Security of Cloud Computing Survey

A SURVEY ON THE SECURITY OF CLOUD COMPUTING
Intensive Study ofAttacks and Possible Threats at Different Layers of Cloud Computing
8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 1
For Contact:
Lubna.henaki@gmail.com

Outlines
 Introduction
 Cloud Computing Overview
 Security in Cloud
 Threats on Cloud Computing Environment and their Countermeasures.
 Attacks on Cloud Computing Environment and their Countermeasures.
 Conclusion

Introduction to Cloud Computing
Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion

Introduction
 Cloud Computing technology has been broadly utilized in many fields.
 Cloud Computing add more convenience at several levels.
 Cloud Computing security is an essential subdomain of computer security
 The fact that cloud computing services are based on Internet connection
makes them vulnerable to a variety of attacks and security threats.
 Security of the provided services makes a primary concern to both the
cloud users and the service providers.

Percentage of Cloud Workloads (Today versus 2020)
Percentage of Cloud Workloads (Today versus 2020)
LogicMonitor SurveyResults:
 The enterprises workloads moving to
the cloud will increase to 83% by 2020.

Major Cloud Challenges in 2018
Cloud Challenges (RightScale Statistics)

Overview on Cloud Computing

Cloud Computing (NIST) Definition
 Cloud Computing is defined by NIST (National Institute of
Standards and Technology) as:
“A model for enabling ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can be
rapidly provisioned and released with minimal management effort or
service provider interaction.”

Cloud Computing Characteristics
 On-demand self-service: any user can comfortably obtain any computing
capabilities, without actually the need for human assistance.
 Broad network access: cloud capabilities and resources that are broadly
accessible over the network.
 Resource pooling: Computing resources are exhibiting a multi-tenant
model, it serves plenty of consumers.

Cloud Computing Characteristics Cont.
 Rapid elasticity: Cloud Computing capabilities can be efficiently
provided in any quantity at any time.
 Measured service: Resources are continuously monitored and
controlled by cloud systems, which allows the services to be optimized
later at different levels.

Architecture of Cloud Computing
1. Software-as-a-service (SaaS): This service allows the
customers to utilize applications that are hosted in the
cloud server and delivered to them over the internet.
2. Platform-as-a-service (PaaS): This layer allows developers
to efficiently write and develop applications like SaaS. It
makes an economic option for developers.
3. Infrastructure-as-a-service (IaaS): Provides fundamental
infrastructure to the above layers. it provides services like
networking hardware, servers, operating systems, storage
Cloud Service Models

Deployment Model of Cloud Computing
1. Public Cloud
Hardware and software resources are
publicly shared among different users.
2. Private Cloud
all the clouds systems and services are
only accessible within the boundary of
that organization

Deployment Model of Cloud Computing
3. Hybrid Cloud
Hybrid cloud is a combination of two or
more clouds that have different types
4. Community Cloud
Cloud services are usually intended for
specific individuals or organizations who
share the same Cloud requirements.

Advantages of Cloud Computing
 Cost efficiency
Enterprises and organizations need not to worry about the
expenses of software or hardware and all related maintenance.
 High Speed
acquiring the desired services quickly, without the need for long
time waits for service deployment.
 Back-up and restore data
Saving data from being lost.
 Accessibility
Resources accessible anywhere, all the time.

Disadvantages of Cloud Computing
 Security issues: Confidentiality of information might get
violated when an unauthorized access to the cloud resources
occur due to multiple causes like hacking.
 Limited Control: sometimes the services do not match the
requirements and it is not possible for the users of Public
Clouds or similar to control the hardware or the software.
 Low bandwidth: Low bandwidth affects the accessibility to
Cloud resources.

Security on Cloud Computing

Cloud Computing Security Requirements
8/14/2019 A REVIEW OF CURRENT RESEARCH ON THE PRIVACY PARADOX PHENOMENON 17
SecurityRequirements
Confidentiality
Integrity
Availability
Accountability
• The main objective of the CC system is to reduce the cost of
the hardware and provides services for each client needs.
• The CC system challenges scalability for both infrastructure
and data platform.
• In CC there is four main security requirements to ensure
privacy and serve a secure cloud services, then will be
illustrate each of them.

Confidentiality
 Confidentiality concerns to the blocking of unauthorized exposure of the user information of
the CC service
 Many approaches to protecting user sensitive data in the cloud based on encryption and data
segmentation which restrict the confidentiality violation
 Provider should guarantee confidential entrance to the data by ensuring the trusted data
sharing or use authorized entrance to the data.
 focus on authentication to use the cloud resources by having username and password for each user.
 data segment will reduce the amount of user sensitive data disclosure.
 A cover channel is also extra confidentiality issue, cause information leak by the unauthorized
transmission path.
1. Service level agreement (SLA)
2. Combine the Clouds system with a trustworthy computing
3. 3D technique

Integrity
 Since many users own the ability to change, update and add new data to the clouds, the access
should be controlled to achieve and ensure the data integrity.
 To defeat this huge challenge many approach would work:
1. The virtualization based dynamic integrity
2. cloud-based governance design
3. using the SLA agreement
4. Trusted computing method

Availability
 Availability meaning the ability to utilize the system as expected therefore one of the
significant advantages of the clouds system is the data availability.
Availability can be ensured for the client through: terms of a contract, and huge capacity with
great architecture supported by the provider.
 Grantees the availability in clouds' by using many approach's:
 enhance the availability by the internet authorized entree.
1. The OVMP mechanism
2. Partitioned computing.
3. Collection of small-clouds

Accountability
 Accountability is the technique of verifying the clients' various activities behind the data
clouds.
 The achievement of accountability happens by recognizing information of each client requires
to be logged at various places of the information clouds.
Evidence transaction for each activity is created once the activity starts processing.
 provide equipment for collecting transactions
 The transaction is used during the examination to the aptness of the activities evaluation.

Classification of Cloud Security Issues
 Cloud Computing contains many categories in its environment and each of these categories
have many security concerns .
 The security issue discussed in a wide area of clouds:
 Hardware.
 Software
 Communication.
1. Embedded Security
2. Application
3. Client Management
4. Cloud Data Storage
5. Clustering Computing
6. Operating System Based

Embedded Security
 Clouds main security issues in the embedded system created by the using of virtualizations.
 The virtual machine would imply a real security thread when a problem with deployment
occurred.
 Virtualizations have the advantages of the strength of isolation.
 Data leakage could rise by the implementation of separated virtual machine workload.
 The virtual machine monitoring from the host computer works as a controlling point.

Application
 The most sensitive vulnerable area of any system is the software application.
A huge number of lines of the software code cause primary security concerns.
With the several application programmers and coding languages rises a lot of vulnerabilities.
The front end of software could allow a high possibility of an authorized access and insufficient
configuration.
 Injection attacked to gain the advantages of the software backend weakness from the development
to the testing

Client Management
Clint management is simply protecting the information of the public could verse
the information of the client system.
 User-owned few experiences on cloud security field will face a struggle when
choosing which cloud provider.
Part of cloud service is the ability to access cloud service from many locations
thru many devices
Some security problems like unintentionally stops security events auditing by
the provider cause to ignore the response alert of an important vendor.
 the providers must ensure legitimate user access.

Cloud Data Storage
 The most significant components of CC are the data storage of the clouds.
 Data warehouse deployment needs for a high-security requirement, which reflect the quality
of cloud service.
Cloud storage could get malware injected by an attacker to take control over the Cloud storage.
 Multi-tier architect that carries the balanced running on
many servers helps to prevent DDoS.
 A technique called Inference which attacks the database
system .

Clustering Computing
 A computer cluster is an idea of utilizes multiple computers, VMs, and servers that connected
together and runs as a single system.
Cloud computing uses the idea of clustering for parallel processing in industries.
Clustering in CC could be a:
 cause security challenges with the increase in user number in each cluster.
1.Physical
2.Virtual cluster

Operating System Based
 Many security issues rise within CC system because of many VMs, many servers in the different
network and multiple operating systems work together.
The security issue for such a service is the limited default installation setting, unpatched
machines
1. Desktop operating system virtualization.
2. Remote desktop virtualization.
3. Network operating system virtualization.
4. Smartphones operating system .

Threats on Cloud Computing Environment and
Countermeasures

Threats on Cloud Computing Environment
Data loss.
Data breaches.
Insecure Interfaces and APIs.
Malicious Insiders.
Account, service and traffic hijacking.
 Shared technology vulnerabilities.
Abuse of Cloud services.

Data Loss
 Losing the data can be occurred from various reasons.
 Data can be lost due to applying operations by-mistake of deletion or alteration.
 Natural causes are also considered, e.g. earthquakes, fires etc.
 Sidekick smart phones suffered from this threat.
In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services.

Data Loss
Organizations should apply the following mitigation techniques to be
protected against this type of threats:
 Provide data storage and backup mechanisms.
 Using proper encryption techniques.
Legally indicating supplier support and maintenance techniques.

Data Loss causes
44%
32%
32%
7% 3%
Hardware Software Human Viruuses Natural causes

Data Breaches
 Data breach is the leakage of critical information to unauthorized parties, so that those
malicious people would have access to the network and its sensitive data.
 It occurs due to many causes such as incorrect authentication and authorization mechanisms,
reviewing controls, undependable use of encryption keys and operating system failure.
 Unfortunately, although data leakage is a critical threat to Cloud Computing, the solutions to
mitigate it can cause other threats to be raised.
 Sony PlayStation Network suffered from this threat.

Data Breaches
Analyze data at both design and runtime for protection.
 Employing strong encryption key generation, storage, and management.
 Indicating Cloud provider and ensuring the safety of their files and communications.
 Implementing strong Application Programming Interfaces (API).

Insecure Interfaces and APIs
 API refers to Application Programming Interfaces, which are used by the Cloud users to
communicate properly with the Cloud services. Cloud providers usually publish a number of
APIs that permit the Cloud users to develop their own interfaces for communication.
 The security and availability of the Cloud services are reliant on the security of these APIs.
From the early stages of authentication and access control, to the encryption and monitoring
processes, these interfaces need to be designed to defend against both unintentional and
malicious attempts to attack.
 Password reset message is an example of this threat.

Insecure Interfaces and APIs
 Strong authentication and access control methods.
 Encryption of the transmitted data.
 Analysis of the Cloud provider interfaces and using a proper security model for these interfaces.
 Detailed understanding of the dependency chain related to APIs.

Malicious Insiders
 The malicious insider threat raised from trusted people within the Cloud organization who
have authorized access to the organization assets and items of value.
 These people can apply unprivileged operations to cause harm to the organization’s assets.
 The harm can be financial, technical failure or resources losing by applying what seems to be
legal activities e.g. developing malicious firewalls.
 It is a well-known fact that most security threats arise from the inside of an organization.

Malicious Insiders
Insider threats are the highest price threats and they are hard to be
detected and deal with due to the following reasons:
 Malicious Insider threats can be hidden for a long time.
 It is tough to distinguish harmful actions from normal work.
 It is easy for employees to cover their actions.
 It is hard to prove guilt.

Malicious Insiders
 Apply human resource management as part of a legal agreement.
 A compliance reporting system will help determine the security breach notification so that,
appropriate action may be taken against a person who has committed a fraud.
 Non-disclosure of the employees’ privileges and how they are monitored.

Account, Service and Traffic Hijacking
 Account or service hijacking happens if an attacker gains the login information of some
account, which made the hacked account a launching base for the attacker.
 In Cloud account hijacking, a malicious intruder can use the stolen credentials to hijack the
Cloud services and then they can enter on other’s transactions, add incorrect information and
divert users to illegal websites causing legal issues for Cloud service providers.
 Amazon suffered from this threat.

 Appropriate understanding of security policies and service level agreement.
 Using a strong multi-factor authentication will form extra security check for the identification of
users.
 Strict and continuous monitoring to detect unauthorized activities.
 Prevent sharing credentials among customers and services.
Account, Service and Traffic Hijacking

 This threat raises from the fact of the shared environment of Cloud.
 Cloud services are provided by sharing the cloud infrastructure, applications and platforms.
Underlying components (IaaS), re-arranged platforms (PaaS) or applications of several
customers (SaaS) are all exposed to vulnerabilities that will spread the threat of shared
technology vulnerabilities in all delivery models.
 As a result, compromising any piece of shared technology exposes not just the customer
involved, it also exposes the whole environment to a possible harm.
Shared Technology Vulnerabilities

Shared Technology Vulnerabilities
 Apply good authentication and access control methods.
 Monitor the Cloud environment for unauthorized activities.
 Use of Service-Level Agreement (SLA) to cover the weaknesses scanning process and solutions.

Abuse of Cloud Services
 The Cloud has the great benefit of allowing even small organizations or individuals to use large
and huge services.
 This solves the issue of purchasing expensive components for non-capable sectors by renting
these expensive services from the Cloud as they needed.
 However, this benefit can be used for malicious reasons.
In Cloud Computing, this threat affects the IaaS, PaaS Cloud services.

Abuse of Cloud Services
 Strong authorization and authentication mechanisms.
 Continuous examination of the network traffic.

Challenges of Threat Remediation
Threat Challenges
Data loss and Data breaches  Trust issue with the Cloud providers.
 Absence of knowledge.
Insecure Interfaces and APIs  Incapability to review events associated with API use.
 The APIs complexity.
Malicious insiders  Providers hide their company strategies of employing staffs.
 Lateness of solutions, in which they developed after the incident happens.
 Incapability of monitoring the employees by the Cloud providers.
Account, Service and Traffic Hijacking  Current way of digital identity management isn’t good enough for hybrid Clouds.
Shared Technology Vulnerabilities  Development of shared components are not guaranteed.
 Mapping between the manufacturing process and allotment process of shared
components.
Abuse of Cloud Services  Cloud providers limited ability of monitoring due to privacy laws.
 Different interests of stakeholders.

Attacks on Cloud Computing Environment and
Countermeasures

Attacks in a Cloud Computing Environment and Countermeasures

Denial of Service (DoS) Attacks
 Attacker sends a superfluous request and make the server down and overloaded.
 Distributed DoS attack (DDoS) which is extended from DoS attacks that attacker use numerous
network hosts to inﬂict more devastating effects to its victim.
 European Network and Information Security Agency (ENISA) reported that Dropbox was attacked
by DDoS attacks and suffered a substantial loss of service for more than 15 hours affecting all
users.
A SURVEY ON THE SECURITY OF CLOUD COMPUTING 518/14/2019

Countermeasures of Denial of Service Attacks
 Reduce the privileges of the user that connected to a server.
 Using the filter-based approach.
 Using the signature-based approach.
 Using Intrusion Detection System (IDS)/Intrusion Prevention System (IPS).

Authentication Attacks
 The attackers target the mechanism and methods used by the user to
authenticate the system.
 The mechanism used for authentication is captured and attackers tries to
access the confidential information.
Password:
94Gah4562834

Countermeasures of Authentication Attacks
 Using strong password policies.
 Using a better authentication mechanism.
 Using advanced authentication attacks such as One-Time Password (OTP).
 Encrypt communication channels to secure authentication tokens.

Structured Query Language (SQL) Injection Attacks
 SQL attack is used to steal user information from the web application by inserting malicious
code to inject into the web application as a user input.
 According to the Open Web Application Security Project (OWASP) which lists the SQL injection
attack as the top 10 most critical web application security risks.

Countermeasures of SQL Injection Attacks
A proper validation of input data can mitigate SQL Injection attack.
Access Control permission on the database must be strictly defined.
Avoid using dynamically generated SQL into the code.

Cross Site Scripting (XSS) Attacks
The attacker inserts malicious code like Hypertext Markup Language (HTML)
and JavaScript into a dynamic web application in the form of browser-side
script in order to gather important information from different user's machine
in the shared environment.

Countermeasures of Cross Site Scripting Attacks
Using anti malware software.
Proper Secure Socket Layer (SSL) configuration.
Using of Browser Collaboration.
Using of Active Content Filtering.

Phishing Attacks
 Hacker creates the same script as like the trusted cloud site to steal passwords and email from you.
 Phishing attack applied by making the same page like cloud site page then registered a domain that is
similar to your cloud provides like www.droppbox.com, then retrieve your personal information.
 200 million of users in Facebook are targeted by the phishing attack.
Lubna
Hi Lubna,
We just need to verify your email address before you sign up
Is complete!

Countermeasures of Phishing Attacks
Using secure web link Hypertext Transfer Protocol Secure(HTTPS).
Identifying the spam emails.
Don’t click on short Uniform Resource Locator (URL).
Don’t click when someone force you to click.

Port Scanning Attacks
 The attacker use open ports that belong to a connection to gain exact
information about the working environment and running application
processes.
The attacker can seize information with the help of open ports like services
that run on a system, IP and Medium Access Control (MAC) addresses.

Countermeasures of Port Scanning Attacks
 Close all unused ports.
 Remove all unnecessary services.
 Filter out all unnecessary traffic.
 Firewall.

Man in the Middle (MITM) Attacks
An attacker splits connection and rejoins with the attackers own computer
system.
Man in the Middle Attacks happens if secure socket layer is not properly
configured.

Countermeasures of Man in the Middle Attacks
Using encryption and decryption algorithm.
Required a proper Secure Socket Layer architecture.
Using Intrusion Detection system.

Metadata Spooﬁng Attacks
 Web Services Description Language (WSDL) stored the descriptions about service functionality
and details.
The attacker manipulates / re-engineers the metadata content of a web service so that the web
service's intended operation is replaced by another operation.

Countermeasures of Metadata Spooﬁng Attacks
 Encrypted information about service functionality and other details.
 Strong authentication should be required to access the ﬁle.

Side Channel Attacks
 It occurs when an attacker places a malicious Virtual Machine (VM) on the same physical
machine as the victim machine so that he can access all the confidential information on the
victim's machine.
 Placement and extraction are the main steps of side channel attacks.

Countermeasures of Side Channel Attacks
Using virtual firewall.
Using encryption and decryption.

Virtual Machines Rollback Attacks
 The attacker takes advantage of VM from an old snapshot and run it without the user’s
awareness.
The attacker can get the password for VM through launches a brute-force attack.
This attack can prevent by using suspend and resume.

Virtual Machines Escape Attacks
 The attacker’s program running in a VM breaks the isolation layer.
 This allows an attacker to interact directly with the hypervisor.
 Therefore, VM Escape from the isolation is provided by the virtual layer.
 As results, an attacker gets access to the host OS and the other VMs running on the physical
machine.

Countermeasures of Virtual Machines Escape Attacks
 Using of secure hypervisor.
 Conﬁguring the host/guest interactions.
 Monitor hypervisor activities.
 VM Isolation is required.

Conclusion

Conclusion
 Cloud Computing has witnessed significant advances and become widely adopted in different
areas.
 Security poses a major challenge to its widespread adoption.
 We reviewed the significant attacks threatening the security of Cloud Computing.
 Solutions and countermeasures are pointed out to serve as a reference for comparative analysis.
 Understanding the various Cloud security issues and the means possible to overcome them.
 Similar studies helps to mitigating the risk associated with the adoption of Cloud Computing
technology.

Thank You! … Any Questions?

Security of Cloud Computing Survey

More Related Content

What's hot (20)

Similar to Security of Cloud Computing Survey (20)

Recently uploaded (20)

Security of Cloud Computing Survey