Cloud security issues and concerns

Cloud Security: Issues and Concerns
- P. Samarati, S. De Capitani di Vimercati, in Encyclopedia on Cloud
Computing, S. Murugesan, I. Bojanova (eds.), Wiley, 2016
SNHCC Program, IIS, Academia Sinica,
Taiwan

Prepared By
Mrinal Kanti Baowaly
TIGP PhD Fellow

Presentation Outline
• Summary
• Introduction
• Confidentiality, Integrity, and Availability in the
Cloud
• Issues and Challenges
• Conclusion

Summary
• The cloud has emerged as a successful computing
paradigm
• Cloud allows user to rely on external providers for
storing and processing data
• But an important priority is to have enforcing and
assessing security guarantees.
• This paper presents
 main security issues and concerns arising in the cloud
scenario w.r.t storage, management, and processing of
data

Introduction
• With significant benefits of scalability and elasticity, the
cloud paradigm has appealed companies as well as
individuals
• Loss of control of the owners, and consequent security
threats can limit the adoption and acceptance of the
cloud computing
• ENISA lists loss of control and governance as top risks of
cloud computing
• CSA lists data breaches and data loss as two of the top
nine threats in cloud computing

Deployment & Service Models of
Cloud Computing
• Deployment Models of Cloud Computing
o Private Cloud
o Public Cloud
o Community Cloud
o Hybrid Cloud
• Service Models of Cloud Computing
o Infrastructure as a Service (IaaS) e.g. storage, network, servers,
virtual machine
o Platform as a Service (PaaS) e.g. OS, web servers, development
tools
o Software as a Service (SaaS) e.g. Different application
software: CRM, Email, Word Processing, Games

This Chapter Highlights..
• The security and privacy issues to be addressed and the
challenges involved can vary in different deployment
and service models
• In this chapter the authors highlights security issues and
its variations in the different models
• This chapter is organized by two main sections:
1. how the classical confidentiality, integrity, and availability
properties translate in the cloud
2. presents an overview of the security issues and concerns to be
addressed to ensure confidentiality, integrity, and availability

Confidentiality, Integrity, and
Availability in the Cloud
• Security problems can be classified with the classical CIA
paradigm
o confidentiality
o integrity and
o availability

Confidentiality in the Cloud
• It requires guaranteeing proper protection to
confidential or sensitive data stored or processed in the
cloud
• This can relate to:
o data externally stored
o identity/properties of the users accessing the data or
o the actions that users perform over the data

Integrity in the Cloud
• Integrity requires guaranteeing the authenticity of:
o the parties (users and providers) interacting in the cloud
o the data stored at external providers and
o the response returned from queries and computations

Availability in the Cloud
• Availability requires providing the ability to:
o define and verify that providers satisfy requirements
expressed in Service Level Agreements (SLAs) established
between data owners/users and providers

Some aspects that affect
the security issues…
• The issues to be tackled, the challenges to be addressed,
and the specific guarantees to be provided for ensuring
satisfaction of the security properties (CIA) depend on
the characteristics of the different scenarios:
o Simple Scenario
o Complex Scenario
• Trust assumptions & potential
threats on the providers:
o fully trusted, curious, lazy,
or malicious
Data Security
Lifecycle

Summary of Cloud Security Issues
• It clear that there is not a one-size-fits-all solution

I. Protection of data at rest
• Guarantee protection (i.e. confidentiality, integrity,
and availability of data)
 The first basic problem, need to be addressed
• Data confidentiality needs to be guaranteed even to
the provider's eyes.
What are the solutions?

I. Protection of data at rest (Cont..)
(a) “Honest-but-curious” (b) “Two can keep a secret”
Encryption Fragmentation
BoxCryptor

I. Protection of data at rest (Cont..)
(c) “Multiple-unlinkable-fragments” (d) “Keep a few”
No Encryption

II. Fine-grained access to data in the
cloud
• When confidentiality is ensured with encryption,
providers cannot decrypt data for query execution
• Fine-grained access, typically query execution, needs to
be supported
Two lines of approaches for providing
fine-grained access

cloud(Cont..)
First Approach:
• Performing queries directly on the encrypted data
• This is made by specific cryptographic techniques
o e.g. homomorphic encryption, CryptDB
• The main drawbacks:
o applicable typically for keyword searches or very basic
operations
o limited kinds of accesses and the computational complexity of
the execution
o not applicable in many real life scenarios

cloud(Cont..)
Second Approach:
• Attaching some metadata(indexes) to the encrypted
data
• These indexes are then used for fine-grained
information retrieval and query execution
o e.g. relational table in database
• Different kinds of indexes have been investigated
o direct indexing (one-to-one correspondence between plaintext
and index values)
o bucket- or hash-based indexing (many-to-one correspondence
between plaintext and index values)
o and flat indexing (one-to-many correspondence between
plaintext and index values)

cloud(Cont..)

III. Selective access to data in the cloud
• Access to data is selective at times: different users or
groups should enjoy different views and access
• How to enforce access control on data in the cloud is
crucial
• The enforcement of such access control policy is
however delegated to the cloud provider but sometimes
it doesn’t possible ‘coz of confidentiality
• Also, outsourcing of access control needs complete trust
to providers
• But, having the data owner mediate every access
request to ensure only authorized accesses is clearly
impractical and inapplicable

(cont..)
• Combining access control and encryption, encrypt data
with different keys, depending on the authorizations
holding on them

(cont..)
• Over Encryption: having the providers apply a further
level of encryption

IV. User Privacy
• Support Privacy of users accessing data and performing
computations
• In cloud, it might be need to grant access to data to
users not registered in the system without their identity
• Access control authorizations and enforcement should
be based on properties of users
o typically provided by means of attributes within digitally
signed certificates
• Several proposals have investigated different issues to
be addressed in this context
• language, access control engine, possible dialog and
negotiation to be supported between providers and users

V. Query Privacy
• Support Privacy of users’ actions in the cloud
• In some scenarios what is confidential is not (or not
only) data, or users’ identities/properties, but also the
accesses that users make on such data.
• In particular, confidentiality should be guaranteed, even
from the provider’s eyes w.r.t the fact that:
o an access aims at a specific data (access confidentiality)
or the fact that two accesses aim at the same data
(pattern confidentiality)
• Traditional approaches for protecting access and pattern
confidentiality are based on Private Information
Retrieval (PIR) techniques

VI. Query and Computation Integrity
• Enable assessment of correctness, completeness, and
freshness of queries and computations
• In scenarios where queries/computations are performed
by providers that are not fully trustworthy
• The problem arises of providing data owners and/or
users with the ability to assess that the result returned
from a query/computation is correct, complete, and
fresh
• Current solutions can be roughly classified in two
categories: deterministic and probabilistic

VII. Collaborative query execution with
multiple providers
• Enable controlled data sharing for collaborative queries
and computations involving multiple providers
• Data stored and managed by different cloud providers
may need to be selectively shared and accessed in a
cooperative way
• This scenario may see the presence of different
providers as well as of different data owners
• Exchange of data and collaborative computations should
be controlled to ensure that information is not
improperly accessed, released, or leaked
• Solutions: distributed query computation

VIII. SLA and Auditing
• Specification and assessment of security requirements
to be satisfied by providers
• A Service Level Agreement (SLA) is a contractual
agreement
• It specifies the performance and availability guarantees
that a cloud provider promises to deliver as well as
penalties in the case of violations of the SLA.
• for example, whether cloud providers are correctly
storing data or correctly executing computation-
intensive tasks on behalf of the users

IX. Multi-tenancy and virtualization
• Provide confinement of different users data and
activities in the shared cloud environment
• Multi-tenancy refers to the ability to provide computing
services to different users by using a common cloud
infrastructure
• It can reduce the costs and improving the utilization of
resources as well as the scalability and reliability
• A basic mechanism enabling multi-tenancy in the cloud
is virtualization
• It creates a virtual version of, for example, an operating
system, a storage device, or network resources, within a
single physical system
• It also introduces several security concerns

Conclusion
• Cloud security has become a key priority
• In this paper authors presented
o an overview of security issues and concerns in cloud and
o their impact on the confidentiality, integrity, and availability
and
o describe current solutions and possible challenges and
directions

Cloud security issues and concerns

More Related Content

What's hot (18)

Viewers also liked (6)

Similar to Cloud security issues and concerns (20)

Recently uploaded (20)

Cloud security issues and concerns