Proposal Of Security Schemes For Protecting Services In Cloud Computing

Proposal Of Security Schemes For Protecting Services In Cloud Computing

PROPOSAL OF SECURITY SCHEMES FOR PROTECTING SERVICES IN CLOUD COMPUTING

Ruchi Bhatnagar

Department of Information Technology,

IIMT Engineering College, Meerut, G.B.T.U., Lucknow, India.

Eve r since the term cloud computing was coined a few years back, there are nu merous reasons that adopted by businesses and offer abstracted Internet services. Due to varied degree of security features and management schemes within the cloud entities security in the cloud is challenging. Security issues ranging fro m system misconfiguration, lack of proper updates, or unwise user behavior fro m re mote data storage that can expose users private data and informat ion to unwanted access can plague a Cloud Co mputing. The intent of this paper is to investigate the security related issues and challenges in Cloud computing environment. We also proposed a security scheme for p rotecting services keeping in v iew the issues and challenges faced by cloud computing.

Keywords Cloud Computing, Data Protection, Security, Application Program Interface, Average Revenue Per user.

1. Intro ductio n

   Security aspects of cloud computing are gaining interests of researchers as there are still nu merous unresolved issues which needed to be addressed before large scale e xplo itation take place. Cloud computing is not something that suddenly appeared overnight; in some form it may trace back to a time when co mputer systems remotely time -shared computing resources and applications. More currently though, cloud computing refers to the many different types of services and applications being delivered in the internet c loud, and the fact that, in many cases, the devices used to access these services and applications do not require any special applications [2]. The basic idea of Cloud computing is that it describes a new supplement, consumption, and delivery model for IT services based on Internet protocols, and it typically involves provisioning of dynamically scalable and often

   virtualized resources. The attractive feature of Cloud computing is that it has made access to computing resources a lot easier, but with that convenience has come a whole ne w universe of threats and vulnerabilit ies. In this paper, we e xp lore the security issues and challenges for ne xt generation CC and d iscuss the crucial para meters that require e xtensive investigations.

   Basically the ma jor challenge for e mp loying any efficient security scheme in CC is created by taking some of the important characteristics into considerations such as Shared Infrastructure, Dynamic Provisioning, Network Access and Managed Metering. To address the critica l security issues in CC we ta lk about basics issues in section II. We e xp lore challenges of security schemes in CC in section III. Section IV brief the propose security scheme for CC. finally section V concludes the paper delineating the research challenges and future trends towards the research in Cloud Co mputing.

2. Security Issues for Clouds

   There are nu merous security issues for c loud computing as it encompasses many technologies including networks, databases, operating systems, virtualizat ion, resource scheduling, transaction manage ment, load balanc ing, concurrency control and me mo ry manage ment (e.g. [6], [10]). Therefore, security issues for many of these systems and technologies are applicable to c loud computing. So me of the issues related to the security of Cloud computing are :

   1. Network Consideration

      Cloud computing is a technique of resource sharing where servers and storage in mu ltiple locations are connected by networks to create a pool of resources. When applications are run, resources are allocated fro m this pool and connected to the user as needed. The missions of connecting the resources (servers and storage) into a resource pool and then connecting users to the correct resources create the network's mission in cloud computing. For many c loud co mputing

      applications, network performance will be the key to cloud computing performance.

   2. Virtualization Paradigm

      In order to process a user request in CC environmen t, a service provider can draw the necessary resources on – demand, perform a specific job and then relinquish the unneeded resources and often dispose them after the job is done. Contrary to trad itional co mputing paradig ms, in a cloud computing environ ment, data and the application is controlled by the service provider. Th is leads to a natural concern about data safety and also its protection fro m internal as well as e xternal threats. Usually, in a cloud computing paradig m, data storage and computation are performed in a single datacenter that may led to the development of various security related failure.

   3. Mapping machines

      Cloud computing offers a means to decouple the application activities fro m the physical resources required. This has enabled consolidatio n of mult iple applications onto a lesser number of physical servers resulting in an increase in server utilizat ion. Such decoupling of resources is facilitated by the concept of a

      virtual machine which encapsulates an application with a specific set of functionalit ies. Physical resources are made available to the virtual machine by a guest operating system running on each physical machine. The virtual machine runs over this guest operating system which also provides facilities for c reation, destruction and migration of v irtual machines. The different security parameters a re required to fac ilitate these functions in cloud computing.

   4. Secure Data Management

      As data is an important tool of CC the some aspects of the secure cloud, namely aspects of the cloud st orage and data layers. In particular the security issues ranging fro m ways of efficiently store the data in foreign mach ines to querying encrypted data, as much of the data on the cloud may be encrypted is a critical

      challenge for imp le menting security schemes in Cloud Co mputing [8].

   5. Resource Allocation

      With the cloud model, we lose control over physical security. In a public cloud, we are sharing computing resources with other co mpanies. In a shared pool outside the enterprise, we don't have any knowledge or control of where the resources run. Exposing our data in an environment shared with other companies could g ive the government "reasonable cause" to seize your assets because another company has violated the law. Simply because we share the environment in the cloud, may put your data at risk of seizure . Storage services provided by one cloud vendor may be incompatible with another vendor's services should decide to move fro m one to the other. Thus to secure the resources in a c loud de mand highly encrypted schemes.

   6. Memory Management

   Memory management in a CC is the act of managing me mo ry involv ing ways to allocate portions of me mory programs at their request, and free ing it for use when no longer needed. Some o f the security related issues in managing me mo ry are re location, protection, sharing and logical and physical organization.

3. Challenges of Security Schemes

   Cloud Co mputing rep resents one of the most significant shifts in informat ion technology many of us are like ly to see in our lifetimes. Basically the ma jor challenge for e mp loying any effic ient security scheme in CC is created by the tasks expected from the clouds. Security schemes look like a defense tool which evey organization needs. However there are some challenges the organizations face while deploying a security system in Cloud co mputing. So me of them are :

   1. Abuse and Nefarious Use of Cloud Computing

      Providers offer their customers the illusion of unlimited computer, network, and storage capacity often coupled with a friction less registration process where anyone with a valid credit card can register and immed iately begin using cloud services. So me providers even offer free limited tria l periods. By abusing the relative anonymity behind these registration and usage models, spammers, ma licious code authors, and other criminals have been able to conduct their activities with relative impunity.

   2. Insecure Interfaces and APIs

      Cloud computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are a ll performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs. Fro m authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and ma licious attempts to circumvent policy. Furthermo re, organizations and third parties often build upon these interfaces to offer value-added services to their customers. This introduces the comple xity of the new layered API; it a lso increases risk, as organizations may be required to re linquish their credentials to th ird part ies in order to enable their agency.

   3. Malicious Insiders

      Another important challenge regarding imple menting security schemes is the threat of a ma licious insider. This threat is a mp lified for consumers of cloud services by the convergence of IT services and customers under a single management doma in, combined with a general lack of t ransparency into provider process and procedure. For e xa mp le, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these emp loyees, or how it ana lyzes and reports on policy

      compliance (e.g. [7], [1]). To comp licate matters, there is often little or no visib ility into the hiring standards and practices for cloud e mployees. This kind of situation clearly creates an attractive opportunity for an adversary

      ranging fro m the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the c loud services with little or no risk of detection.

   4. Shared Technology Issues

      Vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a mu lti-tenant architecture. To address this gap, a virtualization hypervisor med iates access between guest operating systems and the physical co mpute resources. Still, even hypervisors have exh ibited fla ws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform. A defense in depth strategy is recommended, and should include co mpute, storage, and network security en force ment and monitoring. Strong compart mentalization should be e mployed to ensure that individual customers do not impact the operations of other tenants running on the same cloud provider. Customers should not have access to any other tenants actual or residual data, network tra ffic, etc.

   5. Data Loss or Leakage

      There are many ways to compro mise data. De letion or alteration of records without a backup of the original content is an obvious exa mp le [9]. Unlinking a record fro m a la rger context may render it unrecoverable, as can storage on unreliable med ia. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented from gain ing access to sensitive data. The threat of data co mpro mise

      increases in the cloud, due to the nu mber of and interactions between risks and challenges which are either unique to cloud, or mo re dangerous because of the architectural or operational characteristics of the cloud environment.

4. Proposed Security Framewo rk

   In the recent years, CC security has been able to attract the attentions of a no. of researchers around the world [4]. In this section we proposed a security scheme taking regarding issues and challenges keeping in mind. Our aim is to design and develop a security proposal that would be accurate, secure data in shared pool, secure for unexpected intrusions, adaptive and be of real time. The proposed secure model provides the security of cloud services by the following ways:

   1. Secure Cloud service

      The cloud service providers with the highest ma rgins, highest ARPU, lowest operating costs, and lowest churn will have a significant competit ive advantage in the long run. To achieve this advantage, they will need a comprehensive cloud service delivery platform and the cost of developing such a platform with security parameter is a factor they will need to take into accou nt. Not all cloud service providers are the same. While some are giants with mu lt iple data centers worldwide, some, in particu lar niche service providers. That is not all bad co mputing still is their business, which means they invest all their operating and capita l budgets in IT operations. And even the largest providers are not immune to security proble ms as the hacking of the Sony network and the ma jor crash of A ma zon's infrastructure- as-a-service installation de monstrated. The security of service provider managed by:

      • Check out its security staff.

      • Ask where its data centers are, how many it has, and what its security parameters and proposals are.

      • Separating the co mpany data fro m company operations has many security advantages.

      • Stricter in itia l registration and validation processes for customers.

      • To enhanced credit card fraud monitoring and coordination.

      • Co mprehensive introspection of customer network tra ffic.

      • Monitoring public blacklists for ones

        own network b locks.

   2. Secure Web Platform

      Cloud platform s ervices deliver a co mputing platform and solution stack as a service often consuming cloud applications [5]. It fac ilitates deployment of applications without the cost and comp le xity of buying and managing the underlying hardware and software layers. The security of the web platform is to securing all content and data traffic – including e mail, web and identity traffic – mov ing between an organizat ion and the Cloud. So me schemes that protect the data and its travels within or outside the organization to the Cloud are:

      • Analyze the security model of c loud provider interfaces.

      • Ensure strong authentication and access controls in concert with encrypted transmission.

      • Understand the dependency chain associated with the API.

   3. Secure Cloud Infrastructure

      Cloud infrastructure is a platform which holds the development environments and within it one would find managed hosting environment where various applications are built. To secure this Using a secure password manage ment service that protects user ID and password data and can flag users that repeat passwords across various systems. For secure cloud infrastructure we have used:

      • LDAP controls and administering credentials that keep access information fro m be ing scattered around.

      • Running scripts to remove access when emp loyees leave the organization are a lso proposed for identity management security.

      • Determine security breach notification rocesses.

      • Monitor environment for unauthorized changes/activity.

      • Pro mote strong authentication and access control for ad ministrative access and operations [3].

      • Conduct vulnerability scanning and configuration audits.

   4. Secure Cloud Data Pool

      • When enterprises adopt cloud computing and deploy databases in virtual environments, they run the risk of e xposing highly-sensitive data to a broad base of internal and e xte rnal attacks [3]. Here , we enlist strategies to help enterprises protect their data when imple menting a database security strategy in c loud or virtualized environments.

      • Multi-tenancy: To be used for single

        backup system to protect mu ltip le business units or customers and to allocate resources to them dyna mica lly on-de mand. There fore, every storage pool needs to be kept secure and fully independent fro m the others.

      • Chargeback systems : For data protection

        resources allocated by end-user needs, storage providers need to track this usage by a wide range of criteria fo r both charge- back and billing purposes and for infrastructure optimization purposes.

      • Robust Reporting: CC environ ment need an

        accurate way to forecast their capacity and processing needs for budgeting purposes. It also needs to analyze usage to optimize

        available system resources for better efficiencies. Thus detailed reporting and analytics not only helps in managing the current environment but also enables trending and modeling for p lanning future investments.

      • Quality of Service delivery : Storage pooling enables CC environ ment to set replicat ion priorities for each pool so that the most mission critica l data is replicated before less important data. This QoS orientation can be set to specific backup policies with different retention periods for a particular storage pool.

      • Storage Tiering: Storage tie ring is the mechanis m to allocate disk drives to a storage pool according to the capacity or performance require ments for a specific set of data under protection.

      • Global De duplication: De duplication is a critica l part of an effective data protection environment. It is not only necessary for cost-effective optimizat ion of the overall storage capacity but also provides a cost effective WAN imple mentation for replicat ion and movement of data to a re mote location for disaster recovery.

5. Conclusion

   A proposed secure model has to ensure security of each service by applying the various security schemes on each cloud architectural co mponent. While most of the risk against security in Cloud computing are caused by the involvement of computing in d ifferent plate forms. For defending the threats, developing the secure system that will be efficient is a great research challenge. Again, ensuring each component secure is a ma jor research issue. Many of todays security schemes based on specific co mponent mode but there is a lac k of combined effort to take a common model to ensure security of each architectural component, in future

   though the security mechanism beco me we ll- established for each individual co mponent, combin ing all the mechanism together for ma king them work in co llaboration with each other will incur a hard research challenge.

6. References

1. P.F. da Silva and C.B. Westphall, Improvements in the M odel for Interoperability of Intrusion Detection Responses Compatible with the IDWG M odel, Intl J. Network M anagement, vol. 17, no. 4, 2007, pp. 287294.

2. Amazon.com, Amazon Web Services (AWS), Online at http://aws. amazon.com, 2008.

3. [Erickson08]Jonothan Erickson, "Best Practices for Protecting Data in the Cloud", 2008 http://www.ddj.com/security/210602698

4. Amazon S3 Team, Best Practices for using Amazon S3,

   http://developer.amazonwebservices.com/connect/en try.jspa?externalID=1904, 2008-11-26

5. K. D. Bowers, A. Juels, and A. Oprea, HAIL: A High-Availability and Integrity Layer for Cloud Storage, Cryptology ePrint Archive, Report 2008/489, 2008, http://eprint.iacr.org/.

6. http://www.securityweek.com/addressing- cloud- security-concerns-key-issues-and-recommendations.

7. D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli,

   S. Soman,L. Youseff, and D. Zagorodnov, The Eucalyptus opensource cloud-computing system, in Proceedings of the 9thIEEE/ACM International Symposium on Cluster Computingand the Grid (CCGRID 09), M ay 2009, pp. 124131.

8. Q. Wang, K. Ren, W. Lou, and Y. Zhang,

   Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance, Proc. of IEEE INFOCOM, 2009.

9. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, in CCS 09: Proceedings of the 16th ACM conference on Computer and communications security. New York, NY, USA: ACM , 2009, pp. 199212.

10. K .hamlin, M . Kantarcioglu, L. Khan and B. Thuraisingham " Security Issues for Cloud

Computing" Journal of Information Security and Privacy,vol. 4, no. 2, pp. 3951, April-June 2010.