Professional Documents
Culture Documents
ACM - State of Art of Cloud Computing A Classification of Security Challenges in The Present Cloud PDF
ACM - State of Art of Cloud Computing A Classification of Security Challenges in The Present Cloud PDF
ABSTRACT 1. INTRODUCTION
Cloud computing has taken center stage in the present business Cloud computing is rapidly transforming the way organizations
scenario due to its pay-as-you-use nature, where users need not view their IT resources. From a scenario of a single system
bother about buying resources like hardware, software, consisting of single operating system and single application,
infrastructure, etc. permanently. As much as the technological organizations are moving into cloud computing where resources
benefits, cloud computing also has risks involved. By looking at are available in abundance and the user has a wide range to
its financial benefits, customers who cannot afford initial choose from. In cloud computing, the end-users need not know
investments, choose cloud by compromising on the security the details of a specific technology while hosting their application,
concerns. At the same time due to its risks, customers ± relatively as the service is completely managed by the cloud service
majority in number, avoid migration towards cloud. This paper provider (CSP). Users can consume services at a rate that is set by
analyzes the current security challenges in cloud computing their particular needs. This on-demand service can be provided
environment based on state-of-the-art cloud computing security any time. CSP takes care of all the necessary complex operations
taxonomies under technological and process-related aspects. on behalf of the user. It provides the complete system which
allocates the required resources for execution of user applications
Categories and Subject Descriptors and management of the entire system flow. Figure 1, depict the
D.4.6 [Operating Systems]: Security and Protection ± access visual representation of the architecture of cloud computing.
controls, authentication, cryptographic controls, information flow
controls, security kernels, verification.
K.6.5 [Management of Computing and Information Systems]:
Security and Protection ± authentication, physical security,
unauthorized access.
General Terms
Security, Standardization, Verification, Management.
Keywords
Cloud computing, cloud security, state-of-the-art cloud computing
security taxonomies, logical storage segregation, multi-tenancy,
malicious insider, identity management, virtualization, hypervisor
vulnerabilities, cloud API, cloud migration, SLA.
Permission to make digital or hard copies of part or all of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. Copyrights
for components of this work owned by others than ACM must be
honored. Abstracting with credit is permitted. To copy otherwise, to
republish, to post on servers or to redistribute to lists, requires prior Figure 1. Cloud Computing Architecture.
specific permission and/or a fee.
ICACCI '12, August 03 - 05 2012, CHENNAI, India There are many benefits of cloud computing. Cost optimization
Copyright 2012 ACM 978-1-4503-1196-«. among them is the frontrunner, since you pay as you go. The
470
other benefits are increased mobility, ease of use, portability of 2.2.2 Broad Network Access
application, etc. This means users can access information The deployed customer application must be available to the end-
anywhere easily. users in heterogeneous environment i.e. thin or thick client
As per International Data Corporation (IDC) reports [1] ³7KH platforms (e.g., mobile phones, tablets, laptops, and workstations).
proliferation of devices, compliance, improved systems 2.2.3 Resource Pooling
performance, online commerce and increased replication to &63¶V DUH UHVSRQVLEOH for serving multiple customers by
secondary or backup sites is contributing to an annual doubling of sharing/pooling their resources in a multi-tenant model while
the amount of information transmitted over the InterQHW´7KHFRVt keeping customers away from location transparency concerns
of handling the huge amount of data is something that every (through appropriate mapping mechanisms between physical or
organization must address. Considering the present rising virtual machines).
economy, organizations are looking at cost saving measures.
Among all, the best part of cloud computing is that it provides 2.2.4 Rapid Elasticity
more flexibility than its previous counterparts. As promised E\ µSD\-as-you-use¶ model computing, customers
Having recognized two major benefits of cloud computing are should be able to scale-up and scale-down the available features
lower cost service and ease of use, it also has significant security on an on-demand basis automatically.
issues and challenges in many aspects. It is important to 2.2.5 Measured Service
understand and address these security gaps by taking into account
Based on the dynamic decisions taken by the customers while
the user privacy, sensitivity of data in critical enterprise
accessing/using the cloud services (example, switching between
applications when it gets deployed in cloud, especially in public
GLIIHUHQW VFKHPHV RI &63¶V RIIHULQJV WKH V\VWHP VKRXOG WDNH
and hybrid cloud environments.
automatic control in providing appropriate services (to facilitate
In this paper, we have investigated the security challenges µcharge-per-use¶) as demanded by the customer without the
involved in cloud computing with respect to its architectural & involvement of CSP.
technological aspects, and process & regulatory related aspects.
2.3 Service Models
2. CLOUD COMPUTING Figure 3 elucidates the cloud reference model given by Cloud
PHYSIOGNOMIES AND MODELS Security Alliance (CSA) [3]. In general, there are three basic
designs of cloud computing models as described below:
2.1 Definition
Cloud computing [2] is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers,
storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider
interaction with the following five essential characteristics. Figure
2 illustrates the holistic view of cloud computing environments
with its mandatory characteristics and different models.
2.2 Characteristics
2.2.1 On-demand Self-service Figure 3. Cloud Reference Model.
Customers should be capable of accessing/controlling
/provisioning their deployed application independently whenever
UHTXLUHGZLWKRXW&63¶VLQWHUYHQWLRQ Source: Security Guidance for Critical Areas of Focus in Cloud
Computing V2.1, Cloud Security Alliance
3. SECURITY CHALLENGES
Cloud computing attracts users with its great elasticity and
scalability of resources with an attractive tag line µpay-as-you-use¶
at relatively low prices. Compared to the construction of their own
infrastructures, customers are able to cut down on expenditure
significantly by migrating computation, storage and hosting onto
Figure 4. CSP Vendors.
the cloud. Although this provides savings in terms of finance and
manpower, it brings with new security risks. Considering the
Figure 4 displays the some of the business vendors who provide influence of cloud computing with respect to its business benefits
services in different cloud domains. and technological transformations, the future enterprise
applications are going to be completely dependent on it. It has its
2.4 Deployment Models benefits; nevertheless it has numerous issues and challenges with
Figure 5 demonstrates the different cloud deployment models and respect to the security aspects. There are many research
the connections among them [3]. Irrespective of the service model organizations, cloud vendors, product development enterprises
being used, based on the way end-users publish their application and academic research institutes working on various security
in cloud, deployment models are categorized as follows: classifications of cloud computing and its solutions. This paper
analyses the current security challenges in cloud computing
2.4.1 Private Cloud environment based on state-of-the-art Cloud Computing Security
This kind of cloud setup is for the sole use of a single Taxonomies (T1 to T9) under the following two categories.
company/organization and its customers. This setup may reside
Level 2: Cloud migration Knowing the significance of SLA and its legal aspects, it is highly
recommended that the customer must know and be clear on the
Considering the physical separation of organizations (may be complete requirements, specifically with respect to the security
customer-to-CSP or CSP-to-CSP), migration brings a challenging aspects of their business. We identified the following as SLA
situation(s) to both the parties involving in business such as secure security qualities (SSQ), which are mandatory for any customers
transmission of digital content (data & network security issues), who enter into cloud business model with CSP.
maintenance of customer & their end-XVHU¶VSHUVRQDOLQIRUPDWLRQ
(privacy issues) along with the governance compliance SSQ1. Promises on logical segregation of customer data
(regulatory issues), etc. SSQ2. Accessibility & auditability of both customer and CSP