APM Welcome, APM North West Network Conference, Synergies Across Sectors
Resarch paper i cloud computing
1. Cloud computing service delivery model:
Related Security issues
Mandeep Devgan 1, Mandeep Singh 2, Sachin Majithia 3
Lecturer ,CEC Landran Sr. Lecturer ,CEC Landran Asst Prof, CEC Landran
low-cost disaster recovery and data storage solutions,
on-demand security controls, real time detection of
system tampering and rapid re-constitution of services.
Abstract
But the question of privacy and security needs to be
Cloud computing is style of computing where addressed .Cloud computing moves the application
massively scalable IT- enabled capabilities are delivered software and databases to the large data centers, where
as a service to external customers using Internet the management of the data and services are not much
technologies. In the last few years, cloud computing has reliable. This unique attribute, however, poses many
grown from being a promising business concept to one new security challenges. These challenges include
of the fast growing segments of the IT industry. But as accessibility vulnerabilities, virtualization vulnerabilities,
more and more information on individuals and web application vulnerabilities such as SQL (Structured
companies are placed in the cloud, security concerns Query Language) injection and cross-site scripting,
begin to grow. Despite of all the popularity of the issues arising from third parties having physical control
cloud, enterprise customers are still not strongly willing of data, identity and credential management issues, data
to deploy their business in the cloud. Security is one of verification, tampering, integrity, confidentiality, data
the major issues which reduces the growth of cloud loss and theft. Though cloud computing is targeted to
computing and complications with data privacy and provide better utilization of resources using
data protection continue to infect the market. In this virtualization techniques and to take up much of the
paper the different security risks that create a threat for work load from the client, it is burdened with security
the cloud is presented. This paper is a survey of risks. The complexity of security risks in a complete
different security issues that has emanated due to the cloud environment is illustrated in Fig. 1. In Fig. 1, the
nature of the service delivery models of a cloud lower layer represents the deployment models of the
computing system. cloud namely private, community, public and hybrid
cloud deployment models. The layer above the
deployment layer represents the different delivery
models that are utilized within a particular deployment
model. These delivery models are the SaaS (Software as
Introduction a Service), PaaS (Platform as a Service) and IaaS
(Infrastructure as a Service) delivery models. These
These days Small and Medium Business companies are
delivery models exhibit certain characteristics like on-
increasingly realizing that they can gain fast access to
demand self-service, multi-tenancy, ubiquitous
best business applications or completely boost their
network, measured service and rapid elasticity which
infrastructure resources, at negligible cost, simply by
are shown in the top layer. These fundamental
switching into the cloud. The cloud providers must
elements of the cloud require security which depends
ensure that they provide the sufficient security as they
and varies with respect to the deployment model that is
are responsible for it. The cloud offers many benefits
used, the way by which it is delivered and the character
like fast deployment, pay-for-use, lower costs,
it exhibits. Some of the fundamental security challenges
scalability, rapid elasticity, ubiquitous network access,
are data storage security, data transmission security,
greater resiliency , protection against network attacks,
application security and security related to third-
2. Ubiquitous Rapid Measured Security
network Elasticity service related to
third party
On-demand resources
Multi-Tenancy
self service
Application
security
Software as a Platform as a service Infrastructure as a
service (SaaS) (PaaS) service (IaaS) Data
transmission
security
Private Community Public Hybrid Data
cloud cloud cloud cloud storage
security
Fig 1. Complexity of security in cloud environment
Party resources.. IaaS is the delivery of computer application platform and software as services to the
infrastructure (typically a platform virtualization consumer. IaaS is the foundation of all cloud services,
environment) as a service. Rather than purchasing with PaaS built upon it and SaaS in turn built upon it.
servers, software, data center space or network Just as capabilities are inherited, so are the information
equipment, clients instead buy those resources as a fully security issues and risks. Organizations using cloud
outsourced service. One such example of this is the computing as a service infrastructure, critically like to
Amazon web services. PaaS is the delivery of a examine the security and confidentiality issues for their
computing platform and solution stack as a service. It business critical insensitive applications. Yet,
facilitates the deployment of applications without the guaranteeing the security of corporate data in the
cost and complexity of buying and managing the ’’cloud’’ is difficult, if not impossible, as they provide
underlying hardware and software layers. PaaS provides different services like SaaS, PaaS, and IaaS.. SaaS is a
the facilities required to support the complete lifecycle software deployment model where applications are
of building and delivering web applications and remotely hosted by the application or service provider
services. An example of this would be GoogleApps. and made available to customers on demand, over the
Internet. The SaaS model offers improved operational
efficiency and reduced costs. However, most
enterprises are still uncomfortable with the SaaS model
2. Security issues in service models
due to lack of visibility about the way their data is
Cloud computing utilizes three delivery models by stored and secured. IaaS completely changes the way
which different types of services are delivered to the developers deploy their applications. Instead of
end user. The three delivery models are the SaaS, PaaS spending big money with their own data centers or
and IaaS which provide infrastructure resources, managed hosting companies and then hiring operations
staff to get it going, they can just go to Amazon Web
3. Services or one of the other IaaS providers, get a virtual center, along with the data of other enterprises. Most
server running in minutes and pay only for the enterprises are familiar with the traditional on- premise
resources they use The cloud has a compelling value model, where the data continues to reside within the
proposition in terms of cost, but ‘‘out of the box’’ IaaS enterprise boundary .As a result there is a great deal of
only provides basic security and applications moving worry with the lack of control and knowledge of how
into the cloud will need higher levels of security their data is stored and secured in the SaaS model. The
provided at the host. PaaS is one layer above IaaS on layered stack for a typical SaaS vendor and critical
the stack and abstracts away everything up to OS, aspects that must be covered across layers in order to
middleware, etc. ensure security of the enterprise data is illustrated in
Fig. 2. The following key security elements should be
3. Security issues in SaaS considered as an integral part of the SaaS application
development and deployment process:
In SaaS, the client has to depend on the provider for
proper security measures. The provider must keep Data security
multiple users’ from seeing each other’s data. So it
Network security
becomes difficult to the user to ensure that right
Data locality
security measures are in place and also difficult to get
assurance that the application will be available when Data integrity
needed. The SaaS software vendor may host the Data segregation
application on its own private server or deploy it on a Data access
cloud computing infrastructure service provided by a Authentication and authorization
third-party provider (e.g. Amazon Google, etc.). The Data confidentiality
use of cloud computing helps the application service Web application security
provider reduce the investment in infrastructure Virtualization vulnerability
services and enables it to concentrate on providing
Availability
better services to customers. Over the past decade
Backup
computing has become a product. Enterprises today
guard data and business processes with access control Identity management and sign-on process.
and compliance policies. However, in the SaaS model,
enterprise data is stored at the SaaS provider’s data
4. Fig. 2. Security for the SaaS stack.
3.1 Data Security secured in order to prevent leakage of sensitive
In the SaaS model, the enterprise data is information. This involves the use of strong
stored outside the enterprise boundary, at the SaaS network traffic encryption techniques such as
vendor end. As a result the SaaS vendor must adopt Secure Socket Layer (SSL) and the Transport
additional security checks to ensure data security Layer Security (TLS) for security. However,
and prevent breaches due to security vulnerabilities malicious users can exploit weaknesses in
in the application or through malicious employees. network security configuration to sniff network
This involves the use of strong encryption packets. The following assessments test and
techniques for data security and fine-grained validate the network security of the SaaS vendor:
author- ization to control access to data. In cloud
vendors such as Amazon, the Elastic Compute Network penetration and packet
Cloud (EC2) administrators do not have access to analysis
customer instances and cannot log into the Guest Session management weaknesses
OS. EC2 Administrators with a business need are Insecure SSL trust configuration.
required to use their individual cryptographically
strong Secure Shell (SSH) keys to gain access to a Any vulnerability detected during these tests can be
host. All such accesses are logged and routinely exploited to hijack active sessions, gain access to user
audited. While the data at rest in Simple Storage credentials and sensitive data.
Service (S3) is not encrypted by default, users can
encrypt their data before it is uploaded to Amazon
S3, so that it is not accessed or tampered with by
3.3. Data locality
any unauthorized party. Malicious users can exploit
weaknesses in the data security model to gain In a SaaS model of a cloud environment, the
unauthorized access to data. The following consumers use the applications provided by the SaaS
assessments tests validate the security of the they do not know where the data is getting stored. In
enterprise data stored at the SaaS vendor: many a cases, this can be an issue. Due to compliance
and data privacy laws in various countries, locality of
Cross-site scripting[XSS] data is of utmost importance in many enterprise
Access control weaknesses architecture. A secure SaaS model must be capable of
OS and SQL injection flaws providing reliability to the customer on the location of
Cross-site request forgery[CSRF] the data of the consumer.
Cookie manipulation
Hidden field manipulation
Insecure storage 3.4. Data integrity
Insecure configuration.
Data integrity is easily achieved in a standalone system
Malicious users can exploit weaknesses in with a single database using constraints and
network security configuration to sniff network transactions. Transac- tions should follow ACID
packets. The following assessments test validate (atomicity, consistency, isolation and durability)
the network security of the SaaS vendor : properties to ensure data integrity. Next in the
complexity chain are distributed systems. In a
3.2. Network security distributed system, there are multiple databases and
multiple applications. In order to maintain data
In a SaaS deployment model, sensitive data is integrity in a distributed system, transactions across
obtained from the enterprises, processed by the multiple data sources need to be handled correctly in a
SaaS application and stored at the SaaS vendor fail safe manner. This can be done using a central
end. All data flow over the network needs to be
5. global transaction manger. Each application in the Any vulnerability detected during these tests can be
distributed system should be able to participate in the exploited to gain access to sensitive enterprise data of
global transaction via a resource manager. This can be other tenants.
achieved using a 2-phase commit protocol. SaaS
applications are multi-tenant applications hosted by a
third party. One of the biggest challenges with web
3.6. Data access
services is transaction management. At the protocol
level, HTTP (Hyper Text Transfer Protocol) does not Data access issue is mainly related to security policies
support transactions or guaranteed delivery, so the only provided to the users while accessing the data. In a
option is to implement these at the API level. Although typical scenario, a small business organization can use a
there are standards available for managing data integrity cloud provided by some other provider for carrying out
with web services such as WS-Transaction and WS- its business processes. This organization will have its
Reliability, these standards are not yet mature and not own security policies based on which each employee
many vendors have implemented these. Most SaaS can have access to a particular set of data. The security
vendors expose their web services APIs without any policies may entitle some considerations wherein some
support for transactions. The lack of integrity controls of the employees are not given access to certain
at the data level (or, in the case of existing integrity amount of data. These security policies must be
controls, bypassing the application logic to access the adhered by the cloud to avoid intrusion of data by
database directly) could result in profound problems. unauthorized users. The SaaS model must be flexible
Architects and developers need to approach this danger enough to incorporate the specific policies put forward
cautiously, making sure they do not compromise by the organization. The model must also be able to
databases’ integrity in their zeal to move to cloud provide organizational boundary within the cloud
computing. because multi- ple organization will be deploying their
business processes within a single cloud environment.
3.5. Data segregation
As a result of multi-tenancy multiple users can store
their data using the applications provided by SaaS. In 3.7. Authentication and authorization
such a situation, data of various users will reside at the
same location. Intrusion of data of one user by another Most of the companies are storing their employee
becomes possible. This intrusion can be done either by information in some type of Lightweight Directory
hacking through the loop holes in the application or by Access Protocol (LDAP) servers. In the case of SMB
injecting client code into the SaaS system. A client can companies, a segment that has the highest SaaS
write a masked code and inject into the application. If adoption rate, Active Directory (AD) seems to be the
the application executes this code without verification, most popular tool for managing users. With SaaS, the
then there is a high potential of intrusion into other’s software is hosted outside of the corporate firewall.
data. A SaaS model should therefore ensure a clear Many a times user credentials are stored in the SaaS
boundary for each user’s data. The service should be providers’ databases and not as part of the corporate IT
intelligent enough to segregate the data from different infrastructure. This means SaaS customers must
users. A malicious user can use application remember to remove/disable accounts as employees
vulnerabilities to hand- craft parameters that bypass leave the company and create/enable accounts as come
security checks and access sensitive data of other onboard. In essence, having multiple SaaS products will
tenants. The following assessments test and validate the increase IT management overhead. For example, SaaS
data segregation of the SaaS vendor in a multi-tenant providers can provide delegate the authentication
deployment: process to the customer’s internal LDAP/AD server,
so that companies can retain control over the
SQL injection flaws management of users.
Data validation
Insecure storage.
3.8. Data confidentiality issue
6. Cloud computing involves the sharing or storage by address the problem. Web applications introduce new
users of their own information on remote servers security risks that cannot effectively be defended
owned or operated by others and accesses through the against at the network level, and do require application
Internet or other connections. Cloud computing level defenses. Since the web applications and SaaS are
services exist in many variations, including data storage tightly coupled in providing services to the cloud users,
sites, video sites, tax preparation sites, personal health most of the security threats of web application are also
record websites and many more. The entire contents of posed by the SaaS model of the cloud. The Open Web
a user’s storage device may be stored with a single Application Security Project has identified Top 10
cloud provider or with many cloud providers. security risks faced by web applications. Those threats
Whenever an individual, a business, a government are:
agency, or any other entity shares information in the
cloud, privacy or confidentiality questions arise. Some 1. Injection flaws like SQL, OS and LDAP injection
of the findings related to the confidentiality issues are:
2. Cross-site scripting
1. Cloud computing has significant implications for the
3. Broken authentication and session management
privacy of personal information as well as for the
confidentiality of business and governmental 4. Insecure direct object references
information.
5. Cross-site request forgery
2. A user’s privacy and confidentiality risks vary
significantly with the terms of service and privacy 6. Security misconfiguration
policy established by the cloud provider.
7. Insecure cryptographic storage
3. Disclosure and remote storage may have adverse
consequences for the legal status of protections for 8. Failure to restrict URL access
personal or business information.
9. Insufficient transport layer protection
4. Information in the cloud may have more than one
legal location at the same time with differing legal 10. Unvalidated redirects and forwards.
consequences.
7. Laws could oblige a cloud provider to examine user
records for evidence of criminal activity and other
matters. 3.10. Vulnerability in virtualization
8. Legal uncertainties make it difficult to assess the Virtualization is one of the main components of a
status of information in the cloud as well as the privacy cloud. But this poses major security risks. Ensuring that
and confidentiality protections available to users. different instances running on the same physical
machine are isolated from each other is a major task of
virtualization which is not met completely in today’s
3.9. Web application security scenario. The other issue is the control of administrator
on host and guest operating systems. Current VMMs
Security holes in the web applications create a (Virtual Machine Monitor) do not offer perfect
vulnerability to the SaaS application. In this scenario, isolation. Many bugs have been found in all popular
the vulnerability can potentially have damaging impact VMMs that allow escaping from VM. Virtual machine
on all of the customers using the cloud. The challenge monitor should be ‘root secure’, meaning that no
with SaaS security is not any different than with any privilege within the virtualized guest environment
other web application technology, however one of the permits interference with the host system. Some
problems is that traditional network security solutions vulnerability has been found in all virtualization
such as network firewalls, network intrusion detection software which can be exploited by malicious, local
and prevention systems (IDS & IPS), do not adequately
7. users to bypass certain security restrictions or gain 1. The pure identity paradigm: Creation,
privileges. management and deletion of identities without regard
to access or entitlements.
3.12. Availability
2. The user access (log-on) paradigm: For example:
The SaaS application needs to ensure that enterprises a smartcard and its associated data used by a customer
are provided with service around the clock. This to logon to a service or services (a traditional view).
involves making architectural changes at the application
and infrastructural levels to add scalability and high 3. The service paradigm: A system that delivers
availability. Resiliency to hardware/software failures, as personalized role-based, online, on-demand
well as to denial of service attacks, needs to be built ,multimedia (content),presence- based services to users
from the ground up within the application. Following and their devices.
assessments test and validate the availability of the SaaS
vendor. The SaaS vendor can support identity management and
sign on services using any of the following models.
Authentication weaknesses
a) Independent IdM stack
Session management weaknesses.
b) Credential synchronization
Many applications provide safeguards to automatically
lock user accounts after successive incorrect The SaaS vendor supports replication of user account
credentials. However, incorrect configuration and information and credentials between enterprise and
implementation of such features can be used by SaaS application. The user account information
malicious users to mount denial of service attacks creation is done separately by each tenant within the
enterprise boundary to comply with its regulatory
3.13. Backup
needs.
The SaaS vendor needs to ensure that all sensitive
c) Federated IdM
enterprise data is regularly backed up to facilitate quick
recovery in case of disasters. Also the use of strong The entire user account information including
encryption schemes to protect the backup data is credentials is managed and stored independently by
recommended to prevent accidental leakage of sensitive each tenant. The user authentication occurs within the
information. In the case of cloud vendors such as enterprise boundary. The identity of the user as well as
Amazon, the data at rest in S3 is not encrypted by certain user attributes are propagated on-demand to the
default. The users need to separately encrypt their data SaaS vendor using federation to allow sign on and
and backups so that it cannot be accessed or tampered access control.
with by unauthorized parties.
Authentication weakness analysis
The following assessments test and validate the security
Insecure trust configuration.
of the data backup and recovery services provided by
the SaaS vendor:
Insecure storage
4. Security issues in PaaS
Insecure configuration. In PaaS, the provider might give some control to the
people to build applications on top of the platform. But
3.14. Identity management and sign-on process
any security below the application level such as host
Identity management (IdM) or ID management is a and network intrusion prevention will still be in the
broad administrative area that deals with identifying scope of the provider and the provider has to offer
individuals in a system and controlling the access to the strong assurances that the data remains inaccessible
resources in that system by placing restrictions on the between applications. PaaS is intended to enable
established identities. Identity management can involve developers to build their own applications on top of
three perspectives the platform. Metrics should be in place to assess the
8. effectiveness of the application security programs. Although there are extreme advantages in using a
Among the direct application, security specific metrics cloud-based system, there are yet many practical
available are vulnerability scores and patch coverage. problems which have to be solved. As described in the
These metrics can indicate the quality of application paper, currently security has lot of loose ends which
coding. Attention should be paid to how malicious scares away a lot of potential users. Until a proper
actors react to new cloud application architectures that security module is not in place, potential users will not
obscure application components from their scrutiny. be able to enjoy the advantages of this technology. This
The vulnerabilities of cloud are not only associated security module should accommodate all the issues
with the web applications but also vulnerabilities arising from all directions of the cloud. An integrated
associated with the machine-to-machine Service- security model targeting different levels of security of
Oriented Architecture (SOA) applications, which are data for a typical cloud infrastructure is under research.
increasingly being deployed in the cloud. This model is meant to be more dynamic and localized
in nature. This research paper is based on the
5. Security issues in IaaS conceptualization of the cloud security based on real
world security system where in security depends on the
With IaaS the developer has better control over the requirement and asset value of an individual or
security as long as there is no security hole in the organization. The intense of security is directly
virtualization manager. Also, though in theory virtual proportional to the value of the asset it guards. In a
machines might be able to address these issues but in cloud where there are heterogeneous systems having a
practice there are plenty of security problems. The variation in their asset value, a single security system
other factor is the reliability of the data that is stored would be too costly for certain applications and if there
within the provider’s hardware. Due to the growing is less security then the vulnerability factor of some
virtualization of ‘everything’ in information society, applications like financial and military applications will
retaining the ultimate control over data to the owner of shoot up. On the other side, if the cloud has a common
data regardless of its physical location will become a security methodology in place, it will be a high value
topic of utmost interest. To achieve maximum trust asset target for hackers because of the fact that hacking
and security on a cloud resource, several techniques the security system will make the entire cloud
would have to be applied. The security responsibilities vulnerable to attack. In such a scenario, if customized
of both the provider and the consumer greatly differ security is provided as a service to applications, it
between cloud service models. would make sense.
6. Conclusion
References Kandukuri BR ,Paturi VR, Rakshit A. Cloud security
issues. In: IEEE international conference on services
Heiser J. What you need to know about cloud computing, 2009, p. 517–20.
computing security and compliance, Gartner, Research,
ID Number: G00168345, 2009. Cloud
SecurityAlliance.Securitybestpracticesforcloudcomputin
Viega J. Cloud computing and the common man. g,2010b /http://www.cloudsecurityalliance.orgS
Computer 2009;42(8):106–8. [accessed on:10April2010].
BNA. Choudhary V. Software as a service: implications for
Privacy&securitylawreport,8PVLR10,03/09/2009.Copy investment in software development. In: International
right2009byThe Bureau ofNationalAffairs,Inc.(800- conference on system sciences, 2007, p. 209.
372-1033),2009 /http://www.bna.comS [accessed
on:2November2009]. Basta A, Halton W. Computer security and penetration
testing. Delmar Cengage Learning 2007
Basta A, Halton W. Computer security and penetration
testing. Delmar Cengage Learning 2007 Kaufman L. Data security in the world of cloud
computing .IEEE Security andPrivacy2009;7(4):61e4