The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this paper we present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. We discuss various approaches to address these challenges, existing solutions, and future work needed to provide a trustworthy cloud computing environment.
1. Cloud Computing Security and Privacy Muhammad Adeel Javaid Member Vendor Advisory Council CompTIA Abstract: The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this paper we present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. We discuss various approaches to address these challenges, existing solutions, and work needed to provide a trustworthy cloud computing environment. Keywords: Cloud Security, Cloud Threats, Cloud Privacy INTRODUCTION: As with any change in IT infrastructure, it creates new risk and new opportunities, Cloud Computing is not any different from that. Shared, on-demand nature of cloud computing put it to some unique risk that was not experienced before. (Chonka A, et al.,2010) mentioned, as security experts they can see the same mistakes that occurred during the development of Internet is happening here too. They pointed out functionality and performance got higher priority than security. (Subashini S, 2010) has done a very good survey on the security issues in different service delivery models but their main focus was not on the top security threats or concerns which new customers need to know before knowing cloud architecture or service delivery models. Cloud computing inherits the characteristics of Grid computing but also provides a dynamic and flexible environment, that is scalable, robust and resistant to rapid changes of conditions. This is achieved through its inherent characteristics, such as automatic recovery, self-monitoring, selfmanagement, automatic reconfiguration, the possibility of setting SLAs, and high scalability. The use of the Cloud suggests that the data of the user are stored and maintained in a remote site. There is therefore a major challenge to create cloud-based services that reduce the risk of security and privacy. It is necessary to include privacy mechanisms in early designs and to try and find patching solutions afterwards. It is a fact that both private businesses and public sector organizations ( Bezos 2008; Amazon EC2 Feature ) have awareness for the necessity of privacy. In addition, there is always the possibility to design cloud computing infrastructure with a guarantees on privacy and security similar to developed technologies such as Web Services (TC3 2011) and Grid Computing. When 1
2. evaluating privacy in the usage of Cloud Computing, there are two main factors that should be taken into consideration. The first factor is to ensure privacy during communication. This is achieved through the usage of encryption in communication with the Cloud. Data Encryption is used to ensure the confidentiality of personal information. Encryption methods such as symmetric key cryptography or public key cryptography with the usage of certificates make sensitive personal data accessible only to those who are duly authorized, thus ensuring privacy in digital communications. The other factor that ensures data privacy is the usage of equivalent mechanisms for storing data in the Cloud, so that it is only readable by authorized users. To conduct our research we will undertake a study of two well known Cloud Service architectures and their design about security and privacy of data. Since security is usually achieved through the usage of cryptography in communication, we will also examine the methods including the proposed generic secure architectures that could be implemented for ensuring privacy in the storage systems of the Cloud. We will also try to focus on top threats and to propose their workable solutions. AMAZON WEB SERVICES Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable customers to build a wide range of applications (Amazon AWS ). To enable security and privacy from end to end, AWS are provided in accordance with best security practices and appropriate security features. Security within Amazon EC2 is provided on various layers: the operating system (OS) of the host system, the virtual instance operating system or guest OS, a firewall, and signed API calls. Each of these items builds on the capabilities of the others. The goal is to protect data contained within Amazon EC2 from being intercepted by unauthorized systems or users and to provide Amazon EC2 without sacrificing the flexibility in configuration that customers demand. In order to secure data at rest, physical security and data encryption are necessary. Amazon is trying to protect customers data at rest by using multiple layers of physical security measures. For example, only specific people of Amazon personnel have physical access to Amazon datacenters. However, the data in S3 is not automatically encrypted, while every user must first encrypt its sensitive data and then upload it to Amazon S3. Amazon encourages users to do all these. When an object is deleted from Amazon S3, the removal starts immediately and lasts several seconds. After that, there is no remote access to the deleted object. Users maintain full control over who has access to their data. They may grant access to their Amazon S3 data to other AWS accounts by AWS Account ID or email, or DevPay Product ID. Users can also grant access to their Amazon S3 data to all AWS Accounts or to everyone (enabling anonymous access). Figure-1 below shows an architecture of Amazon Web Services. 2
3. Fig.1 AWS Architecture EUCALYPTUS The Eucalyptus is open source software which was created to provide computing services using clusters of computers. The current interface is compatible with the interface of Amazon EC2. The Eucalyptus is implemented using common tools and basic technologies of Linux and Web services, in order to be easily installed and maintained ( Canonical 2011 ) . It started originally as a university project on the Computer Science Department of the University of California, Santa Barbara, but now is supported by the company Eucalyptus Systems -a company founded by the original creators of Eucalyptus. The architecture of Eucalyptus is simple, flexible by design and hierarchical. Essentially, the system allows a user to start, monitor, access and terminate virtual machines (Chase 2003 ; Keahey 2005 ; McNett 2007 ) using a simulation of the Amazon EC2 interface. This means that users of Eucalyptus interact with the system using the exact same tools and interface used to interact with Amazon EC2. It currently supports virtual machines running on Xen (Nurmi 2009 ), and KVM (Hoff 2009 ) hypervisor, but future version are expected to add support for VMware and other virtualization software ( Lilly 2009 ). The Eucalyptus implements each module of the system in the form of a separate web service. There are subsystems, each one with its own Web-service interface, that constitutes the Eucalyptus system (See Figure-2 below). 3
4. Fig. 2. The hierarchical structure of Eucalyptus Node Controller The Node Controller (NC) runs on each node that is designed to run virtual machine instances. The NC controls uses the software in the node (eg, operating system and hypervisor) according to requests sent from the C1uster Controller. NC collects information for local node resources, such as the number of cores, the size of memory, the available disk space, and also monitors and the state of local virtual machine instances. The information is forwarded to the C1uster Controller upon request. The Cluster Controller monitors virtual machine instances on a node using the commands run instance and terminate instance at the NC node. Upon verification of the sender of the request ( for example, only the administrator and the user who started the instance is authorized to terminate an instance ) and after checking the available resources, the NC executes the command using the hypervisor. To start a new VM, the NC makes a copy of the required files of the VM ( 4
5. the kernel, the file system and memory) from a remote repository or a local cache, creates an access point in the virtual layer network and instructs the hypervisor to start the new instance. To stop a running instance, the NC instructs the hypervisor to terminate the VM, destroying the access point to the virtual network and deletes the files associated with this instance. It should be noted that in Eucalyptus, various NC in the same cluster form a separately managed entity called Availability Zone. Cluster Controller The C1uster Controller (CC) usually runs in the front-end computer of the cluster or any computer with network connection to both the nodes running NC and the computer running the Cloud Controller (CIC). Many of the features of CC are similar to the functions of NC but have to do with groups of VM. The CC has three main operations: scheduling incoming requests for new instances, monitoring the virtual network layer ( VDE ) of instances and collecting / reporting information for a group of NC. When the CC receives a number of requests for new VM instances, communicates with each NC using the command describe Resources and sends the command run lnstances to the first NC that has enough free resources. When a CC receives the describe Resources command, it also receives information about a number of features (processor cores, memory and disk space) that describe the resources required by the new instance. By using this information, the CC calculates the number of parallel instances of this type that can reside in the NC and reports this number to the CIC. Storage Controller (WALRUS) The Eucalyptus system includes the Walrus, a data storage service that uses Web services (Achis2, Mule) and has a compatible interface with Amazon Simple Storage Service (S3). The Walrus is implemented through an HTTP interface called REST and a SOAP interface which is compatible with S3. The Walrus offers two types of functions: Users who have access to Eucalyptus can use the Walrus to transfer data to and from the cloud, as well as instances that have been launched in nodes. It also functions as storage for VM images. The images of the file system, the core and the memory used to create VM instance in nodes can be transferred to the Walrus storage and then be used by nodes. Users may use the tools of the S3 (created by Amazon or others) to transfer data to and from the Walrus. The system uses the certificates stored in the database of the Cloud Controller. Like in the S3, the Walrus supports parallel and serial data transfers. To strengthen multithreading, the Walrus does not undertake the task of data validity checking. As in S3, users must certify that the data transferred to the Walrus is valid and that there are no duplicate records in the same objects. For that reason, the Walrus returns an MD5 checksum of the object saved. 5
6. Once the user has been identified as a valid user of Eucalyptus, all requests for reading and writing are sent by HTTP. The Walrus also serves as a storage service. The images of the file system, the kernel and memory of VM are incorporated into packets and are transported using the EC2 tools offered by Amazon. These tools compress and then encrypt the image with the use of certificates and then split the image into several pieces as described in the "image description file" or otherwise manifest of the VM. The Walrus has a duty to verify the validity and decrypt the image transferred from users. When a node controller requests an image from the Walrus, before the instantiation of the VM, it sends a transfer request that is validated with the use of appropriate certificates. Then the image is checked for validity, it is decrypted and then is sent to the node. In order to improve efficiency and because usually VM images are quite large, the Walrus has a cache with already decrypted images. The cache is deleted after some time or when the image manifest is overwritten. Cloud Controller The components of the Eucalyptus that were described above are managed by the Cloud Controller (CIC). The CIC is a collection of web services that may be divided in three categories: Resource Services: These are services that manage the distribution of system resources to different functions, allowing users to manage the properties of virtual machines, and record both system components and virtual resources. Data Services: These services check the user and system data and provide a configurable environment for the user to make requests for resource allocation. Interface Services: Manage protocols transformations, user authentication and provide tools for managing the system. Virtual Control Overlay In Eucalyptus, all virtual machines are interconnected and at least one has internet access so that the owner can connect and interact with them. In a cloud, where the VM may be used by many different users, only virtual machines belonging to the same group are allowed to communicate with each other. SECURITY ISSUES AND CHALLENGES External network attacks in the cloud are increasing at a notable rate. Malicious user outside the Cloud often performs DoS or DDoS attacks to affect the availability of Cloud services and resources. Port scanning, IP spoofing, DNS poisoning, phishing are also executed to gain access of Cloud resources. A malicious user can capture and analyze the data in the packets sent over this network by packet sniffing. IP spoofing occurs when a malicious user impersonates a 6
7. legitimate users IP address where they could access information that they would not have been able to access otherwise. Availability is very important. Not having access to services when needed can be a disaster for anyone especially in the case of being denied service. This can occur when exhaustion of the host servers causes requests from legitimate consumers to be denied. This can cost a company large amounts of money and time if the services they depend on to operate are not available. Internal attacker (authorized user) can easily get access to other users resources without being detected. An insider has higher privileges and knowledge (related to network, security mechanism and resources to attack) than the external attacker. Therefore, it is easy for an insider to penetrate an attack than external attackers. Vulnerabilities: In Cloud, exi...