After the concept of cloud computing was introduced more than 20 years, many users have adopted this kind of service because of its significant advantage in the constructing and the administrating cost. However, the new system architecture and properties of cloud system lead to new challenges in information system security. The purpose of this paper is to analyze the specificities in the confidentiality, integrity, and availability of cloud computing environment, and address the major threats to the cloud computing system. Based on the analysis, we can discuss the effective approaches to strengthen the security of cloud environment and what further work is needed.
Keywords: cloud computing, CIA, privacy, vulnerability, access control, framework
Introduction: the rise of cloud computing
The concept of cloud computing which refers to a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources, was introduced in the 1990s. The model has significant advances in the cost of system construction and administration. After the evolvement of more than 20 years, the services provided by the cloud computing can be separated into three basic categories, Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). In the past decade, cloud computing became the first choice of many users including individuals, small businesses to Fortune 500 firms and governments because of the fast decreasing cost of telecommunications with the higher available bandwidth.
However, while the term “cloud” does change the world of computing, there are many security risks, especially some unique challenges caused by the properties of cloud computing environment on the other side. The seven basic domains in the IT system, user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain are all involved in a single cloud computing environment. The various involved platforms, complex network, mass data in transit and database, and the vast amount of access requirements make up the huge system. The total new architecture of the system leads to new threats and vulnerabilities which we’ve never faced before.
1 The new challenges of security in cloud computing environment
In the information systems security (ISS), confidentiality, integrity and availability (CIA) are the basic factors support the triangle. The properties of cloud computing environment create particular features in the three phases of security.
The concept of Confidentiality in ISS refers to that only authorized parties or systems should have the access to data. In the cloud computing model, there usually are more involved parties and systems that have the need to access protected data, which leads to a more complex management of authorities. In the cloud environment, there are two main categories of confidentiality, data confidentiality and software confidentiality. To protect the data confidentiality, both the providers and the users need to establish strong policies and authentications and by user identities and access control. There are more vulnerabilities and threats in software confidentiality due to the variety kinds of client and server platforms, and the property of distribution in some cloud environment. It’s difficult to ensure that only trusted and specific software can access and handle the user’s data. To prevent these risks, the providers should increase the security of the applications, and the users also have the duty to make the workstations secure.
Integrity is the key concept refers to that assets can only be modified by authorized parties or systems in authorized ways. In the cloud computing system, the service providers must maintain the integrity of data and software. While the data are usually stored in the providers’ datacenters and are easy to control, the software integrity is more difficult to protect due to that all involved users may have the application software on their workstations and create the vulnerabilities which can be used by attackers. To effectively maintain the software integrity, the providers can implement the strong authentication on servers and provide limited numbers of APIs which are secure for users to interact with the cloud environments besides educating the users with security policies.
Availability is another important concept refers to that the system should be accessible and usable by authorized entities. The availability of cloud computing system usually consists of the utility and the reliability. The cloud service providers should understand the user requirements and maintain the availability by ensuring the servers have required ability and capability to offer the resources on demand, even in situation of a security breach. There are various attacks like DDoS which focus on disable the availability of service, so the providers also need to effectively detect and defense these kinds of attacks.
2 The top threats in the cloud computing environment
Based on the analysis of CIA in cloud computing environment, we can identify that the access and privacy management, the software confidentiality and integrity, and the availability of service are the primary vulnerabilities of cloud computing system, and we can address the most serious threats to the system security.
2.1 Privacy breach
The privacy breach is the loss of unauthorized access to data or services. In the cloud environment, the identity management (IDM) which manage the authentication plays an important role in access control. However, the complex environment can lead to interloper-ability drawbacks. There are many inter-domain access requirements in a cloud computing environment, and the enormous number of access points due to the various access needs from the users significantly increase the difficulty of privacy control. In the new conditions, users and process should also be involved in the identification of IDM system due to the limitation of traditional password-based authentication, which have significant vulnerabilities because of user ID/password stolen or brute-force user ID/password attacks.
2.2 Modification of data
The modification of data can occur in man-in-the-middle (MITM) attack (in transit), or a result of privacy breach (at rest). Although the electronic authentication has been widely used in the internet communication and the cloud computing environments, and various practical security transmission protocols like HTTPS have been implemented, there are still potential vulnerabilities. There are some practical attack methods targeting to certificate-based transmission protocols, which can capture the original certificate and replace it with a modified certificate. This kind of attacks is successful while the clients ignore the warning notification from the browser without check the certificate, and this situation can often occur in the communication online. The MITM attack can eavesdrop or modify the sensitive data, even some personal authentication data in transit, and lead to privacy breach. Because the users of clouds usually have the needs to access the service and the data at variety kinds of places and via various networks, it significantly increases the risk of MITM attack.
2.3 Session hijacking
The session hijacking is a serious problem in network security. For the web-based services in cloud computing environment (SaaS), the session hijacking is one of the primary threats. The Open Web Application Security Project (OWASP Foundation, 2010b) identified top 10 application security risks for 2010, and 3 of them, broken authentication and session management, cross-site scripting, and cross-site request forgery are potential vulnerabilities for session hijacking attack. The broken authentication and session management can be caused by insecure browsers and the user’s lack of awareness. The attackers can also embed malicious code on any webpage to implement the cross-site scripting attacks. While the web transaction is forged and the session is exploited, a cross-site request forgery attack can happen. Besides the 3 risks, man-in-the-middle attack is another main risk of session hijacking. There are some practical preventions such as encryption of the data traffic, strong session key, dynamic session id, and one-time cookie. However, the awareness of session security is essential in the prevention of session hijacking.
2.4 Modification of software
The modification of software is a popular measure to break the software confidentiality and software integrity. The modified application or operating system software usually can provide backdoors for the attackers to access the data, modified the data, or even spread the malicious software in the cloud computing environment. There are always various hardware and software platforms even in a single cloud system. Although the providers usually have specific security designs and policies, the users’ workstations may be insecure due to the lack of awareness of security. The cloud computing systems usually use limited APIs which can limit the interaction between the users and the systems only in secure ways and behavior analysis which can detect if the software has abnormal or unauthorized behaviors to avoid the threats of modified software.
2.5 Network attacks
All network-based systems have to face the challenges of network attacks. As the cloud computing environment has all the 7 domains involved, the network attack targeting to each domain can lead to break in confidentiality, integrity, and availability. The security breach in each node between the user and the application can cause the system down or data loss. Also, the network attack can use vulnerabilities in each domain of the complex environment. Although firewalls are widely implemented to defend against the network attacks, there are new attack methods appearing. Among all network attacks, the distributed denial of service attack is the most popular and is the most difficult to detect and defend.
The denial of service (DoS) attack which usually is implemented by keep consuming computing resource is one of the most critical and continuous threat in cyber security. The DoS attack which is organized by distributed sources is called distributed denial of service (DDoS). It’s different from most other internet based attacks because of its properties of distribution and lack of pattern which can lead to hard detection and defense. DDoS attacks focus on disabling the availability of the victim systems like web servers or DNS so they can’t provide its intended services. The number of DDoS attacks has been exponentially increasing in the last 30 years since they appeared, as well as the attack rate which increase from 1GB per second to more than 300GB per second.
As the cloud computing refers to the concept of “as a service”, the cloud environment is a natural and ideal target of DDoS attacks. An important fact is that many cloud computing physical platforms are also distributed designed, so the DDoS attacks can also target to multiple servers forming the environment, which significantly increases the difficulty of detection and defense.
There are two practical methods to detect DDoS attacks, signature-based detection with a database of a set of rules and known signature attack patterns, and anomaly-based detection with behavioral classification. Furthermore, the hybrid detection which is the mix of 2 methods can provide the most effective detection of DDoS. However, there is no perfect solution for DDoS attack now. It’s still the most dangerous threat to online services, especially the cloud computing environments.
3 Effective security and privacy approaches
The cloud computing environments are more vulnerable than the traditional information systems because of its complex architecture, variety kinds of components, and various involved parties. Based on the primary vulnerabilities, there are some existing solutions, and some theories which still need more work on them, to make the cloud computing environment more trustworthy.
3.1 Authentication and identity management
In cloud computing environment, users usually need to access the cloud from various places, even many public places. There is an urgent need for a new kind of identity management mechanism which can simplify the user identification.
In recent years, user-centric IDM which can handle private and critical identity attributes became popular. This kind of IDM can use attributes to intelligently define a model of users to identify instead of traditional password-based identification. Some new privacy-preserving protocols such as zero-knowledge proof-based techniques strengthen the user-centric IDM and help build the desired IDM for cloud computing environment. These implementations use pseudonyms and accommodate multiple identities to protect users’ privacy. With the user-centric IDM, the users can control their digital identities and focus on their application needs rather than the complexity of authentication management.
On the other hand, because many users of cloud computing are enterprises which have their own information security framework, there is also demand that the IDM services of public cloud environment should be flexible enough to be integrated with the enterprises’ IDM framework.
3.2 Access control
The role-based access control (RBAC) recently became popular because of its significant advantages of flexibility and simplicity in dynamic demands and it’s regarded as the most promising model in variety kinds of methods. It is also the best choice for policy integration that it has necessary compatibility for various policy needs. These advantages make RBAC an ideal security approach for cloud computing environment because this environment is also highly dynamic and the decisions based on crucial factors of obligations and conditions need to be processed in real time. RBAC can provide required controls in the dynamic environment.
As RBAC has been widely accepted, there are several extensions developed for more specific needs, such as credential-based RBAC, location-based RBAC, and generalized temporal RBAC (GTRBAC). These extensions can solve the problem that it’s difficult for the cloud service providers to manage the access control policies for each user because they do not know much about the users’ behaviors and backgrounds. With the extensions, the providers can increase the capability to assign appropriate roles in access control for users.
The RBAC model can offer a desirable solution for access control in cloud computing environment. The providers for cloud service should do work in implementation RBAC and its advanced extensions in their environments.
3.3 Trust management framework
In the dynamic cloud computing environment, the inter-domain access needs are always complicated and the policy integration usually needs to be implemented in all involved domains in the cloud computing environment. To facilitate the implementation, a trust-based management framework is necessary. The trust negotiation mechanisms which are widely employed now have limitations that most of them focus on credential exchange, while the need of integrating requirements-driven trust negotiation techniques is rising.
In this condition, we need to develop a new trust-based management framework including delegation primitives for the inter-domain and service access requirements. To make the cryptographic mechanisms more efficient, the trust delegation need the capability of complex trust-chain verification. And this framework should play a major role in the service framework.
3.4 Managing semantic heterogeneity
The semantic conflicts between policies of different cloud service providers get little attention so far, while the semantic heterogeneity is a key aspect in the cloud computing environments. The widely adopted language XML for information sharing is found to have distinct limitations in information semantics description and automatic detection of semantic conflicts. On the other hand, we have a model named resource description framework (RDF) with the ability to capture semantics. However, we still need a model with the capacity of element attributes and properties description.
In practice, we use both XML Schema (XMLS) and RDF Schema (RDFS) to support the specific domain concepts and represent the relations between the concepts in the semantic integration of policy, to develop web ontology language (OWL) which is a promising approach approved by many researchers.
To manage semantic heterogeneity across different cloud computing service providers, the OWL-based framework can be a desirable approach. However, a policy enforcement architecture and a system-driven policy framework are required to build it. These two elements are fundamental to facilitate the management of security policies in the heterogeneous environments.
Although an increasing number of users including individuals, small businesses to Fortune 500 firms and governments adopt the cloud computing, the number of potential security risk in cloud computing environment is also increasing. The serious problem is that both the providers and the users do not pay enough attention to the security risks, or lack the effective security approaches for some specific threats. We can identify the main security threats of cloud computing with the analysis of CIA (confidentiality, integrity, availability) and the properties of the cloud system and environment. After addressing the main security issues in cloud computing environment, and coming up with some approaches and theories, we still need to research and develop solutions which are more mature and practical, especially for some critical threats like DDoS. The security and privacy will impact if the cloud computing can be successful and widespread adopted while it’s still in the infancy now.
...(download the rest of the essay above)