Hassan Takabi1 and Mohammad GhasemiGol2
1Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA
2Department of Computer Engineering, University of Birjand, Birjand, Iran
Cloud computing is the most popular paradigm in the computer world that provides on‐demand computing and storage capabilities to consumers over the Internet. However, these benefits may result in serious security issues such as data breaches, computation breaches, flooding attacks, etc. On the other hand, the whole IT infrastructure is under the control of the cloud provider, and cloud consumers have to trust the security‐protection mechanisms that are offered by service providers. Therefore, security concerns should be considered to improve the assurance of required security for cloud customers.
The key security constructs in the cloud environment are information, identity, and infrastructure. Cloud information flows into the physical infrastructure from many users across different devices and geographies. The objective of information security is to protect information as well as information systems from unauthorized access, use, disclosure, disruption, modification, or destruction (Winkler 2011). In other words, at the heart of any information security system is the requirement to protect the confidentiality, integrity, and availability of data. It is important to thoroughly understand your organization's security policies in order to implement standards in a cloud environment that will form your security framework (Steiner and Khiabani 2012). Data governance concerns commonly arise in the areas of IP protection, regulatory governance, industry compliance requirements, and data mobility. A consistent set of policies is needed for compliance and governance across cloud platforms that IT may not always control. These policies are required for identifying sensitive information; controlling its transmission, storage, and use in the Cloud; and sharing it among users and devices. These policies must be consistently enforced across private and public clouds, and physical infrastructure. Traditionally, IT has used enterprise identity to control user access and entitlement to a variety of on‐premises information and application assets. This principle must be extended to identities at cloud service providers, controlling what information employees can access in which clouds, from which devices, and in which locations.
This chapter provides an introduction to the Cloud and its fundamental security and privacy issues. We start with a background of cloud computing and security issues in Section 1.2. In Section 1.3, we briefly discuss identity security in cloud computing. Cloud information security issues are investigated in Section 1.4. In Section 1.5, we discuss some cloud security standards. Finally, conclusions are drawn in Section 1.6.
The US National Institute of Standards and Technology ( NIST ) defines cloud computing as follows: “Cloud computing is a model for enabling ubiquitous, convenient, on‐demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models (Mell and Grance 2011).”
NIST defines five major actors: cloud consumer, cloud provider, cloud auditor, cloud broker, and cloud carrier (Hogan et al. 2011):
There are three service‐delivery models and four deployment models in the cloud environment. As shown in Figure 1.1, cloud providers offer Infrastructure‐as‐a‐Service ( IaaS ), Platform‐as‐a‐Service ( PaaS ), and Software‐as‐a‐Service (SaaS) as three fundamental services (Hashizume 2013; Mell and Grance 2011):
The four cloud deployment models are briefly described as follows (Mell and Grance 2011):
Several characteristics of cloud computing that are mentioned in the literature are listed next (Hashizume 2013; Kizza and Yang 2014; Mell and Grance 2011):
There are several benefits to adopting cloud computing; however, there are also some significant obstacles to its acceptance. One important issue is security, followed by privacy, standardization, and legal matters. Research in cloud computing security is a new area that is evolving rapidly. Cloud resources are centrally managed, so in theory security should be improved in this type of environment. But security in complex environments is hard to undertake, due to the fact data is stored and processed in unknown places, resources are shared by unrelated users, and other concerns. There are several security challenges that are specific for each delivery model, especially for public cloud adoption. Also, cloud computing inherits security issues from its underlying technologies and presents its own security challenges as well. This makes it even harder to secure the entire system. Most security measures have been developed to mitigate or stop parts of a system, but there is rarely a global security analysis of the complete cloud system (Hashizume 2013).
The following examples illustrate the need for cloud security (Pearson and Yee 2013):
Numerous research studies address cloud computing security from various perspectives. (Juan Ferrer, 2013). Jansen and Grance organize the key security issues in cloud computing in the following categories: trust, architecture, identity management, software isolation, data protection, and availability (Jansen and Grance 2011). Cloud computing confers the highest level of trust to providers due to the level of insider access available to the provider and other users that share the infrastructure, and also due to providers' lack of transparency about their security practices.
Risk analysis is more important in IaaS due to due to the primary sources of vulnerabilities that exist in the hypervisor and virtual infrastructures, such as leaks of sensitive data through the virtual machines (VMs) and lack of intrusion and detection systems in virtual networking infrastructure. On the other hand, multitenancy is identified as the main source of threats for data protection, and it refers to the cloud characteristic of resource sharing. Jansen and Grance propose data encryption and data sanitization as a means to protect sensitive information. Multitenancy refers to the cloud characteristic of resource sharing. Compliance is also identified as a risk, because there is no way for users to track data location. With regard to availability, they present examples of distributed denial of service (DDoS) attacks and both permanent and temporal outages. They also believe that attacks on the cloud infrastructure will be more difficult to defend against and more common in the future.
Jensen et al. provide an overview of technical security issues of cloud computing environments. They consider diverse technology such as Web Services Security (WS‐Security), Transport Layer Security (TLS), XML Signature, browser security, and integrity and binding issues, such as cloud malware‐injection attacks and metadata‐spoofing attacks based on exploiting Web Services Description Language (WSDL) vulnerabilities (Jensen et al. 2009). They also investigate flooding attacks, described as an attacker sending so many requests to the provider that the result is a denial of service in the provider's hardware. It has to be noted in this case that many public cloud providers already consider this possibility in their architectures by establishing a maximum amount of services a user can request simultaneously (e.g. Amazon Web Services (AWS) specifies that a user cannot launch more than 20 VMs at the same time, and Azure limits non‐identified users to 100 operations per user per day). As enterprises move their computing environments with their identities, information, and infrastructure to the Cloud, they must be willing to give up some level of control.
Grobauer et al. investigate the specific vulnerabilities that are applicable in cloud computing and inherent to its essential characteristics including unauthorized access to management interfaces, Internet protocol vulnerabilities, data‐recovery vulnerability, and metering and billing evasion (Grobauer et al. 2011).
Subashini and Kavitha elaborate on the various security issues of cloud computing due to its service‐delivery models (Subashini and Kavitha 2011). Their work contains a very detailed analysis of SaaS; PaaS and IaaS are analyzed with a lower level of detail. On the other hand, cloud security can be analyzed at three levels: identity security, information security, and infrastructure security (Dokras et al. 2009; Tianfield 2012):
End‐to‐end identity management, third‐party authentication services, and federated identity are key elements of cloud security. Identity security preserves the integrity and confidentiality of data and applications while making access readily available to appropriate users. Support for these identity‐management capabilities for both users and infrastructure components is a major requirement for cloud computing, and identity must be managed in ways that build trust. The following are required (Dokras et al. 2009):
SysAdmin, Audit, Network, Security (SANS) defines information security as processes and methodologies that are intended to protect sensitive information or data from unauthorized access, disclosure, modification, or use (https://www.sans.org/information‐security). The form of the protected data or information can be electronic, printed, or other forms (Putri 2011). Information security encompasses security attributes such as the following:
Security in general is related to the important aspects of confidentiality, integrity, and availability; they thus are building blocks to be used in designing secure systems. These important aspects of security apply to the three broad categories of assets that need to be secured: data, software, and hardware resources. The cloud infrastructure presents unique security challenges that need to be considered in detail.
Confidentiality refers to only authorized parties or systems having the ability to access protected data. The threat of data compromise increases in the Cloud, due to the greater number of parties, devices, and applications involved, which leads to an increase in the number of points of access. Delegating data control to the Cloud inversely leads to an increase in the risk of data compromise, because the data becomes accessible to more parties. A number of concerns emerge regarding the issues of multitenancy, data remanence, application security, and privacy. Several aspects of the information system (IS) are shared, including memory, programs, networks, and data. Cloud computing is based on a business model in which resources are shared (i.e. multiple users use the same resource) at the network level, host level, and application level. Although users are isolated at a virtual level, hardware is not separated. With a multitenant architecture, a software application is designed to virtually partition its data and configuration so that each client organization works with a customized virtual application instance.
Multitenancy is similar to multitasking in operating systems. In computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. Multitenancy, like multitasking, presents a number of privacy and confidentiality threats. Object reusability is an important characteristic of cloud infrastructures, but reusable objects must be carefully controlled lest they create a serious vulnerability. Data confidentiality could be breached unintentionally, due to data remanence. Data remanence is the residual representation of data that has been in some way nominally erased or removed. Due to virtual separation of logical drives and lack of hardware separation between multiple users on a single platform, data remanence may lead to the unintentional disclosure of private data. But in addition, a malicious user may claim a large amount of disk space and then scavenge for sensitive data. Data confidentiality in the Cloud is correlated to user authentication. Protecting a user's account from theft is an instance of a larger problem of controlling access to objects, including memory, devices, software, etc. Electronic authentication is the process of establishing confidence in user identities that are electronically presented to an information system. Lack of strong authentication can lead to unauthorized access to users account on a cloud, leading to a breach in privacy.
Software confidentiality is as important as data confidentiality to overall system security. It refers to trusting that specific applications or processes will maintain and handle the user's personal data in a secure manner. In a cloud environment, the user is required to delegate “trust” to applications provided by the organization owning the infrastructure. Software applications interacting with the user's data must be certified not to introduce additional confidentiality and privacy risks. Unauthorized access can become possible through the exploitation of an application vulnerability or lack of strong identification, bringing up issues of data confidentiality and privacy.
In addition, the cloud provider is responsible for providing secure cloud instances, which should ensure users' privacy. Privacy refers to the desire of a person to control the disclosure of personal information. Organizations dealing with personal data are required to obey to a country's legal framework that ensures appropriate privacy and confidentiality protection. The Cloud presents a number of legal challenges regarding privacy issues related to data stored in multiple locations in the Cloud, which additionally increases the risk of confidentiality and privacy breaches. Instead of data being stored on the company's servers, data is stored on the service provider's servers, which could be in Europe, Asia, or anywhere else. This tenet of cloud computing conflicts with various legal requirements, such as European laws that require that an organization know where the personal data in its possession is at all times (Zissis and Lekkas 2012).
A key aspect of information security is integrity. Integrity means that assets can be modified only by authorized parties or in authorized ways and refers to data, software, and hardware. Data integrity refers to protecting data from unauthorized deletion, modification, or fabrication. Managing an entity's admittance and rights to specific enterprise resources ensures that valuable data and services are not abused, misappropriated, or stolen. By preventing unauthorized access, organizations can achieve greater confidence in data and system integrity. Additionally, such mechanisms offer greater visibility into determining who or what may have altered data or system information, potentially affecting their integrity (accountability). Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have to secure resources controlled by the system. Due to the increased number of entities and access points in a cloud environment, authorization is crucial for assuring that only authorized entities can interact with data.
A cloud computing provider is trusted to maintain data integrity and accuracy. The cloud model presents a number of threats, including sophisticated insider attacks on these data attributes. Software integrity refers to protecting software from unauthorized deletion, modification, theft, or fabrication. Deletion, modification, or fabrication can be intentional or unintentional. For instance, a disgruntled employee may intentionally modify a program to fail when certain conditions are met or when a certain time is reached. Cloud computing providers implement a set of software interfaces or application programming interfaces (APIs) that customers use to manage and interact with cloud services. In addition to the previously mentioned threats, the security of cloud services depends heavily on the security of these interfaces, because an unauthorized user gaining control of them could alter, delete, or fabricate user data. In the Cloud, responsibility for the protection of the software's integrity is transferred to the software's owner or administrator. Hardware and network integrity is an additional issue that needs to be addressed by cloud providers, because they are burdened with protecting the underlying hardware from theft, modification, and fabrication (Zissis and Lekkas 2012).
Availability refers to the property of a system being accessible and usable upon demand by an authorized entity. System availability includes a system's ability to carry on operations even when authorities misbehave. The system must be able to continue operations even in the event of a security breach. Availability refers to data, software, and hardware being available to authorized users upon demand. There is a heavy reliance on the ubiquitous network's availability when users can access hardware infrastructure on demand. The network is now burdened with data retrieval and processing. Cloud computing services place a heavy reliance on the resource infrastructure and network availability at all times.
The concept of accountability is present in finance and public governance, and is becoming more integrated into business regulatory programs as well as emerging privacy and data‐protection frameworks globally. Accountability can decrease regulatory complexity in global business environments, which is especially helpful in the European Union (EU) due to the complex matrix of national laws that makes compliance with data‐protection legislation especially difficult. Further, as the scale of data in the Cloud increases, data processing becomes more sophisticated, and cloud supply chains become more complex, the need for a coherent approach that works from the end user throughout the supply chain and that integrates the legal and regulatory dimensions effectively and efficiently becomes even more pressing (Pearson et al. 2012).
Academics and practitioners have different views and interpretations of the accountability concept. For example, accountability in computer science has been referred to as a limited and imprecise requirement that is met via reporting and auditing mechanisms (Cederquist et al. 2005; Doelitzscher 2014); while Yao et al. consider accountability a way of making the system accountable and trustworthy by a combination of mechanisms (Yao et al. 2010). Muppala et al. refer to accountability as the adherence to accepting ownership and responsibility toward all actions in a standardized way, as regulated by an acknowledged organization such as the Organization for Economic Cooperation and Development (OECD), which published privacy guidelines in 1980 (Muppala et al. 2012). And Ko et al. consider accountability as only one component of trust in cloud computing (Ko et al. 2011b, pp. 432 – 444).
In addition, the Centre for Information Policy Leadership identifies accountability “in relation to privacy as the acceptance of responsibility for personal information protection. An accountable organization must have in place appropriate policies and procedures that promote good practices which, taken as a whole, constitute a privacy management program. The outcome is a demonstrable capacity to comply, at a minimum, with applicable privacy laws. Done properly, it should promote trust and confidence on the part of consumers, and thereby enhance competitive and reputational advantages for organizations” (https://www.priv.gc.ca/media/2102/gl_acc_201204_e.pdf; Al‐Rashdi et al. 2015).
Castelluccia et al. believe accountability offers three capabilities (Castelluccia et al. 2011):
Accountability is often confused with fault tolerance or responsibility. Fault tolerance is defined as the ability of a system to respond gracefully to an unexpected hardware or software failure. What makes accountability different from fault tolerance is that it does not attempt to mask faults, but it provides evidence and may detect arbitrary faults (Kamel 2010).
Customers of an accountable cloud can check whether the cloud is performing as agreed. If a problem occurs, the customer and the provider can use the evidence to decide who is responsible; and, if a dispute arises, they can present the evidence to a third party, such as an arbitrator or a judge. However, existing accountability techniques fall short of the requirements for cloud computing in several ways. Since clouds are general‐purpose platforms, the provider should be able to offer accountability for any service customers may choose to run; this rules out application‐specific techniques like Certified Accountable Tamper‐evident Storage (CATS) and Repeat and Compare (Michalakis et al. 2007; Yumerefendi and Chase 2007). On the other hand, an application‐independent technique such as PeerReview (Haeberlen et al. 2007) requires software modifications and assumes that the behavior of the software is deterministic, neither of which seems realistic in a cloud computing scenario. Finally, even if these limitations are overcome, these techniques can only detect violations of a single property (correctness of execution); they were not designed to check other properties of interest in the Cloud, such as conformance to SLAs, protection of confidential data, data durability, service availability, and so on (Haeberlen 2010).
Nonrepudiation means ensuring that a traceable legal record is kept and is not changed by a malicious entity. A loss of nonrepudiation would result in the questioning of a transaction that occurred. A simple example of nonrepudiation is signing a contract. The signer cannot claim they did not agree to a contract, because there is evidence that they did agree. The difference is that a signature can be forged, but good encryption cannot.
Repudiating interactions (mainly during transmission of data or on storage) is often counteracted by preventing authorized access in the first place. Techniques are therefore often used to address access‐control requirements and are classified as such. Among others, they include the exchange of public keys (PKI), certificates, or (proxy) signatures. The SaaS Application Security model for Decentralized Information Flow Control (DIFC, or SAS‐DIFC) as proposed in (Tingting and Yong 2013), aims to guarantee information security in SaaS applications. Trusted code in this approach controls the dissemination of private data, so that the right user at the right location will receive what belongs to them. It also offers monitoring mechanisms for user‐aware monitoring. Denying another user access to private data that is currently being accessed or transmitted is an issue of guaranteeing integrity and privacy, which research papers connect to nonrepudiation in their proposals of solutions (Höner 2013). Kumar and Subramanian say that a homomorphic distribution verification protocol (classified under “Integrity”) enforces nonrepudiation implicitly (Kumar and Subramanian 2011).
The key considerations identified in this section for protecting information in cloud deployments are as follows:
In this section, Amazon AWS, Force.com, Google App Engine, GoGrid, Rackspace, and Microsoft Azure are compared regarding information security concerns (Mietto and Vitorino 2010):
Although some security requirements may be unique to the cloud implementation, it is important that requirements for cloud security are consistent with appropriate standards, such as International Organization for Standardization (ISO) 27001 and ISO 27002, if you are to leverage a large body of practical experience, best practices, and reviews. Further, all aspects of security should be captured in a cloud security policy, which is best developed as a formal document that has the complete approval and blessing of management. A security policy should be seen as the foundation from which all security requirements derive. It should not detail technical or architectural approaches (as these may change more frequently than the policy); rather, the policy should set forth the underlying requirements from an organizational or business standpoint. For instance, the security policy should explain the need for using standards‐based encryption via a formally evaluated commercial product, rather than spelling out the use of Transport Layer Security, Secure Sockets Layer, or another specific means of communication security (Winkler 2011).
The security standards and regulatory organizations that have the most direct effect on cloud computing security are PCI DSS, FISMA, and HIPAA (Kajiyama 2013):
We investigated the Cloud and its fundamental security and privacy issues to improve the assurance of required security for cloud customers. Cloud security principles encompass three categories: identity, information, and infrastructure. Identity security maintains the confidentiality and integrity of data and applications while allowing appropriate users to readily access services. Information security includes security attributes such as confidentiality, integrity, availability, accountability, and nonrepudiation that are used in designing secure systems. In this chapter, we discussed identity security requirements and information security attributes. We also compared some clouds with regard to information security concerns. Finally, we introduced some of the security standards and regulatory organizations that are suitable for cloud computing security.