Module 4

11.1 Security, The Top Concern for Cloud Users

 Security Concerns with Cloud Adoption: Moving to cloud computing

introduces significant new security and privacy concerns, contrary to the belief
that it offloads all security responsibilities. Surveys consistently indicate
security as the primary concern for cloud users.
 Inadequate Legal Protection: Service Level Agreements (SLAs) often do not
provide sufficient legal protection for users, leaving them vulnerable to events
beyond their control.
 Loss of User Control: Users lose direct control over systems storing sensitive
information when migrating to the cloud, making the transition difficult.
 Data Vulnerabilities: Unauthorized access and data theft are major concerns,
with data being particularly vulnerable in storage. Rogue employees of Cloud
Service Providers (CSPs) also pose a significant risk.
 Data Lifecycle Management: Users face challenges in verifying data deletion,
and seamless backups performed without user knowledge can lead to data loss
or exposure.
 Lack of Standardization: The absence of interoperability standards creates
issues, including difficulty in accessing data during service interruptions, high
costs of switching CSPs, and making comprehensive audit trails unfeasible.
 Emerging Threats: Future technologies like autonomic computing could
introduce new security threats by making it harder to determine when and why
actions occurred.
 Multi-tenancy Risks: While multi-tenancy reduces costs, it amplifies security
threats; a compromise on one server can affect numerous users, especially in
Software-as-a-Service (SaaS) models.
 Legal Framework Deficiencies: Cloud technology has evolved faster than
security and privacy legislation, leading to user concerns about defending their
rights, particularly with CSP data centers located across multiple countries and
complex outsourcing chains.
 Risk Mitigation: Users should evaluate CSP security policies, analyze data to
be stored, and ensure contractual obligations clearly define data handling,
liability, ownership, and storage locations.
 Encryption for Sensitive Data: Sensitive data stored on the cloud should be
encrypted whenever feasible.

11.2 Cloud Security Risks

 Classification of Threats: Cloud security risks fall into three main categories:
traditional security threats, threats to system availability, and threats related to
third-party data control.
 Amplified Traditional Threats: Traditional threats, common to any internet-
connected system, are amplified in the cloud due to the vast resources and large
user populations involved.
 User-Site Protection: Users must secure their local infrastructure connecting to
the cloud, which is challenging as some components may be outside their
firewall.
 Authentication and Authorization Challenges: Implementing nuanced access
controls with distinct privilege levels for enterprise cloud access is crucial, and
merging internal organizational policies with cloud policies is complex.
 Common Attack Vectors: Distributed Denial of Service (DDoS) attacks,
phishing, SQL injection, and cross-site scripting are frequent attack methods
against CSPs.
 Challenges in Cloud Forensics: Identifying attacker paths is more difficult in
cloud environments due to multi-tenancy and hypervisor vulnerabilities, making
traditional digital forensics less effective.
 Availability Concerns: Cloud service availability is threatened by system
failures, power outages, and catastrophic events. Data lock-in can also severely
impact organizations during such incidents.
 Third-Party Control Issues: Lack of transparency and limited user control
arise from CSPs subcontracting resources, leading to concerns about data
integrity if third-party providers or hardware suppliers fail to protect customer
data.
 Contractual Responsibility: Cloud users often bear significant responsibility
for data security, as CSP agreements (e.g., AWS) may limit provider liability
for data loss or unauthorized access.
 Auditability Issues: Proving data deletion by CSPs is difficult due to a lack of
transparency, making comprehensive auditing challenging.
 2010 Cloud Security Alliance (CSA) Top Threats: Identified seven key
threats: abusive use of the cloud, insecure APIs, malicious insiders, shared
technology, account hijacking, data loss or leakage, and unknown risk profile.
 Threat Impact by Cloud Model: The Infrastructure-as-a-Service (IaaS) model
is susceptible to all seven threats, Platform-as-a-Service (PaaS) to all but shared
technology, and SaaS to all but abuse and shared technology.
 2016 CSA Top Twelve Cloud Security Threats:
1. Data Breaches: Most damaging for sensitive data; responsibility rests with
organizations, recommending multi-factor authentication and encryption.
2. Compromised Credentials and Broken Authentication: Due to lax
authentication, weak passwords, and poor key/certificate management.
3. Hacked Interfaces and APIs: Weak APIs can compromise cloud security and
service availability.
4. Exploited System Vulnerabilities: Resource sharing and multi-tenancy create
new attack surfaces.
5. Account Hijacking: All accounts should be monitored.
6. Malicious Insiders: Difficult to detect; requires segregation of duties, logging,
monitoring, and auditing administrator activities.
7. Advanced Persistent Threats (APTs).
8. Permanent Data Loss.
9. Inadequate Diligence.
10.Cloud Service Abuse.
11.DoS Attacks.
12.Shared Technology.

11.3 Privacy and Privacy Impact Assessment

 Definition of Privacy: The right of individuals or organizations to keep

personal or proprietary information from disclosure, often viewed as a
fundamental human right.
 Legal Framework and Conflicts: Privacy rights are protected by laws but can
be limited (e.g., by taxation laws) or conflict with other rights (e.g., freedom of
speech). Privacy laws vary significantly across countries and cultures.
 Digital Age Challenges: The digital age has introduced new threats like
identity theft from stolen or misused personal information.
 EU Privacy Laws: The European Union has stringent data handling laws,
including the "right to be forgotten," addressing the permanence of online
personal information.
 Public Cloud Privacy Concerns: Unencrypted data on CSP servers raises new
privacy concerns; users cannot solely rely on CSPs to guarantee data privacy,
especially for services utilizing personal preferences or location data.
 Main Aspects of Cloud Privacy: Include lack of user control over data,
potential unauthorized secondary use (e.g., targeted advertising), data
proliferation, and issues arising from dynamic provisioning (e.g., subcontractor
transparency, data rights during mergers/bankruptcies).
 Need for Legislation: Legislation is needed to address digital age privacy,
focusing on fair information practices: Notice, Choice, Access, and Security.
Such laws should be general and technologically neutral.
 Privacy Impact Assessment (PIA): Tools like PIA are necessary to identify
privacy issues. While international standards are lacking, many countries
require PIA reports to proactively embed privacy rules.

11.5 Cloud Data Encryption

 Necessity of Encryption: Encryption is the primary solution to protect sensitive

outsourced data, leading CSPs to offer encryption services.
 Example: AWS Key Management Service (KMS): Amazon offers KMS for
clients to create and manage encryption keys, integrated with various AWS
services, and provides an Encryption SDK for developers.
 Advances in Cryptography: New cryptographic research, including Fully
Homomorphic Encryption (FHE), is crucial for cloud data security by enabling
computations on encrypted data without decryption.

11.6 Security of Database Services

 DBaaS Concerns: Cloud users are concerned about the security of Database-as-
a-Service (DBaaS) offerings, to which they delegate data control.
 Threats to DBaaS: Data owners and users fear compromised integrity,
confidentiality, and unavailability. Key causes of data loss include insufficient
authorization, authentication, accounting mechanisms, inconsistent encryption,
un-backed-up record alteration/deletion, and operational failures.
 Confidentiality and Encryption: Only authorized users should access data;
unencrypted data is vulnerable to bugs, errors, and external attacks. Encryption
before data transmission can reduce risks to data in transit over public networks.
 Insider Attacks: A significant concern due to superusers having extensive
privileges, posing threats to confidential data.
 External Attacks: Malicious external attackers employ spoofing, sniffing, man-
in-the-middle attacks, side channeling, and illegal transactions to launch DoS
attacks.
 Data Recovery from Storage: Multi-tenancy can lead to illegal data recovery
from storage devices; sophisticated attackers may recover information even
after data deletion and sanitation, unless thorough scrubbing is performed.

Hypervisor-Based and VM-Based Threats

 Hypervisor-Based Threats:
o Resource Starvation/Denial of Service (DoS): Caused by misconfigured
resource limits or rogue VMs bypassing hypervisor restrictions.
o VM Side-Channel Attacks: Malicious attacks between VMs under the same
hypervisor, often due to improper inter-VM traffic isolation or limitations in
packet inspection.
 VM-based Intrusion Prevention Systems: Examples like SVFS, NetTop,
IntroVirt, and Terra (a VM-based trust computing platform) use trusted
hypervisors to partition resources among VMs.

Software Vulnerability Audits

 AMI Vulnerabilities: Audits of Amazon Machine Images (AMIs) revealed

high percentages of critical vulnerabilities: 98% for Windows AMIs and 58%
for Linux AMIs.
 Vulnerability Density: On average, Windows AMIs had 46 vulnerabilities,
while Linux AMIs had 11.
 Outdated AMIs: Many AMIs were found to be quite old, some several years
past their creation.
 Data Leakage in AMIs: Audits uncovered sensitive data leakage, including IP
addresses from lastb databases, browser history, and shell command histories.

Trustworthy Computing

 TCB and Xen: XenStore is a critical system component for maintaining system
state and requires hardening.
 Xoar System Components: Components are categorized as permanent (e.g.,
XenStore-State), self-destructing (boot components), restarted upon request
(ToolStack for management), and restarted on timer.

11.14 Mobile Devices and Cloud Security

 Integration with Cloud: Mobile devices are an integral part of the cloud
ecosystem, utilizing cloud services for data access, storage, and computation.
 Common Security Challenges: Include ensuring confidentiality, integrity,
availability, and non-repudiation of data.
 Enhanced Threat Exposure: Mobile devices are more vulnerable due to easy
application installation, use of third-party apps, and communication over
untrusted networks.
 Weak Authentication/Encryption: Often employ short passcodes and may
lack strong storage encryption.
 Location Services Risk: Increase the risk of targeted attacks and the inference
of sensitive user information.
 Unique Mobile Security Threats: Include mobile malware, stolen data (due to
loss, theft, or disposal), unauthorized access, electronic eavesdropping,
electronic tracking, and data access by third-party applications.
 Cloud Infrastructure Risks from Mobile Devices: Primarily revolve around
data leakage and compromise due to factors like device loss, weak lock screen
protection (e.g., smudge attacks), lack of confidentiality for data in transit over
untrusted networks, unmatched firmware/software (e.g., rooted/jailbroken
devices), and malicious mobile applications bypassing access controls.

4.6 Cloud Security and Trust Management

 Hindrance to Adoption: A lack of trust between CSPs and users has hindered
the widespread adoption of cloud computing.
 Increased Demands: Trust and security are more critical for cloud services
compared to e-commerce, as users are hesitant to fully entrust applications to
CSPs.
 User Concerns: Users are concerned about privacy protection, security
assurance, and copyright protection in cloud platforms.
 Trust as a Social Problem with Technical Solution: While trust is a social
issue, it can be addressed through technical means.

4.6.1.4 Defense with Virtualization

 VM Decoupling: Virtual Machines (VMs) are decoupled from physical

hardware, allowing them to be easily saved, cloned, encrypted, moved, or
restored as software components.
 High Availability (HA) and Disaster Recovery: VMs contribute to high
availability and faster disaster recovery.
 Distributed Intrusion Detection Systems (DIDS): Live migration of VMs can
be used to build DIDS.

4.6.1.5 Privacy and Copyright Protection

 Compromised Data: In a cloud environment with shared files and datasets,

privacy, security, and copyright data can be compromised.
 Desired Security Features: Include dynamic web services with secure
technologies, established trust via SLAs and reputation systems, effective
identity and data-access management, single sign-on/off, auditing and proactive
copyright compliance, shifting data operation control to CSPs, and protection of
sensitive information in shared environments.

4.6.2 Distributed Intrusion/Anomaly Detection

 Weakest Link: Data security is considered the weakest link in all cloud models,
necessitating new cloud security standards.

4.6.3.3 Data Lock-in Problem and Proactive Solutions

 Data Lock-in: Moving data and programs to cloud servers can create a "data
lock-in" problem, making it difficult for users to extract and run them on other
platforms.
 Causes of Data Lock-in: Attributed to a lack of interoperability (proprietary
APIs limiting data extraction) and lack of application compatibility (requiring
application rewrites when switching cloud platforms).

Reputation Systems

 Two-Layer Reputation System: A two-layer system is recommended for fast

reputation aggregation, updating, and dissemination.
 Bottom Layer: A trust overlay handles distributed trust negotiation, reputation
aggregation, user/server authentication, access authorization, trust delegation,
and data integrity control.
 Top Layer: An overlay facilitates rapid virus/worm signature
generation/dissemination and piracy detection, aiding worm containment and
Intrusion Detection Systems (IDS).