Cloud computing security

Cloud computing security Abstract The term Cloud computing becomes more popular day by day. As this is happening, security concerns start to arise. Maybe the most critical one is that as information is spread into the cloud, the owner starts to lose the control of it. In this paper we attempt to give a brief overview of what is described by the term Cloud computing and provide a small introduction to what we mean by Cloud computing security [Brunette, 2009]. Make a discussion of what are the security benefits that Cloud computing introduces and also the security risks that arise due to its adaptation according to [ENISA, 2009]. Index Terms Cloud, security, risks, security benefits. Introduction Cloud computing funds started to build in early 90s. The main idea behind cloud computing is to separate the infrastructure and the mechanisms that a system is composed of, from the applications and services that delivers [Brunette, 2009]. Clouds are designed in such a way that can scale easily, be always available and reduce the operational costs. That is achieved due to on demand multi-tenancy of applications, information and hardware resources (such as network infrastructure, storage resources and so on). According to [Mell, 2009] Cloud computing is composed by five Essential Characteristics, three Service Models and four Deployment Models as shown in figure bellow. More details on each of the above components can be found in [Mell, 2009] Security The way that security control is implemented on Cloud computing is most of the times similar to this of traditional IT environments. But due to the distributed nature of the assets security risks vary depending on the kind of assets in use, how and who manages those assets, what are the control mechanisms used and where those are located and finally who consumes those assets [Brunette, 2009]. Furthermore earlier we mentioned that multi-tenancy. This means that a set of policies should be implementing how isolation of resources, billing, segmentation and so on is achieved is a secure and concise way. In order to measure whether the security that a Cloud Provider (CP) offers is adequate we should take under consideration the maturity, effectiveness, and completeness of the risk-adjusted security controls that the CP implements. Security can be implement at one or more levels. Those levels that cover just the Cloud infrastructure are: physical security, network security, system security and application security. Additionally security can take place at a higher level, on people, duties and processes. It is necessary at this point to have understanding of the different security responsibilities that CPs and end users have. And also that sometimes even among different CPs the security responsibilities differ. Security Benefits [ENISA, 2009] in its report has spotted the following top security benefits that arise due to the use of Cloud computing. Security and the benefits of scale: when implementing security on a large system the cost for its implementation is shared on all resources and as a result the investment end up being more effective and cost saving. Security as a market differentiator: as confidentiality, integrity and resilience is a priority for many the end users, the decision on whether they will choose one CP over another is made based on the reputation this CP has on security issues. Hence competition among CPs made them provide high level services. Standardise interfaces for managed security services: as CPs use standardise interfaces to manage their security services the Cloud computing market benefits from the uniformity and tested solutions this introduces. Rapid, smart scaling of resources: Cloud computing is considered resilient since it has the ability to dynamically reallocate resources for filtering, traffic shaping, authentication, encryption. Audit and evidence gathering: since virtualization is used in order to achieve Cloud computing, it is easy to collect all the audits that we need in order to proceed with forensics analysis without causing a downtime during the gathering process. More timely, effective and effective updates and defaults: another thing that Cloud computing benefits from virtualization is that virtual machines (VM) can come pre-patched and hardened with the latest updates. Also in case of a configuration fault or a disaster caused by changes made on the VM, we can rollback to a previous stable state. Benefits of resource concentration: having all of your resources concentrated makes it cheaper to maintain and allows physical access on those easier. That outweighs most of the times the risk the disadvantages that this generates. Security Risks The following classes of cloud computing risks were identified by [ENISA, 2009]. Loss of governance: as users do not physically posses any resources, CPs can take control on a number of resources. If those resources are not covered from an SLA security risks arise. Lock-in: as we write this paper there is still no standardization on how to move data and resources among different CPs. That means in case a user decides to move from a CP to another or even to migrate those services in-house, might not be able to do so due to incompatibilities between those parties. This creates a dependency of the user to a particular CP.. Isolation failure: one of the disadvantages of multi-tenancy and shared resources occurs when the resource isolation mechanism fails to separate the resource among users. That can occur either due to an attack (guest-hopping attacks) or due to poor mechanism design. In present days attacks of this kind are pretty rare compared to the traditional Oss but for sure we cannot rely just on that fact. risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants. Compliance risks: there is a possibility that investing on achieving certification is put under risk due to the following: The CP cannot provide evidence of their own compliance with the relevant requirements The CP does not permit audit by the cloud customer (CC). Also it is possible that compliance with industry standards is not able to be achieved when using public Cloud computing infrastructure. Management interface compromise: CPs provide to the users, management interface for their resources on public Cloud infrastructures. That makes those interfaces available over the internet allowing remote access applications or web browsers vulnerabilities to allow access on resources from unauthorised users. Data protection: CP is possible to handle data in ways that are not known (not lawful ways) to the user since the users looses the complete governance of the data. This problem becomes even more obvious when data are transferred often between locations. On the other hand, there are lot of CPs that provide information on how data are handled by them, while other CPs offer in addition certification summaries on their data processing and data security activities. Insecure or incomplete data deletion: there are various systems that upon request of a resource deletion will not completely wipe it out. Such is the case with Cloud computing as well. Furthermore difficulties to delete a resource on time might arise due to multi-tenancy or dues to the fact that many copies of this resource can exist for backup/ redundancy reasons. In cases like this the risk adds to the data protection of the user is obvious. Malicious insider: there is always that possibility that an insider intentionally causes damage. For that reason a policy specifying roles for each user should be available. The risks described above constitute the top security risks of cloud computing. [ENISA, 2009] further categorises risks into policy and organizational risks, technical risks, legal risks and finally not specific risks. Vulnerabilities The list of vulnerabilities that follows [ENISA, 2009], does not cover the entirety of possible Cloud computing vulnerabilities, it is though pretty detailed. AAA Vulnerabilities: Special care should be given on the authentication, authorization and accounting system that CPs will use. Poor designed AAA systems can result to unauthorized users to have access on resources, with unwanted results on both the CP (legal wise) and the user (loss of information). User provisiontion vulnerabilities: Customer cannot control provisioning process. Identity of customer is not adequately verified at registration. Delays in synchronisation between cloud system components (time wise and of profile content) happen. Multiple, unsynchronised copies of identity data are made. Credentials are vulnerable to interception and replay. User de-provisioning vulnerabilities: Due to time delays that might occur, credential of user that have earlier logged out might appear to still be valid. Remote access to management interface: Theoretically, this allows vulnerabilities in end-point machines to compromise the cloud infrastructure (single customer or CP) through, for example, weak authentication of responses and requests. Hypervisor Vulnerabilities: In virtualized environments Hypervisors is a small piece of middleware that is used in order to be able to control the physical resources assigned to each VM. Exploitation of the Hypervisors layer will result on exploiting every single VM on a physical system. Lack of resource isolation: Resource use by one customer can affect resource use by another customer. For example IaaS infrastructures use systems on which physical resources are shared among VMs and hence many different users.. Lack of reputational isolation: The resource sharing can result on one user acting in such a way that its actions have impact on the reputation of another user. Communication encryption vulnerabilities: while data move across the internet or among different location within the CP premises it is possible that someone will be reading the data when poor authentication, acceptance of self-signed certificates present and so on. Lack of or weak encryption of archives and data in transit: In conjunction with the above when failing to encrypt data in transit, data held in archives and databases, un-mounted virtual machine images, forensic images and data, sensitive logs and other data at rest those are at risk. Poor key management procedures: Cloud computing infrastructures require the management and storage of many different kinds of keys; examples include session keys to protect data in transit, file encryption keys, key pairs identifying cloud providers, key pairs identifying customers, authorisation tokens and revocation certificates. Because virtual machines do not have a fixed hardware infrastructure and cloud based content tends to be geographically distributed, it is more difficult to apply standard controls, such as hardware security module (HSM) storage, to keys on cloud infrastructures. Key generation: low entropy for random number generation: The combination of standard system images, virtualisation technologies and a lack of input devices means that systems have much less entropy than physical RNGs Lack of standard technologies and solutions: This is the case of lock-in risk, where users cannot move across different providers due to the lack of standards. No control on vulnerability assessment process: If CPs will not prevent their users from port scanning and testing for possible vulnerabilities and also there is no audit on the time of use (ToU) for a user (something that places responsibility on the customer) severe infrustrusture security problems will arise. Possibility that internal (Cloud) network probing will occur: Cloud customers can perform port scans and other tests on other customers within the internal network. Possibility that co-residence checks will be performed: Side-channel attacks exploiting a lack of resource isolation allow attackers to determine which resources are shared by which customers. Lack of forensics readiness: While the cloud has the potential to improve forensic readiness, many providers do not provide appropriate services and terms of use to enable this. For example, SaaS providers will typically not provide access to the IP logs of clients accessing content. IaaS providers may not provide forensic services such as recent VM and disk images. Sensitive media sanitization: Shared tenancy of physical storage resources means that sensitive data may leak because data destruction policies applicable at the end of a lifecycle may either be impossible to implement because, for example, media cannot be physically destroyed because a disk is still being used by another tenant or it cannot be located, or no procedure is in place. Synchronizing responsibilities or contractual obligations external to cloud: Cloud customers are often unaware of the responsibilities assigned to them within the terms of service. There is a tendency towards a misplaced attribution of responsibility for activities such as archive encryption to the cloud provider even when it is clearly stated in the terms of the contract between the two parties that no such responsibility has been undertaken. Cross cloud applications creating hidden dependency: Hidden dependencies exist in the services supply chain (intra- and extra-cloud dependencies) and the cloud provider architecture does not support continued operation from the cloud when the third parties involved, subcontractors or the customer company, have been separated from the service provider and vice versa. SLA clauses with conflicting promises to different stakeholders: An SLA might include terms that conflict one another, or conflict clauses made from other providers. SLA causes containing excessive business risk: From CPs perspective an SLA can hide a bunch of business risks when someone thinks of the possible technical failures that might arise. At the end user point SLAs can include terms that can be disadvantageous. Audit or certification not available to customers: The CP cannot provide any assurance to the customer via audit certification. Certification schemes not adapted to cloud infrastructures: CPs will not really take any actions to provide security measures that comply with Cloud computing security standards. Inadequate resource provisioning and investments in infrastructure: This vulnerability comes in hand with the one that follows. Provisioning of resources should be done carefully in order to avoid failures of the provided services. No policies for resource capping: CPs should make really well provisioning of their resources. Also end users should be able to configure the resources that are allocated to them. If the limits of requested resources exceed this of the available resources results can be unpredictable. Storage of data in multiple jurisdictions and lack of transparency: Multiple copies of users data can exist since mirroring of the data is performed in order to achieve redundancy. During that time the user should we aware of where are those data stored. Such a move can introduce unwanted vulnerabilities since CPs may violate regulations during this time. Lack of information jurisdictions: there might be a case where data are stored using high level of user rights. In that case end users should be aware of it in order to take preventing measures. Conclusion In this paper we tried to give a brief overview of cloud computing and discuss what security on Cloud computing means. Furthermore, we made it easy for the reader to understand what the benefits and risks of moving toward Cloud computing are. Vulnerabilities of Cloud computing are listed as those were described in [ENISA, 2009], allowing us to have a full view of what are the considerations that we should keep in mind when moving on Cloud computing. It is also well understood that exhaustive risk and security control is not recommended on all Cloud computing implementations. The level of control should always depend on prior evaluation. There are still lot of open research areas on improving Cloud computing security, some of those are; Forensics and evidence gathering mechanisms, resource isolation mechanisms and interoperability between cloud providers. References [ENISA, 2009] ENISA editors. (2009). Cloud Computing Benefits, risks and recommendations for information security. . [Accessed 25 March 2010] [Brunette, 2009] Glenn Brunette and Rich Mogull (2009). Security Guidance for Critical Areas of Focus in Cloud Computing, Version 2.1 [Accessed 25 March 2010] [Mell, 2009] Peter Mell and Tim Grance (2009). The NIST Definition of Cloud Computing, Version 15. [Accessed 26 March 2010]