Major Researches In Cloud Computing Security

Published Date: 02 Nov 2017

1. Introduction.

Sharing resources over the internet which are located in a central server is now not a complex process because of the Cloud Computing. United States National Institute of Standards and Technologies (NIST) has defined Cloud Computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. This is a service which is available on demand that consist of a pool of resources which are capable of provisioning computing capabilities as needed automatically. Those resources are virtualized and allocated for the customers on demand. Regardless of the environment of the resource customer can use it. Those resources can be in different geographical locations, but they together process the request. These resources are dynamically allocated to each process and accordingly customer can expand or shrink his resources which is to be used easily at any time without investing on new infrastructure, training new people or licensing new software. Customers do not own the physical infrastructure but with the payment of subscription service providers grant the access to the cloud. Therefore zero maintenance cost for the clients as service providers do it and manage the resources on behalf of them. All those resource usages are transparent to both customer and the service provider in case of monitor, control and report. Cloud services can be accessed using thin or thick clients.

The development of the cloud computing varies according to the requirements and for the purpose that it will be used by customers. Three principle service models are being developed and they are differed according to the service provided by them. Software as a Service (SaaS) provides the capability to use the applications running on the cloud infrastructure at the service providers’ side. It cut off the cost of hardware and software development, operation and maintenance. Customer cannot control the infrastructure and the exceptions which limits application configuration settings. Platform as a Service (PaaS) provides the capability to deploy the customer developed applications or acquired application using programming languages, tools, libraries and services supported by the service provider. There customer has the control over the deployed application and its configuration settings for the cloud environment, but not over the infrastructure. Infrastructure as a Service (IaaS) provides the customer to provision the fundamental computing resources such as processing, storage, network where customer is entitled to deploy and run applications which may include the operating system. In this model customer has the control over fundamental resources and the configuration settings of the application. This avoids the costs that can be allocated for purchasing, maintaining and managing basic hardware and software components.

There are several deployment models for different requirements. Private Clouds are used by single organization with multiple consumers. These types of clouds are owned, managed and operated by the organization or a third party and may exist within the organization premises or out. It is only available for the organization. Community Cloud can be shared among several organizations which has common factors. Same way this cloud is owned, operated and managed by the organizations within the community or a third party and may exist within the organization premises or out. Public Cloud is open for used by general public and may be owned, operated and managed by a business or a government organization. Here any one can access the cloud and less restrictions compared to other methods. Hybrid Cloud facilitates a combination of two or more cloud infrastructures. Those are bound by standardized or proprietary technologies. It enables the data and application portability of the cloud.

However, Cloud Computing is an emerging method of distributed computing which is still at its infancy. As the demand and the popularity increases from business sector the threats towards the cloud also increases. Therefore the privacy and security within a cloud is becoming an important fact to consider about.

I am interested in studying in this area of Cloud Computing Security since I am attracted of the subject area, Cloud Computing and I have the eagerness to study about the new emerging technologies and their security issues. And also it is one of the rapidly evolving technological areas which as an IT student have to be aware of.

The paper is organized as follows. Section 2 describes the Overview of Cloud Computing Security. Section 3 is about the Major Researches carrying out related to Cloud Computing Security. After that the Section 4 discusses the essence of the research paper and the paper ends with Section 5 explaining my identifications in the research.

2. Overview – Cloud Computing Security.

In 2006 with the arrival of Amazon’s Elastic Computing Cloud (EC2) [5], cloud computing started to establish in the global technology field. There after many giants in the IT field came up with their own Cloud Computing solutions. Since then this resource sharing model was wide spread in the IT industry. Many businesses changed their own controlling machines in to cloud computing. Still the demand for the Cloud Computing is increasing, but yet it is at its infancy.

The base of this amazing communication model is virtualization [4, 5]. Virtualization makes it possible to run more than one or more sessions of an operating system in a single PC or a server. With this several operating systems can be used at the same time by using the existing hardware. To achieve this virtual machines uses the emulated hardware devices. If a particular cloud provides infrastructure as a service, then it is capable of providing unlimited number of virtual machines to rent virtual machine images as a service. With the use of this virtual machines user can install applications, store data and almost everything that is possible with a physical PC or a server. Therefore these Cloud Computing machines are capable of providing the services as per demand.

To take the full advantage of cloud computing most of the organizations have started to develop an operating system to use cloud computing options for the users. This created the term Just Enough Operating System (JeOS). This allows users to handle the majority of the tasks on the cloud. This concept is available for browsers to run all applications in any language which is accessible. This ensures a browser based security. As mentioned early these mechanisms lead to reduce the costs incurred on purchasing operating systems and maintenance.

It is a vivid that there may occur security issues in cloud computing as popularity of using cloud computing becomes more popular. Consumers store their data, run software on someone else’s resources and to process it. It is possible to occur issues such like data loss, phishing, spam and botnet over the Cloud infrastructure. Further multi-tenancy model and pooled resources in cloud computing has led to consider about new techniques to tackle with the related security issues. In a Cloud, security within the network have to be considered more than just the security of uses’ data.

3. Major Researches in Cloud Computing Security.

With the high expansion and popularity of cloud computing, lots of risks starts to get bind with it. As this is an emerging trend in business world most of the businesses are now stepping towards this technology to try out it and get the benefits out of it. Therefore many parties are looking towards it. Many sensitive data are stored in cloud and service providers tries to ensure the reliability and the confidentiality of those private data.

3.1. XML Signature.

XML is a requirement for Cloud Computing to share information between different systems. XML signature is used to ensure the authentication of data within the Simple Object Access Protocol (SOAP). To proving the recipient regarding the data authentication and integration, each fragment of XML is attached with XML signature [3]. However attackers can inject duplicates of XML fragments and add addition code to perform unwanted tasks at the destination. This is known as the "wrapper attack". There attacker virtually wrap the signature around the code and pass it as a genuine XML. Therefore service providers must think of a way to prevent wrapping attacks from succeeding. These wrapper attacks are not common for business applications. [8]

3.2. Browser Security.

Consumer uses the browser as the main source of input and output for any Cloud Operating System. There exist several security issues for browsers within the cloud. Server will keep track of the original location of the browser and a request is accepted when only it comes from the same location. Server uses Same Original Policy (SOP) to monitor the original location of the browser though it has been proven insufficient for the security. According to the argument at [3] browser cannot use the XML signature or encryption to integrate this capability with future browsers. Therefore browser can use only Transport Layer Security (TLS) or Security Socket Layer. That is the primary form for browser security. It requires server to use digital certificate and all pages are not secured. TLS affects by "Phishing" where malicious websites are used to grab the login information and once the attacker access the data TLS fails protecting data.

3.3. Flooding.

Denial-of-Service (DOS) attack is one of the threats towards the Cloud. There the infected computers will be connected together to a specific website with intention of overloading the server with requests and crash it by disturbing for its normal functionalities [3]. When DOS were targeted to a cloud based server many requests will be sent to the server where particular application or website is located. It will consume more resources in the cloud to process each request and the owner of the website or the application will be charged a big amount for the resources. Because of this attack other cloud users will also be affected because of the less shared resources. Another possibility is that cloud can pull resources from other users which would then cause a huge impact on the cloud.

3.4. Reputation Fate Sharing.

Sharing a common hardware resource among several users is that the reputation of each individual will be affected by each other. If one person does a process, others are also responsible for it. This type of risk affects to multiple parties and can be abused by one user. Some other innocent bystanders are seized. While this risk exist, datacenters are able to deal with security with compared to individuals. When a datacenter security flaw is exposed a large number of victims will be affected.

3.5. Side Channels.

Multiple virtual machines resources can be within a piece of hardware which can be used as a way to side channel data using one virtual machine to another. The reason for these kinds of attacks are based on the shared resources. If an attacker was successful then it will use various ways to intercept data being transferred from other virtual machine. These kinds of risks are documented and many methods for preventive have been identified. If there is a security flaw within the cloud there is a security risk in all forms of computing. Normally users do not maintain their system and keep it up-to-date with security updates. However, datacenters install and implement security updates immediately as they are available to each virtual machine at the same time.

3.6. Loose Control Over Data.

When user is accessing a cloud to do his work the control over the data is reduced when in the cloud. Probably the reason for the fear of the people over the cloud would be this. On a traditional PC or a server you have the full control over the data you have and you can back up and take it any time. But when using cloud concept, it is controlled by a third party company and it is responsible for the data being saved at the cloud and their confidentiality, sensitivity. Data owner can agree to let the operator to analyze his data where user will receive advertisements and receive free services according to his preferences. In this case service providers have to ensure the confidentiality and do not dell data to advertisers.

3.7. Dependence of the Internet.

Cloud computing is fully based on internet. As the usage of cloud become more the internet dependency also increases. Especially when users depends on cloud OS such as Chrome OS, user is fully dependent on internet as all user data are on the cloud. If unfortunately the internet connection was lost the user cannot access his data. Therefore such a user is fully dependent on the cloud. For an instance if the current service provider plans to outsource then the control also loose from the existing provider.

4. Discussion.

In this review paper I have discussed what is cloud computing, different deployment models in cloud computing, different service models in cloud computing, advantages using cloud computing, what are the security issues in cloud computing, their impact on the real life scenarios. If we consider all facts given we notice that there is requirement of ensuring the security of the cloud as it is expanding day by day with many users’ sensitive data. As it depends on internet the service providers have to take the responsibility and improve the efficiency of the cloud computing.

5. My Contribution.

By doing this research I was able to gather a bunch of knowledge related to the field of cloud computing. I have identified the basic infrastructure behind this technology and different kinds of usages of cloud computing. Also got a clear view about the threats to this technology and how they can be prevented. I understood the clear idea of maintaining a cloud and the advantages and disadvantages of cloud computing. I have identified the situations where we can apply cloud computing and where not. And red about the upcoming trends in cloud computing.

Acknowledgement.

I heartily thankful to my supervisor who introduced me to this beautiful subject, Mr. Shalinda Adikari, whose encouragement, supervision and support from the preliminary to the current level enabled me to develop this research work. Lastly, I would like to put forward my sincere thanks to my mother, father, lecturers, my friends and those who supported me in any respect during the completion of this research work.