Farzaneh Abazari1, Hassan Takabi2, and Morteza Analoui1
1School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
2Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA
In recent years, there has been increasing interest in cloud computing. However, cloud providers and their customers have several security concerns about their assets. Security reports show that risks in the Cloud have increased dramatically, and the Cloud has become a major target for criminals. Recent evidence confirms the possibility of attacks such as data breaches, distributed denial of service (DDoS), man in the middle, and malware injection in the cloud environment. In addition, abuse of cloud resources by attackers is one of the top threats to the cloud environment.
Virtualization is a key technology in cloud computing that enables dynamic allocation of resources to cloud users. However, this technology introduces new threats to the cloud infrastructure. In addition to the virtualization threat, general features of cloud computing, such as multitenancy and using shared resources, enable attackers to penetrate the cloud infrastructure. Because users are managing their business, computation, and storage in the Cloud, they are concerned with the level of security the cloud infrastructure can provide. The purpose of this chapter is to provide perspective on current threats to the cloud environment and proposed countermeasures.
Based on (Stallings and Brawn 2008), we define a countermeasure as “An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.” Traditional countermeasures can disable part of an attack, while other parts of the attack require specific countermeasures. Although physical security is important in the overall security of the Cloud, we don't discuss it in this chapter. We assume that physical security is maintained by experienced experts.
The chapter is organized as follows. Background on cloud security issues is discussed in Section 6.2. We explore cloud security risks and threats in Section 6.3, and Section 6.4 discusses countermeasures. Section 6.5 presents real attacks in the Cloud, Section 6.6 predicts the future of the Cloud, and finally Section 6.7 concludes the chapter.
The Cloud is an Internet‐based environment consists of computing, storage, and networking resources that provide servers, platforms, and applications that can be accessed by any individual or business with Internet connectivity. Customers get a piece of the Cloud that contains what they need to run their business, and they pay based on their usage. The National Institute of Standards and Technology (NIST) divides cloud services into three categories: Software‐as‐a‐Service (SaaS), Platform‐as‐a‐Service (PaaS), and Infrastructure‐as‐a‐Service (IaaS).
Both cloud providers and consumers are responsible for establishing security in the Cloud. They must defend against advanced attacks, since the Cloud is a bigger target for hackers than any single machine and the rewards are higher for the attackers. Their responsibilities are different based on the type of cloud service. In IaaS, the cloud provider is responsible for security in the hypervisor and everything in the cloud backend; however, customers are responsible for hardening operating systems (OSs), applications, and data. In PaaS, the cloud provider should isolate the customers' applications and data from each other and establish security in the OS and hypervisor. On the other hand, customers are responsible for the security of their developed applications. In the SaaS service model, the cloud provider must provide security in the applications, data, and virtualized infrastructure. In all of the cloud service models, the cloud provider is in charge of physical security, which is maintained by experienced experts. Physical attacks will not happen often, but when they do occur, they can be very damaging (Szefer et al. 2014).
Increase in the acceptance of cloud computing in enterprise IT will force cloud providers to establish a greater level of security than traditional data centers. To meet this requirement, cloud providers must recognize the threats targeting cloud environments and study security solutions that can prevent attacks effectively. A superior understanding of the threats will guide further reactions at the operational level, including updating policies and making organizational changes (Juliadotter and Choo 2015).
(Ardagna et al. 2015) classified vulnerabilities, threats, and attacks based on attack surfaces and classified security threats in three groups: application level, tenant on tenant, and provider on tenant/tenant on provider. The first group mainly applies to the SaaS service model and threatens interactions between users and services. In other words, they focus on services and data at the highest level of a cloud stack. The second group consists of scenarios where a malicious tenant tries to attack other tenants in the same physical machine by exploiting misconfiguration or vulnerabilities on the virtualization infrastructure. The last group contains two types of attack: a malicious cloud provider that attacks its tenants, or compromised tenants attacking the cloud infrastructure by organizing a botnet.
According to a Gartner report (Columbus 2013), cloud computing is evolving rapidly as part of the economy. The report estimated that public cloud services would grow to $210 billion by 2016. However, this is leading to increased sharing of resources among more businesses and, at the same time, attracting more cybercriminals. Many factors make cloud computing less secure; in this section, we list the top seven.
A denial of service (DoS) attack aims to overwhelm cloud resources such as computation resources with CPU‐intensive requests and overload the network's infrastructure with bandwidth‐consuming traffic. In order to deny service to other virtual machines (VMs) in a physical machine, attackers consume host resources unfairly. In addition to exhausting resources, this attack puts load balancers, network monitors, and firewalls out of service. Misconfiguration may also potentially lead to unintended resource exhaustion, such as boot storms and antivirus (AV) storms. For example, when most of the VMs in a physical machine try to boot at the same time, a boot storm happens and creates spikes of I/O calls and CPU consumption. Multiple AV scans at the same time have the same effect on resources (http://www.vmware.com/files/pdf/partners/trendmicro/vmware‐trendmicro‐anti‐virus‐virtual‐datacenter‐sb‐en.pdf).
Cloud providers publish a set of software interfaces that enable users to interact with cloud services and manage them. Security and availability of the Cloud depends on the security of these application programming interfaces (APIs) (Modi et al. 2013). According to Alert Logic (https://info.cogecopeer1.com/hubfs/Alert%20Logic%20Cloud%20Security%20Report.pdf), brute‐force attacks on cloud environments increased from 44–56% of customers in 2015. Brute‐force attacks involve a large number of attempts to find a correct credential to log in as an authentic user and access cloud services. Suspicious activity in the Cloud has also increased, from 50–68%. In addition, attackers can launch browser‐based attacks, such as Secure Sockets Layer (SSL) certificate spoofing, attacks on browser caches, key logging, and phishing attacks.
(Kim and Vouk 2014) surveyed common security vulnerabilities and corresponding countermeasures for SaaS as the most prevalent service‐delivery mode. Since many SaaS services are accessed through the Web, vulnerabilities identified with Extensible Markup Language (XML), which is widely used to support web services (e.g. Simple Object Access Protocol [SOAP], Representational State Transfer [REST], and Web Services Description Language [WSDL]) have a real impact on SaaS security. SOAP, which is based on XML, is used to exchange services related structured information. SOAP data is vulnerable to a variety of man‐in‐the‐middle attacks, such as interception, manipulation, and transmission.
OpenStack is an open source platform for cloud computing that is mostly deployed for IaaS. Several vulnerabilities in OpenStack components such as Keystone, Compute, Neutron, and Horizon can lead to serious attacks such as man‐in‐the‐middle, DoS, session hijacking, and information disclosure. Nova has the most security issues; Keystone has the second most, but they are more important than Nova's (Murphy 2014).
Any malware, such as worms, with access to network components will propagate to wherever their addressing or routing allows; hence the communication of VMs and their access to the network leads to malware propagation in the cloud infrastructure. Containment of fast‐spreading worms in the Cloud is an ongoing problem. Attackers attempts to inject malicious services or code, which appear to be valid instances of services running in the Cloud. Disk images in storage can be compromised through attacks such as malware installation and unauthorized access to cloud storage.
Previous studies in data‐center security have indicated that malware botnet attacks were the most common attacks on data centers. Several approaches have been proposed to detect malware in cloud infrastructure (Marnerides et al. 2013; Watson et al. 2014). However, malware creators try to make their attacks undetectable by using polymorphic techniques to avoid detection. Cloud providers should minimize the time that malware actively scans the network for vulnerable machines to infect, and also limit malware propagation in their cloud networks (Shahin 2014).
Malicious insiders are aware of vulnerabilities in an organizations. In addition, using a higher level of privilege can enable an employee to gain access to confidential data and services. Since insider network traffic often bypasses firewalls and intrusion detection systems, malicious activities in the Cloud remain undetected.
Data privacy, integrity, and availability are always important concerns for users who migrate to the Cloud. Due to the dynamic and shared nature of the Cloud, user data may be compromised in many ways (Ali et al. 2015).
Data breaches and losses can be caused by both intentional and unintentional events. Losing the key for encrypted data and a disk drive crashing without a backup are good illustrations of unintentional data loss. An example of an intentional situation is the case of VMs on the same physical host, allocated to several organizations. If there is competition between the organizations, data leakage is unacceptable. So, establishing robust VM isolation is crucial. If a malicious cloud user gets access to the hypervisor, e.g. by exploiting a zero‐day vulnerability, they can compromise isolation and deliberately modify or even delete competitors' files.
A Cloud Security Alliance (CSA) survey shows that of all security issues, abuse of cloud resources is considered the top security threat (Cloud Security Alliance 2010). Malware is the first stage of larger security threats such as DDoS attacks. If malware propagates over most of a cloud's VMs, a botnet will emerge. An internal botnet in the cloud infrastructure can source a DDoS attack to an external target (Latanicki et al. 2010). Since the Cloud provides reliable infrastructure services at a relatively cheap price, a botmaster (attacker) can use the Cloud to organize a botnet. The command and control (C&C) server is placed in a typical network environment outside the Cloud. Cloud instances (VMs) are commanded and controlled by the C&C entity to initiate a cyber attack while the C&C server runs a collection of VMs remotely (Mark and Wei 2015). Containment of fast‐spreading worms in the Cloud is an open problem and important research issue (Biedermann and Katzenbeisser 2012).
Virtualization is used in the Cloud to achieve multitenancy. However, some attacks on cloud infrastructure are caused by virtualization vulnerabilities (Shoaib and Olivia 2014). Attackers may incorporate several virtualization vulnerabilities in combination to achieve the intended effects. Shared resources in a virtualized environment are the dominant reason for vulnerabilities in the Cloud. (Ezhilchelvan and Mitrani 2015) described the security issues in isolation among VMs that allow a malicious VM to access a victim VM. Several factors attract attackers to compromise multiple VMs and deploy further large‐scale attacks (Chung et al. 2013):
Although gaining control over multiple VMs is not easy, these factors make it simpler for attackers. A malicious user can misuse its VM to access host resources and then access other VMs. (Tsai et al. 2011) discussed several virtualization‐related security issues in a cloud environment. The key threats to virtualization are as follows:
(Juliadotter and Choo 2015) presented risk‐assessment measures to evaluate the security of the Cloud based on the overall threat to user assets. Their measures include the attack source, vector, vulnerability type, target, defense type, and impact.
Cloud providers are responsible for preventing attacks in the cloud infrastructure. (Okubo et al. 2014) divided security functions for which cloud providers are responsible as follows:
However, these countermeasures are not enough to defend against all threat types in the Cloud. In this section, we explain different countermeasures in detail.
(Datta and Goyal 2014) used annotated attack graphs to show security vulnerabilities in the cloud environment. They proposed a framework to share information about vulnerabilities with tenants so they can adopt their own security protection policies according to their business needs. An attack‐mitigation framework for the Cloud that could facilitate the collection and utilization of security intelligence gathered from the cloud environment could secure tenants' resources from potential attacks.
Szefer et al. (2014) proposed a real‐time cloud intrusion‐prevention model. Their goal was protecting VMs from insider attacks in the network. Based on the time an initial sign of a potential attack is detected in the network, two kinds of mechanisms are employed: prevention and detection. Implementing each mechanism has its own cost and execution overhead, so the model suggested the best response mechanism that was effective and rapid in the cloud context.
Attackers exploit known and unknown vulnerabilities to initiate sophisticated attacks. The dynamic nature of the attacks allows attackers to stay stealthy and avoid intrusion detection systems (IDSs) and makes mitigation a challenging task. A fast‐reacting adaptive system is presented in (Emami‐Taba et al. 2014): it is capable of detecting and mitigating threats by engineering self‐protecting software (SPS) that incorporates an attacker's possible strategies when selecting countermeasures. They utilized game theory to model the competition between the adaptation manager in the SPS and the attacker.
In addition to these countermeasures for attacks in the Cloud, each attack can be prevented by a specific mechanism. In the following section, we present specific countermeasures for each attack type.
The best approach to prevent a resource exhaustion or DoS attack is to limit resource allocation by using the proper configuration of the hypervisor. Performance isolation also avoids this type of attack; however, it reduces cloud efficiency.
Attacks on the cloud interface affect the IaaS, PaaS, and SaaS cloud service models and can be avoided by establishing strong authentication and access‐control mechanisms in the cloud provider's interface. Moreover, all transmitted data must be encrypted securely. Cloud APIs should support all key agreement protocols specified in the WS‐Security standards, since the resulting keys must be stored in the user's browser. WS‐Security uses XML Signature and XML Encryption to protect against man‐in‐the‐middle attacks, such as interception, manipulation, and transmission (Kim and Vouk 2014).
An important security issue in the Cloud is malware propagation. By checking the integrity of cloud services and VM images in the hypervisor, any changes can be detected by the cloud provider. Infrastructure, hypervisor, and storage attacks in the Cloud may threaten the security of VM images. Therefore, VM images must be secured in cloud storage to protect sensitive user data, maintaining the integrity of disk images and ensuring confidentiality of images through encryption (Muhammad et al. 2013). Allocation of malicious VMs to the physical host has an effect on the speed of malware propagation in the Cloud (Abazari and Analoui 2014).
Malicious insiders can affect SaaS, PaaS, and IaaS cloud service models. To avoid this threat, cloud providers should offer more transparency in security and management processes, including compliance reporting and breach notification. (Khorshed et al. 2012) investigated and compared performances of several machine learning techniques to monitor insider activities in the Cloud. They detected malicious activity by monitoring VM performance.
Using authentication, authorization, audit control, and identity and access management (IAM) helps prevent malicious and intrusive actions by attackers. Applying strong encryption algorithms, disaster recovery, using reliable data centers, and effective data‐backup strategies can reduce data breaches and the threat of loss. Deploying IAM solutions across cloud‐based applications and monitoring user activities can manage multiple user login under a single AWS account without interference. Amazon S3 supports IAM policies that let an organization manage multiple users. In SaaS, access‐control components are responsible for resource access.
(Tangwongsan and Itthisombat 2014) proposed a working model for preserving file privacy in cloud storage. The model first encrypts the file and then executes the following steps: (i) assign a privacy map that shows what group names have access to each file, and (ii) notify privilege members by email. The model also preserves privacy in retrieving data.
Several approaches have been proposed to detect malware in cloud infrastructure (Marnerides et al. 2013; Watson et al. 2014) and prevent abuse of cloud resources. However, malware creators try to make it undetectable by using polymorphic techniques. Cloud providers should work to minimize malware active time and also limit malware propagation in their cloud networks (Shahin 2014). The best approach to prevent DDoS attacks is to limit resource allocation using proper configuration.
To minimize the threat of a VM escape attack, communication channels between the hypervisor and VMs such as clipboard sharing, memory management, device management, and specific vendor channels should be minimized (Ros 2012). Patching vulnerabilities, using strong authentication, and access‐control mechanisms are some of the solutions to address this issue.
Cross‐VM side‐channel attacks make it clear that the Cloud should support hypervisor security mechanisms to ensure process isolation (avoid VM escape), mediated information sharing, and secure communication. (Han et al. 2015) presented a method that applied VM allocation policies to defend against co‐resident attacks in cloud computing. We also present a method to respond to co‐resident threats (Abazari et al. 2017).
Patching VM vulnerabilities periodically prevents malicious port scanning in the cloud network. Additionally, using security mechanisms such as IDS and firewalls can mitigate attacks.
Self‐defended VMs that are capable of monitoring outbound and inbound traffic to detect malicious traffic can mitigate VM communication threats (Abazari et al. 2016). Isolating customer networks from each other and from management networks is another solution. Cloud providers can employ virtual appliances such as firewalls, IDSs, and intrusion prevention systems (IPSs) can provide powerful security between networks. Providers must ensure that no traffic is routed between networks.
The following section discusses the most serious attacks against the cloud environment.
Hackers are increasingly taking aim at cloud resources when they launch attacks. They also attack cloud tenants and access their secure information. Consider the following examples of recent cloud attacks:
These examples support the facts that cloud computing is already at risk. Table 6.1 shows the mapping between the types of threats and real attacks that have been reported.
Table 6.1 Mapping between attacks and threat in the cloud.
Attack Type | Reality Check |
Resource exhaustion attacks / DoS attack | The DDoS attack to the RackSpace (2014) DoS attack by Sony (2014) A Dos attack against Amazon (2009) DDoS attack on Microsoft's Hyper‐V (2011) |
Attack to the cloud interface | VM escape in many virtualization platforms(2014) |
Malware Propagation | — |
Attack to cloud infrastructure | |
Malicious insider | — |
Data breach and loss | Man in the Cloud Attack (2015) Data loss in Amazon EC2 (2011) CVE‐2014‐9047(2014) |
Abuse of cloud resources | Attack on Amazon EC2 server (2014) |
Attacks on virtualization | Cloudburst VM escape attack (2009) VM escape in VirtualBox (2014): CVE‐2015‐3456 |
Some of the threats haven't been reported yet as real attacks. In the future, we will see more reported attacks on the cloud infrastructure.
The following cloud security issues need to be addressed in order to provide more secure cloud services in the future. Attackers continue to enhance their strategies, and at the same time security professionals predict and prepare for these attacks. The future of cloud security falls under four headings (Mogull 2014):
(Kumari and Nath 2015) noted that migration of data from one cloud to another introduced new threats. They also mentioned that research on the mobile platform with respect to cloud computing is another open research issue.
Recently, (Ardagna et al. 2015) surveyed the interface between cloud security and cloud security assurance. Cloud security assurance refers to a way to gain justifiable confidence that infrastructure will consistently exhibit one or more security properties and operate as expected despite failures and attacks. Assurance is a much wider notion than security, because it includes methodologies for collecting and validating evidence supporting security properties. They recommended the design of next‐generation cloud security and assurance solutions.
Traditional security solutions are not able to provide security for billions of devices interconnected over the Internet. Many of these devices have limited processing power. In addition, running sophisticated security mechanisms at the device level is impossible and prohibitively expensive in terms of performance and cost. Hence, using cloud resources to provide security for the Internet of Things (IoT) improves total security for IoT participants. Securing IoT devices through the secure cloud network enables policies to be automatically applied and ensures that communications, devices, and services are not compromised.
The cloud environment consists of virtualized data centers. VMs in these data centers, similar to physical machines, are under security risks. Some features of cloud service models can inhibit certain virtualization vulnerabilities. Due to abuse and nefarious use of cloud resources, cloud providers must enhance the security of the Cloud to prevent attackers from penetrating.
In this chapter, we have discussed cloud security issues and possible countermeasures. We studied a number of cyber‐defense strategies that can be activated when an attack is detected, some of which can even take effect before the actual attack occurs. We hope this study can help cloud providers and cloud users to understand cloud‐specific security issues and design appropriate countermeasures.