19-07-2014, 12:44 PM
Cloud Computing Security: From Single to Multi-Clouds
Cloud Computing Security.pdf (Size: 365.97 KB / Downloads: 25)
Abstract
The use of cloud computing has increased rapidly
in many organizations. Cloud computing provides
many benefits in terms of low cost and accessibility of
data. Ensuring the security of cloud computing is a
major factor in the cloud computing environment, as
users often store sensitive information with cloud
storage providers but these providers may be
untrusted. Dealing with “single cloud” providers is
predicted to become less popular with customers due
to risks of service availability failure and the
possibility of malicious insiders in the single cloud. A
movement towards “multi-clouds”, or in other words,
“interclouds” or “cloud-of-clouds” has emerged
recently.
This paper surveys recent research related to single
and multi-cloud security and addresses possible
solutions. It is found that the research into the use of
multi-cloud providers to maintain security has received
less attention from the research community than has
the use of single clouds. This work aims to promote the
use of multi-clouds due to its ability to reduce security
risks that affect the cloud computing user.
Introduction
The use of cloud computing has increased rapidly in
many organizations. Subashini and Kavitha [49] argue
that small and medium companies use cloud computing
services for various reasons, including because these
services provide fast access to their applications and
reduce their infrastructure costs
Background
NIST [1] describes cloud computing as “a model for
enabling convenient, on-demand network access to a
shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with
minimal management effort or service provider
interaction”.
Cloud Computing Components
The cloud computing model consists of five
characteristics, three delivery models, and four
deployment models [1]. The five key characteristics of
cloud computing are: location-independent resource
pooling, on-demand self-service, rapid elasticity, broad
network access, and measured service [51]. These five
characteristics represent the first layer in the cloud
environment architecture (see Figure1).
Cloud Service Providers Examples
In the commercial world, various computing needs
are provided as a service. The service providers take
care of the customer's needs by, for example,
maintaining software or purchasing expensive
hardware. For instance, the service EC2, created by
Amazon, provides customers with scalable servers. As
another example, under the CLuE program, NSF joined
with Google and IBM to offer academic institutions
access to a large-scale distributed infrastructure [4].
There are many features of cloud computing. First,
cloud storages, such as Amazon S3, Microsoft
SkyDrive, or NirvanixCLoudNAS, permit consumers
to access online data. Second, it provides computation
resources for users such as Amazon EC2. Third,
Google Apps or versioning repositories for source code
are examples of online collaboration tools [12].
Cloud service providers should ensure the security
of their customers’ data and should be responsible if
any security risk affects their customers’ service
infrastructure. A cloud provider offers many services
that can benefit its customers, such as fast access to
their data from any location, scalability, pay-for-use,
data storage, data recovery, protection against hackers,
on-demand security controls, and use of the network
and infrastructure facilities [49].
Reliability and availability are other benefits of the
public cloud, in addition to low cost [25]. However,
there are also concerning issues for public cloud
computing, most notably, issues surrounding data
integrity and data confidentiality. Any customer will be
worried about the security of sensitive information
such as medical records or financ
Security Risks in Cloud Computing
Although cloud service providers can offer benefits
to users, security risks play a major role in the cloud
computing environment [53]. Users of online data
sharing or network facilities are aware of the potential
loss of privacy [12]. According to a recent IDC survey
[16], the top challenge for 74% of CIOs in relation to
cloud computing is security. Protecting private and
important information such as credit card details or
patients’ medical records from attackers or malicious
insiders is of critical importance [34]. Moving
databases to a large data centre involves many security
challenges [55] such as virtualization vulnerability,
accessibility vulnerability, privacy and control issues
related to data accessed from a third party, integrity,
confidentiality, and data loss or theft. Subashini and
Kavitha [49] present some fundamental security
challenges, which are data storage security, application
security, data transmission security, and security
related to third-party resources.
In different cloud service models, the security
responsibility between users and providers is different.
According to Amazon [46], their EC2 addresses
security control in relation to physical, environmental,
and virtualization security, whereas, the users remain
responsible for addressing security control of the IT
system including the operating systems, applications
and data.
Data Integrity
One of the most important issues related to cloud
security risks is data integrity. The data stored in the
cloud may suffer from damage during transition
operations from or to the cloud storage provider.
Cachinet al.[12] give examples of the risk of attacks
from both inside and outside the cloud provider, such
as the recently attacked Red Hat Linux’s distribution
servers [40]. Another example of breached data
occurred in 2009 in Google Docs, which triggered the
Electronic Privacy Information Centre for the Federal
Trade Commission to open an investigation into
Google’s Cloud Computing Services [12]. Another
example of a risk to data integrity recently occurred in
Amazon S3 where users suffered from data corruption
[50]. Further examples giving details of attacks can be
read in [12],[40],[50
Data Intrusion
According to Garfinkel[19], another security risk
that may occur with a cloud provider, such as the
Amazon cloud service, is a hacked password or data
intrusion. If someone gains access to an Amazon
account password, they will be able to access all of the
account’s instances and resources. Thus the stolen
password allows the hacker to erase all the information
inside any virtual machine instance for the stolen user
account, modify it, or even disable its services.
Furthermore, there is a possibility for the user’s
email(Amazon user name) to be hacked (see [18] for a
discussion of the potential risks of email), and since
Amazon allows a lost password to be reset by email,
the hacker may still be able to log in to the account
after receiving the new reset password
Service Availability
nother major concern in cloud services is service
availability. Amazon [6] mentions in its licensing
agreement that it is possible that the service might be
unavailable from time to time. The user’s web service
may terminate for any reason at any time if any user’s
files break the cloud storage policy. In addition, if any
damage occurs to any Amazon web service and the
service fails, in this case there will be no charge to the
Amazon Company for this failure. Companies seeking
to protect services from such failure need measures
such as backups or use of multiple providers [19]. Both
Google Mail and Hotmail experienced
Limitation of Current Solutions
The problem of the malicious insider in the cloud
infrastructure which is the base of cloud computing is
considered by Rocha and Correia [42]. IaaS cloud
providers provide the users with a set of virtual
machines from which the user can benefit by running
software on them. The traditional solution to ensure
data confidentiality by data encryption is not sufficient
due to the fact that the user’s data needs to be
manipulated in the virtual machines of cloud providers
which cannot happen if the data has been encrypted
[42]. Administrators manage the infrastructure and as
they have remote access to servers, if the administrator
isa malicious insider, then he can gain access to the
user’s data [29]. Van Dijk and Juels [52] present some
negative aspects of data encryption in cloud
computing. In addition, they assume that if the data is
processed from different clients, data encryption
cannot ensure privacy in the cloud
Future Work
For future work, we aim to provide a framework to
supply a secure cloud database that will guarantee to
prevent security risks facing the cloud computing
community. This framework will apply multi-clouds
and the secret sharing algorithm to reduce the risk of
data intrusion and the loss of service availability in the
cloud and ensure data integrity.
In relation to data intrusion and data integrity,
assume we want to distribute the data into three
different cloud providers, and we apply the secret
sharing algorithm on the stored data in the cloud
provider. An intruder needs to retrieve at least three
values to be able to find out the real value that we want
to hide from the intruder. This depends on Shamir’s
secret sharing algorithm with a polynomial function
technique which claims that even with full knowledge
of (k – 1) clouds, the service provider will not have any
knowledge of vs (vs is the secret value) [47]. We have
used this technique in previous databases-as-a-serves
research [5]. In other words, hackers need to retrieve
all the information from the cloud providers to know
the real value of the data in the cloud. Therefore, if the
attacker hacked one cloud provider’s password or even
two cloud provider’s passwords, they still need to hack
the third cloud provider (in the case where k = 3) to
know the secret which is the worst case scenario.
Hence, replicating data into multi-clouds by using a
multi-share technique [5] may reduce the risk of data
intrusion and increase data integrity. In other words, it
Conclusion
It is clear that although the use of cloud computing
has rapidly increased, cloud computing security is still
considered the major issue in the cloud computing
environment. Customers do not want to lose their
private information as a result of malicious insiders in
the cloud. In addition, the loss of service availability
has caused many problems for a large number of
customers recently. Furthermore, data intrusion leads
to many problems for the users of cloud computing.
The purpose of this work is to survey the recent
research on single clouds and multi-clouds to address
the security risks and solutions. We have found that
much research has been done to ensure the security of
the single cloud and cloud storage