UCS531-Cloud Computing

Cloud Computing Issues and Challenges

Cloud Information Security
 Cloud definition (NIST)
• NIST “National Institute of Standards and
Technology”.
• Characterizes cloud computing as
– on-demand service,
– broad network access,
– resource-pooling,
– and measured service
• Classifies services as SaaS, PaaS, and
IaaS;
 Cloud Interoperability and Standards
Interoperability is the ability of two or more systems or
applications to exchange information and to mutually use
the information that has been exchanged
Cloud interoperability
– refers to the ability of the systems to work efficiently
and collaborate effectively across different cloud
platforms”.
– CSP’s services should be flexible enough to integrate
itself into other platforms and services provided by other
CSPs.
Cloud Interoperability and Standards

Portability, is moving the data and/or applications from

one system to another and having it remain useable or
executable.

Cloud Portability means that if the users want to

migrate data or applications from one CSP to others; the
vendor should not lock-in customer data or services and
the migration should be ease
Need of Cloud Interoperability and Portability

• Switching cloud service providers

• Use of multiple cloud service providers
• Hybrid cloud configuration
• Cloud migration – Customer moves one or more inhouse
applications and/or data to Cloud.
 Cloud Interoperability and Standards
• Each CSP has its own ways to define and implement
hypervisors, processes, security, a storage model, a
networking model, a cloud API, licensing models
Cloud interoperability obstacles
When you decide to move an application between clouds, there are
challenges. These include
When you decide to move an application between clouds, there are
challenges. These include:
1.Rebuilding the application and application stack in the target cloud.
2.Setting up the network in the target cloud to give the application the
support that it had in its original cloud.
3.Setting up security to match the capabilities provided by the source cloud.
4.Managing the application running in the target cloud.
5.Handling data movement and the encryption of data while it is in transit
and when it gets to the target cloud.
Cloud Interoperability and Standards
“Entering a cloud computing agreement is easier than leaving
it”.
• Customer may need alternatives
– to find a more suitable solution for current needs.
Or
– vendor is no longer able to provide the required service.
• The aim is to introduce standards and allow interoperability
between solutions offered by different vendors.
• Presence of standards in the cloud computing community
– Can avoid vendor lock-in.
– Could give room for interoperability.
Cloud Interoperability and Standards
• At present, there are no concrete agreement on the
protocols and technologies.
• Organizations leading the path on Standardization Process
– Cloud Computing Interoperability Forum (CCIF)
– Open Cloud Consortium
– DMTF Cloud Standards Incubator
– Open Cloud Manifesto
• Example: More efforts are going in the IaaS market, as the use
of a proprietary virtual machine format constitutes the major
reasons for the vendor lock-in.
Cloud Interoperability and Standards
• Example: In the IaaS market, the use of a proprietary virtual
machine format constitutes the major reasons for the vendor
lockin.
• Open Virtualization Format
– Making an attempt to provide a common format for storing
the information and metadata describing a virtual machine
image.
– Includes full specification for packaging and distributing
virtual machine images in completely platform- independent
fashion.
• Another major direction is to design the common API or
Standard Interface to interact with different Cloud based
Solutions. (to support Interoperability).
Scalability and Fault Tolerance
• An attractive feature of cloud platforms is the
ability to scale on demand.
• Cloud middleware needs to be designed with the
principle of scalability along different dimensions
for example, performance, size, and load.
• Both Scalability and Fault tolerance are needed at
the same time.
Scalability and Elasticity
• An attractive feature of cloud
platforms is the ability to scale on
demand.
• Defined as the cloud's ability to
provide applications, processes and
media to ever growing numbers of
users.
• A virtualized computing resource has
three essential components: CPU,
Memory, Disk.
• Commonly used where the persistent
deployment of resources is required to
handle the workload statically (Not
short term requirements)
Scalability and Elasticity
• Scaling-up

– Limited by physical
machine
capabilities.
– adding more memory
(RAM),
more powerful processors
(CPUs), or faster storage
– For ex. If a host machine
has 8 CPU units and 64 GB
of RAM, a VM inside this
host cannot size over those
numbers with the real power
of computing resources.
Scalability and Elasticity

• Scaling-Out

– This includes the acquisition of

new infrastructure and connecting
it to existing infrastructure so that
they work together seamlessly.
– Complex architectural design is
necessary to build an application
capable of complete horizontal
scaling
Scalability and Elasticity
• Diagonal Scaling
– It is a combination of both
Horizontal and Vertical
scalability.
– The resources can be added
both vertically and horizontally.
• Example Scenario
– Increase in the number of
customers/visitors to a company
(with initially small number of
users).
– Scale up of database
capabilities.
Scalability and Elasticity
• Elasticity
– refers to the ability of a cloud to automatically expand or
compressed the infrastructural resources on a sudden-up and
down in the requirement so that the workload can be managed
efficiently.
– helpful to address only those scenarios where the resources
requirements fluctuate up and down suddenly for a specific
time interval.
Example Scenario:
• Consider an online shopping site whose transaction workload
increases during festive season like Christmas.
• More concern on Cloud-Elasticity service rather than Cloud
Scalability.
Scalability and Elasticity
Practices for maximizing Cloud Scalability and Elasticity
• Employ auto scaling
– Auto scaling is defined as automatically scaling capacity
either up or down based on user-defined conditions.
– For example, if we know that an application always see
high use at night and low use in the morning and plan
accordingly.
• Use load balancing
– automatic way of scaling up by distributing workloads
across various nodes in order to maximize resources.
Elasticity
• Used to meet the sudden up
and down in the workload for a
small period of time.
• Used to meet dynamic
changes, where the resources
need can increase or decrease.
• Commonly used by small
companies whose workload
and demand increases only for
a specific period of time.
• Short term planning and
adopted just to deal with an
unexpected increase in demand
or seasonal demands.
Scalability
• Used to meet the static
increase in the workload.
• Used to address the
increase in workload in an
organization.
• Commonly used by giant
companies whose customer
circle persistently grows in
order to do the operations
efficiently.
• Long term planning and
adopted just to deal with an
expected increase in
demand
 Compliance and Governance
Compliance
– Related to backing data on cloud storage services.
– Compliance is to ensure proper data transfer standards and
regulations to be followed.
– Every time a company moves data from the internal storage to a
cloud, it is faced with being compliant with industry regulations
and laws.

– For example, healthcare organizations in the USA have to

comply with HIPAA (Health Insurance Portability and
Accountability Act of 1996), public retail companies have to
comply with SOX (Sarbanes-Oxley Act of 2002).
 Security, Trust and Privacy
“Security risks of cloud computing are the top concern as
77% of respondents stated in the referred survey.”

• Possible threats from Uploading and Downloading data

from clouds.
• The aim is to prevent data tampering and access to sensitive
information.
• Traditionally managed by cryptographic technologies.
• Privacy “Sensitive and personal information that is kept in
the cloud should be defined as being for internal use only”.

• Website hacking and virus attack are the biggest problems

of cloud computing data security.
Information security is a complex ensemble of
techniques, technologies, regulations, and behaviors that
collaboratively protect the integrity of and access to
computer systems and data.

IT security measures aim to defend against threats and

interference that arise from both malicious intent and
unintentional user error.
Cloud Information Security:
Fundamental security terms relevant to cloud computing

• Key points
– Confidentiality, integrity, authenticity and availability are
associated with measuring security.

– Threats, vulnerabilities and risks are associated with

measuring and assessing insecurity and lack of security.

– Security controls, mechanism and policies are associated

with establishing countermeasures.
The message issued by the cloud consumer to the cloud service is
considered confidential only if it is not accessed or read by an
unauthorized party.
Cloud Information Security

• Basic terms
– Confidentiality something made accessible to only authorized
parties
– Integrity not altered by an unauthorized party.
– Availability always being accessible and usable.
– Threat A potential security violation that can challenge
defenses.
– Vulnerability a weakness that can be exploited to attack on a
system.
How security policies and security mechanisms are used to counter threats,
vulnerabilities, and risks caused by threat agents.
Cloud Information Security

• Threat agent an entity that poses a threat (capable of carrying

an attack)
– Anonymous Attacker
• non-trusted cloud service consumer without permission in
cloud.
• For example: An external software program that launches
network level attacks, bypassing user accounts, stealing user
credentials.
• Can be more dangerous with limited information on security
policies.
– Malicious Service Agent
• Capable of intercepting and forwarding the network traffic that
flows within a cloud.
Cloud Information Security
• Threat agent an entity that poses a threat (capable of carrying
an attack)
– Trusted Attacker
• Sharing IT resources in the same cloud environment as the cloud
consumer.
• Unlike anonymous attacker, launch attacks within the cloud’s
trust boundaries by exploiting legitimate credentials.
– Malicious Insider
• Agent working on behalf or in relation to the cloud provider.
• For example: former employees or third parties with access to
cloud provider’s premises.
Identify the kind of attacker !!

• A person trying to modify the content of your data being

shared to cloud?

• A person trying to get access to your cloud account?

• A cloud user trying to get access to your sensitive data?

Cloud Security Threats
Several common threats and vulnerabilities in cloud-
based environments and describes the roles of the
aforementioned threat agents.
• Traffic Eavesdropping
– Passively Intercepting the data being transferred to or
within the cloud.
– Attack on confidentiality of the data.
Cloud Security Threats
• Malicious Intermediary

– When messages are intercepted and altered by a

malicious service agent.
– Attack on confidentiality and Integrity of the data.
Cloud Security Threats
• Denial of Service
– Overload IT resources to interrupt their proper
functioning.

– Attack on availability of the data.

– Example:
• Repeated communication request.
• Artificially increasing network traffic.
• Sending multiple request which need/consume
excessive memory and processing resources
Cloud Security Threats
• Denial of Service
• Cloud service consumer A sends multiple messages to
a cloudservice hosted on virtual server to overload the
physical server.
 Virtualization Attack
Virtualization provides multiple cloud consumers with
access to IT resources that share underlying hardware
but are logically isolated from each other.
A virtualization attack exploits vulnerabilities in the
virtualization platform to threaten its confidentiality,
integrity, and/or availability.
Cloud Security Threats
• Virtualization Attack
– Virtualization: Provides multiple cloud consumers with
access to IT resources that share underlying hardware but
are logically isolated from each other.
– May involve cloud providers granting administrative
access to virtualized IT resources.
– Cloud consumer could abuse the access to attack the
physical resources.
– Can impact the confidentiality, integrity or availability of
resources.
“An authorized cloud service consumer carries out a
virtualization attack by abusing its administrative
access to a virtual server to exploit the underlying
hardware”.
Cloud Security Threats
• Overlapping Trust Boundaries
– Can happen when IT resources are shared by
different cloud service consumers having overlapping
trust boundaries.

–Malicious cloud service consumers can target

shared IT resources with the intention of
compromising cloud consumers or other IT resources
that share the same trust boundary.
Cloud Security Threats
• Overlapping Trust Boundaries
Cloud Service consumer A is trusted by the Cloud
Provider. Gains Access to a virtual server.
Then uses this access to attack the underlying
hardware/physical server.
Further, attacks the virtual server used by cloud service
consumer B.
Preventive Security Considerations in Cloud Computing

• Identify assets we need to protect.

• Implement Security Policies and Countermeasures.
• Identify kinds of attack that can be mounted and
how to counter those attacks.
• Put geographical restrictions.
• Make sure cloud provider compliance with standard
rules and regulations.
• Evaluate legal issues.
Security and compliance - between AWS and the customer.
Security “of” the cloud versus Security “in” the cloud

AWS is responsible for protecting the infrastructure that runs all the services
offered in the AWS Cloud.