03-08-2012, 02:46 PM
Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments
cloud computing2.pdf (Size: 281.37 KB / Downloads: 634)
1. Introduction
Cloud computing, the long-held dream of “computing as a utility”, has opening up the new era of
future computing, transform a large part of IT industry, reshape the purchase and use of IT software and
hardware, and receive considerable attention from global and local IT players, national governments, and
international agencies [1] [2] [3] [4]. Cloud computing is a large-scale distributed computing paradigm
driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, highly
available, and configurable and reconfigurable computing resources can be rapidly provisioned and
released with minimal management effort in the data centers. Services are delivered on demand to
external customers over high-speed Internet with the “X as a service (XasS)” computing architecture,
which is broken down into three segments: “applications”, “platforms”, and “infrastructure”. Its aims [3]
[4] are to provide users with more flexible services, more scalable computing applications, storage and
platforms in a transparent manner. Similarly, IT companies with innovative ideas for new application
services are no longer required to make large capital outlays in the hardware and software infrastructures.
By using cloud computing platform, they can register necessary service from the Internet and are free
from the trivial task of setting up basic hardware and software infrastructures, which allow them to focus
on the core aspects of their business.
High security is one of the major obstacles for opening up the new era of long dreamed vision of
computing as a utility. As the sensitive applications and data are moved into the cloud data centers, run on
virtual computing resources in the form of virtual machine. This unique attributes, however, poses many
novel tangible and intangible security challenges [5] [6] such as accessibility vulnerabilities, virtualization
vulnerabilities, and web application vulnerabilities. These challenges relate to cloud server having
physical control of data, relate to identity and credential management, relate to data verification,
tempering, integrity, confidentiality, data loss and theft. To protect private and sensitive data that are
processed in data centers, the cloud user needs to verify (a) the real exists of the cloud computing
environment in the world; (b) the security of information in the cloud; and © the trustworthiness of the
systems in cloud computing environment. However, the management of data and services are not secure
and trustworthy in cloud data centers.
This paper primarily aims to highlight the major security, privacy and trust issues in current existing
cloud computing environments and help users recognize the tangible and intangible threats associated
with their uses. Our contributions can be summarized as: (a) surveying the most relevant privacy, security
and trust issues that pose threats in current existing cloud computing environments; and (b) analyzing the
way that may be addressed to eliminate these potential security, privacy and trust threats, and providing a
high secure, trustworthy, and dependable cloud computing environment.
The remainder of this paper is organized as follows. Section 2 presents security issues and addressing
in cloud computing environments. Section 3 presents privacy issues and addressing in cloud computing
environments. Section 4 presents trust issues and addressing in cloud computing environments. Finally,
conclusions and a direction for future work are given in section 5.
2. Security Issues
Security is viewed as a composite notion, namely “the combination of confidentiality, the prevention of
the unauthorized disclosure of information, integrity, the prevention of the unauthorized amendment or
deletion of information, and availability, the prevention of the unauthorized withholding of information”
[13]. Security is the absence of unauthorized access to, or handling of, the system state. The main
dimensions of security are availability, confidentiality and integrity. Security is one of the most obstacles
for opening up the new era of the long dreamed vision of computing as a utility.
2854 DDaawweeii SSuunn /e Pt raol.c /e dPirao cEendgiian eEenrgininge 0er0i n(2g0 1151 )( 2000101–)0 20805 2 – 2856 3
Security issues in cloud computing environments can be divided into six sub-categories [5] [6] [7] [11]
[14], which include: (a) how to provide safety mechanisms, so that to monitor or trace the cloud server, (b)
how to keep data confidentiality for all the individual and sensitive information, © how to avoid
malicious insiders illegal operation under the general lack of transparency into provider process and
procedure environments, (d) how to avoid service hijacking, where phishing, fraud and exploitation are
well known issues in IT, (e) how to management multi-instance in multi-tenancy virtual environments,
which assume all instance are completely isolated from each other. However, this assumption can
sometime break down, allowing attackers to cross virtual machines side channel, escape the boundaries of
the sandboxed environment and have full access to the host, and (f) how to develop appropriate law and
implement legal jurisdiction, so that users have a chain against their providers if need.
3. Privacy Issues
Privacy is the ability of an individual or group to seclude themselves or information about themselves
and thereby reveal themselves selectively, and it is include [15]: (a) when: a subject may be more
concerned about her current or future information being revealed than information from the past, (b) how:
a user may be comfortable if friends can manually request his information, but may not want alerts sent
automatically, © extent: a user may rather have her information reported as an ambiguous region rather
than a precise point. In the commercial, consumer context and privacy needs the protection and
appropriate use of the information about customers and meeting the expectations of customers about its
use. In the organizations, privacy entails the application of laws, mechanisms, standards and processes by
which personally identifiable information is managed [8].
The privacy issues differ according to different cloud scenario, and can be divided into four subcategories
[5] [6] [8], which include: (a) how to make users remain control over their data when it is
stored and processed in cloud, and avoid theft, nefarious use and unauthorized resale, (b) how to
guarantee data replications in a jurisdiction and consistent state, where replicating user data to multiple
suitable locations is an usually choice, and avoid data loss, leakage and unauthorized modification or
fabrication, © which party is responsible for ensuring legal requirements for personal information, and (d)
what extent cloud sub-contractors involved in processing can be properly identified, checked and
ascertained.
4. Trust Issues
Trust is viewed as a measurable belief that utilizes experience, to make trustworthy decisions. It is
originally used in social science in constructing human beings’ relationship and is now an essential
substitute for forming security mechanism in distributed computing environments, as trust has many soft
security attributes, such as, reliability, dependability, confidence, honest, belief, trustfulness, security,
competence, and suchlike. In fact, trust is the most complex relationship among entities because it is
extremely subjective, context-dependent, non-symmetric, uncertain, and partially transitive [9] [10]. Trust
evaluation is a multi-faceted and multi-phased phenomenon based on multi-dimensional factors and trust
evaluation cycle, and it is used to find the answer to the question “With which node(s) should I interact
and with which I should not?” A measurable trust view is adapted by [16], “Trust of a party A to a party B
for a service X is the measurable belief of A in that B behaves dependably for a specified period within a
specified context (in relation to service X).” Another mathematical trust view is given in [17], “Trust (or,
symmetrically, distrust) is a particular level of the subjective probability with which an agent assesses that
another agent or group of agents will perform a particular action, both before he can monitor such action
4 DaweDi Sauwne ie tS auln. // PPrroocceeddiiaa EEnnggiinneerriinngg 1050 ((22001111)) 2080502– 0–0 208 56 2855
(or independently or his capacity ever be able to monitor it) and in a context in which it affects his own
action.”
To protect clouds, traditional hard security techniques such as encryption and authorization provide a
solid foundation, but they fail when cooperating entities act maliciously due to scale and temporary nature
of collaborations. Trust as a soft social security philosophy can fight against such security threats by
restricting malicious entities from participating in interactions and consequently offers a high
trustworthiness cloud computing environment.
Trust issues in cloud computing environments can be divided into four sub-categories [5] [6] [8] [12],
which include: (a) how to definition and evaluation trust according to the unique attribute of cloud
computing environments, (b) how to handle malicious recommend information, which is very important
in cloud computing environments, as trust relationship in clouds is temporary and dynamic, © how to
consider and provide difference security level of service according to the trust degree, (d) how to manage
trust degree change with interaction time and context, and to monitor, adjust, and really reflect trust
relationship dynamic change with time and space.
5. Conclusions and Future Work
High security is one of the major obstacles for opening up the new era of the long dreamed vision of
computing as a utility. As the sensitive applications and data are moved into the cloud data centers, run on
virtual computing resources in the form of virtual machine. This unique attributes, however, poses many
novel security challenges such as accessibility vulnerabilities, virtualization vulnerabilities, and web
application vulnerabilities. With advancement of cloud computing and increasing number of cloud user,
security, privacy and trust dimensions will continuously increase. To protect private and sensitive data
that are processed in data centers, the cloud user needs to verify (a) the real exists of the cloud computing
environment in the world; © the security of information in the cloud; and (b) the trustworthiness of the
systems in cloud computing environment.
In this paper, we primarily aims to highlight the major security, privacy and trust issues in current
existing cloud computing environments and help users recognize the tangible and intangible threats
associated with their uses. We cover two main aspects of security, privacy and trust issues, which include:
(a) surveying the most relevant privacy, security and trust issues that pose threats in current existing cloud
computing environments, and (b) analyzing the way that may be addressed to eliminate these potential
security, privacy and trust threats, and providing a high secure, trustworthy, and dependable cloud
computing environment.
Future works will focus on the following: (a) analyzing and evaluating privacy, security and trust
issues in cloud computing environment by a quantifiable approach, the surveying and analyzing approach
method suggested in this paper is a first step toward analyzing privacy, security and trust issues, (b)
developing a complete security, privacy trust evaluation, management framework as a part of cloud
computing services to satisfy the security demands; and © deploying the framework on really cloud
computing environments.