UNIT –V SECURITY IN THE CLOUD

UNIT V: SECURITY IN THE CLOUD

Security Overview – Cloud Security Challenges and Risks – Software-as-a-Service Security – Security
Governance – Risk Management – Security Monitoring – Security Architecture Design – Data Security –
Application Security – Virtual Machine Security - Identity Management and Access Control – Autonomic
Security.

1. SECURITY OVERVIEW

Cloud service provides are leveraging virtualization combined with self services capabilities
for computing resources via the internet
In these service provider environment ,virtual machines from multiple organizations have to
be colocated on the same physical server in order to organize the efficiencies of
virtualization
Cloud service providers must learn from the managed service provider(MSP) model and
ensure that their consumers applications and data are secure if they hope to retain their
customer base and competitiveness
IDC recently conducted a survey of 244 IT executives and their line of business (LOB)
colleagues to their opinions and understand their companies use of IT cloud services

Companies are afraid to use clouds

[Chow 09ccsw ]
10

There are three major cloud computing service provider models

Software-as-a-service
Platform-as-a-service
Infrastructure-as-a-service

Other than these services the following services are used in IT infrastructures

AVCCE/CA/V/TVN Page 1 of 14
UNIT –V SECURITY IN THE CLOUD

IT-as-a-Service(ITaaS)
Anything-as-a-Services(XaaS)

Cloud Information Security Objectives

Developing secure software is based on applying the secure software design principles that
form the fundamental basis for software assurance. Software assurance has been given many
definitions, and it is important to understand the concept
The Data and Analysis Center for Software (DACS) requires that software must exhibit the
following three properties to be considered secure:

• Dependability — Software that executes predictably and operates correctly under a

variety of conditions, including when under attack or running on a malicious host
• Trustworthiness — Software that contains a minimum number of vulnerabilities or no
vulnerabilities
• Survivability (Resilience) — Software that is resistant to or tolerant of attacks and has
the ability to recover as quickly as possible with as little harm as possible Seven
complementary principles that support information assurance are confidentiality,
integrity, availability, authentication, authorization, auditing, and accountability.
Confidentiality, integrity, and availability are sometimes known as the CIA triad of
information system security, and are important pillars of cloud software assurance

Confidential of the data

Confidential-refers to the prevention of intentional or unintentional unauthorized disclosure

of information
• Intellectual property rights — Intellectual property (IP) includes inventions, designs, and
artistic, musical, and literary works
• Covert channels — A covert channel is an unauthorized and unintended communication path
that enables the exchange of information.
• Traffic analysis — Traffic analysis is a form of confi dentiality breach that can be
accomplished by analyzing the volume, rate, source, and destination of message traffic, even if
it is encrypted.
• Encryption — Encryption involves scrambling messages so that they cannot be read by an
unauthorized entity, even if they are intercepted.
• Inference — Inference is usually associated with database security. Inference is the ability of
an entity to use and correlate information protected at one level of security to uncover
information that is protected at a higher security level.
Integrity
The concept of cloud information integrity requires that the following three principles are
met:

AVCCE/CA/V/TVN Page 2 of 14
UNIT –V SECURITY IN THE CLOUD

• Modifications are not made to data by unauthorized personnel or processes.

• Unauthorized modifications are not made to data by authorized personnel or processes.
• The data is internally and externally consistent
Availability
Availability ensures the reliable and timely access to cloud data or cloud computing resources
by the appropriate personnel. Availability guarantees that the systems are functioning
properly when needed.
A denial-of-service attack is an example of a threat against availability
Cloud Security Services
Cloud software assurance include authentication, authorization, auditing, and
accountability
Authentication
Authentication is the testing or reconciliation of evidence of a user’s identity. It establishes the
user’s identity and ensures that users are who they claim to be
Authorization
Authorization refers to rights and privileges granted to an individual or process that enable
access to computer resources and information assets
Auditing
To maintain operational assurance, organizations use two basic methods: system audits and
monitoring. These methods can be employed by the cloud customer, the cloud provider, or both,
depending on asset architecture and deployment
Relevant Cloud Security Design Principles
Modern software design methodologies include security as a primary objective. With
cloud computing systems seeking to meet multiple objectives, such as cost, performance,
reliability, maintainability, and security, trade-offs have to be made
Security design principles:
• Least privilege
• Separation of duties
• Defense in depth
• Fail safe
• Economy of mechanism
• Open design
• Least common mechanism
• Weakest link
• Leveraging existing components

AVCCE/CA/V/TVN Page 3 of 14
UNIT –V SECURITY IN THE CLOUD

2.SOFTWARE AS A SERVICE SECURITY

Cloud computing models of the future will likely combine the user of SaaS,utility
computing and web 2.0 collaboration technologies to leverage the internet to satisfy their
customers’ needs
New business models being developed as a result of the move to cloud computing are
creating not only new technologies and business operational processes but also new
security requirement and challenges
As the most critical need for security practices and oversight will reside .The technology analyst
and consulting from Gartner list seven security issues which one should discuss with a cloud
computing vendor.
Privileged user access-Inquire about who has specialized access to data and about the
hiring and management of such administrators
Regulatory compliance-Make sure that the vendor is willing to undergo external audits and
or security certifications
Data Location-does the provider allow for any control over the location of data
Data segregation-Make sure that encryption is available at all stages and that these
encryption schemes were designed and tested by experienced professionals
Recovery-find out what will happens to data in the case of a disaster.Do they offer complete
restoration?if so how long would that take?
Investigative support-Does the vendor have the ability to investigate any inappropriate or
illegal activity?
Long-term viability-What will happen to data if the company goes out of and business? How
will data be returned and what in format?

3.SECURITY GOVERNANCE

Why Cloud Security Governance Is Needed

Enterprises are increasingly pursuing the business advantages of migrating technology

platforms and services into the cloud environment leveraging one or more of the three main
cloud service areas – Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and
Software as a Service (SaaS).

AVCCE/CA/V/TVN Page 4 of 14
UNIT –V SECURITY IN THE CLOUD

These advantages include but are not limited to rapid information system deployment,
significantly reduced operating costs, massive economies of scale, processing speed, and
agility. However, subscription to these services often implies security and compliance
challenges for enterprises who are often unprepared to resolve them.
Data breaches, system vulnerabilities, insufficient identity, and credential and access
management are some of the typical security challenges in the cloud environment that
subscriber enterprises must address
Governance refers to the policies, processes, laws, and institutions that define the structure
by which companies are directed and managed

Cloud Security Governance Challenges

Lack of senior management participation and buy-in -The lack of a senior management
influenced and endorsed security policy is one of the common challenges facing cloud
customers.
Lack of embedded management operational controls-Another common cloud security
governance challenge is lack of embedded management controls into cloud security
operational processes and procedures.
Lack of operating model, roles, and responsibilities-Many enterprises moving into the
cloud environment tend to lack a formal operating model for security, or do not have
strategic and tactical roles and responsibilities properly defined and operationalized
Lack of metrics for measuring performance and risk-Another major challenge for cloud
customers is the lack of defined metrics to measure security performance and risks – a
problem that also stifles executive visibility into the real security risks in the cloud
Key Objectives for Cloud Security Governance
Building a cloud security governance model for an enterprise requires strategic-level security
management competencies in combination with the use of appropriate security standards
and frameworks (e.g., NIST, ISO, CSA) and the adoption of a governance framework (e.g.,
COBIT).
The first step is to visualize the overall governance structure, inherent components, and to
direct its effective design and implementation. The use of appropriate security standards and
frameworks allow for a minimum standard of security controls to be implemented in the
cloud, while also meeting customer and regulatory compliance obligations where applicable.

Cloud Governance: Information Flow Regulations

National and international regulations could constrain the flow of information in Cloud
• Various legislations specify that sensitive information cannot travel across regional
boundaries; for example, European data protection laws impose obligations on handling and
processing of data transferred to the U.S.

AVCCE/CA/V/TVN Page 5 of 14
UNIT –V SECURITY IN THE CLOUD

• Existing Security standards also apply to Cloud

• Specific regulations control certain types of information
Information (data) flow regulations may limit adoption of public Clouds for applications
handling sensitive data
Among various Cloud deployment models, private Clouds offer the maximum information
flow regulation

Cloud Governance: Contract Termination

Cloud users need to assess implications of situations when services with a CSP should be
terminated
o Termination agreement specifies the closure process

Situations may include

o CSP going out of business
o CSP canceling the contract
o Natural closure of a contract
Key Considerations for a Cloud user
o Developing a contingency plan for handling data
o Migrating the data, including time to migrate the data
Cloud Governance: Vulnerability Assessment
Aims to discover potential security vulnerabilities in the system by “scanning” the resources
Is comparatively easier to perform in fully owned VDC and private Cloud
Vulnerability scanning in a public Cloud
• CSPs generally forbids it due to multitenancy concerns
• Certain regulations, however, mandate it; for example, Payment Card Industry (PCI)
compliance
• It is required that public CSPs provide secure and limited authorization to perform
vulnerability scanning by a client on the resources associated with it

4.VIRTUAL MACHINE SECURITY

Virtual machines (VM) are rapidly replacing physical machine infrastructures for their
abilities to emulate hardware environments, share hardware resources, and utilize a variety
of operating systems (OS).
VMs provide a better security model than traditional machines by providing an additional
layer of hardware abstraction and isolation, effective external monitoring and recording, and
on-demand access.

AVCCE/CA/V/TVN Page 6 of 14
UNIT –V SECURITY IN THE CLOUD

Security Benefits

VMs are rapidly gaining popularity due to their ability to emulate computing environments,
isolate users, restore previous states, and support remote initialization. All of these features
have positive security side effects.
The hardware abstraction and isolation of VM bounds the scope of attack and makes it much
more difficult for the attacker to access unauthorized data and resources on the physical
machine
VM state restore allows users to return to a state prior to attack or data loss, providing an
easy method of malware removal and data preservation.

Abstraction
VMs abstract the hardware layer and each VM is allocated its own strictly bounded resources.
This layer of abstraction provides additional security. When an attacker gains access to the
hardware layer, they have full control over the computer.

Isolation
The hypervisors segment physical resources into isolated entities and allow each guest OS to
run independently. An attack on the VM should not affect any of the other VMs on the server
or the host OS. This is unlike a multi-user OS, where all users can be affected by an attack

State Restore
VMs are touted for their ability to restore to a previous state

AVCCE/CA/V/TVN Page 7 of 14
UNIT –V SECURITY IN THE CLOUD

Transience
One often-overlooked security feature of VMs is their ability to be started remotely, which
allows them to be turned on and made available only when needed.

External Monitoring
VMs can be monitored by either the hypervisor, or an authorized dedicated VM that can view
software activity. The later is the preferred method since it limits the hypervisors role,
helping to keep the hypervisor as simple and secure as possible. The hypervisor simply gives
the dedicated VM permission to view resources allocated to the monitored VM. The single
dedicated VM that is only used to monitor other active VMs. These monitors are used in
intrusion detection systems (IDS)

Security Maintenance

A VM infrastructure is drastically different than a physical machine infrastructure and as a

result, IT processes require significant adaptation. All of the benefits are VMs over physical
machines are inherently differences that require new security measures.
• VM Sprawl
• Unique Configurations
• State Restore
• Transience

Security Vulnerabilities

The virtual machine layer is more secure than any OS, due to its simplicity and strict access
control. Compromising the hypervisor could give attackers access to all virtual machines
controlled by it and possibly the host, which makes the hypervisor a compelling target.
• Mobility
• Hypervisor Intrusion
• Hypervisor Modification
• Communication

AVCCE/CA/V/TVN Page 8 of 14
UNIT –V SECURITY IN THE CLOUD

5.CLOUD SECURITY CHALLENGES AND RISKS

Cloud computing has been an attention in the new era of the IT technologies as there is an
increase demand in the services or utility computing all over the wide world web. Security
risk resulting from resource sharing throughout the cloud computing becomes one of the
most challenging concerns in providing powerful processing and storage as on-demand
services.
Cloud computing has five essential characteristics: measured service, broad network access
on-demand self-service, rapid elasticity and resource pooling
Types of Cloud services
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a service (IaaS)
Anything(X) as a service (XaaS)
Component as a service (CaaS)
Attacks and Threats in the Cloud Security (Risk Factors)
Account and service hijacking: It is one of the most serious security threats. It happens
when the attackers intend to hack a web service in a website hosted in cloud server or service
providers, and then install their control software in the cloud provider infrastructure
Abuse and nefarious use of cloud computing: For this type, attacker can use the cloud
computing power for the cloud infrastructure to attack targets using spam and malware
Backdoor Channel attacks: This kind of attack happens in IaaS, when it gives an effective
user’s high permeation on the VM’s or the Hypervisor level
Cross site scripting attacks: It is also called XSS. It is one of the most powerful attacks of
security weakness found through the web applications
Cloud malware injection attack: This is one of the top cloud computing security list
attaches, where its purpose is to inject a malware, macules application or virtual machine to
the cloud infrastructure
Denial of Service attacks: In this type of attack, the service will not be available when the
users intend to request it from the server.
Insecure application programming interface: This type is when the service providers
deliver the service to the customers using APIs, and the APIs have an encryption with secure
authentication, provided with secure access control and activity monitoring mechanisms
Man in the middle attacks: In this type of attack, the hacker makes an autonomous
connection between the customer and the service provider
Metadata spoofing attack: In this type, the web services providers send the service
metadata document to the client system that has all the information about the service
invocation,
Malicious insiders: This kind of security threat happens when there is a lack in the security
concern for how to access the service provider by employees to the virtual properties of the
cloud

AVCCE/CA/V/TVN Page 9 of 14
UNIT –V SECURITY IN THE CLOUD

Shared technology’s vulnerabilities: This issue related to cloud computing that uses the
same infrastructures used in the internet shared among the cloud customers.
Sniffer attacks: For this type attack, attacker intends to read the content of the network
packet, although there are no encrypted methods have been applied during the sending of the
data.
Cloud Computing Challenges
Access controls: It is a concern for all service providers, in which it may cause a security
issue by revealing user’s data and giving hackers the ability to gain access to the
organization’s infrastructure

Accounting: It is one of the key aspects that have to be measured in deploying services in the
cloud computing solutions in order to maintain network management
Compliance: Cloud computing has a weak point for supporting the methods of compliance
management
Cross-Organizational Security Management: It is a big challenge in cloud computing to
achieve and maintain security requirements and compliance with SLAs
Extensibility and Shared Responsibilities: The service providers and users have to give
attention to the security concern in cloud computing.
Private Cloud: Since the term of a private cloud is on-premises, so it is expected that the
location that will be working is just like traditional computing
Heterogeneity: Heterogenous issue exists when various service providers deliver a massive
number of services using different technologies
Identity management (IdM): It is a key aspect in cloud computing security that has the goals
to perform verification and validation process among heterogeneous clouds services
Integration: When customers or organization need to implement multiple service providers
for several reasons
Performance: Cloud computing may reduce the cost, but the performance issues such as
communication time between the user and the cloud services has become a problem because
as the number of users increases, the amount of the information and the data to be
transferred to the users increases as well.
Bandwidth requirements: Before implementing a cloud service, organizations have to
evaluate the communication bandwidth requirements and assess the services with respect to
the large amount of data transmission
Monitoring: When cloud computing is based on service monitoring, there will be an
enormous demand on using monitoring throughout cloud services
Risk analysis and management: It is an important key aspect in the cloud security.
Service Level Agreement: It is an important component of the contractual relationship
between a cloud service customer and a cloud service provider
Virtualization: It is a way to deliver cloud services to the customers, especially when
applying IaaS services, but it is still suffering from security issues

AVCCE/CA/V/TVN Page 10 of 14
UNIT –V SECURITY IN THE CLOUD

Security in the web browser: The security requirements in the web browser is not enough
to handle the user’s needs in terms of complex and sophisticated banking and critical
environments for a shared solution
6.IDENTITY MANAGEMENT AND ACCESS CONTROL
Identity management and access control are fundamental functions required for secure cloud
computing
Identity Management
Identification and authentication are the keystones of most access control systems. Identifi
cation is the act of a user professing an identity to a system,usually in the form of a username
or user logon ID to the system.
Authentication is verification that the user’s claimed identity is valid, and it is usually
implemented through a user password at logon. Authentication is based on the following
three factor types:
Type 1 — Something you know, such as a personal identification number (PIN) or password
Type 2 — Something you have, such as an ATM card or smart card
Type 3 — Something you are (physically), such as a fingerprint
Passwords
Because passwords can be compromised, they must be protected. In the ideal case, a
password should be used only once. This “one-time password,” or OTP,provides maximum
security because a new password is required for each new logon.
A password that is the same for each logon is called a static password.
A password that changes with each logon is termed a dynamic password
Tokens
Tokens, in the form of small, hand-held devices, are used to provide passwords
Static password tokens
Synchronous dynamic password tokens, clock-based
Synchronous dynamic password tokens, counter-based
Asynchronous tokens, challenge-response
Memory Cards
Memory cards provide nonvolatile storage of information, but they do not have any
processing capability. A memory card stores encrypted passwords and other related
identifying information.
A telephone calling card and an ATM card are examples of memory cards
Smart Cards
Smart cards provide even more capability than memory cards by incorporating additional
processing power on the cards. These credit-card-size devices comprise microprocessor and
memory and are used to store digital signatures, private keys, passwords, and other personal
information.
Biometrics

AVCCE/CA/V/TVN Page 11 of 14
UNIT –V SECURITY IN THE CLOUD

An alternative to using passwords for authentication in logical or technical access control is

biometrics.
Biometrics is based on the Type 3 authentication mechanism
There are three main performance measures in biometrics
False rejection rate (FRR) or Type I Error — The percentage of valid subjects that are
falsely rejected.
False acceptance rate (FAR) or Type II Error — The percentage of invalid subjects that are
falsely accepted.
Crossover error rate (CER) — The percentage at which the FRR equals the FAR. The smaller
the CER, the better the device is performing
Implementing Identity Management
Realizing effective identity management requires a high-level corporate commitment and
dedication of sufficient resources to accomplish the task
Establishing a database of identities and credentials
Managing users’ access rights
Enforcing security policy
Developing the capability to create and modify accounts
Setting up monitoring of resource accesses
Installing a procedure for removing access rights
Providing training in proper procedures
Access Control
Access control is intrinsically tied to identity management and is necessary to preserve the
confidentiality, integrity, and availability of cloud data
Threat — An event or activity that has the potential to cause harm to the information
systems or networks
Vulnerability — A weakness or lack of a safeguard that can be exploited by a threat, causing
harm to the information systems or networks
Risk — The potential for harm or loss to an information system or network; the probability
that a threat will materialize
Controls
Controls are implemented to mitigate risk and reduce the potential for loss.Two important
control concepts are separation of duties and the principle of least privilege.
Models for Controlling Access
Mandatory Access Control-The authorization of a subject’s access to an object depends
upon labels, which indicate the subject’s clearance, and the classification or sensitivity of the
object.
Discretionary Access Control-With discretionary access control, the subject has authority,
within certain limitations, to specify what objects are accessible. For example, access control
lists (ACLs) can be used

AVCCE/CA/V/TVN Page 12 of 14
UNIT –V SECURITY IN THE CLOUD

Nondiscretionary Access Control-A central authority determines which subjects can have
access to certain objects based on the organizational security policy.
Single Sign-On (SSO)-Single sign-on (SSO) addresses the cumbersome situation of logging on
multiple times to access different resources

7.AUTONOMIC SECURITY
Autonomic computing refers to a self-managing computing model in which computer systems
reconfigure themselves in response to changing conditions and are self-healing
Autonomic Systems
Autonomic systems are based on the human autonomic nervous system, which is self-
managing, monitors changes that affect the body, and maintains internal balances.
Examples of events that would have to be handled autonomously include the following
Malicious attacks
Hardware or software faults
Excessive CPU utilization
Power failures
Organizational policies
Inadvertent operator errors
Interaction with other systems
Software updates
IBM introduced the concept of autonomic computing and its eight defining characteristics5 as
follows:
Self-awareness — An autonomic application/system “knows itself” and is aware of its state
and its behaviors.
Self-configuring — An autonomic application/system should be able configure and
reconfigure itself under varying and unpredictable conditions.
Self-optimizing — An autonomic application/system should be able to detect sub-optimal
behaviors and optimize itself to improve its execution.
Self-healing — An autonomic application/system should be able to detect and recover from
potential problems and continue to function smoothly.
Self-protecting — An autonomic application/system should be capable of detecting and
protecting its resources from both internal and external attack and maintaining overall
system security and integrity.
Context-aware — An autonomic application/system should be aware of its execution
environment and be able to react to changes in the environment.
Open — An autonomic application/system must function in a heterogeneous world and
should be portable across multiple hardware and software architectures. Consequently, it
must be built on standard and open protocols and interfaces.

AVCCE/CA/V/TVN Page 13 of 14
UNIT –V SECURITY IN THE CLOUD

Anticipatory — An autonomic application/system should be able to anticipate, to the extent

possible, its needs and behaviors and those of its context, and be able to manage itself
proactively
Autonomic Protection
Autonomic self-protection involves detecting a harmful situation and taking actions that will
mitigate the situation
Autonomous protection systems should, therefore, adhere to the following
Minimize overhead requirements..
Be consistent with security policies.
Optimize security-related parameters.
Minimize impact on performance.
Minimize potential for introducing new vulnerabilities.
Conduct regression analysis and return to previous software versions if problems are
introduced by changes.
Ensure that reconfiguration processes are secure
Autonomic Self-Healing
The process of diagnosing and repairing failures in IT systems can be difficult, time
consuming, and usually requires intensive labor effort. Autonomic self healing systems can
provide the capability to detect and repair software problems and identify hardware faults
without manual intervention.

AVCCE/CA/V/TVN Page 14 of 14