2011 IEEE World Congress on Services

Cloud Computing Security - Trends and Research Directions

Shubhashis Sengupta, Vikrant Kaulgud, Vibhu Saujanya Sharma

Accenture Technology Labs
Accenture
Bangalore, India
Email: {shubhashis.sengupta, vikrant.kaulgud, vibhu.sharma}@accenture.com

Abstract—Cloud Computing is increasingly becoming popu- compliance under security. Additionally, physical data center
lar as many enterprise applications and data are moving into security and processes play an important role.
cloud platforms. However, a major barrier for cloud adoption There is a growing body of work dealing with various
is real and perceived lack of security. In this paper, we take a
holistic view of cloud computing security - spanning across the cloud computing security issues. Authors have mostly dis-
possible issues and vulnerabilities connected with virtualization cussed about singular aspects of cloud security such as
infrastructure; software platform; identity management and vulnerabilities in platform layer (virtualization, network, or
access control; data integrity; confidentiality and privacy; phys- common software stacks); vulnerabilities with co-located
ical and process security aspects; and legal compliance in cloud. user data and multi- tenancy; access control; identity man-
We present our findings from the points of view of a cloud
service provider, cloud consumer, and third-party authorities agement and so on. Recently, a draft report by NIST [40]
such as Govt. We also discuss important research directions in discusses some security challenges and considerations that
cloud security in areas such as Trusted Computing, Information organisations planning to utilze a public cloud environment
Centric Security and Privacy Preserving Models. Finally, we should be aware of. However, barring a few [5], [6], there
sketch a set of steps that can be used, at a high level, to assess has not been a holistic treatment on cloud security issues
security preparedness for a business application to be migrated
to cloud. and state of research in each of these issues. In this paper
we provide a concise but all-round survey on cloud security
Keywords-Cloud Computing; Security; Trusted Computing; trends and research.
Data integrity and confidentiality; Survey;
We recognize that there are three major groups involved in
cloud security. First group is the providers of Public and Hy-
I. I NTRODUCTION
brid clouds. Second group is the individuals / organizations
Cloud computing is fast becoming a popular option for which use cloud services - either by migrating and hosting
renting of computing and storage infrastructure services their applications binaries / data to cloud, or by having
(called Infrastructure as a Service or IaaS)[1]; for remote an interface or a “pipe” connected to an external cloud
platform building and customization for business processes to do some activities (like downloading cloud public data
(called Platform as a Service or PaaS)[2]; and for renting / modules or to route messages through cloud). The third
of business applications as a whole (called Software as group is the Government and other third-party regulatory
a Service or SaaS)[3]. The cloud infrastructure has been entities that may have fiduciary roles (audit, forensic etc.).
further sub-divided into, Public cloud - where the infras- In our paper, we have tried to map security concerns and
tructure resides totally outside of the tenant / enterprises? obligations of each of these groups.
firewall; Hybrid cloud - where the infrastructure and business We observe that data, platform, user access and physical
processes reside partly within the enterprise and partly security issues; although accentuated in cloud computing;
consumed from third party; and Private cloud - where IT are generally applicable in other enterprise computing sce-
services are mounted on top of large-scale conglomerated nario as well. For example, hypervisor related threats such
and virtualized infrastructure within enterprise firewall and as cross channel attacks will be present in any virtualized
consumed in “per transaction” basis. Technology consulting environment not specific to cloud. Two of the great virtues
firm Gartner has estimated market size of $59 billion for of cloud computing are service abstraction and location
Public and Hybrid cloud and has predicted it to grow to transparency. However, from security point of view these
$149 billion by 2014 with a compounded annual growth two points in conjunction with third-party control of data
rate of 20[4] . However, real and perceived security concerns can create challenging security implications. The paper out-
remain one of the greatest inhibitors for adoption of Cloud lines how research around Trusted Computing, Information
computing. The primary concerns for cloud security are Centric Security and Privacy Preserving Models may provide
around cloud infrastructure, software platform and user answer to some of these difficult challenges. Since private
data; as well as access control and identity management. clouds are operating inside enterprise firewalls, we exclude
Researchers also include broader issues of data integrity and them from this discussion.

978-0-7695-4461-8/11 $26.00 © 2011 IEEE 524

DOI 10.1109/SERVICES.2011.20
 Finally, we present a high-level framework to assess A. Concern C1: Is my cloud-services provider’s physical
security preparedness for application migration to cloud. and software infrastructure secured?
The paper is organized as follows: in section 2, we A recent survey carried out by Novell [7], 87% enterprise
talk about the categories of cloud security concerns and respondents looked as hybrid clouds as a future data center
implications. In section 3, we discuss advanced security evolution while 92% say that internal IT will eventually
issues of cloud computing. In section 4, we briefly present get migrated to public cloud. However, nine out of ten
the assessment framework. We conclude by summarizing the respondents have also voiced their concerns on security.
paper’s contribution and scoping further work. Migrating applications to cloud and hosting those in remote
multi-tenant environment raise concerns like:
II. COMMON CONCERNS ABOUT CLOUD
SECURITY AND IMPLICATIONS 1) C11: Are the cloud data centers physically secured
against security breaches?
We divide the common security issues around cloud 2) C12: How is my application secured in shared virtu-
computing across four main categories: alized infrastructure (VMs, storage, network) against
1) Cloud infrastructure, platform and hosted code. This malicious attacks?
comprises concerns related to possible virtualization, 3) C13: Since my application is hosted with common
storage and networking vulnerabilities. We cover vul- software stack (PaaS and SaaS), how does potential
nerabilities that may be inherent in the cloud software common-stack vulnerability affect me?
platform stack and hosted code, which gets migrated 4) C14: In hybrid cloud my internal applications may
to cloud. We also discuss the physical data- center interact with cloud-based ones in a common workflow.
security aspects here. How do I ensure security isolation?
2) Data. This category comprises the concerns around 5) C15: Can I trust the APIs and interfaces provided by
data integrity, data lock in, data remanence, prove- cloud providers?
nance, and data confidentiality and user privacy spe- 6) C16: Since I relinquish execution control, how can it
cific concerns. be ensured that no illegal operations happen?
3) Access. This comprises the concern around cloud ac- Implication I1: Secure physical computing, storage and
cess (authentication, authorization and access control network access environment.
or AAA), encrypted data communication, and user Typical data-center related security measures related to
identity management. physical access, layouts of racks, servers and network re-
4) Compliance. Because of its size and disruptive influ- dundancy and isolation, intrusion detection and prevention
ence, the cloud is attracting attention from regulatory systems, backup and disaster recovery contingency, HVAC
agencies, especially around security audit, data loca- related issues are required. The TIA-942: Data Center Stan-
tion; operation trace-ability and compliance concerns. dards Overview [8] describes the requirements for the data
We believe that through this categorization we cover center infrastructure. It is expected for sensitive and critical
almost all common cloud security issues. To provide a customers to come into public cloud, the cloud must meet
perspective on why these issues are important; from cloud these criteria adequately to address concern C11. It is often
consumer (enterprises), providers, and third party points noted that major security breaches and threats come from
of view; we first lay out the paramount top-level security internal staff. A stringent set of checks and audit processes
concerns (mainly on part of consumers and third party are required for this purpose.
agencies) and sub-levels thereof with anecdotal evidences. To tackle C12, the IaaS cloud providers should ensure that
We then discuss the technological implications (mainly on virtualized infrastructure is secure against anyone exploiting
part of the cloud providers) of each of these concerns and known and emerging vulnerabilities. These are vulnerable
related research issues. We defer discussion on some of to exploitations and attacks. Malicious code can detect
the ‘cloud specific’ advance research discussion to the next presence of a hypervisor and launch attacks such as denial
section. of service or even exit from the protected environment to
Enterprise customers looking at public and hybrid clouds garner higher privileges [9]. A group of researchers have
are generally accustomed to elaborate security arrangements exploited network topology and VM placement strategy in
in their data centers in forms of single sign-on technolo- Amazon cloud. They have taken recourse to whois queries,
gies, identity management, and VLAN to separate different TCP synch messages, and other internal / external probes
customer domains, storage appliances, VPN technologies and fairly static internal IP allocations of EC2 availability
etc. These provide a strong infrastructure for role-based zones to map and target physical hosts of specific guest
access, logical partitioning of networks, controlled data and VM instances. They then ‘planted’ malicious VMs in a
application, secure remote access etc. The situation with co- located manner and exploited shared zones and covert
cloud gets fuzzy. channels such as time-shared catches to gain processing

525
information [10]. Service providers also need to guard anonymized data can reveal sensitive information. Other
against general and common OS and VM vulnerabilities concerns are those around data lock-in and data location. To
such as reported vulnerabilities like in insecure named pipes, cite an example on data lock-in [15], 45% users of an online
SSL related issues in the type 1 (emulated hypervisors) and storage service company LinkUp suffered when their locked
HVM (hardware virtualization) monitors, reported serious data with a third-party storage provider called Nirvanix got
flaws etc. lost. The concerns are listed as below:
Concerns (C13, C14) around shared resources and work- 1) C21: What ensures integrity and prevents loss of my
flow are particularly important for hybrid PaaS and SaaS data in cloud?
providers. The Cloud Security Alliance [20] terms it as 2) C22: Will my business data remain confidential? How
‘shared technology vulnerability’. Active monitoring of any do I protect privacy of my users?
unexpected configuration changes (however small) and vul- 3) C23: How do I prevent my data getting locked out in
nerability scanning of any shared resources (OS, global case the provider is likely to fail?
caches, multiplexed channels etc.) are required for this. 4) C24: How do I ensure that data is not remanent in
OS level isolations such as exo-kernels [11] have not storage (i.e., bits are really wiped-out when delete
found much adoption; but JVM and process level isolation operation is performed)?
techniques are increasingly getting popular [12]. Newer 5) C25: How do I know that updates to my data are
platforms like APEX from Force.com [2] use components tracked properly and I get the correct copy each time
and meta-data that are shared across tenants. These have a request is made?
strong session management, object scoping and data fil- 6) C26: How to maintain data confidentiality and in-
tering mechanisms. The proliferation of usage of open- tegrity where multiple cloud parties are involved in
source provisioning tools, application servers, DBs, scripting processing?
languages, Web services protocols in cloud create the issues
of security risks like SQL injection, cross site scripting , Implication I2: Ensure effective data management includ-
Database row-level security, and Web 2.0 specific security ing integrity, confidentiality and privacy
vulnerability (Ajax keeps on pinging pages for infinitesi- Data governance, including all the issues above, perhaps
mal changes) etc. Researchers have provided examples of has most important implications for providers. C21 is rela-
metadata spoofing attacks [13] where an adversary can tively straightforward to address through strong encryption
overwrite WSDL metadata and the compromised client can mechanisms like AES and DES. The management can
generate un-warranted actions. These concerns and C15 can be done through common PKI infrastructure. Labels are
potentially be addressed by a key based digest and integrity placed on repositories (basically file servers) encrypted with
verification of all cloud open interfaces and APIs. C16 is an a public key that is associated with each user. The user
advanced issue, and we defer it to next section. possesses the private part of the key and is the only one
that can decrypt the labels encrypted with the public part.
B. Concern C2: What happens to my data in cloud? This form of encrypted data in cloud is good for storage
In today’s competitive economy, data is the primary asset or archival but is rather costly to process. However, a new
enterprises and individuals possess. In cloud computing, form of encryption, called Homomorphic Encryption [16]
foremost concern is about data integrity, confidentiality and enables the ciphertext to be processed in public cloud with-
privacy, and provenance. There is a growing worry about out decrypting it. Service providers need to ensure storage
the confidentiality of data stored in public cloud server- integrity against loss of non-volatile data due to failure of
side infrastructure. Additionally, mechanisms facilitating in- storage sub- system and bit rots. Distributed data coding
termittent connectivity, like Google Gears [14], cache data like Erasure Coding and network coding has been studied
on the devices. Unless the cached data is effectively secured and used extensively [17], especially for fault tolerant and
and purged regularly, it can become a treasure trove for data highly available storage in cloud. Transport level security
theft. (TLS) measures ensure secure data transfer over networks.
It is mandated that providers like Google, Yahoo, and The common procedure of masking data for individual
AOL retain search data for 18 months before anonymizing it customer record confidentiality (C22) is data anonymization.
(removing specific client info like IP addresses and cookies) In the context of risks such as health, research is being
for internal purpose, if any. However, there have been in- performed to better common anonymization techniques like
stances where even anonymized data has been compromised. k-anonymization with distributed anonymization [18]. Sev-
Perhaps the most famous case is when anonymized health eral concerns like C23 can be resolved by publishing and
records from Massachusetts Group Insurance Commission maintaining a standard set of data interfaces and transfor-
were analyzed to reveal the medical history of the Governor mation logic. Storage Network Industry Association (SNIA)
of that state [5]! This case proved that injecting innocuous [19] has suggested a set of remedial mechanism for data
and neutral data such as ZIP code, gender, birth-date into remanence problem C24. One of the suggestion is to encrypt

526
the data and then shred the key! Finally, device management Language [38] promoted by OASIS, can enable faster user
becomes a critical function in data remanence. Things like account provisioning and de-provisioning.
remote management of mobile devices, remote wipe-out or Cloud service authentication (C32) presents some inter-
remote disabling of a device need to be factored into the esting problems. Cloud services are increasingly getting
cloud eco-system. accessed through browsers and thin mobile devices running
C25 essentially highlights the important issue of data new set of applications like HTML-5. Browsers do not have
provenance. Cloud employs identifier based data objects direct means of handling XML signatures and XML encryp-
such as S3 objects in Amazon cloud. Due to multiple tion, and rely on the underlying SSL layer for handshake.
concurrent access and latency in persistence and in absence Hence this channel may become a potential threat if not
of a proper file-system for journaling, the data queries may secured properly. This may push enterprises to use VPNs
get inconsistent result and data lineage / update history while communicating to cloud. The Cloud Security Alliance
may get lost. Researchers have proposed provenance aware [20] recommends cloud provider to provide stronger au-
storage system (PASS) wrapper layer [37] on top of simple thentication mechanism and also (optionally) allow users
cloud storage. to use third party identity management and single sign-
Multi-cloud information processing activities (C26) like on platforms like Microsoft Passport. This may lead to an
distributed data mining would require sophisticated privacy added set of authentication complexity. Online open identity
preserving models, and we defer the treatment to section 3. management communities like OpenID [21], OAuth [35] etc.
are proliferating and each brings its own set of integration
C. Concern C3: Are users accessing cloud- services really
challenges for cloud providers.
mine and can all my genuine users get seamless and secure
There is a growing chorus on ‘inter cloud’ hand-offs
accessibility?
and federated identity management (C33), possibly through
Another fundamental cloud security concern is that of user assertion tokens like Security Assertion Markup Language
authentication, authorization and access control (AAA). The (SAML) or privilege management infrastructure based on
first question is that of access management - mapping of tra- x.509 certificates. The ongoing standardization work WS-
ditional enterprise directory structure like LDAP and Active federation [22] may provide some help in this aspect. Cloud
Directory for providing organizational role-based access to a federations need to establish a set of common security
cloud PaaS or SaaS provider. The second question is that of token services and identity providers. But in dynamic cloud
identity management like authentication, identity theft and scenario these trust relations may not work. We need to
phishing. Of particular importance will federated identity develop more flexible cases of identity federation.
management in multi cloud scenario. Some such concerns
are: D. Concern C4: Are cloud providers compliant with regu-
1) C31: How do I ensure that there is no un-authorized lation?
access to my cloud by a disgruntled employee, who Various forms of compliance exist in cloud computing.
has left the organization or by an identity thief? Industry initiatives on compliance like accounting (Sarbanes-
2) C32: How to ensure proper levels of authentication to Oxley, Basel), health information privacy (HIPAA), and
cloud services? How do I manage multi-device access? credit card data safety (PCI) are important for different
3) C33: In multi-cloud scenario, how do I ensure that I verticals. Similarly standards around outsourcing auditing
provide / delegate access to users to different security (SAS70) govern cloud based outsourcing vendors. US Fed-
domains so that the end-to-end workflow is seamless? eral and other international laws such as the Electronic
Similarly, in hybrid cloud, how do I create a minimum Communication Privacy Act (ECPA) can govern concerns
common access control and identity structure? for data privacy in cloud. Transparency of data location is
Implication I3: Ensure proper access control and identity a fundamental premise of cloud computing. In reality, dif-
management. ferent geographical data locations may come under different
Synchronizing enterprise and external cloud services ac- jurisdictions, each with its own set of laws that govern data
cess control lists in the context of C31 to ensure right privacy and security.
access roles is a very important challenging issue as PaaS Regulations and national security matters require effec-
and SaaS platforms have complex hierarchies and many tive auditing and sharing of audit reports with relevant
fine-grained access capabilities (tenant org level, sub-tenant, authorities. Today, it is not clear if Govt. agencies have
and individual user levels). This assumes importance as enough trust in cloud security preparedness. Federal Trade
users, who are no longer part of an enterprise, may still Commission (FTC) of US, in a recent filing, has stated that
potentially exploit access provided in cloud; unless those they are investigating security implications of cloud based
credentials are revoked quickly. However, we recognize this remote data processing [23]. Some laws also mandates that
as more of a process issue than a technology one. Use critical Financial and Defense related data does not leave
of standard languages like Service Provisioning Markup the perimeter of the country. Easy accessibility to data ‘on

527
demand’ for audit purpose is also mandated. For example, in The client would want to inspect the execution traces
many jurisdictions the government has the power to access to ensure that illegal operations are not performed.
any data residing within their limits for a “reasonable” cause. 3) Third-party control of data: In cloud, the storage
Data can even be seized if the service provider comes on infrastructure, and therefore, the data possession is
the wrong side of the law enforcement agencies [24]. Note also with the provider. So even if the cloud provider
that compliance concerns are no longer limited to existing vouches for data integrity and confidentiality, the client
regulations, but extend to newer ones specific to cloud may require verifiable proofs for the same.
computing. 4) Multi-party processing: In multi-cloud scenario, one
Implication I4: Ensure proper regulatory compliance party may use part of the data which other party
Cloud providers generally follow legal compliance and provides. In absence of strong encryption (as data is
contractual obligations. However, there have been instances, being processed), it becomes necessary for participat-
like the case of Google Docs in March 2009, where full ing cloud computing parties to preserve privacy of
security and data safety audit reports have not been made respective data.
public and data integrity was allegedly compromised by To build a strongly secure cloud computing model and
improper access [36]. This made ECPA petition to FTC to tackle issues such as above, we postulate that cloud groups
initiate action [23]. Furthermore, providers should be open to will need to address the issues of trust, create context specific
forensics [25] such that data provenance can be achieved and access model within data and preserve privacy. In this
whenever required, mala- fide actions can be traced back to section, we discuss three specific areas of security research;
the origins. Many compliance specific concerns, in the minds namely; Trusted Computing, Information Centric Security
of enterprises, are perceived (fear of the un-known) than real; and Privacy Preserving Models and show the implications
and better disclosers on part of providers will dispel some for cloud computing.
of the fear. Trusted computing: It is a set technology being devel-
Due to serious concerns regarding the location of data and oped and promoted by Trusted Computing Group (TCG)
processing entities within the cloud, some sort of location [27]. To tackle the concern of un-trusted execution environ-
awareness is required, the primary aim being the ability ment, trusted platform modules enable a strong endorsement
to enforce and establish requirements like “at any time key to attest users to a host and host to users. This is called
data should only reside within these jurisdictions”. Current remote server attestation. All subsequent execution on an
standardization efforts like the Open Grid Forum’s cloud attested host-user pair can then be validated through trusted
computing interface (OCCI) specification, which is meant path mechanism. Trusted virtual machine monitors like
to provide mechanisms of querying the implementations for Terra [28] allow strong isolation at VM layer. Integrity and
information, do not yet provide infrastructure-based location confidentiality of data stored in cloud can either be secured
awareness and there are certainly discussions and efforts through sealed storage [27] or by making authenticity checks
going on around this area [26]. when accessing data. Checksums are useful mechanisms
for this. However, checksums are costly to compute and
III. A DVANCED ISSUES IN CLOUD COMPUTING can only be used after transmission of full data to the
SECURITY client (costly for network). New techniques such as Provable
Data Possession (PDP) in untrusted cloud may be a more
In the previous section, we have discussed generic set of efficient mechanism as it generates a probabilistic proof for
security concerns observed in public and hybrid clouds. We data integrity based on only a small portion of the file
now turn our focus to some atypical cloud specific security [29]. Similarly there are research works around Proof of
issues. In particular, cloud does bring out a set of unique Retrievability (PoR) to give customer some semblance of
challenges like: assurance that once data is stored in a public cloud, it will be
1) Abstraction: Cloud provides an abstract set of service eventually retrievable. Proof carrying codes [30] is another
end-points. For a user, it is impossible to pin-point mechanism through which the cloud provider host can verify
in which physical machine, storage partition (LUN), user applications through formal proofs.
network port MAC address, switches etc. are actually Information centric security (ICS): As information in
involved. Thus, in event of security breach, it becomes the public cloud is stored outside of organizational bound-
difficult for a user to isolate a particular physical aries, we need to insert context specific access metadata in
resource that has a threat or has been compromised. the information itself. Strong encryption of the entire data
2) Lack of execution controls: The external cloud user may not be useful as the data is often processed in cloud in
does not have fine-gained control over remote execu- un-encrypted form which makes it vulnerable. One way of
tion environment. Hence the critical issues like mem- achieving ICS would be to use Policy based or Role based
ory management, I/O calls, access to external shared access controls which can be defined in a language like Ex-
utilities and data are outside the purview of the user. tensible Access Control Markup Language (XACML) which

528
governs context-based access rules in policy enforcement hybrid cloud scenario where a cloud-hosted data ana-
point of the data. Any access request to the data can then lytics application interacts with data behind the enter-
be verified through an assertion or by checking with central prise firewall. It is important to identify if the current
server. Another way could be to add access control metadata application requires compliance to domain-specific
in the form of Cryptographic Message Syntax (CMS) It is security and data protection policies like HIPPA, SAS
more compact than XML, and is flexible enough to freely 70 etc. Further, one should determine if the application
add users to the ‘read’ list as long as each user possesses a requires a fully encrypted communication and if the
cryptographic key pair [31]. application’s interaction with other applications (cloud
Privacy preserving models: In cloud computing data hosted or on-premises) requires secure communication
processing collaboration is often required across sources (e.g. HTTPS / SSL). Furthermore, the use Single Sign-
which have complementary sources of data (like distributed on using SAML or non-SAML techniques need to be
data mining). In multi-party processing, the data hosting determined. Security requirements become stringent
parties may even be passive adversaries - they trust each when applications require role-based access, particu-
other and fulfill the contracts, but may want to gain ‘extra’ larly in a multi- cloud scenario or a hybrid cloud sce-
information out of other parties data. Research around secure nario. Access modes to the application characteristics
multi-party computation [32] seeks to create a randomized - whether web, mobile, or mixed, also determine the
bit-level partition scheme for the data. The random data, additional security protocols the application needs to
even if aggregated (using XOR or other methods) at the support. It is important to perform a security vulnera-
other party site, does not elicit any useful information. bility analysis of the application to identify security
Yet another scenario is where content originated from a loopholes. In a typical web-application, one should
customer and encrypted with customer’s public key meant assess all three tiers - web application tier assessment
for cloud A is passed / routed through cloud B (which for loopholes in CGI scripts, HTML/JSP/JavaScript
is providing a gateway service). It may be necessary for loopholes etc., source code analysis of the business
cloud provider B to carry out some select keyword search tier and database security assessment. For example,
activity to process the request better. For example, searching clear-text passwords and configuration files, often
for and finding the keyword ‘urgent’ in the message may overlooked in secure enterprise computing, should be
mean a different processing logic. Research in ‘searchable avoided in cloud.
encryption’ models is useful here [33]. When a cloud tenant 2) Step 2: Characterize and review cloud provider’s se-
downloads / updates private data from a cloud database, curity strengths and vulnerabilities: Based on a mix of
it may be possible for another ‘curious’ database user to techno-commercial factors, the enterprise can decide
trace back what the user is up-to and gain information on various cloud environments - IaaS, PaaS and SaaS,
about the data set. In other words, in spite of partitioning for potential hosting of applications. In selection of
techniques and access control mechanisms; no database is the cloud environment, security becomes an important
private in information theoretic sense unless a user gets the factor. Similar to Step 1, it is essential to characterize
full copy of the private database and makes update - which provider?s security offering. In doing so, it is good
is impractical. Recent research around using replicated and to perform an in-depth security analysis across infras-
distributed copies of databases shows that a query can tructure and platform, data, and access layers of the
however be formed across the sets which can’t be guessed provider; on concerns depicted in the Section 2 of this
with reasonable computational complexity by another party paper. Such an analysis can be done by going through
[34]. These privacy preserving models and research are published documentation (security controls, protocol
increasingly becoming important in multi-cloud information compliance and standard operating procedures) or by
processing cases. employing services of commercial / open-source cloud
auditing agencies (such as http://www.cloudaudit.org).
IV. STEPS TOWARDS AN SECURITY Further, published audit reports and case studies, if
ASSESSMENT FRAMEWORK available, provide an analysis of the provider’s ‘on-
ground’ adherence to security best-practices and tech-
With such a wide spectrum of concerns, an enterprise has niques. One also needs to keep the local cyber-security
to be very careful in assessing potential security threats to and data location laws in mind. Cloud Security Al-
its applications on a cloud. A three step approach will help liance has also created a cloud Governance, Risk Man-
in rigorous security assessment: agement and Compliance (GRC) toolkit, supported by
1) Step 1: Characterize the application’s security require- checklists and questionnaire, for cloud migration audit.
ments: Each application has different security require- 3) Step 3: Map application’s security characteristics and
ment. E.g. security requirements for an e-commerce cloud security characteristics to perform a fit analysis:
portal hosted on an IaaS are quite different from a Once the application and cloud provider assessments

529
 are performed, a fit analysis can be done to determine [2] SalesForce Force.com Platform as a service,
the best cloud- services provider for an application http://developer.force.com
or class of applications from a security perspective.
[3] NetSuite SaaS portal, http://www.netsuite.com
For enterprises that publish applications to cloud, as
well as for the cloud providers, protocols like Security [4] Gartner DataQuest Forecast on Public Cloud Services DocID
Control Automation Protocol (SCAP), promoted by G00200833, June 2, 2010
NIST [39], should be a good choice for organizing, ex-
[5] Chow,R.,Gotlle,P.,Jakobsson, E.S.,Staddon,J., Masuoka,R.,
pressing, and measuring security-related information
and Molina,J. Controlling Data in the Cloud: Outsourcing
in standardized ways, as well as related reference data Computation without Outsourcing Control. Proceedings of the
such as unique identifiers for vulnerabilities. 2009 ACM workshop on Cloud computing security, 2009
V. CONCLUSION AND FUTURE WORK
[6] Gellman, R., Privacy in the Cloud: Risks to Privacy and Con-
Cloud computing as a platform for outsourcing and re- fidentiality in Cloud Computing. Technical Report prepared
mote processing of application and data is gaining rapid for World Privacy Forum, 2009
momentum. Security concerns - especially those around plat-
[7] Novell Inc. survey on cloud computing,
form, data and access, can prove to be hurdles for adoption http://www.novell.com/news/press/novell-survey-reveals-
of public and hybrid clouds. In this paper, we have tried to widespread-and-accelerating-enterprise-adoption-of-private-
categorize the key concerns and discuss the related technical clouds
implications and research issues, including some advanced
security issues specific to the cloud. We have also discussed [8] Telecommunication Industry Association, TIA-942: Data
Center Standards Overview , http://tiaonline.org
some issues regarding security-related regulatory compliance
in the cloud. Additionally we presented a few high-level [9] Carpenter, M., Liston, t., and Skoudis, E, Hiding Virtualiza-
steps towards a security assessment framework. We made tion from Attackers and Malware. IEEE Security and Privacy
several observations in current cloud security landscape. Magazine, 2007
Firstly, the security standardization activities, under aegis
[10] Ristenport, T., Tromer, E., Shacham, H., and Savage, S., Hey,
of many standard bodies and industry forums like CSA, You, Get Off of My Cloud: Exploring Information Leakage in
OGF, W3C, SNIA etc. are fragmented. Proliferation of open Third-Party Compute Clouds. Proceedings of the 16th ACM
community based identity management solutions also makes conference on Computer and Communication Security, 2009
cloud identity management and integration difficult. Second,
[11] MIT Exo-kernel operating system.
quick provisioning of the users in cloud and mapping of their
http://pdos.csail.mit.edu/exo.html
roles between enterprise and cloud has become somewhat
complicated. Third, Data anonymization and privacy pre- [12] Czajkowski, G., Application Isolation in the Java Virtual
serving techniques will increasingly assume greater impor- Machine. ACM SIGPLAN Notices, vol 35, issue 10. Oct 2000
tance and more mainstream research is required in this area.
[13] M. Jensen, N. Gruschka, and R. Herkenhoner, A survey of
Fourth, migrating generic in-house software code to public attacks on web services. Computer Science Research and
cloud require thorough understanding of potential security Development (CSRD), Springer Berlin/Heidelberg. 2009.
risks. Finally, adherence to the regulatory compliance by
the cloud providers and better disclosure norms from them [14] Google Gears at http://gears.google.com
is imperative for commercial success of cloud. On the other
[15] http://www.zdnet.com/blog/projectfailures/mediamax-the-
hand, we observe the virtualization related security risks linkup-when-the-cloud-fails/999
are not specific to cloud, but risks related to open- source
shared application server, DB and middleware components [16] IBM Homomorphic Encryption research page,
definitely are; and a Trusted Computing Platform to execute http://domino.research.ibm.com/comm/research projects.nsf/
/ isolate client run-times in cloud will definitely help. We pages/security.homoenc.html
believe that this survey, though short, provides a broad- [17] Plank, J.S., Erasure codes for Storage Applications.,Tutorial
level overview of important current and emerging security given at FAST-2005: 4th Usenix Conference on File and
concerns in cloud and delineate main research challenges. As Storage Technologies San Francisco, CA. December, 2005
a subsequent work a more elaborate survey can be under-
taken. We also plan to flesh out the assessment framework [18] Zhong, S., Yang, Z., and Wright, R., Privacy-Enhancing k
- anonymization of Customer Data, Proceedings of the 24th
further, supported by tools - to aid migration of enterprise ACM Symposium on Principles of Databases. 2005
applications to cloud.
[19] Storage Network Industry Alliance, http://www.snia.org
R EFERENCES
[1] Amazon Elastic Compute Cloud web services, [20] Cloud Security Alliance, http://www.cloudsecurityalliance.org
http://aws.amazon.com/ec2

530
[21] OpenID foundation website, http://www.openid.net [31] Cryptographic Message Syntax standard at
http://www.ietf.org/rfc/rfc2630.txt
[22] http://specs.xmlsoap.org/ws/2006/12/federation/ws-
federation.pdf [32] Lindell, Y., and Pinkas, B., Privacy Preserving Data Mining,
Proceedings of 20th Annual International Cryptology Confer-
[23] http://epic.org/privacy/cloudcomputing/google ence. 2000
/ftc031709.pdf
[33] Boneh, D., and Crescenzo, G., D., Public Key Encryption
[24] http://ciocoo.com/clouds-and-data-jurisdiction-282/ with Keyword Search, Proceedings of Advances in Cryptol-
ogy, EuroCrypt 2004. Lecture Notes in Computer Science,
[25] Ruan, K., Cloud Forensics: Challenges and Opportunities, Springer
Presentation from Center of Cybercrime and Investigation.
University College, Dublin [34] Chor, B., Goldreich, O., Kushilevitz, E., and Madhu Sudan,
Private Information Retrieval, Proceedings of the 36th An-
[26] Open Grid Forum‘s OCCI specification, http://www.occi- nual 1EEE conference on foundation of Computer Science.
wg.org/ 1995

[27] Trusted Computing Group, [35] OAuth community site, http://www.oauth.net

http://www.trustedcomputinggroup.org
[36] http://blogs.wsj.com/digits/2009/03/08/1214/
[28] Garfinkel, T., Pfaff,B., Chow, J., Rosenblum, M., and Boneh,
D., Terra: A Virtual Machine-Based Platform for Trusted [37] Reddy, K.K.M, Macko, P., and Seltzer, M., Provenance for
Computing, Proceedings of ACM Symposium on Operating the cloud. Proceedings of the 8th USENIX conference on File
Systems Principles. 2003 and storage technologies, 2010

[29] Ateniese, G., Burns, R., and Curtmola, R., Provable Data [38] http://www.oasis-open.org/committees/provision/
Possession in Untrusted Stores, Proceedings of the 14th ACM
conference on Computer and Communication Security, 2007 [39] National Institute of Standards and Technology (NIST),
http://www.nist.gov
[30] Necula, G., C., Proof-carrying code, Proceedings of 24th
ACM SIGPLAN-SIGACT symposium on Principles of Pro- [40] NIST, Guidelines on Security and Privacy in Public Cloud
gramming Languages, 1997 Computing, http://csrc.nist.gov/publications. 2011

531