SlideShare a Scribd company logo

Cloud security

Cloud computing security

1 of 68
Download to read offline
ISSR
Cloud Computing Security
A project submitted in partial fulfillment of the
requirements for the degree of Pre-Master of
Information System
Project team:
Rania Ele Sawy Abd El Rahim
Mohamed Talaat Rashed Shalash
Maged Mohamed Farid Elwakil
Under supervision:
Dr. Ashraf Abd Elhady
Cairo 2012
Document Version History
Ver. No. Ver. Date Prepared By Reviewed By Description
1.0.0 12-4-2012
Mohamed Shalash
Rania Ele Sawy
Maged Elwakil
Initial Document
1.0.1 2-5-2012
Rania Ele Sawy
Mohamed Shalash
Maged Elwakil
Dr.Ashraf
AbdElhady
1.0.2
17-5-2012
Maged Elwakil Security models.
1.1.0 29-5-2012
Rania Ele Sawy
Mohamed Shalash
Maged Elwakil
Introduction,
Security models,
Cloud Security Definitions
Security Threats.
1.1.1 1-6-2012
Rania Ele Sawy
Mohamed Shalash
Security models
Security threats
1.1.2 4-6-2012
Rania Ele Sawy
Mohamed Shalash
Maged Elwakil
Ashraf Abd
Elhady
Page 2
Acknowledgement
On the behalf of the Institute of Statistical Studies and
Research, Cairo University, and on our own behalf, we would
like to express our profound thanks and great attitude to all
those respectable Professors in capacity of Dr. ASHRAF ABD
ELHADY who guided us through the preparation of this
research.
We would also appreciate the 2ND
Republic and its
spirit which inspired the Egyptians to move towards the
modernization, the establishment and the democracy of New
EGYPT.
Page 3
Abstract
Cloud computing has recently emerged as a new paradigm for
hosting and delivering services over the Internet. It is attractive to
business owners as it eliminates the requirement for users to plan
ahead for provisioning, and allows enterprises to start from the small
and increase resources only when there is a rise in service demand.
Cloud computing is becoming more and more popular today and is
ever increasing in popularity with large companies as they share
valuable resources in a cost effective way. Due to this increasing
demand for more clouds there is an ever growing threat of security
becoming a major issue. This research shall look at ways in which
security threats can be a danger to cloud computing and how they
can be avoided.
Page 4
Table of Contents
1.1 Introduction:.............................................................................................................8
1.2 History of Cloud Computing..................................................................................16
1.3 Glossary & Key terms............................................................................................18
1.4 Cloud Computing Goals and Objectives ...............................................................19
2.1 Background............................................................................................................21
2.2 Cloud Security Considerations...............................................................................21
Remote attestation: ...........................................................................................................21
2.3 Security Threats.....................................................................................................22
High risk in cloud security...................................................................................................22
2.4 Malware..................................................................................................................23
Viruses 23
Worms 24
Trojan horse 24
2.5 Web application and data security risk..................................................................24
Injection 24
Security misconfiguration...................................................................................................25
Insecure cryptographic storage..........................................................................................25
2.6 Threat mitigation....................................................................................................26
Symmetric cryptography.....................................................................................................26
Asymmetric Cryptography..................................................................................................26
Network intrusion detection system..................................................................................27
3.1 Governance............................................................................................................29
3.2 Compliance............................................................................................................30
3.3 Trust.......................................................................................................................31
3.4 Architecture............................................................................................................33
3.5 Identity and Access Management..........................................................................36
3.6 Software Isolation..................................................................................................37
Model 1:.......................................................................................................................46
Private Virtual Infrastructure model (PVI)..................................................................46
Model 2:.......................................................................................................................49
Cloud computing data security with the analysis of HDFS architecture.....................49
Model 3:.......................................................................................................................56
Towards Achieving Accountability, Auditability and Trust in Cloud Computing......56
Model 4:.......................................................................................................................63
Towards Trusted Cloud computing model...................................................................63
Trusted Cloud Computing platform (TCCP)...............................................................63
References....................................................................................................................68
Page 5
Chapter one
Page 6

Recommended

More Related Content

What's hot

Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Brian K. Dickard
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 

What's hot (20)

Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Cloud security
Cloud securityCloud security
Cloud security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Viewers also liked

Cloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionCloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionVamshi Chowdary
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud computing understanding security risk and management
Cloud computing   understanding security risk and managementCloud computing   understanding security risk and management
Cloud computing understanding security risk and managementShamsundar Machale (CISSP, CEH)
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...
FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...
FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...TeraNowa
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsRam G Athreya
 
Security analysis of selected stocks with referance to information technology...
Security analysis of selected stocks with referance to information technology...Security analysis of selected stocks with referance to information technology...
Security analysis of selected stocks with referance to information technology...Riya Jaju
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierTriNimbus
 

Viewers also liked (13)

Cloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionCloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full Documentaion
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud computing understanding security risk and management
Cloud computing   understanding security risk and managementCloud computing   understanding security risk and management
Cloud computing understanding security risk and management
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...
FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...
FOR THE PURPOSES OF THIS PROJECT, IMAGINE YOU ARE AN INFORMATION SECURITY (IN...
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applications
 
Security analysis of selected stocks with referance to information technology...
Security analysis of selected stocks with referance to information technology...Security analysis of selected stocks with referance to information technology...
Security analysis of selected stocks with referance to information technology...
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
 

Similar to Cloud security

Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?IRJET Journal
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...IIJSRJournal
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGDATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloudpriyanka reddy
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Fog computing document
Fog computing documentFog computing document
Fog computing documentsravya raju
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Editor IJARCET
 

Similar to Cloud security (20)

Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
How secured and safe is Cloud?
How secured and safe is Cloud?How secured and safe is Cloud?
How secured and safe is Cloud?
 
B018211016
B018211016B018211016
B018211016
 
Cloud security
Cloud securityCloud security
Cloud security
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing  by rahul abhishekSecurity Issues in Cloud Computing  by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGDATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
 
Fog doc
Fog doc Fog doc
Fog doc
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Eb31854857
Eb31854857Eb31854857
Eb31854857
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409
 

Recently uploaded

killingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfkillingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfssuser82c38d
 
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)GDSCNiT
 
AI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriAI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriISPMAIndia
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
killing camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfkilling camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfssuser82c38d
 
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ..."Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...ISPMAIndia
 
The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!ISPMAIndia
 
Self scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloadsSelf scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloadsBram Vogelaar
 
maximum subarray ppt for killing camp students
maximum subarray ppt for killing camp studentsmaximum subarray ppt for killing camp students
maximum subarray ppt for killing camp studentsssuser82c38d
 
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdfAUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdfAutokey
 
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...emili denli
 
Essence of Requirements Engineering: Pragmatic Insights for 2024
Essence of Requirements Engineering: Pragmatic Insights for 2024Essence of Requirements Engineering: Pragmatic Insights for 2024
Essence of Requirements Engineering: Pragmatic Insights for 2024Asher Sterkin
 
P1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 SmartsheetP1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 SmartsheetMatthewTHawley
 
Sql server types of joins with example.pptx
Sql server types of joins with example.pptxSql server types of joins with example.pptx
Sql server types of joins with example.pptxsameer gaikwad
 
Software Testing life cycle (STLC) Importance, Phases, Benefits...
Software Testing life cycle (STLC) Importance, Phases, Benefits...Software Testing life cycle (STLC) Importance, Phases, Benefits...
Software Testing life cycle (STLC) Importance, Phases, Benefits...Flexsin
 
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTSi-engage
 
SPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product ManagementSPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product ManagementISPMAIndia
 
DBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and FlinkDBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and FlinkTimothy Spann
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!Anthony Dahanne
 

Recently uploaded (20)

killingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfkillingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdf
 
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
 
AI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriAI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit Bendigiri
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
killing camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfkilling camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdf
 
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ..."Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
 
The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!
 
Self scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloadsSelf scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloads
 
maximum subarray ppt for killing camp students
maximum subarray ppt for killing camp studentsmaximum subarray ppt for killing camp students
maximum subarray ppt for killing camp students
 
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdfAUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
 
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
 
Essence of Requirements Engineering: Pragmatic Insights for 2024
Essence of Requirements Engineering: Pragmatic Insights for 2024Essence of Requirements Engineering: Pragmatic Insights for 2024
Essence of Requirements Engineering: Pragmatic Insights for 2024
 
P1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 SmartsheetP1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 Smartsheet
 
Sql server types of joins with example.pptx
Sql server types of joins with example.pptxSql server types of joins with example.pptx
Sql server types of joins with example.pptx
 
Software Testing life cycle (STLC) Importance, Phases, Benefits...
Software Testing life cycle (STLC) Importance, Phases, Benefits...Software Testing life cycle (STLC) Importance, Phases, Benefits...
Software Testing life cycle (STLC) Importance, Phases, Benefits...
 
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
 
SPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product ManagementSPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product Management
 
DBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and FlinkDBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and Flink
 
eLearning Content Development Company Code and Pixels.pdf
eLearning Content Development Company Code and Pixels.pdfeLearning Content Development Company Code and Pixels.pdf
eLearning Content Development Company Code and Pixels.pdf
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
 

Cloud security

  • 1. ISSR Cloud Computing Security A project submitted in partial fulfillment of the requirements for the degree of Pre-Master of Information System Project team: Rania Ele Sawy Abd El Rahim Mohamed Talaat Rashed Shalash Maged Mohamed Farid Elwakil Under supervision: Dr. Ashraf Abd Elhady Cairo 2012
  • 2. Document Version History Ver. No. Ver. Date Prepared By Reviewed By Description 1.0.0 12-4-2012 Mohamed Shalash Rania Ele Sawy Maged Elwakil Initial Document 1.0.1 2-5-2012 Rania Ele Sawy Mohamed Shalash Maged Elwakil Dr.Ashraf AbdElhady 1.0.2 17-5-2012 Maged Elwakil Security models. 1.1.0 29-5-2012 Rania Ele Sawy Mohamed Shalash Maged Elwakil Introduction, Security models, Cloud Security Definitions Security Threats. 1.1.1 1-6-2012 Rania Ele Sawy Mohamed Shalash Security models Security threats 1.1.2 4-6-2012 Rania Ele Sawy Mohamed Shalash Maged Elwakil Ashraf Abd Elhady Page 2
  • 3. Acknowledgement On the behalf of the Institute of Statistical Studies and Research, Cairo University, and on our own behalf, we would like to express our profound thanks and great attitude to all those respectable Professors in capacity of Dr. ASHRAF ABD ELHADY who guided us through the preparation of this research. We would also appreciate the 2ND Republic and its spirit which inspired the Egyptians to move towards the modernization, the establishment and the democracy of New EGYPT. Page 3
  • 4. Abstract Cloud computing has recently emerged as a new paradigm for hosting and delivering services over the Internet. It is attractive to business owners as it eliminates the requirement for users to plan ahead for provisioning, and allows enterprises to start from the small and increase resources only when there is a rise in service demand. Cloud computing is becoming more and more popular today and is ever increasing in popularity with large companies as they share valuable resources in a cost effective way. Due to this increasing demand for more clouds there is an ever growing threat of security becoming a major issue. This research shall look at ways in which security threats can be a danger to cloud computing and how they can be avoided. Page 4
  • 5. Table of Contents 1.1 Introduction:.............................................................................................................8 1.2 History of Cloud Computing..................................................................................16 1.3 Glossary & Key terms............................................................................................18 1.4 Cloud Computing Goals and Objectives ...............................................................19 2.1 Background............................................................................................................21 2.2 Cloud Security Considerations...............................................................................21 Remote attestation: ...........................................................................................................21 2.3 Security Threats.....................................................................................................22 High risk in cloud security...................................................................................................22 2.4 Malware..................................................................................................................23 Viruses 23 Worms 24 Trojan horse 24 2.5 Web application and data security risk..................................................................24 Injection 24 Security misconfiguration...................................................................................................25 Insecure cryptographic storage..........................................................................................25 2.6 Threat mitigation....................................................................................................26 Symmetric cryptography.....................................................................................................26 Asymmetric Cryptography..................................................................................................26 Network intrusion detection system..................................................................................27 3.1 Governance............................................................................................................29 3.2 Compliance............................................................................................................30 3.3 Trust.......................................................................................................................31 3.4 Architecture............................................................................................................33 3.5 Identity and Access Management..........................................................................36 3.6 Software Isolation..................................................................................................37 Model 1:.......................................................................................................................46 Private Virtual Infrastructure model (PVI)..................................................................46 Model 2:.......................................................................................................................49 Cloud computing data security with the analysis of HDFS architecture.....................49 Model 3:.......................................................................................................................56 Towards Achieving Accountability, Auditability and Trust in Cloud Computing......56 Model 4:.......................................................................................................................63 Towards Trusted Cloud computing model...................................................................63 Trusted Cloud Computing platform (TCCP)...............................................................63 References....................................................................................................................68 Page 5
  • 8. 1.1 Introduction: Companies in the past were required to invest heavily in technology upfront, makes it difficult for small and new companies to have the equipment needed to attain their business goals. Through services like cloud computing, that upfront cost is largely offset, since companies lease what they need from month to month. As the need grows the amount leased grow. Therefore it is possible to customize computing costs at all points in time. Trend is now more and more to buy IT as a service instead of owning the devices and applications and having dedicated support groups. The cloud computing are collection of technologies and practices enabling computing to be delivered across multiple computers and capacity is available as needed and billed according to actual usage. It is so massive that it affects not only business models, but also the underlying architecture of how we develop, deploy, run, secure and deliver applications. Cloud computing is a technology that uses the internet and central remote servers to maintain data and applications. Cloud computing allows consumers and businesses to use applications without installation, access their personal files at any computer with internet access. The cloud computing security is one of the biggest issues in the IT industry nowadays. Is the cloud provider has the ability to manage potentially millions of customers? And this presents a massive challenge in security issues. This depicts that many people are worried about the cloud providers will not be able to cope with the large scale and the infrastructure will not be able to scale properly with large amounts of information and data security. Privacy is important for organizations, especially when individual’s personal information or sensitive information is being stored but it is not yet completely understood whether the cloud computing infrastructure will be able to support the storing of sensitive information without making organizations liable from breaking privacy regulations. Many believe that cloud authorization systems are not robust enough with as little as a password and username to gain access to the system, in many clouds, usernames can be very similar, degrading the authorizations measures further. If there is private or sensitive information being stored on a cloud then there is a high chance that someone could tamper the information. The customers will use the cloud computing and store there information on it, if and only if the cloud providers are trusted. Page 8
  • 9. (Layered architecture of Cloud Computing) Three well-known and frequently-used service models are the following: • Software-as-a-Service. (SaaS) is a model of software deployment whereby one or more applications and the computational resources to run them are provided for use on demand as a turnkey service. Its main purpose is to reduce the total cost of hardware and software development, maintenance, and operations. Security provisions are carried out mainly by the cloud provider. The cloud subscriber does not manage or control the underlying cloud infrastructure or individual applications, except for preference selections and limited administrative application settings. • Platform-as-a-Service. (PaaS) is a model of software deployment whereby the computing platform is provided as an on-demand service upon which applications can be developed and deployed. Its main purpose is to reduce the cost and complexity of buying, housing, and managing the underlying hardware and software components of the platform, including any needed program and database development tools. The development environment is typically special purpose, determined by the cloud provider and tailored to the design and architecture of its platform. The cloud subscriber has control over applications and application environment settings of the platform. Security provisions are split between the cloud provider and the cloud subscriber. • Infrastructure-as-a-Service. (IaaS) is a model of software deployment whereby the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand service upon which a platform to develop and execute applications can be established. Its main purpose is to avoid purchasing, housing, and managing the basic hardware and software infrastructure components, and instead obtains those resources as virtualized objects controllable via a service interface. The cloud subscriber generally has a broad freedom to choose the operating system and development environment to be hosted. Page 9
  • 10. Security provisions beyond the basic infrastructure are carried out mainly by the cloud subscriber. Figure 1 Showing layers of the cloud delivery model The PaaS provides Integrated Development Environment. (IDE) includes data security, backup and recovery, application hosting, and scalable architecture. Figure 2 the Concept of Platform as a Service Page 10
  • 11. Cloud Models There are three main types of cloud deployment models - public, private and hybrid clouds. Figure3 Public, Private, and Hybrid cloud deployment model Public Clouds Public clouds are the most common type of cloud. This is where multiple customers can access web applications and services over the internet. Each individual customer has their own resources which are dynamically provisioned by a third party vendor. This third party vendor hosts the cloud for multiple customers from multiple data centers (see Figure 4.a), manages all the security and provides the hardware and infrastructure for the cloud to operate. The customer has no control or insight into how the cloud is managed or what infrastructure is available. Figure 4. a. Public cloud deployment model Page 11
  • 12. Private Clouds Emulate the concept of cloud computing on a private network. They allow users to have the benefits of cloud computing without some of the pitfalls. Private clouds grant complete control over how data is managed and what security measures are in place. This can lead to users having more confidence and control. The major issue with this deployment model is that the users have large expenditures as they have to buy the infrastructure to run the cloud and also have to manage the cloud themselves. Hybrid Clouds Incorporate both public and private clouds (see Figure 4.b) within the same network. It allows the organizations to benefit from both deployment models. For example, an organization could hold sensitive information on their private cloud and use the public cloud for handling large traffic and demanding situations. Figure 4.b. Hybrid cloud deployment model Comparing Cloud Deployment Models Public cloud computing is one of several deployment models that have been defined. A public cloud is one in which the infrastructure and other computational resources that it comprises are made available to the general public over the Internet. It is owned by a cloud provider selling cloud services and, by definition, is external to an organization. At the other end of the spectrum are private clouds. A private cloud is one in which the computing environment is operated exclusively for an organization. It may be managed either by the organization or a third party, and may be hosted within the organization’s data center or outside of it. A private Page 12
  • 13. cloud gives the organization greater control over the infrastructure and computational resources than does a public cloud. Two other deployment models that fall between public and private clouds are community clouds and hybrid clouds. A community cloud is somewhat similar to a private cloud, but the infrastructure and computational resources are shared by several organizations that have common privacy, security, and regulatory considerations, rather than for the exclusive use of a single organization. A hybrid cloud is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables interoperability. Just as the different deployment models affect an organization’s scope and control over the computational environment of a cloud, so too does the service model supported by the cloud affect them. Figure 5 illustrates the differences in scope and control between the cloud subscriber and cloud provider, for each of the service models discussed above. Five conceptual layers of a generalized cloud environment are identified in the center diagram and apply to public clouds, as well as each of the other deployment models. The arrows at the left and right of the diagram denote the approximate range of the cloud provider’s and user’s scope and control over the cloud environment for each service model. In general, the higher the level of support available from a cloud provider, the more narrow the scope and control the cloud subscriber has over the system. The two lowest layers shown denote the physical elements of a cloud environment, which are under the full control of the cloud provider, regardless of the service model. Heating, ventilation, air conditioning (HVAC), power, communications, and other aspects of the physical plant comprise the lowest layer, the facility layer, while computers, network and storage components, and other physical computing infrastructure elements comprise the hardware layer. The remaining layers denote the logical elements of a cloud environment. The virtualized infrastructure layer entails software elements, such as hypervisors, virtual machines, virtual data storage, and supporting middleware components used to realize the infrastructure upon which a computing platform can be established. While virtual machine technology is commonly used at this layer, other means of providing the necessary software abstractions are not excluded. Page 13
  • 14. Similarly, the platform architecture layer entails compilers, libraries, utilities, and other software tools and development environments needed to implement applications. The application layer represents deployed software applications targeted towards end-user software clients or other programs, and made available via the cloud. Figure 5 Differences in scope and control between the cloud subscriber and cloud provider, for each of the service models Some have argued that the distinction between IaaS and PaaS is fuzzy, and in many commercial offerings, the two are more alike than different. Nevertheless, these terms do serve a purpose, distinguishing between very basic support environments and environments having greater levels of support, and accordingly different allocations of control, security and responsibility between the cloud subscriber and the cloud provider. While cloud computing can be implemented exclusively for an organization as a private internal cloud, its main thrust has been to provide a vehicle for outsourcing parts of that environment to an outside party as a public cloud. As with any outsourcing of information technology services, concerns exist about the implications for computer security and privacy. The main issue centers on the risks associated with moving important applications or data from within the boundaries of the organization’s computing Page 14
  • 15. center to that of another organization (i.e., a public cloud), which is readily accessible by the general public. Reducing cost and increasing efficiency are primary motivations for moving towards a public cloud, but reducing responsibility for security should not be. Ultimately, the organization is accountable for the overall security of the outsourced service. Monitoring and addressing security issues that arise remain in the purview of the organization, as doe’s oversight over other important issues such as performance and availability. Because cloud computing brings with it new security challenges, it is essential for an organization to oversee and manage how the cloud provider secures and maintains the computing environment and ensures data is kept secure. Cloud security requires total situational awareness of the threats to the network, infrastructure and information. One of the biggest advantages to the cloud’s utility is also its biggest security weakness. Abstraction allows the cloud to be pervasive and removes knowledge of the underlying fabric of processors, storage, and networking; however, without knowledge of the underlying fabric, information owners’ understanding how to secure their applications and information becomes very complex. Many of the security principles used today to secure datacenters and networks rely on the information owners’ ability to manage the underlying fabric of servers, routers, firewalls, and intrusion detection devices to understand when attacks are occurring and to responds to the threats by shutting down access to resources and isolating pieces of the fabric that are being attacked. In a cloud, traditional security methodologies do not work as the service providers cannot allow information owners, or clients, to manipulate the security settings of the fabric. If this were allowed, it would be possible for one client to change security settings illicitly in their favor, or change security settings of other clients maliciously. This situation is unacceptable since the information owner cannot manage the security posture of their computing environment. Therefore, a security model is needed that allows for an information owner to protect their data while not interfering with the privacy of other information owners within the cloud. The cloud requires a model for handling security, one that is shared between operators and clients. Operators need to give clients visibility into the security posture of the fabric while maintaining control. The clients need to have assurance that they can control the privacy and confidentiality of their information at all times and have Page 15
  • 16. assurances that if needed, they can remove, destroy, or lock down their data at any time. A method of combining the requirements of the user and provider is to let the clients control the security posture of their applications and virtual machines while letting the service provider control the security of the fabric. This provides a symbiotic security stance that can be very powerful provided both parties hold up their end of the agreement Cloud service providers believe encryption Can the key help with a lot of the security issues? 1. But what come along with the benefits of encryption are the pitfalls as encryption can be processor intensive. 2. Encrypting is not always full proof for protecting data, there can be times when little glitches occur and the data cannot be decrypted leaving the data corrupt and unusable for customers and the cloud service provider. 3. The clouds resources can also be abused as cloud providers reassign IP addresses when a customer no longer needs the IP address. Once an IP address is no longer needed by one customer after a period of time it then becomes available for another customer to use. 4. Cloud providers save money and do not need as many IP addresses by reusing them, so it is in the cloud provider’s interest to reuse them. Too many of these used IP addresses can leave the cloud provider open to abuse of its resources. 1.2 History of Cloud Computing Cloud computing history can be tracked back to the early years of computing. One of the first computer concepts was interconnection. Naturally, if two computers are connected, the next step for them is to share resources and form supercomputers. Furthermore, the idea gradually evolved from grid computing and virtualization to today’s highly complex cloud computing technology. After years of testing and debugging, final versions of this technology reached production environments and commercialization began. Utility companies deliver water, gas, and electricity as commodity services to every home and business that is connected to their “public” infrastructure. These utility services are provided on- demand and on a pay-as-you-use basis. Today, the same can be true for processing power, bandwidth, data storage, and enterprise software services. Page 16
  • 17. How can utility, and outsourcing supplying IT? The essential motivation is to separate the services, this allows customers to use variable amounts of different environments as modified by their business needs without the need to make any capital investments. The use of IT becomes an operating expense (“opex”) rather than a capital expense (“capex”). That also frees the usage of systems from being tied to the depreciation cycles. A number of new paradigms (See table 1) and terms related to distribute computing have been introduced, promising to deliver IT as a service, cloud computing, edge computing, grid computing and utility computing. New Computing Paradigms New Services New or enhanced Features 1 Cloud computing Software as a Service (SaaS) - Ubiquitous access 2 Edge computing Infrastructure as a Service (IaaS) - Reliability 3 Grid computing Platform as a Service (PaaS) - Scalability - Virtualization 4 Utility computing Service-Oriented Architecture (SOA) - Exchangeability / Location independence - Cost-effectiveness Table 1 Computing Paradigms It is difficult to draw lines between these paradigms: Some commentators say that grid, utility and cloud computing refer to the same thing; others believe there are only subtle distinctions among them, while others would claim they refer to completely different phenomenon. There are no clear or standard definitions, and it is likely that vendor A describes the feature set of its cloud solution differently than vendor B. Page 17
  • 18. 1.3 Glossary & Key terms Item Description opex operating expense capex capital expense SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a Service SOA Service Oriented Architecture NIST National Institute of Standards and Technology TPM Trusted Platform Module SSL secure sockets layer UDDI Universal Description Discovery and Integrity DDOS The distributed denial of service attacks SOAP Simple Object Access Protocol WSDP Web Service Description Language CP Cloud Provider LSASS Local Security Authority Subsystem Service DES Data Encryption Standard AES Advanced Encryption Standard RSA Rivest-Shamir-Adleman DSA Diffie-Hellmann and Digital Signature Algorithm SAML Security Assertion Markup Language PVI Private Virtual Infrastructure TVD Trusted Virtual Datacenter VTPM Virtual Trusted Platform Model LoBot Locator Bot HDFS Hadoop Distributed File System GFS Google File System IE Internet Explorer CALC Cloud Accountability Life Cycle TCCP Trusted Cloud Computing platform TPM Trusted Platform Model TCG Trusted Computing Group TC Trusted coordinator Hadoop Open source software that enables distributed parallel processing of huge amounts of data across inexpensive, commodity servers. HBase Is the Hadoop database. HBase is an open-source, distributed, versioned, column-oriented store modeled. Real-time read/write access to your Big Data, hosting of very large tables. POSIX Portable Operating System Interface for uni-X. POSIX is a set of standards codified by the IEEE. Establishing a set of guidelines for operating system vendors to follow. Page 18
  • 19. 1.4 Cloud Computing Goals and Objectives Cloud computing has been defined by NIST as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or cloud provider interaction. Cloud computing can be considered a new computing paradigm insofar as it allows the utilization of a computing infrastructure at one or more levels of abstraction, as an on-demand service made available over the Internet or other computer network. Because of the implications for greater flexibility and availability at lower cost, cloud computing is a subject that has been receiving a good deal of attention lately. Cloud computing services benefit from economies of scale achieved through versatile use of resources, specialization, and other practicable efficiencies. However, cloud computing is an emerging form of distributed computing that is still in its infancy. The term itself is often used today with a range of meanings and interpretations. Much of what has been written about cloud computing is definitional, aimed at identifying important paradigms of use and providing a general taxonomy for conceptualizing important facets of service. Page 19
  • 20. Chapter two Cloud computing and Cloud Security Definitions, Security Threats or attacks Page 20
  • 21. 2.1 Background The virtual servers are created instantaneously in the cloud and used at the same time. In a public cloud the data of the customers are kept in the provider premises. The question of privacy is a real concern because there is no guarantee that illegitimated eyes could not have access to that sensitive information. Furthermore, because many services are deployed through the Internet via the virtual servers using software as a service (SaaS) there is a risk of malware infection and hacker penetration. In fact, a web server can be compromised and served to spread a bad URL (uniform resource locator) link and to redirect the requests to a fake page where the malicious code will be downloaded in order to infect and take control of the machines. 2.2 Cloud Security Considerations • The infrastructure provider achieves full data security. • Service providers typically do not have access to the physical security system of data centers. • Even for a virtual private cloud, the service provider can only specify the security setting remotely, without knowing whether it is fully implemented. The infrastructure provider must achieve the following objectives: 1. Confidentiality, for secure data access and transfer. 2. Auditability, for attesting whether security setting of applications has been tampered or not. Confidentiality is usually achieved using cryptographic protocols while auditability can be achieved using remote attestation techniques. Remote attestation: Typically requires a trusted platform module (TPM) to generate non- forgeable. System summary (i.e. system state encrypted using TPM’s private key) as the proof of system security. - It is critical to build trust mechanisms at every architectural layer of the cloud. Page 21
  • 22. 2.3 Security Threats Cloud computing and web services run on a network structure so they are open to network type attacks: 1. The distributed denial of service attacks (DDOS) If a user could hijack a server then the hacker could stop the web services from functioning and demand a ransom to put the services back online. To stop these attacks the use of syn cookies and limiting users connected to a server all help stop a DDOS attack. 2. The man in the middle attack. If the secure sockets layer (SSL) is incorrectly configured then client and server authentication may not behave as expected therefore leading to man in the middle attacks. 3. Network sniffing. With a packet sniffer an attacker can capture sensitive data if unencrypted such as passwords and other web service related security Configuration such as the UDDI (Universal Description Discovery and Integrity), SOAP (Simple Object Access Protocol) and WSDL (Web Service Description Language) files. 4. Port scanning Port 80 is always open due to being the port that the web Server sits on. However this can easily be encrypted and as long as the server software is configured correctly then there should be no intrusion. High risk in cloud security 5. loss of governance In using cloud infrastructures, the client necessarily cedes control to the Cloud Provider (CP) on a number of issues which may affect security. 6. LOCK-IN There is currently little on offer in the way of tools, procedures or Standard data formats or services interfaces that could guarantee data, Application and service portability. This can make it difficult for the customer to migrate from one provider to another or migrates data and services back to an in-house IT environment. This introduces a dependency on a particular CP for service provision, especially if data portability, as the most fundamental aspect, is not enabled. Page 22
  • 23. 7. Insecure or incomplete data deletion When a request to delete a cloud resource is made, as with most operating systems, this may not result in true wiping of the data. Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients. In the case of multiple tenancies and the reuse of hardware resources, this represents a higher risk to the customer than with dedicated hardware 2.4 Malware Viruses A virus is a malicious code, which makes copies of itself and distribute those copies to other files and programs. It needs the user interaction to propagate. When viruses infect a program, they propagate to infect other programs on the system and other systems that use a common infected program. Viruses can also infect the MBR (master boot record) of the hard drive or a removable media. The master boot record (MBR) of a hard drive is the unique location on the disk where a computer basic’s input and output system can locate and load the boot program. If there is an infected disk in the drive when the computer boots, the virus can be loaded into the memory. Viruses exploit the vulnerabilities related to some applications document like word processing file and spreadsheet. Most of those software are writing using macro programming languages and the bad guys are taking advantage of those capabilities. Macros viruses spread from application that uses macros such as Microsoft Office documents. Email viruses travel as an attachment to email messages. They replicate by automatically mailing themselves to people in the victim’s email book. Most viruses are pretty harmless and sometimes the user might not notice them for years. The first virus which was able to hide without being discovered was called Brain. The Brain stealth virus hides itself in the memory by simulating all the DOS system call that normally detects viruses, causing them to return the information that the virus is absent. Page 23
  • 24. Worms A computer worm is a program that executes, reproduces independently and travels across network connection. It takes advantage of known vulnerabilities to spread. They are two types of worms: Network Service Worm and Mass Mailing Worms. Network Services Worms exploits the common vulnerability found in network service associated with an operating system or an application. Once they have exploited the targeted protocol in the system they look for other possible systems over the same network by performing scanning. An example of such a worm is Sasser, which uses Server Message Block (SMB) and Local Security Authority Subsystem Service (LSASS) in Windows to spread. Mass Mailing Worms infect system by searching for email addresses and sending a copy of itself to those addressees. Usually they use the system email client. Embedded in most network software, computer worms penetrate firewalls and other computer security measure. Trojan horse Trojan horse is an application which appears to be useful, downloaded from the Internet and in fact is malware. They do not spread and are separated into two parts: the server and the controlled computer. When the malicious program is loaded in the memory of the host, the attacker can take control of the computer by sending command. The client disguises itself and can spread via chat software such as Skype, yahoo messenger and file sharing website. 2.5 Web application and data security risk Injection Injection flaws allow an intruder to forward malicious code through the web application inside the system. Scripts written in Python, Perl or any other programming language can be injected and executed into the unsecure application. When the web application handles HTTP (hypertext transfer protocol) request through as part of an external request, it must be carefully examine otherwise a bad guy can inject special characters or malicious commands in the information which will certainly transfer these to the external system for execution. SQL injection is a widespread form of injection. In this type of attack, when the parameter that the application sends to the Page 24
  • 25. database is revealed, the attacker can append malicious SQL command into the content of that parameter and trick the web application to forward fake queries to the databases. A successful SQL injection can lead to an authentication bypass allowing an unauthorized user to login to the application without supplying a valid username and password, information disclosure and remote command execution. Security misconfiguration The web server and application server are the backbone of a web application. They provide a number of services that the web application uses including directory service, data storage and mail. Failure to properly manage the configuration of these servers can lead to a wide variety of security breaches. Security misconfiguration can happen at the application stack, the framework, the web server, the custom code and the platform. External intruders and users with their own accounts can attempt to compromise the system. Attackers use the unpatched flaws, unprotected files and directories to have illegal access or knowledge of the system. The defaults account must always be changed because the attacker can discover the standard admin page and log in with those defaults passwords. The server can also generate an error message that displays information concerning its environment, users and associated data. The information may be useful for launching a deadly attack. If one attack fails, the attacker can still use the error information provided to launch a more focused attack. Insecure cryptographic storage In the cloud, the need to store sensitive information by the web application in the database or in the file system is important. The information can be a credit card number, social security number, account record and passwords. Therefore, the use of encryption is relevant. By simply not encrypting the data which deserves the encryption, there will be a flaw. Developers usually make a mistake when using encryption and the main areas where mistake are usually made are: failure to encrypt critical data, insecure storage of keys, certificates and passwords, improper storage of secrets in memory, poor choice of algorithm. Almost every application is connected to a database; the credentials used to make these connections should be encrypted to Page 25
  • 26. prevent easy access to these data storage systems. The web application must have cryptographic support. In the case of the credit card number storage, a merchant should respect the compliance. The compliance is a set of regulations applied and enforced with the means of fines. Following the PCI DSS (payment card industry data security standard) compliance requirement three; cardholder data must be protected. The personal account number, the cardholder’s name and the expiration date should be encrypted when transmitting across different network. 2.6 Threat mitigation Symmetric cryptography Cryptography is a method of storing and transmitting data in a form that only the recipient can read and process. The mechanism that makes it up is to hide information from unauthorized individuals. It is an effective way to keep sensitive information, as it is stored on media. Encryption is a method to convert readable data called plaintext into an unreadable format called cipher text. Once it is transformed into cipher text neither a human nor a machine can process it until it is decrypted. In symmetric cryptography, the sender and the receiver use the same key for encryption and decryption. Symmetric keys are also called secret keys because this type of encryption requires each user to keep the key a secret and protected. The security of the symmetric encryption is completely dependent on how well users protect the key. If a key is compromised, all messages encrypted with that key can be decrypted and read by an attacker. The following are examples of symmetric cryptography: Data Encryption Standard (DES), Advanced Encryption Standard (AES) and Blowfish. Asymmetric Cryptography Asymmetric cryptography utilizes the combination of two different keys, one public key and one private key. Everyone can know the public key but the private key is known and used only by the owner. The two keys are mathematically related. If someone gets the public key of another person, he or she could not be able to figure out the corresponding private key. When Bob encrypts data with his Page 26
  • 27. private key, the receiver Alice must have a copy of Bob’s public key to decrypt it. The receiver can reply also in an encrypted form. In that case, Alice encrypts the message using Bob’s public key and the message will be decrypted at the other end using Bob’s private key because he is the only person to have the private key. The both keys, public and private can be used to encrypt and decrypt a message The following are examples of asymmetric key algorithms: Rivest- Shamir-Adleman (RSA), Diffie-Hellmann and Digital Signature Algorithm (DSA). Network intrusion detection system An intrusion detection system aims to detect a security breach. Intrusion detection can be defined as a method to detect unauthorized use or attack to a computer, network or telecommunication system. The basic idea behind the intrusion detection system is to spot something suspicious happening on the network and sound an alarm. In a typical intrusion detection system product, the sensors collect traffic and user activity data and send them to an analyzer that looks for abnormal activities. When the analyzer detects an activity, it sends an alert to the administrator interface. The network intrusion detection system uses sensors with a network interface card in a promiscuous mode. When a network interface card is in a promiscuous mode, it collects all traffic, makes a copy of all packets, and then passes one copy to the TCP stack and one copy to the analyzer to look for specific types of patterns of known threats. Page 27
  • 28. Chapter three The Key Security and Privacy Issues Page 28
  • 29. Although the emergence of cloud computing is a recent development, insights into critical aspects of security can be gleaned from reported experiences of early adopters and also from researchers analyzing and experimenting with available cloud provider platforms and associated technologies. The sections below highlight privacy and security-related issues that are believed to have long-term significance for cloud computing. Where possible, to illustrate an issue, examples are given of problems previously exhibited or demonstrated. Note that security and privacy considerations that stem from information technology outsourcing. Cloud computing has grown out of an amalgamation of technologies, including service oriented architecture, virtualization, Web 2.0, and utility computing, therefore many of the privacy and security issues involved can be viewed as known problems cast in a new setting. The importance of their combined effect, however, should not be discounted. Cloud computing does represent a thought-provoking paradigm shift that goes beyond conventional norms to de-parameterize the organizational infrastructure, at the extreme, displacing applications from one organization’s infrastructure to the infrastructure of another organization, where the applications of potential adversaries may also operate. 3.1 Governance Governance implies control and oversight over policies, procedures, and standards for application development, as well as the design, implementation, testing, and monitoring of deployed services. With the wide availability of cloud computing services, lack of organizational controls over employees engaging such services arbitrarily can be a source of problems. While cloud computing simplifies platform acquisition, it doesn't alleviate the need for governance; instead, it has the opposite effect, amplifying that need. The ability to reduce capital investment and transform it into operational expenses is an advantage of cloud computing. Cloud computing can lower the initial cost of deploying new services and thus align expense with actual use. However, the normal processes and procedures set in place by an organization for acquiring computational resources as capital expenditures may be easily bypassed by a department or an individual and the action obscured as operational expenses. If such actions are not governed by an organization, its policies and procedures for privacy, security, and oversight could be overlooked and the organization put at risk. For example, vulnerable systems could be deployed, legal regulations could be ignored, charges could amass quickly to unacceptable levels, and resources could be used for unsanctioned purposes, or other untoward effects could occur. Page 29
  • 30. Many businesses also prefer operational expenses over capital expenditures, because of tax considerations (e.g., the ability to manage the cost of capital better and deduct operational expenses in the accounting period in which they are incurred versus depreciating the capital expenditure over time). 3.2 Compliance Compliance involves conformance with an established specification, standard, regulation, or law. Various types of security and privacy laws and regulations exist within different countries at the national, state, and local levels, making compliance a potentially complicated issue for cloud computing. Data Location, One of the most common compliance issues facing an organization is data location. Use of an in-house computing center allows an organization to structure its computing environment and to know in detail where data is stored and what safeguards are used to protect the data. In contrast, a characteristic of many cloud computing services is that detailed information about the location of an organization’s data is unavailable or not disclosed to the service subscriber. This situation makes it difficult to ascertain whether sufficient safeguards are in place and whether legal and regulatory compliance requirements are being met. External audits and security certifications can to some extent alleviate this issue, but they are not a panacea. When information crosses borders, the governing legal, privacy, and regulatory regimes can be ambiguous and raise a variety of concerns. Consequently, constraints on the trans-border flow of sensitive data, as well as the requirements on the protection afforded the data, have become the subject of national and regional privacy and security laws and regulations. Among the concerns to be addressed is whether the laws in the jurisdiction where the data was collected permit the flow, whether those laws continue to apply to the data post transfer, and whether the laws at the destination present additional risks or benefits Technical, physical and administrative safeguards, such as access controls, often apply. Law and Regulations, The Privacy Act likewise governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. In many countries throughout the world huge lows and regulations require public and private organizations to protect the privacy of personal data and the security of information and computer systems. Electronic Discovery, Electronic discovery involves the identification, collection, processing, analysis, and production of electronic documents in Page 30
  • 31. the discovery phase of litigation. Organizations also have other incentives and obligations to preserve and produce electronic documents, such as complying with audit and regulatory information requests, and for government organizations, with Freedom of Information Act (FOIA) requests. Documents not only include electronic mail, attachments, and other data objects stored on a computer system or storage media, but also any associated metadata, such as dates of object creation or modification, and non-rendered file content (i.e., data that is not explicitly displayed for users). The capabilities and process of a cloud provider, such as the form in which data is maintained and the electronic discovery-related tools available, affect the ability of the organization to meet its obligations in a cost effective, timely, and compliant manner. For example, a cloud provider’s archival capabilities may not preserve the original metadata as expected, causing spoliation (i.e., the intentional, reckless, or negligent destruction, loss, material alteration, or obstruction of evidence that is relevant to litigation), which could negatively impact litigation. 3.3 Trust Under the cloud computing paradigm, an organization relinquishes direct control over many aspects of security and, in doing so, confers an unprecedented level of trust onto the cloud provider. Insider Access, Data processed or stored outside the confines of an organization, its firewall, and other security controls bring with it an inherent level of risk. The insider security threat is a well-known issue for most organizations and, despite the name, applies as well to outsourced cloud services. Insider threats go beyond those posed by current or former employees to include contractors, organizational affiliates, and other parties that have received access to an organization’s networks, systems, and data to carry out or facilitate operations. Incidents may involve various types of fraud, sabotage of information resources, and theft of confidential information. Incidents may also be caused unintentionally, for instance, a bank employee sending out sensitive customer information to the wrong Google mail account. Moving data and applications to a cloud computing environment operated by a cloud provider expands the insider security risk not only to the cloud provider’s staff, but also potentially among other customers using the service. Data Ownership, The organization’s ownership rights over the data must be firmly established in the service contract to enable a basis for trust. The continuing controversy over privacy and data ownership rights for social Page 31
  • 32. networking users illustrates the impact that ambiguous terms can have on the parties involved. Ideally, the contract should state clearly that the organization retains ownership over all its data; that the cloud provider acquires no rights or licenses through the agreement to use the data for its own purposes, including intellectual property rights or licenses; and that the cloud provider does not acquire and may not claim any security interest in the data. For these provisions to work as intended, the terms of data ownership must not be subject to unilateral amendment by the cloud provider. Composite Service, Cloud services themselves can be composed through nesting and layering with other cloud services. For example, a SaaS provider could build its services upon the services of a PaaS or IaaS cloud. The level of availability of the SaaS cloud would then depend on the availability of those services. Cloud services that use third-party cloud providers to outsource or subcontract some of their services should raise concerns, including the scope of control over the third-party, the responsibilities involved, and the remedies and recourse available should problems occur. Trust is often not transitive, requiring that third-party arrangements be disclosed in advance of reaching an agreement with the cloud provider, and that the terms of these arrangements are maintained throughout the agreement or until sufficient notification can be given of any anticipated changes. Visibility, Migration to public cloud services relinquishes control to the cloud provider for securing the systems on which the organization’s data and applications operate. Management, procedural, and technical controls used in the cloud must be commensurate with those used for internal organizational systems or surpass them, to avoid creating gaps in security. Since metrics for comparing two computer systems are an ongoing area of research, making such comparisons can be a formidable task. Cloud providers are typically reluctant to provide details of their security and privacy, since such information might be used to devise an avenue of attack. Moreover, detailed network and system level monitoring by a cloud subscriber is generally not part of most service arrangements, limiting visibility and the means to audit operations directly. Transparency in the way the cloud provider operates is a vital ingredient for effective oversight over system security and privacy by an organization. To ensure that policy and procedures are being enforced throughout the system lifecycle, service arrangements should include some means for gaining visibility into the security controls and processes employed by the cloud provider and their performance over time. Ideally, the organization would have control over aspects of the means of visibility, such as the Page 32
  • 33. threshold for alerts and notifications or the level of detail and schedule for reports, to accommodate its needs. Risk Management, With cloud-based services, some subsystems or subsystem components are outside of the direct control of a subscribing organization. Many people feel more comfortable with risk when they have more control over the processes and equipment involved. At a minimum, a high degree of control provides the option to weigh alternatives, set priorities, and act decisively in the best interest of the organization when faced with an incident. Risk management is the process of identifying and assessing risk, and taking the necessary steps to reduce it to an acceptable level. Public cloud-based systems, as with traditional information systems, require that risks are managed throughout the system lifecycle. Assessing and managing risk in systems that use cloud services can be a challenge. To the extent practical, the organization should ensure that security controls are implemented correctly, operate as intended, and meet its security requirements. Establishing a level of trust about a cloud service is dependent on the degree of control an organization is able to exert on the provider to provision the security controls necessary to protect the organization’s data and applications, and also the evidence provided about the effectiveness of those controls. However, verifying the correct functioning of a subsystem and the effectiveness of security controls as extensively as with an organizational system may not be feasible in some cases, and other means (e.g., third-party audits) may be used to establish a level of trust. Ultimately, if the level of trust in the service falls below expectations and the organization is unable to employ compensating controls, it must either reject the service or accept a greater degree of risk. 3.4 Architecture The architecture of the software systems used to deliver cloud services comprises hardware and software residing in the cloud. The physical location of the infrastructure is determined by the cloud provider as is the implementation of the reliability and scalability logic of the underlying support framework. Virtual machines often serve as the abstract unit of deployment and are loosely coupled with the cloud storage architecture. Applications are built on the programming interfaces of Internet-accessible services, which typically involve multiple cloud components communicating with each other over application programming interfaces. Many of the simplified interfaces and service abstractions belie the inherent complexity that affects security. Attack Surface, The hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware Page 33
  • 34. platform that is used to operate multi-tenant virtual machines. Besides virtualized resources, the hypervisor normally supports other application programming interfaces to conduct administrative operations, such as launching migrating, and terminating virtual machine instances. Compared with a traditional non-virtualized implementation, the addition of a hypervisor causes an increase in the attack surface. The complexity in virtual machine environments can also be more challenging than their traditional counterparts, giving rise to conditions that undermine security. Virtual Network Protection, Most virtualization platforms have the ability to create software-based switches and network configurations as part of the virtual environment to allow virtual machines on the same host to communicate more directly and efficiently. For example, for virtual machines requiring no external network access, the virtual networking architectures of most virtualization software products support same-host networking, in which a private subnet is created for intra-host communications. Traffic over virtual networks may not be visible to security protection devices on the physical network, such as network-based intrusion detection and prevention systems. To avoid a loss of visibility and protection against intra-host attacks, duplication of the physical network protection capabilities may be required on the virtual network. Ancillary Data, While the focus of protection is placed mainly on the application data, as guardians of the realm, cloud providers hold significant details about the service users’ accounts that could be compromised and used in subsequent attacks. Payment information is one example; other, more subtle types of information, can also be involved. For example, a database of contact information stolen from a SaaS cloud 20 provider, via a targeted phishing attack against one of its employees, was used in turn to launch successful targeted electronic mail attacks against subscribers of the cloud service. The incident illustrates the need for cloud providers to promptly report security breaches occurring not only in the data the cloud provider holds for its subscribers, but also the data it holds about its subscribers. Another type of ancillary data held by IaaS cloud providers is virtual machine images. A virtual machine image entails the software stack, including installed and configured applications, used to boot the virtual machine into an initial state or the state of some previous checkpoint. Sharing virtual machine images is a common practice in some cloud computing environments. Image repositories must be carefully managed and controlled to avoid problems. Page 34
  • 35. The provider of an image faces risks, since an image can contain proprietary code and data and embody vulnerabilities. An attacker may attempt to examine images to determine whether they leak information or provide an avenue for attack. This is especially true of development images that are accidentally released. The reverse may also occur—an attacker may attempt to supply a virtual machine image containing malware to users of a cloud computing system. For example, researchers demonstrated that by manipulating the registration process to gain a first-page listing, they could readily entice cloud users to run virtual machine images they contributed to the image repository of a popular cloud provider. The risks for users running tainted images include theft and corruption of data. Client-Side Protection, A successful defense against attacks requires securing both the client and server side of cloud computing. With emphasis typically placed on the latter, the former can be easily overlooked. Web browsers, a key element for many cloud computing services, and the various available plug-ins and extensions for them are notorious for their security problems. Moreover, many browser add-ons do not provide automatic updates, increasing the persistence of any existing vulnerabilities. Maintaining physical and logical security over clients can be troublesome, especially with embedded mobile devices such as smart phones. Their size and portability can result in the loss of physical control. Built-in security mechanisms often go unused or can be overcome or circumvented without difficulty by a knowledgeable party to gain control over the device. Smart phones are also treated more as fixed appliances with a limited set of functions, than as general-purpose systems. No single operating system dominates and security patches and updates for system components and add-ons are not as frequent as for desktop clients, making vulnerabilities more persistent with a larger window of opportunity for exploitation. The increased availability and use of social media, personal Webmail, and other publicly available sites also have associated risks that are a concern, since they can negatively impact the security of the browser, its underlying platform, and cloud services accessed, through social engineering attacks. For example, spyware was reportedly installed in a hospital system via an employee’s personal Webmail account and sent the attacker more than 1,000 screen captures, containing financial and other confidential information, before being discovered. Having a backdoor Trojan, keystroke logger, or other type of malware running on a client does not bode well for the security of cloud or other Web-based services it accesses. As part of the overall security architecture for cloud computing, organizations need to review existing measures and employ additional ones, if necessary, to Page 35
  • 36. secure the client side. Banks are beginning to take the lead in deploying hardened browser environments that encrypt network exchanges and protect against keystroke logging. Server-Side Protection, Virtual servers and applications, much like their non-virtual counterparts, need to be secured in IaaS clouds, both physically and logically. Following organizational policies and procedures, hardening of the operating system and applications should occur to produce virtual machine images for deployment. Care must also be taken to provision security for the virtualized environments in which the images run. For example, virtual firewalls can be used to isolate groups of virtual machines from other hosted groups, such as production systems from development systems or development systems from other cloud-resident systems. Carefully managing virtual machine images is also important to avoid accidentally deploying images under development or containing vulnerabilities. Hybrid clouds are a type of composite cloud with similar protection issues. In a hybrid cloud the infrastructure consists of a private cloud composed with either a public cloud or another organization’s private cloud. The clouds themselves remain unique entities, bound together by standardized or proprietary technology that enables unified service delivery, but also creates interdependency. For example, identification and authentication might be performed through an organization’s private cloud infrastructure, as a means for its users to gain access to services provisioned in a public cloud. Preventing holes or leaks between the composed infrastructures is a major concern with hybrid clouds, because of increases in complexity and diffusion of responsibilities. The availability of the hybrid cloud, computed as the product of the availability levels for the component clouds, can also be a concern; if the percent availability of any one component drops, the overall availability suffers proportionately. 3.5 Identity and Access Management Data sensitivity and privacy of information have become increasingly an area of concern for organizations and unauthorized access to information resources in the cloud is a major concern. One recurring issue is that the organizational identification and authentication framework may not naturally extend into the cloud and extending or changing the existing framework to support cloud services may be difficult. The alternative of employing two different authentication systems, one for the internal organizational systems and another for external cloud-based systems, is a complication that can become unworkable over time. Identity federation, popularized with the Page 36
  • 37. introduction of service oriented architectures, is one solution that can be accomplished in a number of ways, such as with the Security Assertion Markup Language (SAML) standard or the OpenID standard. Authentication, A growing number of cloud providers support the SAML standard and use it to administer users and authenticate them before providing access to applications and data. SAML provides a means to exchange information, such as assertions related to a subject or authentication information, between cooperating domains. SAML request and response messages are typically mapped over the Simple Object Access Protocol (SOAP), which relies on the eXtensible Markup Language (XML) for its format. SOAP messages are digitally signed. For example, once a user has established a public key certificate for a public cloud, the private key can be used to sign SOAP requests. SOAP message security validation is complicated and must be carried out carefully to prevent attacks. For example, XML wrapping attacks have been successfully demonstrated against a public IaaS cloud. XML wrapping involves manipulation of SOAP messages. A new element (i.e., the wrapper) is introduced into the SOAP Security header; the original message body is then moved under the wrapper and replaced by a bogus body containing an operation defined by the attacker. The original body can still be referenced and its signature verified, but the operation in the replacement body is executed instead. Access Control, SAML alone is not sufficient to provide cloud-based identity and access management services. The capability to adapt cloud subscriber privileges and maintain control over access to resources is also needed. As part of identity management, standards like the eXtensible Access Control Markup Language (XACML) can be used by a cloud provider to control access to cloud resources, instead of using a proprietary interface. XACML focuses on the mechanism for arriving at authorization decisions, which complements SAML’s focus on the means for transferring authentication and authorization decisions between cooperating entities. XACML is capable of controlling the proprietary service interfaces of most providers, and some cloud providers already have it in place. Messages transmitted between XACML entities are susceptible to attack by malicious third parties, making it important to have safeguards in place to protect decision requests and authorization decisions from possible attacks, including unauthorized disclosure, replay, deletion and modification. 3.6 Software Isolation High degrees of multi-tenancy over large numbers of platforms are needed for cloud computing to achieve the envisioned flexibility of on-demand provisioning of reliable services and the cost benefits and efficiencies due Page 37
  • 38. to economies of scale. To reach the high scales of consumption desired, cloud providers have to ensure dynamic flexible delivery of service and isolation of subscriber resources. Multi-tenancy in cloud computing is typically done by multiplexing the execution of virtual machines from potentially different users on the same physical server. It is important to note that applications deployed on guest virtual machines remain susceptible to attack and compromise, much the same as their non- virtualized counterparts. This was dramatically exemplified by a bot net found operating out of an IaaS cloud computing environment. Hypervisor Complexity, The security of a computer system depends on the quality of the underlying software kernel that controls the confinement and execution of processes. A virtual machine monitor or hypervisor is designed to run multiple virtual machines, each hosting an operating system and applications, concurrently on a single host computer, and to provide isolation between the different guest virtual machines. A virtual machine monitor can, in theory, be smaller and less complex than an operating system. These characteristics generally make it easier to analyze and improve the quality of security, giving a virtual machine monitor the potential to be better suited for maintaining strong isolation between guest virtual machines than an operating system is for isolating processes. In practice, however, modern hypervisors can be large and complex, comparable to an operating system, which negates this advantage. For example, Xen, an open source x86 virtual machine monitor, incorporates a modified Linux kernel to implement a privileged partition for input/output operations, and KVM, another open source effort, transforms a Linux kernel into a virtual machine monitor. Understanding the use of virtualization by a cloud provider is a prerequisite to understanding the security risk involved. Attack Vectors, Multi-tenancy in virtual machine-based cloud infrastructures, together with the subtleties in the way physical resources are shared between guest virtual machines, can give rise to new sources of threat. The most serious threat is that malicious code can escape the confines of its virtual machine and interfere with the hypervisor or other guest virtual machines. Live migration, the ability to transition a virtual machine between hypervisors on different host computers without halting the guest operating system, and other features provided by virtual machine monitor environments to facilitate systems management, also increase software size and complexity and potentially add other areas to target in an attack. Several examples illustrate the types of attack vectors possible. The first is mapping the cloud infrastructure. While seemingly a daunting task to Page 38
  • 39. perform, researchers have demonstrated an approach with a popular IaaS cloud. By launching multiple virtual machine instances from multiple cloud subscriber accounts and using network probes, assigned IP addresses and domain names were analyzed to identify service location patterns. Building on that information and general technique, the plausible location of a specific target virtual machine could be identified and new virtual machines instantiated to be eventually co-resident with the target. Once a suitable target location is found, the next step for the guest virtual machine is to bypass or overcome containment by the hypervisor or to takedown the hypervisor and system entirely. Weaknesses in the provided programming interfaces and the processing of instructions are common targets for uncovering vulnerabilities to exploit. For example, a serious flaw that allowed an attacker to write to an arbitrary out-of-bounds memory location was discovered in the power management code of a hypervisor by fuzz emulated I/O ports. A denial of service vulnerability, which could allow a guest virtual machine to crash the host computer along with the other virtual machines being hosted, was also uncovered in a virtual device driver of a popular virtualization software product. More indirect attack avenues may also be possible. For example, researchers developed a way for an attacker to gain administrative control of guest virtual machines during a live migration, employing a man-in-the- middle attack to modify the code used for authentication. Memory modification during migration presents other possibilities, such as the potential to insert a virtual machine-based rootkit layer below the operating system. A zero-day exploit in HyperVM, an open source application for managing virtual private servers, purportedly led to the destruction of approximately 100,000 virtual server-based Websites hosted by a service provider. Another example of an indirect attack involves monitoring resource utilization on a shared server to gain information and perhaps perform a side-channel attack, similar to attacks used in other computing environments. For example, an attacker could determine periods of high activity, estimate high-traffic rates, and possibly launch keystroke timing attacks to gather passwords and other data from a target server. 3.7 Data Protection Data stored in the cloud typically resides in a shared environment collocated with data from other customers. Organizations moving sensitive and regulated data into the cloud, therefore, must account for the means by which access to the data is controlled and the data is kept secure. Data Isolation, Data can take many forms. For example, for cloud-based application development, it includes the application programs, scripts, and Page 39
  • 40. configuration settings, along with the development tools. For deployed applications, it includes records and other content created or used by the applications, as well as account information about the users of the applications. Access controls are one means to keep data away from unauthorized users; encryption is another. Access controls are typically identity-based, which makes authentication of the user’s identity an important issue in cloud computing. Database environments used in cloud computing can vary significantly. For example, some environments support a multi-instance model, while others support a multi-tenant model. The former provide a unique database management system running on a virtual machine instance for each cloud subscriber, giving the subscriber complete control over role definition, user authorization, and other administrative tasks related to security. The latter provide a predefined environment for the cloud subscriber that is shared with other tenants, typically through tagging data with a subscriber identifier. Tagging gives the appearance of exclusive use of the instance, but relies on the cloud provider to establish and maintain a sound secure database environment. Various types of multi-tenant arrangements exist for databases. Each arrangement pools resources differently, offering different degrees of isolation and resource efficiency. Other considerations also apply. For example, certain features like data encryption are only viable with arrangements that use separate rather than shared databases. These sorts of tradeoffs require careful evaluation of the suitability of the data management solution for the data involved. Requirements in certain fields, such as healthcare, would likely influence the choice of database and data organization used in an application. Privacy sensitive information, in general, is a serious concern. Data must be secured while at rest, in transit, and in use, and access to the data must be controlled. Standards for communications protocols and public key certificates allow data transfers to be protected using cryptography. Procedures for protecting data at rest are not as well standardized, however, making interoperability an issue due to the predominance of proprietary systems. The lack of interoperability affects the availability of data and complicates the portability of applications and data between cloud providers. Currently, the responsibility for cryptographic key management falls mainly on the cloud service subscriber. Key generation and storage is usually performed outside the cloud using hardware security modules, which do not scale well to the cloud paradigm. NIST’s Cryptographic Key Management Project is identifying scalable and usable cryptographic key Page 40
  • 41. management and exchange strategies for use by government, which could help to alleviate the problem eventually. Protecting data in use is an emerging area of cryptography with little practical results to offer, leaving trust mechanisms as the main safeguard. Data Sanitization, The data sanitization practices that a cloud provider implements have obvious implications for security. Sanitization is the removal of sensitive data from a storage device in various situations, such as when a storage device is removed from service or moved elsewhere to be stored. Data sanitization also applies to backup copies made for recovery and restoration of service, and also residual data remaining upon termination of service. In a cloud computing environment, data from one subscriber is physically commingled with the data of other subscribers, which can complicate matters. For instance, many examples exist of researchers obtaining used drives from online auctions and other sources and recovering large amounts of sensitive information from them. With the proper skills and equipment, it is also possible to recover data from failed drives that are not disposed of properly by cloud providers. 3.8 Availability In simple terms, availability is the extent to which an organization’s full set of computational resources is accessible and usable. Availability can be affected temporarily or permanently, and a loss can be partial or complete. Denial of service attacks, equipment outages, and natural disasters are all threats to availability. The concern is that most downtime is unplanned and can impact the mission of the organization. 3.9 Temporary Outages Despite employing architectures designed for high service reliability and availability, cloud computing services can and do experience outages and performance slowdowns. A number of examples illustrate this point. In February 2008, a popular storage cloud service suffered a three-hour outage that affected its subscribers, including Twitter and other startup companies. In June 2009, a lightning storm caused a partial outage of an IaaS cloud that affected some users for four hours. Similarly, in February 2008, a database cluster failure at a SaaS cloud caused an outage for several hours, and in January 2009, another brief outage occurred due to a network device failure. In March 2009, a PaaS cloud experienced severe degradation for about 22 hours due to networking issues related to an upgrade. At a level of 99.95% reliability, 4.38 hours of downtime are to be expected in a year. Page 41
  • 42. Periods of scheduled maintenance are also usually excluded as a source of downtime in SLAs and able to be scheduled by the cloud provider with short notice. The level of reliability of a cloud service and its capabilities for backup and recovery need to be addressed in the organization’s contingency planning to ensure the recovery and restoration of disrupted cloud services and operations, using alternate services, equipment, and locations, if required. Cloud storage services may represent a single point of failure for the applications hosted there. In such situations, the services of a second cloud provider could be used to back up data processed by the primary provider to ensure that during a prolonged disruption or serious disaster at the primary, the data remains available for immediate resumption of critical operations. 3.10 Prolonged and Permanent Outages The possibility exists for a cloud provider to experience serious problems, like bankruptcy or facility loss, which affect service for extended periods or cause a complete shutdown. For example, in April 2009, the Federal Bureau of Investigation raided computing centers in Texas and seized hundreds of servers, when investigating fraud allegations against a handful of companies that operated out of the centers. The seizure disrupted service to hundreds of other businesses unrelated to the investigation, but who had the misfortune of having their computer operations collocated at the targeted centers. Other examples of outages are the major data loss experienced in 2009 by a bookmark repository service, and the abrupt failure of an on-line storage-as-a-service provider, who closed without warning to its users in 2008. Changing business conditions may also cause a cloud provider to disband its services, as occurred recently with an online cloud storage service. The organization’s contingency plan should address prolonged and permanent system disruptions through support for continuity of operations that affect the restoration of essential functions elsewhere. Denial of Service, A denial of service attack involves saturating the target with bogus requests to prevent it from responding to legitimate requests in a timely manner. An attacker typically uses multiple computers or a botnet to launch an assault. Even an unsuccessful distributed denial of service attack can quickly consume large amounts of resources to defend against and cause charges to soar. The dynamic provisioning of a cloud in some ways simplifies the work of an attacker to cause harm. While the resources of a cloud are significant, with enough attacking computers they can become saturated. For example, a denial of service attack against a code hosting site operating over an IaaS cloud resulted in more than 19 hours of downtime. Page 42
  • 43. Besides attacks against publicly accessible services, denial of service attacks can occur against internally accessible services, such as those used in cloud management. Internally assigned non-routable addresses, used to manage resources within a cloud provider’s network, may also be used as an attack vector. A worst-case possibility that exists is for elements of one cloud to attack those of another or to attack some of its own elements. Value Concentration, A response to the question “Why do you do rob banks?” is often attributed to Willie Hutton, a historic and prolific bank robber his answer: “because that is where the money is.” In many ways, data records are the currency of the 21st century and cloud-based data stores are the bank vault, making them an increasingly preferred target due to the collective value concentrated there. Just as economies of scale exist in robbing banks instead of individuals, a high payoff ratio also exists for successfully compromising a cloud. As opposed to a direct approach, finesse and circumvention was Willie’s trademark. That style works as well in the digital world of cloud computing. For instance, a recent exploit involved targeting an electronic mail account of a social networking service administrator, reportedly by answering a set of security questions to gain access to the account, and using the information found there to gain access to company files stored in a PaaS cloud. Similar weaknesses have been identified in public clouds. A registered electronic mail address and valid password for an account are all that are required to download authentication credentials from a cloud provider’s management dashboard, which in turn grant access to all of the account’s resources. Since lost passwords can be reset by electronic mail, an attacker controlling the mail system of an account, or passively eavesdropping on the network through which electronic mail containing a password reset would pass, could effectively take control of the account. Having data collocated with that of an organization with a high threat profile could also lead to a denial of service, as an unintended casualty from an attack targeted against that organization. Similarly, side effects from a physical attack against a high profile organization’s cloud-based resources are also a possibility. For example, over the years, facilities of the Internal Revenue Service have attracted their share of attention from would-be attackers. 3.11 Incident Response As the name implies, incident response involves an organized method for dealing with the consequences of an attack against the security of a computer system. The cloud provider’s role is vital in performing Page 43
  • 44. incident response activities, including incident verification, attack analysis, containment, data collection and preservation, problem remediation, and service restoration. Revising an organization’s incident response plan to address differences between the organizational computing environment and a cloud computing environment is an important, but easy-to-overlook prerequisite to transitioning applications and data. Collaboration between the service subscriber and provider in recognizing and responding to an incident is essential to security and privacy in cloud computing. The complexity of the service can obscure recognition and analysis of incidents. For example, it reportedly took one IaaS provider approximately eight hours to recognize and begin taking action on an apparent denial of service attack against its cloud infrastructure, after the issue was reported by a subscriber of the service. Understanding and negotiating the provisions and procedures for incident response should be done before entering a service contract, rather than as an afterthought. The geographic location of data is a related issue that can impede an investigation, and is a relevant subject for contract discussions. Response to an incident should be handled in a way that limits damage and reduces recovery time and costs. Being able to convene a mixed team of representatives from the cloud provider and service subscriber quickly is an important facet to meeting this goal. Remedies may involve only a single party or require the participation of both parties. Resolution of a problem may also affect other subscribers of the cloud service. It is important that cloud providers have a transparent response process and mechanisms to share information with their subscribers during and after the incident. Page 44
  • 45. Chapter Four Deployment Models of Cloud Security Page 45
  • 46. Model 1: Private Virtual Infrastructure model (PVI) Private Virtual Infrastructure allows organizations to utilize cloud resources with the level of assurance that is required to meet their confidentiality concerns. PVI provide security architecture for cloud computing which uses a new trust model to share the responsibility of security in cloud computing between the Service provider and client, decreasing the risk exposure to both. The PVI cloud security model is a virtual datacenter over the existing cloud infrastructure. - The PVI datacenter is under control of the information owner. - The cloud fabric is under control of the service provider. PVI Cloud Security Architecture The Private Virtual Infrastructure architecture has two layers. The IaaS fabric layer provides computation resources managed by the service provider, while the PVI layer provides a virtual datacenter managed by the client. The service provider assumes responsibility for providing the physical security and the logical security of the service platform required for the PVI layer. Each client is responsible for securely provisioning their virtual infrastructure with appropriate firewalls, intrusion detection systems, monitoring and logging to ensure that data is kept confidential. PVI enables the client to build a virtual infrastructure that meets these requirements. PVI is based on five tenets proposed as a basis for cloud security. 1. Trusted Cloud Platform It provide the ability to verify security settings of the underlying fabric, security services which protect and monitor the fabric and identity certificate presented to the virtual environment that attests these services by using Trusted Virtual Datacenter (TVDc) builds upon Trusted Virtual Domains, which provides strong isolation and integrity guarantees that significantly enhance the security and management capabilities in virtualized environments. 2. PVI Factory - The most sensitive component of PVI. - It is the root authority for: (Provisioning – VTPM key generation - Certificate generation & management). Virtual Trusted Platform Model (VTPM) Page 46
  • 47. It is a cryptographic component that stores cryptographic keys. - Should be under full control of the information owner. - It serves as the controller and policy decision point for the PVI. - It is responsible for ensuring the integrity of the PVI and handling incidents in the event of a security breach. 3. Measurement and Secure Provisioning - Providers must allow clients transparent insight into their infrastructures. - LoBot can perform the fabric pre-measurement which allows PVI to share the responsibility of security management. Locator Bot (LoBot) is a VM architecture and secure transfer protocol based on VTPM. - After LoBots probe target platforms for security properties they can securely provision VMs on those platforms. 4. Secure Shutdown and Data Destruction - This process is required to ensure all sensitive data is removed before new processes are allowed to run on it. - The VM do not provide that, so there is a recommendation to enclose that on future VM monitors or through LoBot. 5. Monitoring and Auditing - LoBot provide continuous monitoring of the cloud environment. - Locator Bot (LoBot) is the architecture and protocol for secure provisioning and secure migration of virtual machines within an IaaS cloud. LoBot provides many other security features for PVI such as environmental monitoring, tamper detection and secure shutdown How PVI work? …We must know - A LoBot is a self-contained virtual machine with a VTPM - Probe application that is provisioned on a target machine. 1. Upon startup, the VTPM binds itself to the target’s TPM, and then the Probe application reads the platform configuration from the target TPM’s and obtains identifying information about the platform. This information is then combined with the Page 47
  • 48. VTPM’s which is cryptographically sealed in a blob that is transferred to the PVI factory. 2. The PVI factory decrypts the blob and examines the information received to determine whether the environment is safe. Once the target environment is determined to be safe, the PVI factory configures the VM and securely transfers it to the target environment, via the LoBot protocol, in a blob encrypted such that only the target platform may execute source environment. 3. At the target environment, the LoBot probe application receives and unseals the source environment. If the source environment was tampered with during transfer, it will be detected during the decryption phase. PVI Strengths 1. New paradigm for securing and managing cloud computing services based on a synergistic relationship between the vendor and customer of cloud services 2. Provides information owners the flexibility to manage their own data 3. This model takes into account all key security. PVI Weaknesses 1. This model just dealing with infrastructure layer and plat form layer Ignoring application layer in cloud computing. 2. Introduces Secure Shutdown and Data Destruction and monitoring and auditing tenets in the PVI model without any methods to obtain them. 3. Introduces PVI factory and Locater Bot Protocol Page 48
  • 49. Model 2: Cloud computing data security with the analysis of HDFS architecture. This Model analyses the basic problem of cloud computing data security. With the analysis of HDFS architecture, we get the data security requirement of cloud computing and set up a mathematical data model for cloud computing. Finally we build a data security model for cloud computing. Introduction The emergence of the Cloud system has simplified the deployment of large-scale distributed systems for software vendors. The Cloud system provides a simple and unified interface between vendor and user, allowing vendors to focus more on the software itself rather than the underlying framework. Applications on the Cloud include Software as a Service system and Multi-tenant databases. The Cloud system dynamically allocates computational resources in response to customers’ resource reservation requests and in accordance with customers’ predesigned quality of service. Risk coming with opportunity, the problem of data security in cloud computing become bottleneck of cloud computing. Data Security Problem of Cloud Computing A. Security Problem Drive from VM The virtual machine technology is considered as a cloud computing platform of the fundamental component. Virtual Machine technology bring obvious advantages, it allows the operation of the server which is no longer dependent on the physical device, but on the virtual servers. In virtual machine, a physical change or migration does not affect the services provided by the service provider. If user needs more services, the provider can meet user’s needs without having to concern the physical hardware. However, the virtual server from the logical server group brings a lot of security problems. The traditional data center security measures on the edge of the hardware platform, while cloud computing may be a server in a number of virtual servers, the virtual server may belong to different logical server group, therefore there is the possibility of attacking each other ,which brings virtual servers a lot of security threats. Virtual machine extending the edge of clouds makes the disappearance of the network boundary, thereby affecting Page 49
  • 50. almost all aspects of security, the traditional physical isolation and hardware-based security infrastructure cannot stop the clouds computer environment of mutual attacks between the virtual machine. B. The Existence of Super-user Cloud provider carries out the management and maintenance of data, the existence of super-users to greatly simplify the data management function, but it is a serious threat to user privacy. Super-powers is a double edged sword, it brings convenience to users and at the same time poses a threat to users. In an era of personal privacy, personal data should be really protected, and the fact that cloud computing platform to provide personal services in the confidentiality of personal privacy on the existence of defects. Not only individual users but also the organizations have similar potential threats, e.g. corporate users and trade secrets stored in the cloud computing platform may be stolen. Therefore the use of super user rights must be controlled in the cloud. C. Consistency of Data Cloud environment is a dynamic environment, where the user's data transmits from the data center to the user's client. For the system, the user's data is changing all the time. Read and write data relating to the identity of the user authentication and permission issues. In a virtual machine, there may be different users’ data which must be strict managed. The traditional model of access control is built in the edge of computers, so it is weak to control reading and writing among distributed computers. It is clear that traditional access control is obviously not suitable for cloud computing environments. The traditional access control mechanism has serious shortcomings. D. New Technology The concept of cloud computing is built on new architecture. The new architecture comprised of a variety of new technologies, such as Hadoop, Hbase, which enhances the performance of cloud systems but brings in risks at the same time. In the cloud environment, users create many dynamic virtual organizations, first set up in co-operation usually occurs in a relationship of trust between organizations rather than individual level. So those users based on the expression of restrictions on the basis of proof strategy is often difficult to follow; which frequently occurs in many of the Page 50
  • 51. interactive nodes between the virtual machine, and is dynamic, unpredictable. Cloud computing environment provides a user the full access to resources which has also increased security risks. Requirement of Security HDFS (Hadoop Distributed File System) is used in large-scale cloud computing in typical distributed file system architecture, its design goal is to run on commercial hardware, due to the support of Google, and the advantages of open source, it has been applied in the basis of cloud facilities. HDFS is very similar to the existing distributed file system, such as GFS (Google File System); they have the same objectives, performance, availability and stability. HDFS initially used in the Apache Nutch web search engine and become the core of Apache Hadoop project. HDFS used the master/slave backup mode. As shown in Figure6. The master is called Namenode, which manages the file system name space and controls access to the client. Other slave nodes is called Datanode, Datanode controls access to his client. In this storage system, a file is cut into small pieces of paper. Namenode maps the file blocks to Datanodes above. While HDFS does not have the POSIX compatibility, the file system still support the creation, delete, open, close, read, write and other operations on files. Figure 6. HDFS Architecture By analyzing of HDFS, data security needs of cloud computing can be divided into the following points: Page 51
  • 52. 1. The client authentication requirements in login: The vast majority of cloud computing through a browser client, such as IE, and the user’s identity as a cloud computing applications demand for the primary needs. 2. The existence of a single point of failure in Namenode: if namenode is attacked or failure, there will be disastrous consequences on the system. So the effectiveness of Namenode in cloud computing and its efficiency is key to the success of data protection, so to enhance Namenode’s security is very important. 3. The rapid recovery of data blocks and r/w rights control: Datanode is a data storage node, there is the possibility of failure and cannot guarantee the availability of data. Currently each data storage block in HDFS has at least 3 replicas, which is HDFS’s backup strategy. When comes to how to ensure the safety of reading and writing data, HDFS has not made any detailed explanation, so the needs to ensure rapid recovery and to make reading and writing data operation fully controllable cannot be ignored. 4. In addition to the above three requirements, the other, such as access control, file encryption, such as demand for cloud computing model for data security issues must be taken into account. DATA SECURITYMODEL A. Principle of Data Security All the data security techniques are built on confidentiality, integrity and availability of these three basic principles. Confidentiality refers to the so-called hidden the actual data or information, especially in the military and other sensitive areas, the confidentiality of data on the more strict requirements. For cloud computing, the data are stored in "data center", the security and confidentiality of user data is even more important. The so-called integrity of data in any state is not subject to the need to guarantee unauthorized deletion, modification or damage. The availability of data means that users can have the expectations of the use of data by the use of capacity. Page 52
  • 53. B. Data Security Model Data model of cloud computing can be described in math as follows: Df = C(NameNode) ; (1) Kf= f * Df ; (2) C(.) : the visit of nodes; Df: the distributed matrix of the file f ; Kf: the state of data distribution in Datanodes; f: file, file f can be described as: f = {F(1),F(2),…….F(n)}, means f is a set of n file blocks F(i) F(j) = , i ; I,j ; Df is a Zero-One matrix, it is L*L, L is the number of Datanode. To enhance the data security of cloud computing, we provide a cloud computing data security model called C2DSM. It can be described as follows: D’f = CA (namenode) (3) Df = M. D’f (4) Kf = E(f) Df (5) CA (.): authentic visit to namenode; Df : private protect model of file distributed matrix; M: resolve private matrix; E(f) : encrypted file f block by clock, get the encrypted file vector; This model can be shown by figure 7 Page 53
  • 54. Figure 7. Cloud computing Data Security 1 The model used three-level defense system structure, in which each floor performs its own duty to ensure that the data security of cloud layers. • The first layer: responsible for user authentication, the user of digital certificates issued by the appropriate, manage user permissions. • The second layer: responsible for user's data encryption, and protect the privacy of users through a certain way. • The third layer: The user data for fast recovery, system protection is the last layer of user data. With three-level structure, user authentication is used to ensure that data is not tampered. The user authenticated can manage the data by operations: Add, modify, delete and so on. If the user authentication system is deceived by illegal means, and malign user enters the system, file encryption and privacy protection can provide this level of defense. In this layer user data is encrypted, even if the key was the illegally accessed, through privacy protection, malign user will still be not unable to obtain effective access to information, which is very important to protect business users’ trade secrets in cloud computing environment. Finally, the rapid restoration of files layer, through fast recovery algorithm, makes user data be able to get the maximum recovery even in case of damage. From the model there will be follow theorems: - Theory one: If is not a full order, then the user lost his data. Verify: Page 54
  • 55. if the file distribution matrix, so with the formula (5) , is the L length vector. If is not full order, can be convert to , is (L-i) * (L-i) matrix, i 1; become L-I length vector, that make confliction to the definition of the model. - Theory two: if , then the data of the user is damaged. means the value of position i of file vector . Verify: means the number of store data in datanode, with definition f={F(1),F(2),….F(n)}, if F(i) not existence, i=1 , 2….n, then the file store failure if , then there will be i=1,2….n, let not existence if f, the file damaged. - Theory three if there existed matrix J, J M, but = J. , the private of user leak. Verify: M is the user’s private matrix. With the matrix M we can get . if J existed then illegal user may get by J . There is existence of private leakence. Page 55