CLOUD SECURITY

CHAPTER

6
Cloud security is one of the evolving sub-domains of computer security,
and more broadly, information security. Nowadays a number of companies
are adopting cloud computing and the traditional method of information
security (to protect the system and application data) for securing data is being
challenged by the cloud-based architecture. In many cloud deployments,
users even transfer the data to external or even public environments, which
would never have been imagined a few years ago.

6.1 CLOUD COMPUTING SECURITY CHALLENGES

Security has been one of the most challenging issues for IT executives,
particularly in cloud implementation. There are many companies who are
interested in taking advantage of cloud computing but are stepping back
due to its numerous security anxieties. Figure 6.1 depicts the hierarchy
of cloud computing with security challenges of both the cloud computing
models, namely deployment and service models, and even the issues related
to networks.

6.1.1 Deployment Model Challenges

There are three basic deployment models—private, public and hybrid
clouds. The private cloud model is generally deployed within an organization
and can only be accessed by the employees of that organization. The public
cloud model is employed by the organization for gaining access to various

Dr. Bidush Kumar Sahoo

 112 • CLOUD COMPUTING

FIGURE 6.1 The challenges of cloud security

resources, web applications and services over the Internet, intranet, and
extranet. The hybrid cloud is a combination of public and/or private. The
security challenges related to these deployment models are stated below:
🞍 Cloning and resource pooling: Cloning deals with the replicating or
duplicating of data. Cloning leads to data leakage problems, revealing
the machine’s authenticity. Resource pooling as a service is provided to
the users by the provider to use various resources and share the same
according to their application demand.
🞍 Mobility of data and data residuals: For the best use of resources,

data is often moved to a cloud infrastructure. As a result, the enterprise

would be devoid of the location where data is put on the cloud; this is
true with the public cloud. Due to this data movement the residuals of
data are left behind, which may be accessed by unauthorized users.
🞍 Elastic perimeter: A cloud infrastructure, specifically like a private

cloud, creates an elastic perimeter. The users and departments through-

out the organization allow sharing of different resources to increase
facility of access, but unfortunately it can lead to data breach. In private
clouds, the resources are centralized and distributed as per demand.

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 113

🞍 Shared multitenant environment: Multitenancy is one of the most

vital attributes of cloud computing, which allows multiple users to run
their distinct applications concurrently on the same physical infrastruc-
ture, hiding user data from each other. However, the shared multitenant
character of a public cloud adds security risks such as illegal data access
by other renters using the same hardware. A multitenant environment
may also lead to some resource contention issues due to the inappropri-
ate utilization of resources by various tenants. This might be either due
to genuine periodic requirements or any hack attack.
🞍 Unencrypted data: Data encryption is the process that helps address

various external and malicious threats. Unencrypted data is vulnerable

as it does not provide any security mechanisms. These unencrypted data
files can easily be accessed by unauthorized users.
🞍 Authentication and identity management: With the help of cloud, a

user may give access to its private data and make it available to various
services across the network. The identity management has to help in
authenticating the users through their credentials.

6.1.2 Service Model Challenges

Various cloud services like software as a service (SaaS), platform as a service
(PaaS), and infrastructure as a service (IaaS) are delivered and used in real
time over the cloud. SaaS is a multitenant platform that is commonly referred
to as application service provider. The PaaS provides the user/developers
a platform to work with all the systems and environments for developing,
deploying and testing deploying web applications through the cloud service,
whereas the computer infrastructure needed for the application is provided
by IaaS. The users of SaaS have to rely heavily on the cloud provider for
security purposes without any assurance of the data protection of users. In
PaaS, the providers offer some controls to the users building applications on
their platform but are not aware of the network threat. With IaaS, the devel-
opers have better control over the applications. Different security challenges
faced by the service models are discussed below:
🞍 Data leakage and consequent problems: Problems like security,
integrity, locality, segregation, and breaches can be caused due to the data
alteration or deletion. This could lead to sensitive data being accessed by
unauthorized users.
🞍 Malicious attacks: The threat of malicious attackers is augmented

for customers of cloud services using various IT services that lack the
lucidity between the procedure and process relating to service providers.

Dr. Bidush Kumar Sahoo

 114 • CLOUD COMPUTING

Malicious users may gain access to certain confidential data, thus leading
to data breaches.
🞍 Storage and Backup: It is the responsibility of cloud vendor to ensure

that regular backup of data is carried out. However, this data backup is
generally found in unencrypted forms, leading to misuse of the data by
unauthorized users.
🞍 Shared technological issues: IaaS vendors transport their services in

a scalable way by contributing infrastructure. However, this structure

does not offer strong isolation properties for a multitenant architec-
ture. In order to address this gap, a virtualization hypervisor intercedes
the access between guest operating systems and the physical compute
resources.
🞍 Service hijacking: Service hijacking is associated with gaining illegal

control on certain authorized services by various unauthorized users. It

accounts for different techniques like phishing, exploitation of software
and fraud. This is considered as one of the topmost threats.
🞍 VM hopping: With VM hopping, an attacker on one VM gains the right

to use another VM. An attacker can check the victim VM’s resource,
alter its configurations and can even delete stored data, thus putting
the VM’s confidentiality, integrity and availability in danger. This attack
is only possible if two VM’s are operating on the same host and the
victim VM’s IP address is recognized. In addition, multitenancy makes
the impact of a VM hopping attack larger than in a conventional IT
environment. As quite a few VMs can run at the same time on the
same host, there is a possibility of all of them becoming victim VMs.
Thus VM hopping is a critical vulnerability for both IaaS and PaaS
infrastructures.
🞍 VM mobility: Contents of VM virtual disks are saved as files such that

VMs can be copied from one host to another host over the system or
via moveable storage devices with no physical theft of a hard drive. VM
mobility might offer quick use and can show the way to security prob-
lems like the rapid spread of susceptible configurations that an attacker
can make use of to expose the security of a novel host. There are vari-
ous attacks that might take advantage of the weaknesses in VM mobil-
ity, which include man-in-the-middle attacks. The severity of the attacks
ranges from leaking sensitive information to completely compromising
the guest OS. In addition, VM mobility amplifies the complications of
security management because it offers enhanced flexibility.

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 115

🞍 VM denial-of-service: Virtualization lets numerous VMs split physical

resources like CPU, network bandwidth, and memory or disk. A denial-
of-service or DoS attack in virtualization takes place when one VM occu-
pies all the attainable physical resources such as the hypervisor which
cannot hold up more VMs, and so the accessibility is endangered. The
prevention of a DoS attack is to bound resource allocation using correct
configurations.

6.1.3 Network Challenges

Cloud computing mainly depends upon the Internet and remote comput-
ers or servers in maintaining data for running various applications. All the
information is uploaded using the network. The network structure of the
cloud faces various attacks and security issues like browser security issues,
cloud malware injection attack, locks-in, flooding attacks, incomplete data
deletion, data protection, and XML signature element wrapping, which are
explained further below:
Browser security: All the information is sent on the network with the help
of a browser. User’s identity and credentials are encrypted by an SSL tech-
nology used on the browser. However, hackers from the intermediary host
may acquire these credentials with the use of sniffing packages installed on
the intermediary host.
SQL injection attack: These attacks are malicious acts on the cloud com-
puting in which a vicious code is inserted into a model SQL code. Due to
this attack an invader gains access to a database and to other personal and
confidential information. Furthermore, SQL injection attacks use the spe-
cial characters to return the data. For example, in SQL scripting, the query
usually ends up with where clause, which again may be modified by adding
more rows and information. The information entered by the hacker is mis-
read by the website as that of the user’s data, and this will make easy for a
hacker to access the SQL server leading the invader to access easily and
modify the functioning of a website.
XML signature element wrapping: This protects the identity value and
host name from unauthorized parties but cannot protect the position in the
documents. The host computer is targeted by the attacker by sending the
SOAP messages and putting any scrambled data, which the user of the host
computer cannot understand.

Dr. Bidush Kumar Sahoo

 116 • CLOUD COMPUTING

Flooding attack: The invader sends the request for resources on the cloud
rapidly and continuously so that the cloud gets flooded with requests thus
leading to a flooding attack.
Incomplete data deletion: This is a hazardous and most critical attack on
cloud computing. When data is deleted, it is possible that all the replicated
data placed on a dedicated backup server is not removed. The reason being
that the operating system of that server will not delete the data unless it is
specifically commanded by the network service provider. Precise data dele-
tion is impossible because copies of the data are saved in replica but are not
available for use.
Locks in: Locks in is a small tender in the manner of tools, standard data
format or procedures, services edge that could embark on application, data
and service portability, not leading to facilitate the customer in transferring
from one cloud provider to another or transferring the services back to home
IT location.

6.2 CLOUD INFORMATION SECURITY FUNDAMENTALS

The key to cloud security is its robust cloud architecture with strong security
implementation at all layers (SaaS, PaaS, and IaaS) in the stack powered
with legal compliances and government protection is the key to cloud secu-
rity. Cloud is complex, and hence security measures are not simple either.
Different levels of cloud security are discussed as follows:
Infrastructure level: A system administrator of the cloud provider can
attack the systems as he has all the administrative rights. The system admin-
istrator can install or execute all sorts of software to perform an attack and
can even perform cold boot attacks. The major steps that can be taken for
the IaaS level protection are:
🞍 All the privileges should not be given to a single person.
🞍 The provider should deploy restricted access control policies, stringent
security devices and surveillance mechanisms to protect the physical
integrity of the hardware.
🞍 A consortium TCG (trusted computing group) of industry leaders that

identify and implement security measures at the infrastructure level. It

has proposed a set of hardware and software technologies to enable the
construction of trusted platforms suggests the use of “remote attestation”
(a mechanism to detect changes to the user’s computers by authorized
parties).

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 117

Platform level: Security model at this level depends more on the provider
to maintain data availability and integrity. It must take care of following secu-
rity aspects:
a. Integrity: It assures that data has not been changed without your knowl-
edge. Integrity can be used in reference to the proper functioning of a
network, system or application. For example, when the term integrity is
used in reference to a system it means that the system behaves accord-
ing to design, specification and expectation even under adverse circum-
stances such as an attack or disaster. There are three goals of integrity:
🞍 Preventing unauthorized users from modifying the information.
🞍 Preservation of the internal and external consistency.
🞍 Preventing unintentional or unauthorized alteration of information
by authorized users.
b. Confidentiality: Confidentiality assures that the data cannot be viewed
by unauthorized people. It is concerned with preventing the unauthor-
ized disclosure of sensitive information. And the disclosure could be
intentional, such as breaking a cipher and reading the information, or it
could be unintentional due to carelessness or incompetence of individu-
als handling the information.
c. Authentication: Authentication is the verification that the user’s claimed
identity is valid, such as through the use of a password. At some funda-
mental level, you want to be sure that the people you deal with are really
who they say are. The process of proving identity is called authentication.
d. Defense against intrusion and denial of Service attack: The main
aim of the attack is to slow down or totally interrupt the service of any
system. This attack may have a specific target; for example, an entity may
suppress all messages directed to a destination. Another form of service
denial is the interruption of an entire network, either by overloading it
with messages or by disabling the network resulting in the degradation
of performance.
e. Service level agreement: A service level agreement (SLA) is a part
of a service contract where a service is formally defined. SLA is often
referred to the service and performance provided by the provider to the
customer.
Application Level: The following key security elements should be delib-
erately considered as an integral part of the application development and
deployment process.

Dr. Bidush Kumar Sahoo

 118 • CLOUD COMPUTING

a. Regulatory compliance: Compliance means conforming to a rule,

such as a standard, specification, policy or law. Regulatory compliance
expresses the goal that an organization aspires to achieve in their efforts
to ensure that they are aware of and take steps to comply with relevant
laws and regulations.
b. Data segregation: Segregation is the separation of an individual or
group of individuals from a larger group, often in order to apply special
treatment to the separated individual or group. Segregation applied to
the security industry, for example, requires that customer assets being
held by a broker or other financial institution be kept separate or segre-
gated from the broker or financial institutions assets. This is referred to
as security segregation.
c. Availability: This refers to whether the system, network, software and
hardware are reliable and can recover quickly and completely in the
event of an interruption in service. Ideally, these elements should not be
vulnerable to denial of service attacks.
d. Backup/Recovery Procedure: Data backup can be managed by data
replication. The data recovery procedure is nowadays integrated directly
into the backup process itself.
e. Identity Management and Sign-on Process: Some of the steps which
can be taken to make an application secure are:
🞍 Secure Product Engineering
🞍 Secure Deployment
🞍 Governance and Regulatory Compliance Audits
🞍 Third Party Security Assessment
Data Level: With the implementation of the data protection at the infra-
structure level, it is also required to make sure that all the sensitive data is
encrypted during transit and at rest.

6.3 CLOUD INFORMATION ARCHITECTURE

Managing information in cloud computing is a challenge that affects all orga-
nizations. It begins with managing internal data to securing information for
cross organization applications and services. This requires information man-
agement and data security in the cloud era to have both new strategies and
technical architecture. Cloud information architecture is as diverse as the

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 119

cloud architecture. In the section, we will learn about the cloud information
(storage) architecture. The different types of storage provided at each layer
are listed below:
Infrastructure as a service: IaaS for the public or private cloud has the
following storage options:
🞍 Raw Storage: This includes the physical media where data is stored.
🞍 Volume Storage: This includes the volumes attached to IaaS instances,
typically as a virtual hard drive.
🞍 Object Storage: This is referred to as file storage.

🞍 Content Delivery Network: Content is stored in object storage, which is

then distributed to multiple geographically distributed nodes to improve

Internet consumption speeds.
Platform as a Service: PaaS provides and relies on a very wide range of
storage options:
🞍 Database: Information and content may be directly stored in the data-
base or as files referenced by the database.
🞍 Object/file Storage: Files or other data are stored in object storage, but

only accessed via the PaaS API.

🞍 Volume Storage: Data may be stored in IaaS volumes attached to instance

dedicated to providing the PaaS service.

🞍 Application Storage: It includes any storage options built into a PaaS

application platform and consumables via APIs that do not fall into other
storage categories.
Software as a Service: As with PaaS, SaaS uses a very wide range of storage
and consumption models. SaaS storage is always accessed via a web-based
user interface or client/server application. If the storage is accessible via API
then it’s considered PaaS. Many SaaS providers also offer these PaaS APIs.
SaaS may Provide:
🞍 Content/file storage: File-based content is stored within the SaaS appli-
cation (reports, image files and documents) and made accessible via the
web based user interface.
🞍 Information storage and management: The data is entered into the sys-

tem via the web interface and stored within the SaaS application (usually
a back-end database). Some SaaS services offer data set upload options
or PaaS APIs.

Dr. Bidush Kumar Sahoo

 120 • CLOUD COMPUTING

SaaS may Consume:

🞍 Database: Like PaaS, a large number of SaaS services rely on the data-
base backend, even for file storage.
🞍 File/Object storage: Files or other data are being stored in object storage
and can only be accessed via the SaaS application.
🞍 Volume storage: The data may be stored in IaaS volumes attached to
instances dedicated to providing the SaaS.

6.3.1 Information Dispersion

Information Dispersion is a technique that is commonly used to improve
data security but without the use of encryption mechanisms. It is capable of
providing high availability and assurance of the data stored on the cloud, by
means of data fragmentation, and is common in many cloud platforms. In a
fragmentation scheme, suppose a file f is split into n different fragments, and
then all of these are signed and distributed to n remote servers. The user can
then reconstruct f by accessing m arbitrarily chosen fragments. When frag-
mentation is used along with encryption, data security is enhanced.

6.3.2 Information Management

Information management includes the process and policies the understand-
ing how the information is used and gathering that usage. In the next data
security section, specific controls and recommendations are discussed to
monitor and enforce this governance.

6.3.3 Data Security Lifecycle

Information lifecycle management is a quite mature field and does not map
well to the needs of security professionals. The data security lifecycle is
different from information lifecycle management, reflecting the different
security needs. The lifecycle includes six phases from creation to destruc-
tion as depicted in Figure 6.2. Once the data is created data can be bounce
between phases without restriction, and sometimes may not even pass
through all the stages.
1. Create: New digital content is generated through creation or by the
alteration/updating/modifying of the existing content.
2. Store: Storing is the act committing the storage of digital data and usually
occurs simultaneously nearly with creation.
3. Use: Data is viewed, processed, or used in some activity but not modified.

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 121

4. Share: Information is made available to users and to partners.

5. Archive: This is when data leaves active use and enters long term storage.
6. Destroy: Using physical or digital means the data is permanently
destroyed.

FIGURE 6.2 The data life cycle

6.3.4 Information Governance

Information governance includes the procedures and policies for managing
information usage. It includes the following key features:
🞍 Information classification: High-level description of important
information categories. The goal of information classification is not to
label every piece of data in the organization, but rather to define high-
level categories like “regulated” and “trade secret” to determine which
security controls may apply.
🞍 Location and jurisdictional policies: Where data may be geographi-

cally located, which also has important legal and regulatory ramifications.
🞍 Information management policies: These policies define what activi-
ties are allowed for different information types.
🞍 Ownership: To know who is ultimately responsible for the information.
🞍 Authorizations: Define which types of users/employees have access to

which types of information.

🞍 Custodianship: To know who is responsible for managing the

information.

Dr. Bidush Kumar Sahoo

 122 • CLOUD COMPUTING

6.3.5 Data Security

Data security includes specific technologies and controls used to enforce
information governance. This can be achieved in three ways, i.e., to cover
detection (and prevention) of data migrating to the cloud, protecting data
in transit to the cloud and between different providers/environments, and
protecting data once it is within the cloud.

6.3.6 Data Loss Prevention

The Data Loss Prevention (DLP) identifies, monitors and protects data at
rest, in motion and in use, through deep content analysis. DLP is typically
used for content discovery and to monitor data in motion using the following
options:
🞍 Dedicated appliance/server: Standard hardware placed at a network
check point between the cloud environment and the rest of the network/
Internet or within different cloud segments.
🞍 Endpoint agent
🞍 Virtual appliance

🞍 Hypervisor-agent: The data loss prevention agent is embedded or

accessed at the hypervisor level, as opposed to running in the instance.

🞍 DLP SaaS: DLP is integrated into a cloud service or offered as a stan-

dalone service.

6.3.7 Database and File Activity Monitoring

Database Activity Monitors (DAM) capture and record at a minimum all
Structured Query Language (SQL) activity in real time or near real time,
including database administrator activity, across multiple database platforms,
and can generate alerts on policy violations.
DAM supports real time monitoring of database activity and alerts
based on policy violations, such as SQL injection attacks or an administrator
replicating the database without approval. In an SQL injection, a hacker
tries to inject his harmful/ malicious SQL code into another database thus
causing running the database table and even extract valuable and private
information. DAM tools are typically agent-based connecting to a central
collection server (which is typically virtualized). It is used with dedicated
database instances for a single customer, although in the future it may be
available for PaaS.
File activity monitoring (FAM) is defined as products that record and
monitor all activity within designated file repositories at the user level and

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 123

generate alerts on policy violations. FAM requires the use of an endpoint

agent or placing of a physical appliance between the cloud storage and the
cloud consumers.

6.4 CLOUD SECURITY SERVICES

A cloud based system addresses three service models named IaaS, PaaS and
SaaS. These service models lie on the top of each other, thereby forming the
stack of a cloud. Hence security implications need to take into account both
service and deployment models. The following security measures have to be
taken to implement the security of cloud services:
i. Maintaining and implementing a security program to provide the struc-
ture for managing information security, and the risks and threads for the
target environment.
ii. Maintaining and building of secure cloud infrastructure to provide the
cloud resiliency and confidence that the data stored in a cloud is suf-
ficiently protected.
iii. Providing the protection of confidential data (the sensitive information
has to be adequately protected in order to preserve its confidentiality).
iv. Implementing of identity and strong access management are very criti-
cal for cloud security in order to limit the access to data and applications
to authorized and appropriate users.
v. Establishing of provisioning, it is important to have automated provi-
sioning for cloud services, such as applications, especially in a centrally-
managed cloud environment.
vi. Implementation of the program for governance and audit management;
such programs can help to define when, how, and where to collect the
logs and audit information in case of internal audits.
vii. Implementation of the program for intrusion management and vulner-
ability is important to implement such mechanisms as intrusion detec-
tion systems and intrusion prevention systems to provide the constant
monitoring of IT resources (servers, network, and infrastructure compo-
nents) for any security vulnerabilities and breaches.
viii. Maintaining of testing and validation of environment, which assure the
intact cloud environment.

Dr. Bidush Kumar Sahoo

 124 • CLOUD COMPUTING

6.5 CLOUD COMPUTING SECURITY ARCHITECTURE

The Cloud Computing Security Reference Architecture formal model is
derived from the NIST Reference Architecture (NIST RA) described in
NIST SP 500-292: NIST Cloud Computing Reference Architecture, which
is illustrated in Figure 6.3 below with the latest updates included. The
approach was to enhance the components of a functional architecture with
additional components providing various security services. Security issues
discussed by NIST are specifically focused on public cloud vendors, as it
states that organizations have more control of each layer of security when a
private cloud deployment model is used.

FIGURE 6.3 Cloud computing security reference architecture

The cloud actors involved in providing or consuming cloud service offer-

ings depend upon each other for securing the cloud ecosystem. This depen-
dency in managing a secure cloud ecosystem is defined by those interactions
between the cloud actors for implementing and integrating the security
components that are relevant for each use case, and by the constructs among
these security components. Depending on the service model being consid-
ered, cloud actors may be either solely responsible for fulfilling the security
requirements or may share the responsibility for doing so to some degree.

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 125

In cases where the responsibilities for implementing security compo-

nents and protecting the operations and data on the cloud are split among
the consumer, the broker and provider, regulatory and/or other security
requirements need to be articulated and orchestrated among the cloud
actors involved in architecting, building and operating the cloud ecosystem.
An example is the implementation of Intellectual Property (IP) protection;
the cloud consumer will need to mark his IP information in transit to/from
and at rest on the cloud to clearly indicate that it is not to be shared with
others. In turn, the cloud provider will assert that the IP is indeed protected
and will secure and maintain it this way.

6.5.1 Design Principles

There are different levels of risk tolerance in each enterprise, and this is
demonstrated by the product development culture, new technology adop-
tion, IT service delivery models, technology strategy and investments made
in the area of security tools and capabilities. Following are some cloud secu-
rity principles that an enterprise security architect needs to consider and
customize:
a. Isolation between different security zones should be guaranteed using
layers of firewalls—Cloud firewall, hypervisor firewall, guest firewall,
and application container. Firewall policies on the cloud should comply
with trust zone isolation standards based on data sensitivity.
b. The application should use end to end transport level encryption (SSL,
TLS, and IPSEC) to secure data in transit between applications deployed
on the cloud as well as to the enterprise.
c. The application should externalize authentication and authorization
to trusted security services. Single sign-on should be supported using
SAML 2.0.
d. Data masking and encryption should be employed based on data sensi-
tivity aligned with enterprise data classification standard.
e. Applications in a trusted zone should be deployed on authorized enter-
prise standard VM images.
f. Industry standard VPN protocols such as SSH, SSL, and IPSEC should
be employed when deploying virtual private cloud (VPC).
g. Security monitoring on the cloud should be integrated with existing
enterprise security monitoring tools using an API.

Dr. Bidush Kumar Sahoo

 126 • CLOUD COMPUTING

6.5.2 Secure Cloud Requirements

Many organizations have dealt with various types of security requirements in
cloud computing. The cloud security requirements are classified into twelve
sub-areas:
a. Authentication: Authentication is a process in which the credentials
provided are compared to those on file in a database of an authorized
user’s information.
b. Single Sign On: Single Sign On (SSO) is a session/user authentication
process that permits a user to enter one name and password in order to
access multiple applications. The process validates the user for all the
applications they have been given the rights to and eliminates further
prompts when they switch applications during a particular session.
c. Delegation: If a computer user temporarily hands over his authoriza-
tions to another user then this process is called delegation. There are two
classes of delegation:
🞍 Delegation at Authentication Level: If an authentication mech-
anism provides an effective identity different from the validated
identity of the user then it is called identity delegation at the authen-
tication level, provided the owner of the effective identity has previ-
ously authorized the owner of the validated identity to use his identity.
🞍 Delegation at Access Control Level: The most common way of

ensuring computer security is access control mechanisms provided

by operating systems such as UNIX, Linux, Windows, MAC OS, etc.
d. Confidentiality: Confidentiality is defined as the assurance that sensi-
tive information is not disclosed to an unauthorized person, process or
device. The most efficient tool to assure the security of data storage on
the cloud is cryptography algorithms.
e. Integrity: Data that is stored on the cloud could suffer from the dam-
age on transmitting to/from cloud data storage. Since the data and com-
putation are outsourced to a remote server, the data integrity should
be maintained and checked constantly in order to prove that data and
computation are intact. Data integrity means data should be kept from
unauthorized modification.
f. Non-repudiation: Non-repudiation allows an exchange of data between
two parties in such a way that the parties cannot subsequently deny their
participation in the exchange. Sender non-repudiation provides the

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 127

sender with a Proof Of Receipt (POR) which proves that the recipient
received the data. With receiver non-repudiation the recipient is pro-
vided with a Proof Of Origin (POO), which proves that the originator
sent the data. Non-repudiation can be achieved using a digital signature.
A digital signature is a mathematical scheme to show the authenticity of
a digital message or document.
g. Privacy: Internet privacy involves the desire or mandate of personal
privacy concerning transactions or transmission of data via the Internet.
It states certain rules to have control over the type and amount of infor-
mation revealed about a person on the Internet and who may access said
information. The provider should guarantee that there is no third-party
access to the platform processor, memory, and/or disk files.
Some of the privacy threats include:
🞍 Visits to websites will be tracked secretly.
🞍 E-mail addresses and other personal information can be used for
marketing or other purposes without approval.
🞍 Credit card theft.
🞍 Personal information can be sold to third parties without permission.
h. Trust: Trust revolves around assurance and confidence that people,
data, entities, information, or processes will function or behave in
expected ways. Trust may be machine to machine (like a handshake pro-
tocol), human to human, human to machine (like a digital signature), or
machine to human.
i. Policy: The term policies are high-level requirements that specify how
access is managed and under what circumstances who may access what
information. A security policy should fulfill many purposes. It should
protect people and information and set the rules for expected behavior
by users, system administrators and management and security person-
nel. The policy should define and authorize the consequences of viola-
tion, help reduce risk and help track compliance with regulations and
law formulation.
j. Authorization: Authorization is the act of checking to see if a user has
the proper permission to access a particular file or perform a particular
action. It enables us to determine exactly what a user is allowed to do.
Authorization is typically implemented through the use of access con-
trol. Access control is a mechanism that prevents unauthorized access
and ensures that authorized users cannot make improper modifications.

Dr. Bidush Kumar Sahoo

 128 • CLOUD COMPUTING

The controls exist in a variety of forms, from passwords and ID badges

to remote access authentication protocols and security guards. These are
four basic tasks in access controls: allowing access, denying access, limit-
ing access, and revoking access.
k. Accounting: Accounting services keep track of usage of services by
users so that they can be charged accordingly.
l. Audit: Audit services keep track of security related events.

6.5.3 Policy Implementation

An organization implementing cloud computing should think about secu-
rity first before deploying a production environment, according to the NIST.
The cloud policy implementation includes these key areas:
a. Governance: Cloud providers and consumers need to ensure that their
organizational governance is up to date. Specifically, they need to update
their related policies, procedures, and standards. Cloud consumers need
to review information offered by their cloud provider to ensure that they
help achieve compliance, trust, and privacy. They should demand trans-
parency so that they can gain insight on how providers manage appli-
cation development, infrastructure design, security architecture, and
implementation, as well as monitoring, auditing, and security incident
response processes. The consumer should also insist on a strong Service
Level Agreement (SLA) that specifies requirements for data confiden-
tiality, integrity and availability. Security is not a responsibility for cloud
providers only. If a consumer does not have sound governance and a
strong security posture to start with, moving to the cloud will not solve
their security challenges. From a technological point of view, cloud gov-
ernance necessitates an increase in visibility and auditing capabilities.
b. Architecture: The cloud computing architecture generally includes the
underlying infrastructure, various service components, and certain per-
vasive functions such as security and resiliency.
c. Logical separation: A key cloud computing benefit is its “elastic” com-
puting capabilities, meaning that computing power can be expanded or
condensed rapidly based on demand. To support such a dynamic busi-
ness computing model, security should be provisioned in a similar man-
ner. Static and physically oriented security configurations such as VLAN
based security are labor intensive and can hardly keep up with the fast
pace. New approaches are needed to achieve logical separation to secure
shared and dynamic environments such as multi-tenancy.

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 129

d. Consistency: For a successful cloud security implementation, a consist-

ent policy framework is required. For example, an excellent design to
achieve reliable and dynamic logical separation is to apply policy driven
and zone-based security enforcement. A zone is a group of attributes
that may include traditional networking parameters such as IP addresses,
network protocols, and port numbers.
e. Automation: The core principle of the cloud computing business model
is pay per use. This elasticity is not only reflected in the infrastructure
and computing power but also in the cost structure. Costs for IaaS sub-
scribers, for instance, are associated with their consumption rate, which
may go up or down depending on demand.
f. Scalability and Performance: Scalability and performance are closely
tied to automation requirements. They are required for cloud security
because of the potentially massive workloads and stringent security
requirements involved.
g. Authentication and Access Control: Cloud security is a shared
responsibility between cloud service providers and subscribers. Access
control to the cloud is one of the key cloud security areas and is a good
example to demonstrate the shared responsibility concept. For instance,
PaaS and SaaS providers can provide authentication for cloud applica-
tion developers and users. On the other hand, opportunities exist for
cloud subscribers to take ownership of authentication and access control
to cloud for tighter integration with their identity and access manage-
ment systems. For IaaS subscribers, client-side access control is an inte-
gral component of their cloud security strategy.

6.5.4 Virtualization Security Management

A lot of progress has been made in virtualization and cloud computing. Virtual
machines provide agility, flexibility, and scalability to the cloud resources by
allowing the vendors to copy, move, and manipulate their VMs. The term
virtual machine essentially describes sharing the resources of one single
physical computer into various computers within itself. Hence, cloud com-
puting would have many virtualized systems to maximize resources. Looking
into the security issues, as many organizations follow the “into the cloud”
concept malicious hackers keep finding ways to get their hands on valuable
information by manipulating safeguards and breaching the security layers of
the cloud environment. The cloud users have no clue about how this infor-
mation is processed and stored. Thus the most obvious way to attack a virtu-
alized data center or cloud is to gain access to the hypervisor, which controls

Dr. Bidush Kumar Sahoo

 130 • CLOUD COMPUTING

all the VMs running in the data center or cloud. For the native virtualization
architecture, there have been no known attacks on a hypervisor due to its
nature of being embedded in the hardware. A hypervisor can be attacked in
two ways: attack on hypervisor through the host OS and attack on hypervisor
through a guest OS.
Attacks on hypervisor through host OS: This is to exploit vulnerabili-
ties of the host OS on which the hypervisor runs. The native virtualization
architecture requires specially configured hardware; most virtualization
deployments are done with the hosted architecture. With vulnerabilities and
security lapses in most modern operating systems, attacks can be made to
gain control of the host OS. Since the hypervisor is simply a layer running on
top of the host OS, once the attacker has control of the host OS the hyper-
visor is essentially compromised. Thus, the administrative privileges of the
hypervisor enable the attacker to perform any malicious activities on any
of the VMs hosted by the hypervisor. This propagation of attacks from the
hosted OS to the hypervisor then to the VMs is shown in Figure 6.4.

FIGURE 6.4 An attack on hypervisor through the host OS

Attacks on hypervisor through guest OS: This is to use a guest OS to

gain illegal access to other VMs or the hypervisor. This is also known as VM
escapes or jail break attacks as the attacker essentially “escapes” the confine-
ment of the VM into layers that are otherwise unknown to the VM. It is the
most feasible attack on the hypervisor as an attacker can only compromise
a VM remotely as the underlying host OS is invisible. However, since many
VMs share the same physical resources, if the attacker can find how his VM’s
virtual resources map to the physical resources, he will be able to conduct

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 131

attacks directly on the real physical resources. Modifying the virtual mem-
ory in a way that exploits how the physical resources are mapped to each
VM, the attacker can affect all the VMs, the hypervisor and potentially other
programs on that machine. Figure 6.5 shows the relationship between the
virtual resources and the physical resources, and how the attacker can attack
the hypervisor and other VMs.

FIGURE 6.5 An attack on hypervisor through the guest OS

These two types of attacks are the most distinct vulnerabilities in virtu-
alization, whereas there are other potential ways to exploit a virtualized data
center or cloud too. Other forms of attack such as virtual library checkout,
migration attacks and encryption attacks are exploits on the characteristics
and infrastructure of virtualization. The fast growth in virtualization and vir-
tualization security has solved many problems of new and existing compa-
nies, but still it faces challenges in areas such as monitoring, visibility, and
infrastructure.
Monitoring is the ability for data centers and clouds to log authentic
data in VMs or the hosts. Usually a company only imposes strong defense
and monitoring on the perimeter networks, whereas there is no or insuffi-
cient protection against internal threats. However even for companies that
provide extensive internal monitoring, the characteristics of virtualization
make monitoring very difficult. The new management layer created in vir-
tualization is intended to abstract away the underlying resources from the
VMs, but due to this new layer some information may be abstracted away

Dr. Bidush Kumar Sahoo

 132 • CLOUD COMPUTING

from a monitor, which will generate insufficient data to determine potential

threats.
Visibility refers to how much intrusion detection and prevention sys-
tems can see into a virtualized network. It is an issue closely related to mon-
itoring; since with no monitoring, there will be no detection or prevention.
Visibility is also an issue for the virtualization software vendors. A very lim-
ited view is provided into the host OS and virtual network with the current
virtualization software by leading companies such as VMware. However, it
particularly causes the visibility on the host’s OSs and the virtual networks
to lower, making it harder to detect infected VMs and to prevent malicious
intrusions. Again, it currently lacks a balanced solution between visibility
and inherent security for virtualization.
Infrastructure is the way virtualization is integrated into a data center
or a cloud. Many companies use virtualization software and security software
from various vendors. Their data centers or cloud setups largely depend on
which vendor’s software they used. Thus, the security structure within a vir-
tualized data center or cloud needs to be highly specific to the particular data
center or cloud. This, in turn, causes security between databases and clouds
to weaken due to misconfiguration, incompatibility or other potential issues.
These problems come from the many ways a virtualization infrastructure can
be set up.
Although many challenges still exist, countless solutions have been
developed by virtualization security firms. With the growth of virtualization
and problems in virtualization security, many firms and researchers have
developed ways to combat these vulnerabilities.

6.5.4.1 Solutions based on virtualization architecture

The solutions based on virtualization architecture aim to solve security vul-
nerabilities by applying security measures on the virtualization characteristic
and components. The three major approaches are hypervisor security, guest
OS security, and image management security.
Hypervisor security: As long as the security of the hypervisor is strong
enough, compromising all the VMs will be difficult for the attacker. However,
attacks on the hypervisor in native virtualization architecture are currently
not known, thus making hypervisor security on such architecture almost
irrelevant. For hosted virtualization architecture, traditional ways of pro-
tecting running processes on an OS are currently implemented to protect
the hypervisor. Security measures such as access control, automatic updat-
ing, networking, and introspection on guest OSs are all ways to protect the

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 133

hypervisor from unauthorized access. These elements of security are usually

implemented in software and can be easily updated to keep the security fea-
tures of the hypervisor up to date.
Guest OS security refers to the application of traditional security mea-
sures to the guest OSs. This may sound like a redundant process to hypervi-
sor security, but in virtualization, every component must be secure in order
for the virtualized system to be secure. Since guest OSs running on a VM act
just like a real OS on the physical machine, important security measures for
single instance OSs are deployed on each guest OS. Also each guest oper-
ating system must have sufficient isolation so one VM being compromised
does not lead to other VMs on the same machine being compromised. Since
guest OSs can use physical peripherals available on the machine, the com-
munication between guest OSs and the hypervisor must be secure, and the
abstraction provided by the hypervisor must be enforced. Currently, many
companies offering virtualization security are using guest OS monitoring to
detect and quarantine infected guest OSs or revert them to a previous stage
with stored guest OS images.
Image management security deals in securing of how VM images
are stored, transported, and managed in a virtualized data center or cloud.
Due to mobility and variable states in each VM, it is an important aspect
of security in virtualization. Thus to achieve image management security,
strong encryption must be applied so that sensitive data does not leak from
the images; strong network security must be in place to ensure safe trans-
portation of VM images. In addition, VM images can be created quickly and
easily. This can generate many unnecessary distributions of the same VM,
and this vulnerability is generally called VM sprawl. In order to control the
unnecessary distribution of VM images, a strong access control on the image
management facility must be in place.
All generic approaches have been discussed above for achieving security
in virtualization. In addition to securing the components in virtualization,
security measures in the infrastructure itself can greatly reduce the possibil-
ity of attacks.

6.5.4.2 Solutions based on virtualization infrastructure

The solutions based on virtualization infrastructure aim to solve security vul-
nerabilities by creating secure gateways in the virtualization infrastructure.
This set of solutions is especially for data centers and clouds as infrastructure
is an integral part of the construction process. The two prominent areas are
security on the virtual layer and security on the physical layer.

Dr. Bidush Kumar Sahoo

 134 • CLOUD COMPUTING

Security on the virtual layer is achieved by securing how VMs and

hypervisors talk to each other in a virtual network. To take full advantage of
the virtualization infrastructure, Virtual Private Networks (VPN’s) are com-
monly created to manage different levels of authority in VMs. Because of
the virtual nature of the network, features such as monitoring, access con-
trols, integrity, encryption, authentication, and transportability of VMs can
be implemented directly into the network. Many of the vulnerabilities are
solved at present in a virtualization, as the security on the virtual layer will
isolate different virtual management networks and bring ease to deployment
and operation of VMs across different authorities or data centers.
Security on the physical layer is the design of the structure of the
physical systems that brings about security in a virtualized environment. One
of the most noticeable features in this environment is host-based intrusion
detection and prevention. It allows the system to ensure that at least the
physical layer will not be compromised easily through other means. The
structure of the data center or the cloud also plays an important role. How
the machines that are running the VM’s interconnected physically can deter-
mine the possible security measures that can be used. Also, routine inspec-
tion for hardware failures and outdated systems is part of the security on the
physical infrastructure that plays a large role in determining how secure the
virtualized environment is.

6.6 SECURITY MEASURES BY CLOUD PROVIDER AND

CUSTOMER
No matter what type of cloud is considered, both the provider and the cus-
tomer are always responsible (in different proportions) for the security of the
particular services. The provider has the least control over security in IaaS
cloud as the customer sets up his own system, middle-ware and deploys his
software and takes care of its security. Whereas in SaaS cloud entire respon-
sibility for the proper security lies with the cloud provider as the end-user
deals with a ready-to-use application. The next subsection discusses some of
the best practices for both provider and customer to properly secure the data
and systems in the cloud environment.

6.6.1 Security by Cloud Providers

The main responsibility falling on the shoulders of cloud providers is ensur-
ing a secure and isolated environment for their customers. This means mak-
ing sure that each user can access only their environment and data and that

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 135

other customers’ systems, data and applications are invisible to him. Some of
best practices for the cloud providers include:
– Physical data center security—This includes building security like key card
protocols, biometric scanning protocols, round-the-clock interior, and exterior
monitoring and access to data center only by the authorized personnel.
– Isolating and securing networks—Each isolated network has to have
proper perimeter controls and policies to limit access to it.
– Host machine operating system security—Manages many guest virtual
machines at once, and any security hole might give the attacker access to
multiple customer environments. Host machine protection should include:
– Intrusion detection system monitoring network and system for any
malicious activities.
– As small a number of user accounts as possible with limited administra-
tor access to them.
– Policy on strong and complex access passwords.
– Performing regular vulnerability scanning of cloud infrastructure in
order to find and identify any new or recurring vulnerability to pre-
pare proper mitigation strategies.
– Strong authorization and authentication must be implemented to pro-
vide the customer with secure access to their data and resources. The
basis of least privilege should be taken into consideration ensuring that
the user can access only the resources he needs. And only the authorized
administrators can access the cloud’s resources.
– Ensuring auditing mechanisms are in place logging every time the cus-
tomers or administrators access and use the resources.
– Frequent backups of data should be carried out by the provider. It has to
be transparent to the customer what backups the provider will perform
and what should be done by the user.
– Encrypting APIs through which the customers access the cloud resources
with SSL, recommended to provide secure communication over Internet.
6.6.2 Security by Cloud Customers
Even though a significant amount of security responsibility falls on the pro-
vider, the cloud’s customers have to be aware of certain practices such as:
– Proper firewall protection is required to analyze the incoming and outgoing
traffic and making sure any unauthorized access is blocked. The user has
to make sure that the hardware firewalls are properly configured to cor-
rectly protect all the machines on a local network. Software firewalls have
to be installed on individual machines to prevent a third party from taking
control of the machine and to protect the customer’s virtual machines.

Dr. Bidush Kumar Sahoo

 136 • CLOUD COMPUTING

– Up-to-date software including anti-virus, operating systems, and brows-

ers through which the users usually access the cloud services. It is vital
to keep everything updated to be protected from the newest threats and
any bugs found in particular software.
– Enforcing strong passwords policies as most of the attacks occur due to
the use of the insecure passwords. They can be considered the weakest
link in the whole security domain.
– Backup policies which the customer has to discuss with the service pro-
vider to be certain about what is whose responsibility. It is useful to have
some third-party backup services to have the copies of the data in case of
sudden data loss in the cloud services.
– Securing virtual machines when the user sets up everything including
operating system, middleware and software. Its main responsibility is to
ensure the security as in:
– Ensuring a firewall for virtual machines service ports
– Using encryption for communication
– Performing frequent backups and file integrity checks
– Control over what devices are connected
– To monitor network and system for any malicious activities by proper
use of intrusion detection systems
– In the case of organizations, thorough background checks should be per-
formed regarding any potential employees to ensure they do not pose a
threat to the company and to data.
– Keep up to date with the latest cloud security developments and any
changes made to the security policies or infrastructure by the provider.
– Controlling mobile devices like laptops, mobile phones, and tablets con-
nected to the cloud; since they are mobile they can be easily stolen and
therefore cause a serious security breach.
– Encrypting data, especially of sensitive kind. Securing the client machine
and cloud service will be meaningless if the data that is sent over to the
cloud is not encrypted as it is transported through shared networks.

6.7 SECURITY ISSUES IN THE CLOUD

DEPLOYMENT MODELS
Each of the four deployment models in which cloud services can be used
has its advantages and limitations. They all have certain security areas which
need to be addressed with a specific security policy.

Dr. Bidush Kumar Sahoo

 CLOUD SECURITY • 137

6.7.1 Security Issues in Public Cloud

The public cloud can have many customers on a shared platform, and infra-
structure security is provided by the service provider. It is possible to distin-
guish the following key security issues for a public cloud:
– Basic security requirements, i.e., confidentiality, availability, and integ-
rity are required to protect the data throughout its lifecycle (creation,
sharing, archiving and processing). The problems can occur when we do
not have any control over the service provider’s security practices.
– Since the infrastructure is shared among multiple tenants, the chances of
data leakage between these tenants are very high especially because many
service providers run a multi-tenant infrastructure. In such a case, it is
essential to pay particular attention to the proper choice of service provide.
– When a service provider uses a third-party vendor to provide its services,
the customer has to be ensured what Service Level Agreements (SLAs)
they have and what are the contingency plans in case of the breakdown
of the third-party system.
– Service Level Agreement defines the security requirements of a cloud
(i.e. level of encryption data) and what are the penalties in case the ser-
vice provider fails to do so.
– Because the customer cannot discard the possibility of an insider attack
originating from the service provider’s end, an access control policy has
to be proposed based on the inputs from the client and provider to pre-
vent such attacks.
– Policy implemented at the data centers and nodes can prevent a system
administrator from carrying out any malicious action—there are three
main steps to achieving this: defining a policy, propagating the policy by
means of a secure policy propagation module and enforcing it through a
policy enforcement module.

6.7.2 Security issues in Private Cloud

The private cloud model gives the total control over the data and network.
It provides the flexibility to the customer to implement traditional security
practices. However, it is possible to find some risk issues that should be con-
sidered in a private cloud:
– As the virtualization techniques are popular in private clouds, the risks to
hypervisor should be carefully analyzed. The VMs can communicate in
a virtual environment with all the VMs including the ones who they are

Dr. Bidush Kumar Sahoo

 138 • CLOUD COMPUTING

not supposed to. In such cases, the proper authentication and encryption
techniques e.g., IPsec, should be implemented to ensure that the VM
only communicates with the ones which it is supposed to.
– The users can manage a part of a cloud and access the infrastructure by
web interfaces or HTTP end points. In this case the interfaces have to
be properly developed, and standard security techniques of web applica-
tions have to be used to protect the diverse HTTP requests.
– Security policy must be implemented in the organization cloud to pro-
tect the system from any attacks originating within the organization. The
proper security rules and principles should exist across the organization’s
departments to implement the security control.
The hybrid cloud model is a combination of the public and private
clouds. Hence, the security issues explained above with respect to both the
public and private clouds are relevant to hybrid clouds also. However, a trust
model of cloud security in terms of social security has to be defined.

Dr. Bidush Kumar Sahoo