Cloud Computing: Security Threats and Solutions - ?· Cloud Computing: Security Threats and Solutions…

  • Published on

  • View

  • Download

Embed Size (px)


  • Cloud Computing: Security Threats and Solutions

    Nityendra Nath Shukla1 and Vijander Singh2

    Department of computer science

    Amity University Rajasthan, India e-mail1:


    Abstract Virtualization plays a major role in the handling

    of cloud technology. Cloud computing uses

    virtualization to the maximum extent to give cost-

    effective services to the customer. But, it leads to a

    major flaw the current cloud industry is facing. The

    issue related to security in cloud has always been a

    hot topic for research and debate between the


    This paper identifies the problems in security in

    cloud computing and tries to magnify it in terms of

    cloud computing based on the analysis of security

    threats of a cloud and also the technical components are taken into account.

    Keywords: cloud computing, security problems,

    threats, cloud service user and cloud service provider.

    INTRODUCTION According to the National Institute of Standards and

    Technology (NIST), cloud computing is ... a model

    for providing on demand and convenient shared pool

    of resources to the customers. Networks, servers,

    services, storage, and so on can be the example of

    resources.[3] It can be instantly released with

    minimal management effort or service-provider

    interaction. Cloud computing is a service where

    computing is given as a commodity, much similar to

    electricity or cable television. It is essential for the

    service provider to optimize cloud computing for

    everyone in the business of cloud, both from a cost

    perspective and a sustainability perspective. It is our

    objective to argue that the stakeholders could benefit

    from Operations Research due to the nature of the

    problems they face, and that similarly the OR

    community could benefit from an emerging field

    which has the potential to drive new research


    The providers are aiming to expand their on-promise

    infrastructure, by developing capacity on demand.

    Cloud computing simply extends an enterprises

    capability to meet the computing demands of its

    everyday operation.[1] Cloud offers flexibility and

    choice, mobility and scalability, all coupled with

    potential cost savings, there is significant benefit on

    using cloud computing. However, the area is causing

    organizations to hesitate most when it comes to

    moving business workloads into public cloud is


    The high dependency of security architecture and

    functions on the reference architecture makes this

    paper show the reference architecture first and the

    security issues concerning this architecture.

    2 Cloud computing: A technical look on

    components The components are shown in the Figure A, key

    functions of a cloud management system is divided

    into four layers. Each layer includes a set of


    The service delivery Layer manages the service demand , service catalog, levels of


    The Software Layer includes LCMS, SIS,

    ERP, LMS and others.

    The Platform Layer includes DBMS,

    Virtualized OS and Web services.

    The Infrastructure Layer includes Hyper visor, network, Storage and Supporting


    Other functions such as Management, Privacy and

    Security are considered as cross-layer functions that

    covers all the layers. The foremost principle of this

    Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

    IJCTA | May-June 2014 Available



  • architecture is that all layers are assumed to be


    3.1 Threats relating to cloud services users The users are confused with role of

    providers which create ambiguity in

    responsibility. Moreover, the flaws in

    consistency of provided services could

    produce anomaly, or incidents. However the

    problem of which entity is the data

    controller and which one is the data

    processor still stays wide open for an

    international scale debate.

    Migrating a part of an enterprises own IT

    system to a cloud infrastructure implies to

    partially give control to the cloud service

    providers. It results in a situation loss in

    administration and depends on the cloud

    service models. For instance, IaaS only

    entrusts hardware and network management

    to the provider, while SaaS also entrusts OS,

    service integration and application in order

    to provide a turnkey service to the cloud

    service user.[4]

    There is no measure of how to get and share

    the providers security level in a formalized

    manner. So, sometimes, it is difficult for a

    user to recognize his providers trust level

    because of the lack-box feature of the cloud

    service. Moreover, the users have no

    authorities to examine security

    implementation level achieved through the

    provider. Lack of sharing security level in

    view of provider becomes a serious threat in

    use of cloud services for the users.[3]

    And so on the threats would be such as data

    loss and leakage, lack in information in asset

    management, unsecure cloud service user

    access which are of a major concern for

    cloud service users.[1]

    3.2 Threats relating to providers Ambiguity of user roles such as cloud

    service provider, cloud service user, client

    IT admin, data owner,and responsibilities

    definition related to data ownership, access

    control, infrastructure maintenance, etc, may

    induce business or legal dissention.

    As the cloud has a decentralized

    architecture, the protection mechanisms are

    likely to be very inconsistency among

    security modules which are distributed. For

    example, an access denied by one IAM

    module may be granted by another. This

    threat may be profited by a potential attacker

    which compromises both the confidentiality

    and integrity.

    The feature of cloud computing i.e as a

    service allocates resources and delivers

    them as a proper service.[1] The complete

    cloud infrastructure together with its

    business workflows relies on a big set of

    services, which ranges from application to

    hardware. However, the stop in continuity of

    service delivery, such as black out or delay,

    might bring out a drastic impact related to

    the availability.

    Migrating to the cloud service defines

    moving huge amounts of data and major

    configuration changes (e.g., network

    addressing). Migrating a part of an IT

    infrastructure to an external cloud service

    provider needs handsome changes in the

    infrastructure design (e.g. network and

    security policies). Incompatible interfaces or

    inconsistent policy enforcement causing bad

    Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

    IJCTA | May-June 2014 Available



  • integration may evoke both functional and

    non-functional impacts.

    The basis of cloud infrastructure is

    hypervisor technology. Multiple virtual

    machines which are co-hosted on one

    physical server share both memory resources

    and CPU and hypervisor virtualizes it. This

    threat could beused to launch a isolation

    attack on a hypervisor to gain access in

    illegal terms to other virtual machines


    Access to data for the integrity as well as its

    confidentiality includes in Data protection.

    Cloud service users have concerns regarding

    about how the providers handle their data,

    and is their data is disclosed or altered


    Threats such as data unreliability, service

    unavailability, shared environment and

    unsecured administration API prevail in the


    4 Solution Approaches Firewall- A bi-directional firewall can be

    deployed on individual virtual machines and

    they can provide centralized management of

    server firewall policy.[2] Predefined templates for common enterprise server

    types should be included and enable the


    o Isolation of Virtual machine.

    o Fine-grained filtering(Addresses of

    Source and Destination, Port


    o Coverage of all IP-based protocols

    (TCP, UDP, ICMP, )

    o Coverage of all frame types (IP,

    ARP, )

    o Prevention of Denial of Service

    (DoS) attacks

    o Ability to design policies per

    network interface

    o Location awareness to enable

    tightened policy and the flexibility

    to move the virtual machine from

    on-premise to cloud resources.

    Intrusion Prevention/Detection: Shield can

    be used to achieve timely protection against

    known and zero-day attacks. As previously

    noted, same operating systems, enterprise

    and web applications are used by virtual

    machines and cloud computing servers as

    physical servers. Thus, it will be helpful.

    Integrity Monitoring of critical operating

    system and application files is necessary for

    detecting malicious and unexpected

    modifications which could indicate

    compromise of cloud computing resources.

    Application of Integrity monitoring software

    must be done at the virtual machine level.

    Operating system and application logs are

    collected by Log inspection and analyze

    them for security events. Log inspection

    rules enhance the identification of major

    security events piled under multiple log

    entries. Such events can be sent to a stand-

    alone security system. Log inspection

    capabilities must be applied at the virtual

    machine level. Log inspection on cloud

    resources enables:

    o Suspicious behavior detection

    o Collection of security-related

    administrative actions

    o Optimized collection of security

    events across your datacenter

    5 Conclusions After the discussion of the security issues and threats

    that are to be faced in cloud both by cloud users and

    cloud providers, one should be careful about the

    security issues when handing their business into the

    hand of cloud. These fields need so much of research

    for the optimization of security in cloud. The security

    as a service should be done for the cloud serviced

    users. The security can be enhanced through new

    techniques which are introduced in the technology.

    Methods like firewall, intrusion detection, integrity

    monitoring and log inspection which are mentioned

    and discussed in the above matter can be therefore

    used for the betterment of cloud security and a new

    service would be added in the wings of cloud


    Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

    IJCTA | May-June 2014 Available



  • 6 References

    [1] P. A. Karger, Multi-Level Security

    Requirements for Hypervisors, ISBN: 0-7695-2461-

    3, 21st Annual Computer Security Applications

    Conference, (2005) December 5-9, pp. 275.

    [2] T. Ormandy, An Empirical Study into the

    Security Exposure to Hosts of Hostile Virtualized

    Environments, Whitepaper, (2008).

    [2] T. Garfinkel, M. Rosenblum, A Virtual Machine

    Introspection Based Architecture for Intrusion

    Detection, In Proc. Network and Distributed

    Systems Security Symposium, (2003), pp. 191-206.

    [3] O. Gerstel and G. Sasaki, A General Framework

    for Service Availability for Bandwidth-Efficient

    Connection-Oriented Networks, IEEE/ACM

    Transactions on Networking, vol. 18, Issue 3, (2010)

    June, pp. 985-995.

    [4] W. Li and L. Ping, Trust Model to Enhance

    Security and Interoperability of Cloud Environment,

    Cloud Computing, Proceedings on First International

    Conference, CloudCom 2009, Beijing, China,

    December 1-4, 2009, Lecture Notes in Computer

    Science, vol. 5931, (2009), pp. 69-79.

    [5] D. Xu, Y. Li, M. Chiang and A. R. Calderbank,

    Elastic Service Availability: Utility Framework and

    Optimal Provisioning, IEEE Journal on Selected

    Areas in Communications, vol. 26, no. 6, (2008)


    Nityendra Nath Shukla et al, Int.J.Computer Technology & Applications,Vol 5 (3),929-932

    IJCTA | May-June 2014 Available




View more >