Department of Computer Science and Engineering

CLOUD SECURITY
BY
ASHWINI S D
1MS19SCS02

UNDER THE GUIDANCE OF

DR. ANNAPURNA PATIL
 2
Agenda

 Introduction to cloud computing

 Cloud Computing framework
 Cloud Architecture
 Threats against cloud environment
 Cloud security solutions
 Conclusion
 References
12/22/2020
 3
Introduction to Cloud Computing

 Cloud computing refers to distribution of computing including hardware, software to the

consumer through internet.
 Cloud computing is a model that enables the service providers to share services and
computing resources to the users.
 In the cloud paradigm, a pool of computing resources is managed by cloud service
providers.
 They offer their services in the form of infrastructure, platform, and software to its
consumers, mostly over the Internet using multi-tenancy and resource virtualization
techniques.
 Cloud service delivery model allows consumers to lease and release computing resources
through self-service interfaces with the pay-as-you-go model.
 4
CLOUD SERVICE DELIVERY MODELS

Figure 1. Service delivery models 12/22/2020

 5
CLOUD SERVICE DELIVERY MODELS

a. Infrastructure as a service [IaaS]:

 It primarily deals with the hardware such as memory, processor, network storage, server, virtual
servers/machine etc.

 The flexibility that allows allocation of virtual or physical resources enables the service providers to provide
the necessary infrastructure in a conceptual manner.

 The introduction of provisions such as hypervisor reduces unnecessary investments in the infrastructure and
reduces the overall expenditure of funds and time.

12/22/2020
 6
CLOUD SERVICE DELIVERY MODELS

b. Platform as a service [PaaS]:

 Here the services are delivered in terms of framework, development of tools, program, architecture, frameworks
and IDE i.e., Integrated Development Environment.

 Here the users are provided with the ability to control the applications however they don’t have the necessary
means to control the underlying infrastructure.

 This is highly useful when the resources are placed across various physical locations and may require to work
together.

 Google App Engine is one of the popular PaaS providers that provides an environment for software
Development kit for languages such as Java and python etc. 12/22/2020
 7
CLOUD SERVICE DELIVERY MODELS

c. Software as a service [SaaS]:

 SaaS can be defined as an assemblage of remote-computing-services.
 SaaS is one of the best models in terms of services provided.
 With the help of third-party vendors, applications can be deployed remotely.
 This enables the end users to have access to cloud service (such as CSP’s)
through the internet.
 SaaS is been used extensively in the cloud market and has been on a steady
growth scale.
12/22/2020
 8
CLOUD COMPUTING FRAMEWORK

12/22/2020
Figure 2. Cloud computing framework
 9
CLOUD DEPLOYED MODELS
a. Private cloud: Here the cloud computing is managed and operated within a single organization’s data centre. This is
referred as a private cloud. Generally business units make provisions for a dedicated use of the cloud infrastructure in
an organization.

b. Public cloud: The true essence of cloud hosting is in Public cloud where a strong service level agreement [SLA] is
established between the provider and the customer in order to preserve trust between them. This infrastructure
provides an open forum in term of accessibility to the public or the business unit it is provided to. Public cloud
environments are owned and operated by various business, governmental institutions, and academics.

c. Community Cloud: A community cloud is one which is shared and operated by multiple organizations or institutions.
These are placed either on-campus or off-campus. The main advantage here is the cost cutting, as one does not have
to pay as much for a private cloud but at the same time it reduces the security risk like in public cloud.
12/22/2020
 10
CLOUD DEPLOYED MODELS
d. Hybrid cloud: It is a mixture of two or more clouds [either private, public or
community type]. Since it’s a combination of multiple cloud, it provides the advantages of
those cloud providers and its deployment models. It provides a secure and very well-
organized accessibility of the entities or resources compared to Public cloud.

e. Virtual Private cloud: It is having various resources that are made up of virtual private
network (VPN). It is configurable on demand from the shared resources that are assigned
inside the cloud environment .
12/22/2020
 11
CLOUD COMPUTING BASIC COMPONENTS

a. Virtualization: It is the main player in terms of cloud as this component allows access for multiple users of the
physical resource by creating virtual instances of this machine or its operating system or the server, a network
resource, or even storage devices where it can be used from multiple execution environment

b. Cloud Storage: The storage is managed, maintained and taken regular backups remotely such that it is accessible all
over the network through which the end users can utilize the data.

c. Multi-tenancy: Multi-Tenancy enables the best utilization of the physical resources such as the data storage, hardware
etc. Here, in this environment there can be more than one numbers of users who do not share individual data nor will
they see each other’s information however, would be sharing the resources or perhaps application on an execution
environment.

12/22/2020
 12
CLOUD COMPUTING BASIC COMPONENTS

d. Cloud Network: It has the ability to be operated from multiple data centers. Generally, data centers hold
anywhere from hundred to a thousand set of servers. In order to develop and maintain the storage, here a
network infrastructure is necessary for maintaining and developing the cloud, and this referred as cloud
computing. An internet connection is one of the pre-requisites along with a VPN which allows the consumer
to access devices or files on the network such as printers, files, applications etc.

e. The Hypervisor: This again one of the key components in the field of virtualization. It facilitates numerous
VMs to run and execute on a single hardware host. It checks and manages the all the operating systems, that
are running over the shared physical device.

12/22/2020
 13
CLOUD COMPUTING LAYERED MODEL

1. Application and interface layer

 The cloud consumer access the services through the web browser and is secured through
user identification, authentication and authorization using mechanisms like public-key
cryptography, OAuth, etc. This ensures secure data communication using the encryption
techniques.

2. Platform layer

 This layer provides software development, run-time execution, testing and deployment
environments. The user can develop and deploy the applications and also can install the
software applications, customized to suit the end user’s requirements . Technologies and
frameworks, like Java SDK, IDE, .NET, Google App Engine etc., enable this layer to
provide PaaS over the underlying cloud infrastructure.
Figure 3. Cloud architecture 12/22/2020
 14
CLOUD COMPUTING LAYERED MODEL

3. Infrastructure layer:

 Virtualization and hypervisor: This layer provides services for internal communication among virtualized components. This
layer provides secure communication mechanisms for the elements like DNS servers, DHCP servers that are shared by virtual
machine instances.

 Storage: The cloud consumer who outsources the storage of its business data to the third party should take care of the availability
and protection of the data. This layer provides services for data storage for user data life cycle management.

 Hardware: This layer consists of all the raw computing hardware. The set of hardware resources are allocated and managed
using virtualization technologies.

 Facilities: This layer is all about the data center and its physical environment management. The physical environment where the
cloud infrastructure is installed and running have an impact on data availability and service continuity.
 15
CLOUD COMPUTING LAYERED MODEL

4. Assurance and compliance vertical

 Assurance function includes ensuring the SLA’s, logging of the users, etc. Compliance to legal and regulatory clauses need
to be provided as and when required as per the law of the land and it might involve both cloud provider and consumer as
per applicability. Data privacy compliance requirements must be furnished to ensure user data stored and managed by a
cloud provider is not being used other than agreed intended purpose.

5. Cloud administration & business support functions

 This provides shared services to perform cloud administration and business support activities. It provides services for
cloud orchestration in an optimal way to provide best propositions of services offered to the cloud consumers. It performs
administrative functions like cloud service deployments, configuration and provisioning of the offered services.
12/22/2020
 16
CLOUD SECURITY CONCERNS
a. Storage security: On the cloud, once the customer or end user stores the information and then no longer be the owner of the data where it
has been stored. This is done as part of maintaining quality of service. It will guarantee the correctness of user’s data stored in the cloud. It
utilizes homomorphic token along with distributed verification of erasure-coded data.

b. Software security: This deals with the robustness of the cloud environment. How correctly it shall behave under malicious activities. To
build a software for cloud computing which provides security in terms of buffer overflow, bugs, design flaws, error handling is a challenge.

c. Infrastructure security: Providing security to the physical or virtual infrastructure is the most fundamental challenge. Even though one
acquires a formal proof in the form of attestation, it simply might not be sufficient for some critical organizational process. It is of utmost
importance to substantiate the infrastructure as part of the business requirements.

d. Network security: Any form of communication or data transfer requires internet and thus it is cornerstone of cloud computing. Here
concerns arise either in the form of external or internal attacks. These attacks can be expected on both physical and the virtual networks.
12/22/2020
 17
ATTACKS ON CLOUD SECURITY
 Denial of Service attack: This is a type of attack where thousands of requests are sent to the
victim by the attacker and may affect the cloud actual behaviour and also availability of cloud
services.
 Service Injection attack: The attacker makes a malicious image of the allocated resources
and injects it to the cloud environment. This malicious server acts as a cloud service when a
new user requests for a service which may affect the cloud functionalities.
 User to root attack: The attacker acquires the access of the entire system by seizing the user’s
account and the password. This is executed through overflowed data where excessive data is
sent to a statistically defined buffer.
 Port Scanning: This is used to identify open, closed and filtered ports of the system. The
attackers use open port like services, MAC address that belong to a connection to seize the
12/22/2020
information.
 18
ATTACKS ON CLOUD SECURITY

 Man-in-the-middle attack: This attack is possible due to the lack of security configuration in a Secure Socket Layer (SSL).
The attacker is active in the middle when the data is passed between two parties and is capable of accessing the data.

 Metadata Spoofing attack: The attacker attacks the WSDL file and perform deletion or modification and wait until the
service delivery time. During this time, the attacker interrupts the service invocation code in the WSDL file. The solution to
this attack is to encrypt the file and have strong authentication to access them.

 Phishing attack: This is performed to manipulate a web link. The user is redirected to a fake web page and has entered his
credentials, after that the attacker can access the credentials.

 Backdoor Channel attack: This permits the attacker to access the remote computer programs that control the victim
resources. The attacker can deploy zombies to perform the DDos attack, but attackers often use backdoor channel to control
the resources where the privacy and confidentiality of the data is breached. 12/22/2020
 19
CLOUD SECURITY SOLUTIONS

 Software Defined Networking Technology (SDN):

 It is a novel cloud computing network design that mainly helps in detecting and preventing Distributed Denial
Of Service attacks in cloud computing.

 Researchers have focused on reviewing the defence mechanisms of SDN against DDoS in cloud computing
environment and also protecting SDN against adversarial attacks.

 They have used combination of SDN and cloud technologies as security mechanism against DDoS attacks
and have also designed network architectures that help to protect the cloud environment against specific
attacks.
12/22/2020
 20
CLOUD SECURITY SOLUTIONS
 Intrusion detection system: IDS is a software application that identifies abnormal behaviours in the cloud environment that may be a result
of a attacker trying gain access to the information stored in cloud or the cloud resources. The main challenge for IDS is to distinguish
between genuine users and malicious users or classify activities as legal or malicious. There are 2 types of IDS approaches:

1. Knowledge or Signature based IDS: It identifies patterns or signatures of well-known attacks. It can easily detect well-known attacks but
cannot recognize zero-day or novel attacks.

2. Behaviour or Anomaly based IDS: If there is any deviation from the normal behaviour then it is treated as malicious behaviour. Anomaly
based IDS can detect both well-known and novel attacks but has a greater number of false positives i.e. classifies unknown normal activities
as malicious.

 IDS only detects intrusions whereas Intrusion detection and prevention systems (IDPS) take necessary steps such as logging off a user,
shutting down servers, issuing alerts, etc when an intruder is detected. Various IDS have been developed by researchers using data mining,
artificial intelligence, machine learning, statistical analysis, and other techniques. 12/22/2020
 21
CLOUD SECURITY SOLUTIONS
 Firewalls: Firewalls are an efficient security mechanism for detecting malicious threats among the cloud servers. Network
protection provided by traditional firewalls is based on ports, Ip addresses, protocols, etc. They cannot detect attacks
originating within an organization or any other complex attacks. They are not smart enough to differentiate network traffic
based on its types. Due to these limitations, next generation firewalls (NGFWs) were developed. NGFWs can detect complex
issues such as DDOS, port scanning, IP spoofing, etc.

 Cryptography: This security mechanism is used to protect the data and services in cloud. There are 2 types of cryptographic
algorithms: symmetric and asymmetric. Hybrid algorithms combines the benefits of both these types. Client’s data can be
protected using efficient algorithms such as Diffie-Hellman, RSA, Data encryption standard (DES), Advanced encryption
standard (AES) and Triple DES. Authentication mechanisms such as 2 factor or multi-factor authentication with multiple
levels of hashing and encryption techniques help to prevent unauthorized accesses to cloud data and resources.
12/22/2020
 22
CLOUD SECURITY SOLUTIONS

 Machine learning:
 Machine learning provides a highly responsive and automated approach to
security.
 It enables an augmented ability to detect threats and high-risk data outflows.
 Many anti-malware solutions are only capable of responding to known
threats.
 Machine learning takes a fundamentally different approach to defending
against malware – these solutions determine if files are likely to take
malicious actions by analysing their behaviours and characteristics. 12/22/2020
 23
CLOUD SECURITY SOLUTIONS

 If a file is determined to be a likely threat, it can be blocked when users try to upload it to
the cloud or download it to a device.
 As more files are analysed and more malware is detected, accuracy only increases. This
thorough, automatic security is particularly helpful for enterprises that store large amounts
of data in multiple cloud applications.
 The growing abundance of cloud data could be machine learning’s greatest asset and
biggest challenge.
 Meeting all of these demands is typically not a simple process. However, to find solutions
and develop machine learning in the cloud, it’s essential that cloud providers, third-party
vendors, governments, users, and data subjects work together.
12/22/2020
 24
CONCLUSION
 The evolution of cloud computing has benefited applications and business processes
significantly.
 It has been observed that the number of attacks has doubled in the past 2 or 3 years. This
might be because adversaries have become more sophisticated and have found ways to
monetize insecure cloud data or resources.
 Hence there is a dire need for security mechanisms to protect these resources.
 Though the best security solution has not yet been found, Cloud can be made more secure
by standardizing security mechanisms in cloud architectures, by using machine learning
algorithms or data analytics to detect or prevent attacks, by implementing proper
authentication protocols and encrypting data that can be easily captured by adversaries.
12/22/2020
 25
REFERENCES
[1] Masroor Khan (2019); A Cloud Security Model Based On Machine Learning and Neuron Network; International Journal of Scientific
and Research Publications (IJSRP) 9(2) (ISSN: 2250-3153), DOI: http://dx.doi.org/10.29322/IJSRP.9.02.2019.p8659.

[2] Rakesh Kumar, Rinkaj Goyal, “On cloud security requirements, threats, vulnerabilities and countermeasures: A survey”, Computer
Science Review, Volume 33, Pages 1-48, 2019.

[3] "Cisco Security Analytics," 2018. [Online].

Available:https://www.cisco.com/c/dam/en/us/products/collateral/security/stealthwatch/white-paper-c11-740605.pdf.

[4] F. Ghaffari, H. Gharaee and A. Arabsorkhi, "Cloud Security Issues Based on People, Process and Technology Model: A Survey," 2019
5th International Conference on Web Research (ICWR), Tehran, Iran, 2019, pp. 196-202, doi: 10.1109/ICWR.2019.8765295.

 
12/22/2020
 26
REFERENCES
[5] Saurabh Singh, Young-Sik Jeong, Jong Hyuk Park, "A survey on cloud computing security: Issues, threats, and
solutions", Journal of Network and Computer Applications, Volume 75, Pages 200-222, 2016.

[6] Ashish Singh, Kakali Chatterjee, “Cloud security issues and challenges: A survey”, Journal of Network and Computer
Applications, Volume 79, , Pages 88-115, 2017.

[7] Shyam, Gopal & Doddi, Srilatha. (2019). Machine vs Non-Machine Learning Approaches to Cloud Security Solutions:
A Survey. International Journal of Engineering and Technology. 11. 376-390. 10.21817/ijet/2019/v11i2/191102063.

[8] R.Campagna, "CSO Online," 2018. [Online]. Available: https://www.csoonline.com/article/3255298/how-machine-

learning-is-shaping-the-next-generation-of-cloud-security.html.

12/22/2020