Update Functionality of System

Making use of old and outdated software always poses risk to system security.

Timely updation of the system along with all software should be done. The latest version is made free from vulnerabilities reported in the previous versions. The updations should be made from legitimate site; otherwise the risk of malware attached with updated is also high. The system can be updated automatically with human interaction. This may comprise risk since it is without human interaction and an attacker can make an update which performs some unwanted action.

5.10 Summary

This chapter focuses on emerging storage facilities in cloud computing architecture and various security concerns emerging in the area. It also provides a comprehensive overview of cloud storage and how it is different from traditional architecture. The major focus is cloud storage security, specifically integrity and confidentiality of data. It also highlights the case studies where many security breaches took place over major cloud service providers. A detailed comparison has been made between traditional and cloud-based storage security. Additionally, various requirements of a good solution are discussed with cryptographic techniques at various levels of cloud storage.

5.11 Review Questions

1. What are the major aspects of Infrastructure as a Service (IaaS) security?

2. Why does VM security play an important role in cloud?

3. How does data deduplication lead to security threat to cloud data?

4. Why data encryption may not provide complete confidentiality to cloud data?

5. From security perspective, what are the major differences among available cloud storage techniques?

References

1. Amazon Web Services athttp://aws.amazon.com/

2. Available athttps://www.idc.com/prodserv/4Pillars/cloud

3. Available at http://www.pcworld.com/article/242598/researchers_demo_cloud_security_

issue_\with_amazon_aws_attack.html

4. Balduzzi M, Zaddach J, Balzarotti D, Loureiro S (2012) A security analysis of Amazon’s elastic compute cloud service. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC’12), pp 1427–1434

5. Barua M, Liang X, Lu X et al (2011) ESPAC: enabling security and patient-centric access control for eHealth in cloud computing. Int J Secur Netw 6(2):67–76

6. Burt C (2014) Large volume DDoS attacks see exceptional growth in first half of 2014:

arbor networks. http://www.thewhir.com/web-hosting-news/large-volume-ddos-attacks-see-exceptional-growth-first-half-2014-arbor-networks. Available online on 18 July 2014 7. Chor B, Goldreich O, Kushilevitz E, Sudan M (1995) Private information retrieval. In:

Proceedings of the 36th annual symposium on foundations of computer science. IEEE, Washington, DC, pp 41–51

8. Chor B, Gilboa N, Naor M (1998) Private information retrieval by keywords Report 98-03.

Theory of cryptography library

9. Chow SSM, Chu C, Huang X et al (2011) Dynamic secure cloud storage with provenance.

In: Cryptography and security: from theory to applications. LNCS, vol 6805. Springer, Berlin, pp 442–464

10. Chun-ho Ng, Mingcao Ma, Wong T-y, Lee PPC, Lui JCS (2011) Live deduplication storage of virtual machine images in an open-source cloud, pp 80–99

11. Cloud Computing Architecture. Available at https://en.m.wikipedia.org/wiki/Cloud_

computing_architecture

12. Cloud Security Standards What to Expect & What to Negotiate (2013) http://www.cloud-council.org/

13. Dropbox athttps://www.dropbox.com/en/

14. DropSmack Available at http://www.techrepublic.com/blog/it-security/dropsmack-using-dropbox-to-steal-files-and-deliver-malware/

15. Feng J, Chen Y, Summerville DH (2011) A fair multi-party non-repudiation scheme for storage clouds. In: International conference on collaboration technologies and systems (CTS 2011), Philadelphia, pp 457–465

16. Feng J, Chen Y, Summerville D et al (2011) Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol. In: IEEE conference on consumer communications and networking (CCNC), Las Vegas, pp 521–522

17. Fernandes DAB, Soares LFB, Gomes JV, Freire MM, Inácio PRM (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13:113–170. Springer

18. Fiat A, Naor M (1994) Broadcast encryption. In: CRYPTO93. LNCS, vol 773. Springer, Heidelberg, p 480–491

19. Freire MM, Inácio PRM (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13:113–170

20. Hoffman S (2013) Ddos: a brief history.https://blog.fortinet.com/post/ddos-a-brief-history.

Available online on 25 March 2013

21. Gupta U (2015) Survey on security issues in file management in cloud computing environment. 5

22. Herley C, van Oorschot P, Patrick A (2009) Financial Cryptography and Data Security. In: 13th international conference, Accra Beach, vol 5628. Washington, DC

23.https://www.in.capgemini.com/resource-file-access/resource/pdf 24.http://www.wired.com/2011/05/dropbox-ftc/

25.http://www.tripwire.com/state-of-security/security-data-protection/dropbox-security/

26. Jensen M, Gruschka N, Iacono LL, Horst G (2009) On technical security issues in cloud computing. In: Cloud Computing (CLOUD ’09)

27. Jin K, Miller EL (2009) The effectiveness of deduplication on virtual machine disk images. In:

Proceedings of SYSTOR 2009: the Israeli experimental systems conference, Haifa. ACM, p 7 28. Juels A, Burton J, Kaliski S (2007) PORs: proofs of retrievability for large files. In: Proceedings

of CCS 07, Alexandria, pp 584–597

29. Kamara S, Papamanthou C, Roeder T (2011) CS2: a semantic cryptographic cloud storage system. Microsoft research, Technical report MSR-TR-2011-58

30. Kandukuri BR (2009) Cloud security issues. In: 2009 IEEE international conference on services computing, Bangalore, pp 517–520

31. Kumbhare A, Simmhan Y, Prasanna V (2012) Cryptonite: a secure and performant data repository on public clouds. In: Proceedings – 2012 IEEE 5th international conference on cloud computing, CLOUD 2012, Honolulu, pp 510–517

32. Li J, Chen X, Li M, Li J, Lee PPC, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625 33. Meyer DT, Bolosky WJ (2012) A study of practical deduplication. ACM Trans Storage

7(4):1–20

34. Ng WK, Wen Y, Zhu H (2012) Private data deduplication protocols in cloud storage. In: ACM symposium on applied computing, Trento, p 441

35. Peng Y, Zhao W, Xie F, Dai ZH, Gao Y, Chen DQ (2012) Secure cloud storage based on cryptographic techniques. J China Universities Posts Telecommun 19(Suppl 2):182–189 36. Popa RA, Lorch JR, Molnar D et al (2010) Enabling security in cloud storage SLAs with

CloudProof. Microsoft TechReport MSR-TR-2010, 46

37. Prasad P, Ojha B, Shahi RR, Lal R (2011) 3-dimensional security in cloud computing. Comput Res Dev (ICCRD) 3:198–208

38. Rackspace Open Cloud athttp://www.rackspace.com/cloud

39. Ruj S, Nayak A, Stojmernovic I (2011) DACC: distributed access control in clouds. In: Inter-national joint conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11. IEEE Computer Society, Los Alamitos, 91–98

40. Schwarzkopf R, Schmidt M, Rüdiger M, Freisleben B (2012) Efficient storage of virtual machine images. In: Proceedings of the 3rd workshop on scientific cloud computing date – ScienceCloud ’12, New York, p 51

41. SIT (2012) Technical reports On the security of cloud storage services

42. Somorovsky J, Meyer C, Tran T et al (2012) SEC2: secure moblie solution for distributed public cloud storages. In: 2nd international conference on cloud computing and services science (CLOSER), Porto, pp 555–561

43. Sood SK (2012) A combined approach to ensure data security in cloud computing. J Netw Comput Appl 35(6):1831–1838

44. Storer MW, Greenan K, Long DDE, Miller EL (2008) Secure data deduplication. In:

Proceedings of the 4th ACM international workshop on storage security and survivability StorageSS 08, New York, p 1

45. Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11. Elsevier Conference

46. Wang C, Wang Q, Ren K, Lou W (2009) Ensuring data storage security in cloud computing.

In: IEEE 17th international workshop on quality of service, IWQoS 2009, Charleston, p 19 47. Wang C, Cao N, Li J, Ren K, Lou W (2010) Secure ranked keyword search over encrypted

cloud data. J ACM 43(3):431–473

48. Wei L, Zhu H, Cao Z, Dong X, Jia W, Chen Y, Vasilakos A (2014) Security and privacy for storage and computation in cloud computing. Inf Sci 258:371–386. Elsevier conference 49. Windows Azure athttp://azure.microsoft.com/en-us/

50. Zarandioon S, Yao D, Ganapathy V (2012) K2C: cryptographic cloud storage with lazy revocation and anonymous access. In: Security and privacy in communication networks.

Lecture notes of the institute for computer sciences, social-informatics and telecommunications engineering LNICST, vol 96. Springer, Berlin/Heidelberg, pp 59–76

Shweta Saharan has completed her Bachelor of Technology (B.Tech) from Rajasthan Technical University and received her master’s degree in Computer Science and Engineering (Information Security) from Central University of Rajasthan, India, in 2015. Currently, she is a lecturer in Computer Engineering Department, Indian Institute of Information and Technology (IIIT), Kota.

Her research interests include cloud computing, information and network security, and networking.

Gaurav Somani is an Assistant Professor at Department of Computer Science and Engineering, Central University of Rajasthan, India. He has completed his Bachelor of Engineering (BE) in Information Technology from University of Rajasthan with honors and Master of Technology (MTech) in Information and Communication Technology from DAIICT, Gandhinagar, India, with distinction. He is pursuing his PhD from Malviya National Institute of Technology, Jaipur, India.

His research interests include Distributed Systems and Security Engineering. He has authored a book/monograph on Scheduling and Isolation in Virtualization. He has published a number of papers in various conferences and journals of international repute like ACM SINCONF, ACM CGC, IEEE CLOUD, and Elsevier FGCS. He has served as TPC member in multiple international conferences and reviewer of top journals like IEEE transactions on cloud computing. He is a member of IEEE and ACM.