Cloud Computing Security - Foundations and Challenges (2016)

(1)

F O U N D AT I O N S A N D C H A L L E N G E S

Cloud Computing

SECURITY

(2)

(3)

CRC Press is an imprint of the

Taylor & Francis Group, an informa business Boca Raton London New York

E D I T E D B Y

J O H N R . V A C C A

F O U N D AT I O N S A N D C H A L L E N G E S

Cloud Computing

SECURITY

(4)

6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742

CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works

Printed on acid-free paper Version Date: 20160725

International Standard Book Number-13: 978-1-4822-6094-6 (Hardback)

This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation

without intent to infringe.

Library of Congress Cataloging‑in‑Publication Data

Names: Vacca, John R., 1947- editor.

Title: Cloud computing security : foundations and challenges / editor, John R. Vacca.

Description: Boca Raton : CRC Press, 2017. | Includes bibliographical references and index.

Identifiers: LCCN 2016009645 | ISBN 9781482260946

Subjects: LCSH: Cloud computing--Security measures. | Computer networks--Security measures. | Data protection. | Computer security. Classification: LCC QA76.585 .C5825 2017 | DDC 005.8--dc23 LC record available at https://lccn.loc.gov/2016009645

Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com

(5)

(6)

(7)

vii

Foreword, xi

Preface, xiii

Acknowledgments, xix

The Editor, xxi

Contributors, xxiii

S

ection

mario Santana

S

ection

(8)

S

ection

pramoD panDya

S

ection

iv Operating System and Network Security

c

hapter

17

◾

Locking Down Cloud Servers

223

thorSten herre

c

hapter

18

◾

Third-Party Providers Integrity Assurance for Data Outsourcing

241

JiaWei yuananD Shucheng yu

S

ection

v Meeting Compliance Requirements

c

hapter

19

◾

Negotiating Cloud Security Requirements with Vendors

257

Daniel S. Soper

c

hapter

20

◾

◾

Trusted Computing Technology and Proposals for Resolving Cloud Computing

Security Problems

345

tao Su, antonio lioy, anD nicola barreSi

c

hapter

27

◾

Assuring Compliance with Government Certification and

Accreditation Regulations 359

Sarbari gupta

c

hapter

28

◾

Government Certification, Accreditation, Regulations, and Compliance Risks

367

thorSten herre

S

ection

vi Preparing for Disaster Recovery

c

hapter

29

◾

Simplifying Secure Cloud Computing Environments with Cloud Data Centers

383

thorSten herre

c

hapter

30

◾

Availability, Recovery, and Auditing across Data Centers

397

reZa curtmolaanD bo chen

S

ection

mohammaD kamrul iSlamanD raSib khan

APPENDIX A: LIST OF TOP CLOUD COMPUTING SECURITY IMPLEMENTATION AND DEPLOYMENT COMPANIES, 471

APPENDIX B: LIST OF CLOUD COMPUTING SECURITY PRODUCTS AND SERVICES, 475 INDEX, 481

(10)

(11)

xi

I

once asked an IT executive of a large

tele-communications company, if he had secured all of the thousands of computers that the company had? He replied: “I will when I find them.” That was over 25 years ago. But it may now equally depict efforts to secure com-puting assets in the cloud, just as it did back then when computers were in dozens of buildings spread across the Midwest states.

Cloud computing provides a new level of convenience and ease of use. In many cases, favorable cost structures can also be realized. However, many cloud users have lost sight of the fundamentals of managing information technology assets. Thus, the out-of-sight, out-of-mind mentality that an organization can easily fall into when managing cloud assets can increase vulnerabilities as asset control becomes more lax.

In this book, John R. Vacca has called upon a great number of industry experts to address the fundamen-tal issues and challenges of securing IT assets that are living in the cloud. The book provides applicable knowledge and actionable recommendations. It also offers some very sound axioms about IT asset manage-ment. For example, you need to know what you have, what it does, where it is, how it works, what needs to be done to secure it and make sure it is available when needed.

The cloud is not a magic place where all is well. It is just like any other place where there are IT assets. I strongly recommend you read this book.

Michael Erbschloe*

Information Security Consultant

* Michael Erbschloe teaches information security courses at Webster University in St. Louis, Missouri.

(12)

(13)

xiii

SCOPE OF COVERAGE

This comprehensive handbook serves as a professional reference, as well as a practitioner’s guide to today’s most complete and concise view of cloud computing security. It offers in-depth coverage of cloud computing security theory, technology, and practice as they relate to established technologies, as well as to recent advance-ments. It explores practical solutions to a wide range of cloud computing security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.

The primary audience for this handbook consists of engineers/scientists interested in monitoring and analyzing specific measurable cloud computing secu-rity environments, which may include transportation and/or infrastructure systems, mechanical systems, seismic events, and underwater environments. This book will also be useful for security and related professionals interested in tactical surveillance and mobile cloud computing security target classifica-tion and tracking. Other individuals with an inter-est in using cloud computing security to understand specific environments may include undergraduates, graduates, academia, government, and industry; any-one seeking to exploit the benefits of cloud comput-ing security technologies, includcomput-ing assesscomput-ing the architectures, components, operation, and tools of cloud computing; and anyone involved in the secu-rity aspects of cloud computing who has knowledge at the introductory level of cloud computing or equiva-lent experience. This comprehensive reference and practitioner’s guide will also be of value to students in upper-division undergraduate and graduate-level courses in cloud computing security.

ORGANIZATION OF THIS BOOK

This book is organized into seven sections, composed of 34 contributed chapters by leading experts in their fields, and two appendices, including an extensive glos-sary of cloud security terms and acronyms.

Section I: Introduction

Section I discusses cloud computing essentials, such as: cloud computing service models, like software as a service (SaaS), platform as a service (PaaS), infrastruc-ture as a service (IaaS), and desktop as a service (DaaS), including public, private, virtual private, and hybrid clouds. The establishment of cyber security fundamen-tals and software, and data segregation security are also discussed.

Chapter 1: “Cloud computing essentials” sets the stage for the rest of the book by presenting insight into the main idea of cloud computing. This is to outsource the management and delivery of software and hardware resources to third-party companies (cloud providers), which specialize in that particular service and can pro-vide much better quality of service at lower costs in a convenient fashion. In addition, the authors also present an overview of key concepts and enabling technologies of cloud computing, including virtualization, load bal-ancing, monitoring, scalability, and elasticity.

Chapter 2: “Overview of cloud computing” provides a detailed description of the basic concepts, followed by a discussion of the principal types of services typically offered by cloud providers. The chapter then looks at various deployment models for cloud systems followed by an examination of two cloud computing reference architectures developed by NIST and ITU-T, respec-tively. A consideration of these two different models provides insight into the nature of cloud computing.

(14)

Chapter 3: “Cloud security baselines” presents the essentials of cloud computing security, one of the main challenges of the field. It starts with an overview of com-puter security, discussing its three pillars— confidentiality, integrity, and availability—and other important concepts such as authenticity and non- repudiation. The concepts of vulnerabilities, threats, and attacks in general, and in the context of cloud computing, are also discussed. Reviews of the most common mitigations for cloud computing threats follow. This chapter also considers privacy and security in cloud storage services and multiclouds and cloud accountability and concludes with a summary and a discussion of research challenges.

Chapter 4: “Cloud security, privacy, and trust baselines” introduces an alternate classification that distinguishes risks into three categories. The first category includes the threats against the infrastructure and the host of a cloud system. The second category is about the threats affecting the service providers and the third includes various other generic security threats. The aim of the proposed classifica-tion is to create a very efficient security check list for cloud systems that will be useful to everyone willing to build or use a cloud infrastructure/service.

Chapter 5: “Infrastructure as a Service (IaaS)” exam-ines the major components of a cloud infrastructure, and some concepts to help you think about the security of that architecture. Whether a cloud environment is private, public, or hybrid, whether it performs business-critical tasks or supports peripheral activities, whether it houses the company’s crown jewel data or no data at all— understanding how security practices and controls work in a cloud environment will allow you to apply the right kinds of security to meet your risk tolerance for any situation.

Section II: Risk analysis and division of responsibility Section II explores how to manage risks in the cloud, using such practices as dividing operational respon-sibility and virespon-sibility, retaining information security accountability, and managing user authentication and authorization. The section also covers negotiating secu-rity requirements with vendors, which includes identi-fying needed security measures, establishing a service level agreement (SLA), and ensuring SLAs meet security requirements.

Chapter 6: “Risk and trust assessment: schemes for cloud services” provides a survey on cloud risk assess-ments made by various organizations, as well as risk and

trust models developed for the cloud. In the next section, the authors define risk and elaborate on the relations and differences among risk analysis, assessment, and management. Then, they introduce recent studies car-ried out for analyzing the threats and vulnerabilities, including the Cloud Security Alliance (CSA) initiative to analyze the top threats against the cloud and to obtain a better insight into how well the cloud service provid-ers (CSP) are prepared for them. Next, cloud risk assess-ment by two European Agencies, namely the European Network and Information Security Agency (ENISA) and the French National Commission on Informatics and Liberty (CNIL) are presented, and two models developed by A4Cloud, which is a European Framework Seven project, are introduced. The cloud adopted risk assessment model (CARAM) is a qualitative model that adapts ENISA and CNIL frameworks for specific CSP CC pairs based on controls implemented by CSPs and assets that the CC is planning to process or store in a cloud. The second model is called the joint risk and trust model (JRTM), which is a quantitative model based on the CSP performance data.

Chapter 7: “Managing risk in the cloud” explores the Tier 3 security risk related to the operation and use of cloud-based information systems. To prevent and miti-gate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their residual risk below the threshold of the acceptable level of risk.

Chapter 8: “Cloud security risk management” pro-vides an in-depth presentation of the fundamental aspects of cloud security risk management, starting from the definition of risk and moving to analyze cloud-specific risks. With respect to risk management, the authors emphasize the contractual nature of cloud computing, thus focusing specifically on service level agreements (SLAs), an issue that has been the subject of several relevant analyses and proposals in recent years.

Chapter 9: “Secure cloud risk management: risk miti-gation methods” explains how with computer systems, there are many risks: hardware failures, software bugs, internal users, physical security, power outages, Internet outages, hackers, viruses, malware, outdated software, lost or forgotten passwords, and out-of-date backups. More risks include cost increases, deferred mainte-nance by your provider, and weather-related risks to the hosting site or sites. Managing these risks has become important to most businesses, and utilizing technology

(15)

and third-party partners to decrease your risk and increase your uptime is a shared goal among all provid-ers and clients.

Section III: Securing the cloud infrastructure

Section III discusses securing the platform, which includes restricting network access through security groups, configuring platform-specific user access con-trol, and integrating cloud authentication/authorization systems. The section also covers compartmentalizing access to protect data confidentiality and availability, such as securing data in motion and data at rest, and identifying your security perimeter. Topics like cloud access control and key management, cloud computing architecture and security concepts, secure cloud archi-tecture, and designing resilient cloud architectures are also included.

Chapter 10: “Specification and enforcement of access policies in emerging scenarios” addresses a scenario in which different parties (data owners or providers) need to collaborate and share information for performing a distributed query computation with selective disclo-sure of data. Next, the authors describe solutions that are used to both grant access privileges to users and to enforce them at query evaluation time. Then, they sum-marize approaches that associate a profile with each relation to keep track of the attributes that should be provided as input to gain access to the data. They also illustrate a join evaluation strategy that reveals neither the operands nor the result to the server evaluating the join. Next, the authors describe a solution based on the definition of pairwise authorizations to selectively regulate data release. In addition, they illustrate a pro-posal that permits a user to specify preferences about the providers in charge of the evaluation of his or her queries. Finally, the authors describe an authorization model regulating the view that each provider can have on the data and illustrate an approach for composing authorizations.

Chapter 11: “Cryptographic key management for data protection” describes the foundational concepts in cryptographic key management, the design choices for key management systems, and the challenges of key management in cloud systems and strategies for imple-menting effective key management within the cloud.

Chapter 12: “Cloud security access control: distrib-uted access control” details how many systems merely require a simple user-generated password to gain access,

while others are more robust. Next, the authors dis-cuss the requirements of your application, what laws concerning data breaches may be applicable to you and what you need to try to mitigate your risk through good security practices. Then, the authors cover how SNMP, encryption, firewall, anti-virus, and strong passwords are needed to effectively monitor and protect any cloud platform from attack. Finally, the authors focus on how poor password selection, stolen laptops, sharing of the same password among different websites, and leaving computers on and unlocked for easy access to physical use are among the top threats.

Chapter 13: “Cloud security key management: cloud user controls” covers a new key-enforced access control mechanism based on over-encryption. Next, the authors propose LightCore, a collaborative editing cloud service for sensitive data with key-enforced access control. Then, they propose a new key-enforced access control mecha-nism based on over-encryption, which implements the update of access control policy by enforcing two-layer encryption. In addition, the authors present a dual-header structure for eliminating the need to re-encrypt related data resources when new authorizations are granted and propose batch revocation for reducing the overhead for re-encryption when revocations happen in order to implement an efficient update of access con-trol policy in cryptographic cloud storage. Next, they describe the system design of LightCore, and finally the authors present the results of the experiments, showing that a high performance of LightCore is achieved and suggesting suitable keystream policies for different use scenarios.

Chapter 14: “Cloud computing security essentials and architecture” defines the cloud ecosystem as a com-plex system of interdependent components that work together to enable a cloud-based information system. The authors discuss the importance of building trust and introduce the concept of trust boundary and then identify and discuss each logical or physical boundary in the cloud ecosystem. Finally, the authors discuss key elements of boundary definition and acceptable risk.

Chapter 15: “Cloud computing architecture and secu-rity concepts” focuses on cloud services and resources that can be accessed easily by customers and users through a network such as the Internet. The authors also explore on-demand services or resources, where custom-ers can use resources based on their needs and require-ments anywhere and anytime. In addition, the authors

(16)

show how highly scalable resources and service capa-bilities can be achieved automatically in some cases. Finally, the chapter covers measured services, in which the usage of the allocated resources and services (such as storage, processing, and memory) can be controlled, measured, managed, and reported, so both customers and providers can have a clear view over the needs and consumption of the resources.

Chapter 16: “Secure cloud architecture” addresses the scope and the nature of privacy and security within the public cloud. Furthermore, in this chapter, the authors review aspects of cloud computing security, as this is a fundamental building block on which cloud services are constructed. Although the primary focus is on pub-lic cloud, some aspects of security are pertinent to a pri-vate cloud, or even a hybrid cloud.

Section IV: Operating system and network security Section IV discusses locking down cloud servers: scan-ning for and patching vulnerabilities, and controlling and verifying configuration management. This section also covers leveraging provider-specific security options: defining security groups to control access, filtering traf-fic by port number, benefiting from the provider’s built-in security, and protectbuilt-ing archived data.

Chapter 17: “Locking down cloud servers” outlines the basic security measures in an IaaS cloud provider environment. It also explains some of the key security features that can be used by the cloud server administra-tor to ensure the deployed virtual machines are “secure by default.”

Chapter 18: “Third-party providers integrity assur-ance for data outsourcing” covers the system model, as well as the threat model, of integrity auditing for cloud storage followed by a review of existing POR and PDP schemes proposed for third-party integrity auditing for cloud storage. In conclusion, the authors demonstrate how to design a third-party integrity auditing that can simultaneously achieve dynamic data sharing, multi-user modification, public verifiability, and high scalabil-ity in terms of data size and number of data files. Section V: Meeting compliance requirements

Section V explores managing cloud governance, which includes retaining responsibility for the accuracy of the data, verifying integrity in stored and transmitted data, and demonstrating due care and due diligence. The section also covers: integrity assurance for data

outsourcing, secure computation outsourcing, integrity and verifiable computation, independent verification and validation, computation over encrypted data, and trusted computing technology. In addition, this section focuses on the assurance of compliance with govern-ment certification and accreditation regulations, which includes HIPAA, Sarbanes-Oxley, Data Protection Act, PCI DSS, standards for auditing information systems, and negotiating third-party provider audits.

Chapter 19: “Negotiating cloud security require-ments with vendors” reviews several different orienta-tions toward negotiation and examines the implicaorienta-tions of these orientations in the context of organizational security requirements for information technology prod-ucts or services purchased from a cloud-based service provider.

Chapter 20: “Managing legal compliance risk in the cloud and negotiating personal data protection require-ments with vendors” presents tips and recommenda-tions to be considered in the cloud relarecommenda-tionship during the pre-contractual, contractual, and post-contractual phases.

Chapter 21: “Integrity assurance for data outsourc-ing” surveys several RDIC schemes that were proposed over the past few years. The authors first present RDIC schemes proposed for a static setting, in which data stored initially by the client does not change over time. Then they switch their attention to RDIC schemes that allow data owners to perform updates on the outsourced data.

Chapter 22: “Secure computation outsourcing” helps readers understand the challenges of ensuring secure computation outsourcing to clouds and become famil-iar with the existing state-of-the-art solution and open research problems in this area.

Chapter 23: “Computation over encrypted data” introduces several cryptographic methods to perform computation over encrypted data without requiring the users’ secret keys. The authors then describe non-interactive methods in which the user no longer needs to participate in the procedure of computing on the encrypted data once it is uploaded to the cloud. In par-ticular, they describe techniques in the following catego-ries: homomorphic encryption, functional encryption, and program obfuscation. In the last part of the chapter, the authors look at other variants and some interactive methods in which the user and cloud jointly compute the encrypted data.

(17)

Chapter 24: “Trusted computing technology” aims to better define a specific area that encompasses hard-ware roots of trust and the technologies now available on the server side. The authors address a core area con-cerning information security in the cloud, ensuring that low-level compromises to the hardware on the unified extensible firmware interface (UEFI) and basic input and output system (BIOS) via low-level root kits become visible to system administrators.

Chapter 25: “Computing technology for trusted cloud security” specifically delves into trusted execution tech-nology that has a long history of attempts (and partial success) to secure the execution of code and access to premium/pay-per-use data.

In particular, the authors survey trusted computing technologies, highlighting pros and cons of both estab-lished technologies and innovative proposed solutions. They delve into the state of the art for such technolo-gies and discuss their usage in the cloud as well as their impact and benefits in cloud computing scenarios.

Chapter 26: “Trusted computing technology and pro-posals for resolving cloud computing security problems” shows that verification of the software environment in a cloud computing system is feasible, both for nodes executing just one OS and for nodes running multiple hosted systems as virtual machines.

Chapter 27: “Assuring compliance with government certification and accreditation regulations” reviews key government regulations related to the certification and accreditation of cloud-based information systems and applicable certification and accreditation regimes.

Chapter 28: “Government certification, accreditation, regulations, and compliance risks” describes govern-ment and country-specific requiregovern-ments in the context of cloud computing. It explains existing international standards and attestations that can be used as a baseline for the cloud service, and outlines some of the risks in this area.

Section VI: Preparing for disaster recovery

Section VI discusses the implementation of a plan to sus-tain availability, which includes distributing data across the cloud to ensure availability and performance, and addressing data portability and interoperability for a change in cloud providers. The section also includes exploitation of the cloud for disaster recovery options: achieving cost-effective recovery time objectives and employing a strategy of redundancy to better resist

denial of service (DoS). Finally, this section focuses on secure data management within and across data centers, and availability, recovery, and auditing.

Chapter 29: “Simplifying secure cloud computing environments with cloud data centers” delves into the particular security and risk aspects of using a cloud data center, and how a cloud customer can evaluate and benchmark the security of the chosen cloud data center provider.

Chapter 30: “Availability, recovery, and auditing across data centers” presents RDIC techniques for replication-based, erasure coding–based, and network coding–based distributed storage systems. This chapter also describes new directions that were recently pro-posed for the distributed RDIC paradigm.

Section VII: Advanced cloud computing security Section VII focuses on advanced failure detection and prediction, advanced secure mobile cloud, future directions in cloud computing security—risks and challenges, cloud computing with advanced security services, and advanced security architectures for cloud computing.

Chapter 31: “Advanced security architectures for cloud computing” analyzes what is different about the public cloud and which risks and threats truly merit consideration before migrating services.

Chapter 32: “Side-channel attacks and defenses on cloud traffic” briefly reviews some necessary definitions, then discusses existing countermeasures. Next, the authors describe traffic padding approaches to achieve the optimal tradeoff between privacy protection and communication, and computational cost under differ-ent scenarios and assumptions. Finally, the authors dis-cuss some open research challenges.

Chapter 33: “Clouds are evil” demonstrates how to seek out and connect with vendors and services and how those vendors and services connect back to you and others. This chapter is designed to serve as a warning of things to avoid, and things to embrace. It also cov-ers which traditions in information security you need to forget, and which traditions you need to embrace, as you move toward the cloud.

Chapter 34: “Future directions in cloud computing security: risks and challenges” discusses how cloud computing has become the dominant computing para-digm. It also discusses how due to the significant ben-efits in terms of flexibility, performance, and efficiency,

(18)

cloud computing is slowly but steadily being adopted by almost all sectors. This chapter also describes how, as more sectors migrate to cloud computing, it becomes very important for cloud computing to be fully ready not only for performance expectation, but also for all types of potential security issues, risks, and challenges. In addition, this chapter stresses that as cloud computing is still a new technology, it is high time to think critically about the security concerns and prepare cloud computing for the next generation of

computation. Finally, the chapter recommends wider adoption of the cloud in critical areas such as health, banking, and government, and how it is a vital step to identify the major concerns and proactively approach a trustworthy cloud.

John R. Vacca

Managing and Consulting Editor TechWrite Pomeroy, Ohio

(19)

xix

T

here are many people whose efforts have

contributed to successful completion of this book. I owe each a debt of gratitude and want to take this opportunity to offer my sincere thanks.

A very special thanks go to my Executive Editor Rick Adams, without whose continued interest and support this book would not have been possible, and to Editorial Assistant Sherry Thomas, who provided staunch sup-port and encouragement when it was most needed. I am also grateful to my Project Editor Marsha Hecht; Project Coordinator Kari A. Budyk; and the copyeditors and proofreaders, whose fine editorial work has been invalu-able. Thanks also to my Marketing Manager Joanna Knight, whose efforts on promoting this book have been greatly appreciated. Finally, thanks to all of the other peo-ple at CRC Press (Taylor & Francis Group), whose many talents and skills are essential to a finished book.

Thanks to my wife, Bee Vacca, for her love, her help, and her understanding of my long work hours. Also, a

very special thanks to Michael Erbschloe, for writing the foreword. Finally, I wish to thank all the following authors who contributed chapters that were necessary for the completion of this book: Anna Squicciarini, Daniela Oliveira, Dan Lin, William Stallings, Sokratis K. Katsikas, Costas Lambrinoudakis, Nikolaos Pitropakis, Mario Santana, Erdal Cayirci, Michaela Iorga, Marco Cremonini, James T. Harmening, Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati, Sarbari Gupta, Randall DeVitto, Weiyu Jiang, Jingqiang Lin, Zhan Wang, Bo Chen, Kun Sun, Anil Karmel, Pramod Pandya, Riad Rahmo, Thorsten Herre, Jiawei Yuan, Shucheng Yu, Daniel S. Soper, Paolo Balboni, Reza Curtmola, Shams Zawoad, Ragib Hasan, Feng-Hao Liu, Felipe E. Medina, Roberto Di Pietro, Flavio Lombardi, Matteo Signorini, Tao Su, Antonio Lioy, Nicola Barresi, Albert Caballero, Wen Ming Liu, Lingyu Wang, John Strand, Mohammad Kamrul Islam, and Rasib Khan.

(20)

(21)

xxi John R. Vacca is an information technology consultant,

professional writer, editor, reviewer, and internation-ally known best-selling author based in Pomeroy, Ohio. Since 1982, John has authored/edited 77 books. Some of his most recent books include:

• Handbook of sensor networking: Advanced tech-nologies and applications. CRC Press (an imprint of Taylor & Francis Group, LLC), 2015.

• Network and system security, 2nd edition. Syngress (an imprint of Elsevier Inc.), 2013.

• Cyber security and IT infrastructure protection. Syngress (an imprint of Elsevier Inc.), 2013.

• Managing information security, 2nd edition. Syngress (an imprint of Elsevier Inc.), 2013.

• Computer and information security handbook, 2nd edition. Morgan Kaufmann (an imprint of Elsevier Inc.), 2013.

• Identity theft (cybersafety). Chelsea House Publishers, 2012.

• System forensics, investigation, and response. Jones & Bartlett Learning, 2010.

• Managing information security, 1st edition. Syngress (an imprint of Elsevier Inc.), 2010.

• Network and systems security, 1st edition. Syngress (an imprint of Elsevier Inc.), 2010.

• Computer and information security handbook, 1st edition. Morgan Kaufmann (an imprint of Elsevier Inc.), 2009.

• Biometric technologies and verification systems. Elsevier Science & Technology Books, 2007.

• Practical Internet security (hardcover). Springer, 2006.

• Optical networking best practices handbook (hard-cover). Wiley-Interscience, 2006.

• Guide to wireless network security. Springer, 2006. • Computer forensics: computer crime scene

investi-gation (with CD-ROM), 2nd edition. Charles River Media, 2005.

John has authored more than 600 articles in the areas of advanced storage, computer security, and aerospace technology (copies of articles and books are available upon request). John was also a configuration manage-ment specialist, computer specialist, and the computer security official (CSO) for NASA’s Space Station Program (Freedom) and the International Space Station Program, from 1988 until his retirement from NASA in 1995. In addition, John is also an independent online book reviewer. Finally, John was one of the security consultants for the MGM movie titled Antitrust, which was released on January 12, 2001. A detailed copy of his author bio can be viewed at http://www.johnvacca.com. John can be reached at [email protected].

(22)

(23)

xxiii Paolo Balboni

ICT Legal Consulting

Balboni, Bolognini and Partners Law Firm Milan, Italy

Nicola Barresi

Dipartimento di Automatica e Informatica Politecnico di Torino Torino, Italy Albert Caballero DigitalEra Group, LLC Surfside, Florida Erdal Cayirci

Faculty of Science and Technology University of Stavanger

Stavanger, Norway

Sabrina De Capitani di Vimercati

Department of Information Technology Università degli Studi di Milano

Crema (CR), Italy

Bo Chen

Pennsylvania State University University Park, Pennsylvania

Marco Cremonini

Department of Computer Science Department of Information Technology Università degli Studi di Milano

Crema (CR), Italy

Reza Curtmola

Department of Computer Science

New Jersey Institute of Technology (NJIT) Newark, New Jersey

Randall DeVitto

Illinois State University Orland Park, Illinois

Roberto Di Pietro

Department of Mathematics and Physics Università di Padova

Padova, Italy

Sara Foresti

Crema (CR), Italy

Sarbari Gupta

Electrosoft Services, Inc. Reston, Virginia

James T. Harmening

Computer Bits, Inc. Chicago, Illinois

Ragib Hasan

UAB SECRETLab

Department of Computer and Information Sciences University of Alabama at Birmingham

Birmingham, Alabama

Thorsten Herre

Security and Compliance Office Cloud and Infrastructure Delivery SAP SE

Walldorf, Germany

Michaela Iorga

Secure Systems and Applications Group 773.03 Computer Security Division, ITL

National Institute of Standards and Technology Gaithersburg, Maryland

(24)

Mohammad Kamrul Islam

Birmingham, Alabama

Weiyu Jiang

Sr. Security Risks and Compliance TPM AWS China

Chaoyang District, Beijing

Anil Karmel

C2 Labs, Inc. Reston, Virginia

Sokratis K. Katsikas

Department of Digital Systems

School of Information and Communication Technologies

University of Piraeus Piraeus, Greece

Rasib Khan

Birmingham, Alabama

Costas Lambrinoudakis

Dan Lin

Missouri University of Science and Technology Rolla, Missouri

Jingqiang Lin

Institute of Information Engineering Chinese Academy of Sciences Haidian District, Beijing

Antonio Lioy

Dipartimento di Automatica e Informatica Politecnico di Torino

Torino, Italy

Feng-Hao Liu

Department of Computer Science University of Maryland

College Park, Maryland

Wen Ming Liu

Concordia University Montreal, Quebec, Canada

Flavio Lombardi

Istituto per le Applicazioni del Calcolo IAC-CNR Rome, Italy Felipe E. Medina Trapezoid, Inc. Miami, Florida Daniela Oliveira

Electrical and Computer Engineering Department University of Florida

Gainesville, Florida

Pramod Pandya

Information Systems and Decision Sciences (ISDS) Department

Mihaylo College of Business and Economics California State University

Fullerton, California

Nikolaos Pitropakis

Riad Rahmo

IT Consultant

Mission Viejo, California

Pierangela Samarati

(25)

Mario Santana

Terremark Worldwide, Inc. Miami, Florida

Matteo Signorini

Communication Technologies Department Universitat Pompeu Fabra

Barcelona, Spain

Anna Squicciarini

Pennsylvania State University University Park, Pennsylvania

William Stallings

Independent Consultant Brewster, Massachusetts

John Strand

Black Hills Information Security Sturgis, South Dakota

Daniel S. Soper

Department of Information Systems and Decision Sciences

Mihaylo College of Business and Economics California State University

Fullerton, California

Tao Su

Dipartimento di Automatica e Informatica Politecnico di Torino

Torino, Italy

Kun Sun

Department of Computer Science College of William and Mary Williamsburg, Virginia John R. Vacca TechWrite Pomeroy, Ohio Lingyu Wang Concordia University Montreal, Quebec, Canada

Zhan Wang

State Key Laboratory of Information Security Institute of Information Engineering

Chinese Academy of Sciences Haidian District, Beijing

Shucheng Yu

Department of Computer Science University of Arkansas at Little Rock Little Rock, Arkansas

Jiawei Yuan

Department of Computer Science University of Arkansas at Little Rock Little Rock, Arkansas

Shams Zawoad

University of Alabama at Birmingham Birmingham, Alabama

(26)

(27)

1

I

(28)

(29)

3

Cloud Computing Essentials

Anna Squicciarini

Pennsylvania State University University Park, Pennsylvania

Daniela Oliveira

University of Florida Gainesville, Florida

Dan Lin

Missouri University of Science and Technology Rolla, Missouri

1.1 INTRODUCTION TO CLOUD COMPUTING

Cloud computing is being acclaimed as the penultimate solution to the problems of uncertain traffic spikes, com-puting overloads, and potentially expensive investments

in hardware for data processing and backups [1]. It can

potentially transform the IT industry, making both software and infrastructure even more attractive as ser-vices, by reshaping the way hardware is designed and purchased. In practice, cloud computing is a computing paradigm to supplement the current consumption and

delivery model for IT services based on the Internet, by providing for dynamically scalable and often virtual-ized resources over the Internet.

The cloud computing paradigm is not new and can be thought of as an extension of how we use the Internet. In fact the term cloud is also used to represent the Internet. The main idea of cloud computing is to out-source the management and delivery of software and hardware resources to third-party companies (cloud pro-viders), which specialize in that particular service and

can provide much better quality of service at lower costs in a convenient fashion. For example, now an enterprise can purchase the access of hardware resources accord-ing to its actual demands and without upfront costs. If the demand decreases, the enterprise can decrease the amount of remote hardware resources for which it is pay-ing. If demand increases, the enterprise can easily adjust the resources to the demand. In spite of the enormous advantages of this distributed computing paradigm new challenges arise, especially related to data and computa-tion security. Because computacomputa-tional resources are off-premises, enterprises do not have the same amount of control over their resources and their data. In most cases they have no guarantees over the level of security and protection of the resources they manipulate. For exam-ple, an enterprise might purchase access to an operating system that is compromised by an adversary who can steal its data or interfere with its computation. Company data might be stored in a different country where laws governing data ownership might be different from what the company expects. For instance, a European cloud consumer that decides to store its database with a cloud provider in the U.S. might discover that its data are sub-ject to inspection because of the U.S. Patriot Act. Because the cloud computing market is unregulated and the ser-vice level agreements (SLAs) between cloud providers and cloud consumers are vague, it is still very difficult to hold cloud providers liable for security breaches.

The main advantages of cloud computing are conve-nience and cost reduction. Cloud providers specialize in the service they offer: renting hardware, operating sys-tems, storage, and software services. Thus a company does not need to hire a variety of IT personnel and can focus on its primary mission. For example, a company does not need to have personnel specialized in backup, as it can purchase this service from a company that specializes in

backup such as Code42 CrashPlan [2]. The backup cloud

provider will likely provide a much better service than ad hoc personnel hired to take care of it. Related to conve-nience, this computing outsourcing model also reduces enterprise upfront and ongoing costs. A company does not need to plan for ups and downs in resource consump-tion. Cloud computing services operate in a pay-as-you-go model and shield burdensome tasks such as equipment and software updates and maintenance from the cloud consumer. The cloud consumer can employ the money saved in future equipment investments and administra-tion on areas strategic to its mission.

The U.S. National Institute of Standards and

Technology (NIST) [3] defines cloud computing

as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configu-rable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

1.2 CHARACTERISTICS OF

CLOUD COMPUTING

NIST [3] has made efforts to provide a unified way to define cloud computing and its main functionality. Despite its complexity and heterogeneous nature, NIST has identified five essential characteristics that represent a cloud computing platform:

• On-demand self-service: Cloud computing ven-dors offer provision of cloud resources on demand whenever they are required by adopters. On-demand self-service resource sourcing is con-sidered a crucial feature of the cloud computing paradigm, as it allows users to scale the required infrastructure up to a substantial level without dis-rupting the host operations.

• Broad network access: Cloud computing resources can be accessed and provisioned through basic network connection and for multiple device types. • Resource pooling: Resources are pooled for more

efficient and effective use. Through multitenancy and virtualization techniques, multiple users may be served by the same physical hardware.

• Rapid elasticity: Cloud computing resources are elastic, to the extent that they can be “sized” and “re-sized” as needed, in real time. Resource alloca-tion can be adjusted as a customer requires more (or less) servers or storage. At its core, cloud elasticity entails continual reconfiguration in network and related controls from the cloud Internet. NIST dis-tinguishes two types of scaling options: horizontal and vertical, which involve launching additional services and/or resources, and changing the com-puting capacity of assigned resources, respectively. • Vertical scaling: Vertical scaling involves changing

the computing capacity assigned to resources while keeping the number of physical machines constant.

(31)

Other characteristics that distinguish the cloud puting environment from standard on premises com-puting environments are the virtualization of resources

and multitenancy (Figure 1.1). Multitenancy is the key

common attribute of both public and private clouds, and it applies to all three layers of a cloud. It refers tothe ability of serving multiple tenants from the same infrastructure and software application. In a way, mult-itenancy is a byproduct of virtualization. Virtualization enables the creation of virtual machines, software applications, and instruments that serve multiple ten-ants at the same time, rendered from the same physical infrastructure.

In the cloud environment, computing resources are remote and presented to cloud consumers as a virtualized resource. A cloud consumer when purchasing access to a hardware platform does not have access to actual dedi-cated hardware, but to a virtual platform. Other resources like cloud software such as Google Docs are also shared among many cloud consumers. Tenants are isolated from each other, much like processes are isolated from one another in modern operating systems.

Cloud computing services are provided on a pay per use model and follow a “measured-service” model. The cloud provider measures or monitors the provision of services for various reasons, including billing, effective use of resources, or overall predictive planning. Various usage-specific metrics (network I/O, storage space used, etc.) are used to calculate charges for adopters.

1.3 CLOUD COMPUTING MODELS

Cloud computing includes a number of implementations based on the services they provide, from application ser-vice provisioning to grid and utility computing. Below we discuss the most well-known models underlying the cloud paradigm.

1.3.1 Service Models

Cloud computing resources are heterogeneous, varying from software services to data storage, to operating systems and hardware infrastructure. Depending on the type or granularity of the service, there are three different cloud delivery models: infra-structure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS). Cloud con-sumers will access cloud resources via cloud client applications that can be installed in a variety of prem-ises (buildings of the organization) and devices

(desk-tops, lap(desk-tops, tablets, and smartphones). Figure 1.2

illustrates these three models, which are described in the following subsections.

1.3.1.1 Infrastructure-as-a-Service

In this model raw IT resources such as hardware, stor-age, IP addresses, and firewalls are provided to the cloud consumers over the Internet. Hypervisors, such as Xen, Oracle VirtualBox, KVM, VMware ESX/ESXi, or Hyper-V, run a set of virtual machines on real IT resources and provide virtualized versions of these

Applications OS Server Control Ad min burden Applications OS Cloud Docs

FIGURE 1.1 Multitenancy and virtualization.

FIGURE 1.2 Cloud delivery models: infrastructure-as-a- service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS).

(32)

resources to cloud consumers. Cloud consumers have the freedom to install any environment on such plat-forms and the software they want, and experience great freedom in administering these resources and control-ling their security and reliability. Examples of cloud providers for IaaS include Amazon Web Services (AWS), Windows Azure, Google Compute Engine, Rackspace Open Cloud, and IBM SmartCloud Enterprise.

1.3.1.2 Platform-as-a-Service

For cloud consumers who want a greater level of com-puting and administration outsourcing, cloud pro-viders also offer ready-to-use platforms as a service. In this model, a complete virtualized environment with an operating system image installed can be rented. Development platforms, web servers, and databases are also usually provided. Having acquired a specific plat-form, cloud consumers are free to install and administer applications running on the virtualized environment. The level of governance and control over the system also decreases, as the cloud provider installs, administers, and patches the platform. Security at hardware and OS level is completely dependent on the cloud provider poli-cies and mechanisms.

1.3.1.3 Software-as-a-Service

The most fine-grained delivery model is when cloud consumers access third-party software via the Internet. Access can be granted free (e.g., Google Docs) or via sub-scription models (e.g., DropBox for file synchronization or SmugMug for photo management). The cloud con-sumer has little control over the way the cloud software runs and the security of the data it accesses. The cloud software provider takes all the administrative burden. 1.3.2 Deployment Models

The way cloud services are deployed might vary accord-ing to the ownership of the service, the size of the cloud resources, and the restrictions to client access. There are three main models: public, private, and hybrid cloud.

Public clouds (Figure 1.3) are owned by third parties,

which commercialize cloud resources to the general public. Everything works as if the organization out-sourced the service of provisioning IT resources, envi-ronments, and software to an off-premises third party. In this environment several different organizations or individuals might share a physical resource, like a server, through multitenancy and virtualization. Security is

challenging because cloud clients depend on the cloud provider to guarantee isolation of data and computation among a heterogeneous set of clients. Examples of pub-lic cloud providers include Microsoft, Google, Amazon, and AWS.

A private cloud (Figure 1.4) is owned by an

organi-zation, located on the premises, and offers a collection of IT resources to various departments or parts of the organization. It centralizes IT resources within a usu-ally large organization so that its various parts experi-ence all the advantages of cloud computing: elasticity, on-demand self-service, and scaling. The organization is at the same time a cloud provider and a cloud consumer. Being a cloud provider, the organization assumes all the costs of capability planning for the IT resources, the bur-den of resource administration, and reliability and secu-rity assurances. This increases the level of control and security of organization assets as they can determine and enforce their own security policies and mechanisms.

A hybrid cloud (Figure 1.5) combines a set of

pub-lic and private clouds. For example, an organization might have a private cloud to store sensitive intellectual property information but might make use of a public

FIGURE 1.3 A public cloud is accessible to the general public.

Department X Branch 1 Department Y

FIGURE 1.4 A private cloud is generally owned by an organization.

(33)

cloud service to rent servers for running performance- intensive tasks or just because the private cloud is run-ning at peak capacity. The organization needs to employ some secure protocol for communications between the two cloud environments. For example, there should be some control of network traffic between the two clouds and access control for communications of virtual machines between the two environments.

1.4 CLOUD SERVICES AND TECHNOLOGIES

Cloud computing is a relatively new business model for outsourced services. However, the technology behind cloud computing is not entirely new. Virtualization, data outsourcing, and remote computation have been developed over the last 40 years, and cloud computing provides a streamlined way of provisioning and deliv-ering such services to customers. In this regard, cloud computing has often been criticized as representing just a new trend, rather than an innovative computing tech-nology. As such, it is often best described as a business paradigm or computing model rather than any specific technology. In this section, we present an overview of key concepts and enabling technologies of cloud com-puting including virtualization, load balancing, moni-toring, scalability, and elasticity.

Intuitively, virtualization is a key enabler for high server utilization and multitenancy.

A cloud consumer, when purchasing access to a hard-ware platform, does not have access to actual dedicated hardware, but to a virtual platform. Other resources like cloud software such as Google Docs are also shared among many cloud consumers. Tenants are isolated

from each other, much like processes are isolated from

one another in modern operating systems (Figure 1.6).

Isolation techniques aim at ensuring that the virtual environments residing on the same node or hypervisor do not interfere with one another and protect themselves from possible pollution due to malware or information leakage. These techniques are at the heart of cotenancy and are useful for controlling and keeping multitenants isolated and independent. Some researchers have noted how isolation of virtual resources is still an open

chal-lenge [4,5]. As noted by Raj and colleagues [6], resources

that may be implicitly shared among VMs, such as the last level cache (LLC) on multicore processors and memory bandwidth, present opportunities for secu-rity or performance interference. Some have suggested a possible solution is for future cloud computing envi-ronments to include security and performance isolation constraints as part of their SLA to improve transparency

of cloud resources (Figure 1.7).

Where isolation techniques provide guarantees for multitenancy, load balancing is one of the key ingredi-ents for scalable computing. Load balancing involves physical or logical entities in charge of distributing network or computational tasks across a number of servers to meet application and network workloads. In the cloud, these servers are cloud computing nodes, in charge of high-performance computing tasks. Through load balancers, it is possible to increase capac-ity ( concurrent users) and reliabilcapac-ity of applications. Common forms of load balancing are round-robin, pri-ority-based, low latency, etc. Note that load balancing can be implemented both in software, run on standard

Department X Department Y

Security controls

Branch 1 Private

Public

(34)

operating systems, and on hardware, implemented in application-specific integrated circuits.

Along with load-balancing methods come replica-tion techniques. Replicareplica-tion techniques provide a way to maintain multiple copies of the data in the cloud and may be host-based or network-based. In general, replica-tion techniques are essential for any sensitive data stor-age techniques to provide guarantees of reliability and business continuity. Cloud-based replication approaches provide replication of data in multiple locations, in a

load-balanced and dynamic manner. In particular, repli-cation is often used as one of the many services offered to cloud consumers, which can replicate their local data for higher business continuity and faster recovery in case of disasters in a cost-effective manner.

1.5 RESEARCH CHALLENGES

The inception of cloud computing as a business and computing model has seen an increasing interest from researchers, both in academia and industry [1]. There are

Number of tenants accessing the cloud

Dedicated hosting accessed by multiple tenants

Community cloud Outsourced

community cloud community cloudVirtual Dedicated hosting

accessed by one tenant accessed by one tenantShared hosting Number of tenants sharing IT resources hosting the cloud Shared hosting accessed by multiple tenants

FIGURE 1.6 Whenever companies collaborate, they commonly have access to shared application and data to do business. Even though the companies have mutual relationships and agreements in place, the data and application functionality may be sensitive and critical to their business needs.

(35)

many avenues for research, fueled by the growing inter-est in cloud computing as a paradigm, a business model,

and how it impacts end users and organizations [7].

To this date, there are dozens of academic conferences devoted to various aspects of the cloud.

We can organize our understanding of research challenges in cloud computing by looking at cloud computing as a resource for research and as a research problem in itself. From the first angle, how can the cloud help in answering difficult research questions? Can data-intensive applications provide knowledge and answers that could open new frontiers of our understanding? While this is a main driver for research and develop-ment of grid computing architectures, it is still unclear how to optimally operate a cloud system in scientific domains, such as physics and engineering, for example. Also, how can large-scale computation be achieved in a reliable and efficient manner? The body of work devoted to high-performance computing strives to continuously improve for efficient and effective computational and

parallel processing models [8].

Second, what are the ways to improve cloud services and architecture? Can cloud computing serve a larger number of users in a consistently transparent yet reliable manner?

Most recent work has focused on improved service provisioning, tackling problems related to paralleliza-tion, scalability, efficiency, and large-scale processing, along with monitoring and service control of

data-intensive applications. As noted by Barker et al. [9],

there are some important opportunities for research in cloud computing that require further exploration. These include user-driven research (how to develop environments that support budget-limited compu-tation based on a set of user-driven requirements), and new programming models (what are, if any, the alternatives to MapReduce?), PaaS environments, and improved tools to support elasticity and large-scale debugging.

Finally, how can we improve cloud adopters’

confi-dence [10] and limit potential risks from using cloud

services? Some recent statistics have shown users’ reluctance in adopting clouds due to lack of confidence in the security guarantees offered by cloud

provid-ers, and in particular, poor transparency [11]. Specific

issues reported by users relate to lack of confidential-ity, poor integrity guarantees, and potentially limited availability.

1.6 SUMMARY

Cloud computing has gained great interest over the last few years, from both industry and academia. Though a standardization effort is now in place, much is left to be done to define cloud computing in a coherent and uni-fied manner. Interestingly, though initially considered just a buzzword by many skeptical users, over recent years the cloud has shown to be a key enabler for many enterprises and organizations, also due to its flexibility and unique ability to serve cloud adopters in a tailored and cost-effective manner.

To this date, there are still several aspects of cloud computing worthy of investigation including technical and less technical issues, such as parallelization or pric-ing schemes. In particular, privacy and security issues are still important barriers hindering cloud adoption. With technology surrounding cloud moving at a very fast pace, it is challenging to ensure that users’ data and processes are confidential and correct at all times. Given a growing competitive market, most cloud providers focus on making services effective and scalable, often foregoing issues of reliability and resiliency.