14-06-2014, 04:15 PM
A Review of Trust Aspects in Cloud Computing Security
1370282060-AReviewofTrustAspectsinCloudComputingSecurity.pdf (Size: 217.19 KB / Downloads: 20)
ABSTRACT
Cloud computing offers distributed and shared computing resources and
services that belong to different service providers and websites. Before truly
benefiting from cloud computing, there are several issues associated to it
which need to be addressed in the first place. One of the most important
aspects that needs special attention pertains to the cloud security. Cloud
computing has the important component as trust management. In this paper,
we look at some security services practices like authentication,
confidentiality and integrity as well as the trust management. A critical
analysis of the trust models along with some gaps in the existing models is
also reported herein.
INTRODUCTION
Cloud computing involves delivering hosted services over the Internet on demand. These services
include software applications, software services, network resources, platforms, computing infrastructures and
virtual servers. Cloud computing is scalable and managed infrastructure. End-users simply consume these
services and pay on usage basis or subscription basis. There are three famous service models of cloud
computing as described below
Cloud computing involves delivering hosted services over the Internet on demand. These services
include software applications, software services, network resources, platforms, computing infrastructures and
virtual servers. Cloud computing is scalable and managed infrastructure. End-users simply consume these
services and pay on usage basis or subscription basis. There are three famous service models of cloud
computing as described below
Security is the biggest issue in cloud computing as while utilizing storage service on a remote
location, the consumers are generally unaware of what happens to their data. In fact, consumers themselves
have less control to secure the data they host on the cloud. The trust mechanism has proven to be an
appropriate substitute to the aforesaid security issues as it establishes entities’ relationship quickly and safely.
Since trust is purely an abstract and a subjective term; therefore, it is ordinarily difficult to tangibally measure
and effectively manage it.
fectively manage it.
In this paper, different security problems and trust models proposed in contemporary literature are
critically reviewed and analyzed. This paper is organized into six sections. An introduction to cloud
computing and its service models are described in this section. A review of the related work pertaining to the
security issues, trust models and cloud computing frameworks is provided in section II. A critical evaluation of the literature review with respect to the current state of the affairs in cloud security is provided in the next
section. The section IV highlights gaps in the security-related techniques discussed in the literature. An
account of the challenges in cloud computing security is enunciated in section V. Some prospective
dimension for further research in this area followed by the conclusion is outlined in the last section.
LITERATURE REVIEW
Mahmood [1] identifies that the major issues pertaining to data security in the cloud computing
environment are:
Data Location and Data Transmission — the customers may want that data should reside on a
specific territory based on data polices and legislations within the certain country. Similarly,
cross border transition of data (from one country to another) may lead to potential risks due to
varying policies, regulations and legislations.
Data Availability — the unavailability of data may lead to service outages.
Data Security — when the data mobility is at high level, then security risks become the major
concern, particularly, when data is transferred to another country with a different regulatory
framework.
Behl [2] explores cloud computing security issues and highlights the key research challenges that
include:
Availability and Performance — this issue can be resolved through well-formed SLA (service
level agreement) coined with real-time monitoring.
Malicious Insiders — the cloud service providers cannot restrict their employees, contractors
and other trusted people who have access to the secure data of customers through supply chain
management.
Outside Attacks — for example, the hackers can get access to the data; to resolve this issue, the
network perimeter should be protected through firewalls.
Service Disruptions — it can occur when no more resources are available for other customers
and this may cause customer dissatisfaction. This issue can be resolved by ensuring that
connections are coming from known IP pool and DNS (Domain Name Server).
A security strategy model is generally defined to overcome all the aforesaid security challenges.
However, a generic security model is equally implementable for complex and ever dynamic cloud
infrastructure. Chen et al. [3] discuss cloud computing data security and data privacy protection issues. The
security architecture is defined at three levels: software security (identity authentication, identity
management, access control), platform security (framework security, component security, interface security)
and infrastructure security (virtual environment security, shared storage security). Data privacy protection
issues of the data lifecycle in cloud computing include transfer, use, share, storage, archival and destruction.
Popovic et al. [4] indicate security issues of cloud computing systems by highlighting the problems
of cloud computing, particularly, the security management models based on security standards and the
security issues pertaining to security standards — such as the information technology infrastructure library
(ITIL), ISO/IEC 27001/27002 and open virtualization format (OVF). The service providers can follow these
guidelines to secure their cloud services. It is imperative to address the security issues aptly, as otherwise
they could possibly result in unauthorized access to the systems that ultimately lead towards potential data
corruption and compromising the confidential data
Siani et al. [5] highlight that the major hurdles in large-scale acceptance of cloud computing, mostly
due to service security and privacy issues. Based on the discussed scenarios, it is recommended that sensitive
information should be minimized when data is processed on cloud and privacy to the end-user must be
assured. A client based generic privacy manager tool has been proposed for this purpose that not only reduces
security issues but also provides added privacy features.
Harauz et al. [6] highlight the regulatory and legal concerns associated with security issues. To
avoid unauthorized access and to ensure data integrity, confidentiality and availability, the storage provider
should offer encryption schema, strict access control mechanism and scheduled data backups. Adoptation of
a universal standard is also recommended to ensure interoperability among service providers
GAP ANALYSIS
A number of security and trust models are discussed in the literature. The most frequently discussed
model in the literature papers is the Confidentiality, Integrity and Availability (CIA) Model. Confidentiality
means that information is not disclosed to unauthorized persons. Integrity means that information held in a
system is accurate and proper representation of the data is achieved. Availability means that information
processing resources are immediately isolated and discontinued when a malicious attack is detected. The essence of the model is to strike a balance among all these components but the literature only emphasizes on
confidentiality and availability. An integrity component has been noticed as the least focused area in the
contemporary research.
CHALLENGES IN CLOUD COMPUTING SECURITY
A number of challenges pertaining to the security aspects of cloud computing have been observed
during the survey of contemporary literature for this study. Often users are much concerned about the
security of their private and confidential data. After hosting data on the cloud, users feel the deprivation of
control over their data; therefore, they remain suspicious about the security and confidentiality of the data. It
is primarily because of their concern that who else has access to their data. For this very reason, the major
challenge in cloud computing security is to prohibit unauthorized accesses and eliminate possibilities of data
corruption in order to establish trust of the users on the cloud services. Moreover, sometimes service
providers opt for subcontracting certain services either to scale-up their own service or get benefited from the
bargains offered by other cloud vendors. In such a scenario, the subcontracted service providers are generally
bound to totally different rules and regulations that are indigenous to their country. For instance, the UK
government has imposed stricter rules for data privacy and security as compare to USA. In case a UK-based
organization subscribes to a service provider in USA then the USA-based service provider is not obligated
for any sort of data corruption compensation due to variations in rules and regulations in both the countries.
Cloud infrastructure can be complex enough as it can consist of ―cloud within the cloud‖
architecture. It is quite impossible for service providers to claim about their servers as 100% live all the time.
Sometimes, subscriber enterprises and organizations have to pay more monies because of the service
provider’s superfluous claim which they cannot verify. Another major issue in cloud computing is to
maintain trust between the tenant and the vendor. Trust factor is equally applicable for service providers as
well as service users. Service users are mostly concerned about the security, privacy, confidentiality and
availability of their data but, on the other hand, service providers are touchier about the faithfulness and
integrity of the users
CONCLUSION AND FUTURE WORK
Cloud computing is the on-demand utilization of shared computing resources available from the
Internet. When these services are used properly, they can reduce cost and management responsibilities in
addition to increasing efficiency, agility and performance of an enterprise. On the contrary, there are several
challenges to be faced by cloud computing such as data security and privacy issues. In this paper, we have
discussed the issues related to data location, storage, security, availability and integrity. Establishing trust is
the way to overcome these security issues as it establishes entities’ relationship quickly and safely. For this
purpose, we have surveyed some of the trust management models. Since trust is an abstract and subjective
term; hence, it is difficult to measure and manage the trust
In this paper, we have conducted a review of literature on the trust management systems. Majority
of the proposed systems put special emphasis on the CIA (Confidentiality, Integrity and Applicability)
model. Based on the critical analysis and the gap analysis provided in section III and IV respectively, we
intend to conduct research on integrity issue as a continuum to this research.