online]. Available:
P. Singh, “Critical review of openstack https://www.firehost.com
security: Issues and weaknesses,” Jour-
[15] OpenStack. (2015) Openstack se-
nal of Computer Science, vol. 10, no. 1,
curity guide. [Online]. Available:
p. 23, 2013.
http://docs.openstack.org/sec/
[7] A. Aich, A. Sen, and S. R. Dash, “A
survey on cloud environment security
11