Mukund 1

Stormy Cloud: Security Risks in Cloud Computing

Sumita Mukund

Abstract
Cloud computing is the compilation of Software as a Service (SaaS), combined with those services being sold (Utility Computing). Cloud services are extremely attractive to companies because they allow developers to create internet services without the expenses of hardware, or the threat of overprovisioning/under provisioning for a service that either doesnt perform, or overextends the available resources. The following paper examines various cloud security research to determine the best option for cloud companies to create the most secure servers.

Figure 1

[2]

1. Introduction:
A prominent buzzword in technology news today is cloud computing. Cloud computing allows companies to source their storage needs elsewhere through a combination of SaaS and Utility Computing. The cloud promises elasticity to companies who want a fluid payment and storage model1. This means that most cloud services have built in dashboards that calculate computing/storage usage vs. cost and relay them directly to the user so that they can adjust their usage accordingly. Figure 1 shows an example of the Amazon EC2 dashboard, the most popular cloud computing service available today.

The cloud also allows for increased productivity because the server can be accessed at any time through an internet dashboard that the cloud service provides. The major draws to cloud computing are the savings, ease of use, and increased speed of projects3. According to Financial Systems News, Cloud vendors are growing at a rate of 90% per annum9. Cloud services are a rapidly developing market, but there is one area of weakness within the cloud: security. The weaknesses in the way security is currently being applied to the cloud leaves it open to attack, but with new research being done on how to strengthen the cloud, those gaps could be disappearing in the near future.

1.1 Keywords
Amazon EC2, Cloud Architecture, Virtual Machine, API, Public Cloud, Front End, Back End, rootkit, cryptography, SaaS, IaaS

Mukund 2

public cloud will be discussed. The public cloud has three layers. At the top is the service layer, where the service provider creates interfaces for consumers to utilize4. The next layer is the resource abstraction and control layer, containing the components that allow access to physical computing resources by abstracting software. This is the layer in which virtual machines are kept. The final layer is the physical resource layer, which contains all the hardware components including computers, networks, storage, and resources. Together, these layers come together to provide service to the end user. Figure 2 illustrates the multilayered nature of the cloud4. Every component of a cloud builds upon the previous layer. This means security is vitally important for Cloud Computing companies to provide reliable, efficient service to clients.

2. Cloud Security as it is

Applied Today 2.1 Cloud Architecture

2.2 Cloud Security as it is Applied Today

Cloud security is broken down into two overarching layers: the first layer indicates that user workloads are run separately so that a malware agent cannot enter4. The second layer says that each user has to keep their workload secure. The Cloud Security Alliance described cloud computing as, gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties9. This means that an organizations cloud is only as secure as the controls they use. There are deterrent controls which aim to prevent attacks on a system but do not

Figure 2

[4]

The cloud is split into two major sections: front end and back end. The front end is what the user sees, i.e. a web interface. The back end is the storage and server components8. There are four major types of clouds: public, private, community, and hybrid4. Within this paper, only the

Mukund 3

reduce vulnerability. Preventative controls try to patch vulnerable areas of the cloud to avoid attacks. Correct controls try to reduce damage caused by an attack, and detective controls signal to preventative/corrective controls that an attack is occurring. The purpose of a combination of controls is to reduce the risk of an attack on a cloud server8. There are several facets of security that present concerns between the three layers of a cloud: the interconnecting network between systems in a cloud, the mapping of VM to physical machines, data security (encryption), and memory management all have to be secure for the cloud to be considered fully secure6.

Investigative support: How open and accessible is information? Long-term integrity: Will your data be available if the company folds or gets swallowed up by a larger company?

Following these standards creates a more secure cloud and reduces the risk of an attack3. However, based on the multilayered architecture of a cloud it is difficult to comply with all these guidelines simultaneously1. Several companies conduct research to determine the specific challenges cloud security faces.

2.4 A Brief Study of the Challenges that Cloud Security Faces

Companies such as Amazon try to employ the above tactics within their cloud services. Amazon EC2 is an Infrastructure as-a-Service (IaaS) cloud provider where users rent virtualized servers (called instances) on an hourly base2. Amazon sets up their Access Control layer to be the responsibility of the user [2-3, 9]. The management of instances is controlled by the user renting EC2 service as opposed to Amazon itself. Researchers at the International Secure Systems Lab (ISECLAB) noticed that there is a disparity in the Regulatory Compliance layer of the EC2 cloud2. While the relationship between the user and the provider is clearly defined, the relationship between the user and the virtual image provider is not clear, leading to what they believed are security risks within the EC2 cloud. They identified that while a public cloud such as Amazon is highly useful for companies, users who do not know how to use an image of a cloud server securely present a significant risk to security.

2.3 Current Standards of Practice in Cloud Security

Secure practices are extremely important to companies because of the nature of the information and data that they deal with. A security breach can cost an organization millions of dollars in damage3. In a report published by Gartner in 2009, seven security factors were identified for customers selecting a cloud vendor:

Access control: Who is allowed to see or manage your data? Regulatory compliance: How faithfully does the vendor adhere to security certifications? Location of data: Where is your data physically being stored? Data segregation: How well is your data kept distinct from other data? Recovery mechanisms: What happens when disaster strikes?

Mukund 4

In a test run by ISECLAB, the software vulnerabilities of the Amazon EC2 cloud were tested by creating an automated system that instantiated an AMI and ran a test suite in a Remote Scanner and a Local Scanner2. The Remote Scanner retrieves all open ports and returns the index page of the web application that the user installs. The Local Scanner uploads and runs tests for vulnerability. There were four different tests: general, privacy, network, and security. The security test looked specifically for rootkits -malware that hides certain programs from detection so that a hacker can have continued access to a computer- within Windows and Linux machines2.

analysis showed that there were several applications running on the machine with known vulnerabilities, a red flag for a network that is supposedly secure. When they went back to manually confirm the first instance of malware, the infected files did not exist. Their belief is that the AMI was compromised by an automatically propagating malware during test execution2. After the group concluded their experiments, they contacted the Amazon Security Team with their findings. They claim that Amazon reacted quickly and released a tutorial to help their customers protect secure data. ISECLABs research indicates that there are several holes within the cloud. The one described above (rootkit security) is one of many tests they ran with results that indicate gaps in security. The integration of security software in the cloud is not a one dimensional problem. In order to reduce security threats, companies have determined potential solutions through research.

3. Select Research to Improve Cloud Security

In the study presented above, significant risks were shown in a seemingly secure cloud. While creating a tutorial for users to increase security is a good reactive solution, the larger issues are the gaps in cloud security that need to be handled proactively. New research is being conducted on methods to detect threats to the cloud before an attack occurs to ensure maximum security for an organization.

Figure 3

The researchers found that there were two instances of malware infection. Figure 3 illustrates the instances of infection the researchers found within a Windows and Linux machine, respectively2. Using Open Source antivirus software, they analyzed the target filesystem. An initial software

Mukund 5

3.1 Virtual Machine Introspection

Virtual Machine Introspection (VMI) is the process of looking at a virtual machine from the outside in order to study the software inside it5. Research on VMI indicates that it can be prescriptive in detecting an intrusion within a cloud service before an attack occurs because it makes the machine more openly visible. Tal Garfinkel and Mendel Rosenblum of the Stanford Computer Science Department claim that VMIs are strongly isolated from the host they are monitoring. This gives them a high degree of attack resistance and allows them to continue observing and reporting with integrity even if the host has been corrupted5. Because the VMI is kept separate from the machine it is monitoring, an attack will not affect it. The virtual machine monitor (VMM) is what creates the VMI Intrusion Detection System (IDS)5. This software creates a virtualization of the hardware of one (physical) machine and then partitions it into different virtual machines so that it can be used across a cloud. VMI promises to be more secure than current practices of cloud security because it isolates software by running it in a VM, inspects all states of a VM, and interposes on VM operations which give them the ability to be notified in case of code attempting to modify a register. Garfinkel and Rosenblum tested a VMI 5 prototype they created called Livewire . They tested the effectiveness of their

security policies against common attacks, and tested the performance of Livewire on sample workloads. Their results indicated that the multiple scanners and detectors that Livewire implemented worked to either prevent or detect various different attacks. Overall, their conclusions indicate that VMI is a valid approach to detect intrusions in virtual machines at an acceptable performance rate5.

3.2 Cryptographic Cloud Storage

Microsoft presented last year, research on Cryptographic Cloud Storage (CCS) 7. CCS relies on a data processer, data verifier, and a token generator. CCS uses cryptography to create a secure cloud system. CCS creates a cryptographic key for an application (master key) that is stored locally on the application creators machine. Whenever the creator uploads data to the cloud, the data processor is called. It then attaches metadata, and encrypts and encodes the data and metadata. When the creator wants to check the state of their data, the data verifier uses the master key to call the cloud storage provider and get the necessary information. When the creator wants to retrieve data, the token generator creates a token and a decryption key. Microsoft claims that the CCS system is more effective because the data is controlled by the customer, and the security properties are based on cryptography as opposed to existing laws or physical security controls7. Encrypted data can be verified at any time, therefore security does not pose as great a

Mukund 6

risk to the consumer. Additionally, the master key is kept with the customer so there is very little chance that data will be erased or modified without permission of the key holder.

3.3 VMI vs. CCS

Virtual Machine Introspection proves to be a better potential solution to cloud security. It applies security to several layers of a cloud storage system such that attacks are prevented before they happen CCS secures the data in a historically documented security approach. However, simply encrypting user data is not enough, as ISECLAB proved with their research on Amazon EC2, the multilayer nature of the cloud needs to be protected with a similarly multilayer solution. CCS looks at security as maintenance of data integrity. While this is a good prescriptive approach, a more overall approach needs to be taken in order to fully secure the cloud. Additionally, ISECLABs research indicates that putting data control in the hands of the user gives them a false sense of security, which is exactly what CCS does. For example the machine that ISECLAB tested was using several applications that were open to attack, something the user probably did not realize. CCS is a potentially viable solution to protect data, but there are no prototypes of implementation, only a vague idea with a theory on how to implement. However, Livewire VMI is a prototype that works with accuracy to prevent attacks on a public cloud system.

Both VMI and CCS present unique and powerful tools to improve cloud security. However, the use of isolation, inspection, and interposition of the VMI makes it a better option. By creating a multilayer approach to cloud security the VMM can encapsulate a virtual machine and create checkpoints, rather than deal with an attack after the fact.

4. Conclusions
Cloud computing is a field that has grown rapidly in recent years. The architecture of a public cloud has multiple layers that all need to be secure in order for an organization to use it without fear of a breach. The access control layer should not be in the hands of the user because it gives a false sense of security leading to an attack. Current research indicates that cloud servers are not as secure as they should be given the nature of work that is conducted within them. Of the two research methods presented, Virtual Machine Introspection provides a proactive, multilayer approach to maintain cloud security before an attack can occur. The cloud is the future of organizational maintenance for many companies. Further research needs to be conducted about cloud security before computing organizations can determine what the best course of action will be. Making the cloud more secure is in the best interest of cloud computing companies and the organizations they serve. Building secure cloud servers will be a major factor in determining the longevity of the cloud computing industry.

Mukund 7

5. Acknowledgements
I would like to thank Professor Thomas Akbari, Dustin Schwartz, and Steven Chin for their review and assistance in the proofreading of this paper and the topics presented within

6. References
1. Antes G. 2010. Security in the Cloud. Publications of the ACM. [2013, cited 2013 Nov 18] 53(11):16-18. Available from: http://incomingproxy.ist.edu.gr/stfs_public/cs/msc/ReadingMaterial_MMSESEPE_oct2011/00_newrefdocs/sepe/Security%20in%20the%20Cloud%20(ACM_communications %202010).pdf 2. Balduzzi, M et al. A Security Analysis of Amazons Elastic Compute Cloud Service [conference presentation on the internet]. In Proceedings of the 27th Annual ACM Symposium on Applied [internet]. 2012; Trento, Italy. New York City (NY): Association of Computing Machinery (Global); 2012 [cited 2013 Nov 20]. p. 1427-1434. Available from: http://www.iseclab.org/people/embyte/papers/securecloud.pdf 3. Brunette G et al. 2009. Security Guidance for Critical Areas of Focus in Cloud Computing [Internet]. [Cited 2013 Nov 20] Available from: https://cloudsecurityalliance.org/csaguide.pdf 4. Garfinkel T, Rosenblum M. 2003. A Virtual Machine Introspection Based Architecture for Intrusion Detection. Proceedings of the 2003 Network and Distributed System Security Symposium . [Cited 2013 Nov 20]. Available from: http://suif.stanford.edu/papers/vmindss03.pdf 5. Hamlen K et al. Security Issues for Cloud Computing. International Journal of Information Security and Privacy. April June 2010; 4(2): 39-51. 6. National Institute of Standards and Technology (US). Guidelines on Security and Privacy in Public Cloud Computing. Gaithersburg (MD): 2011 [cited 2013 Nov 20]. Available from: http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf 7. Lauter K, Kamara S. 2010. Cryptographic Cloud Storage. In: Proceedings of Financial Cryptography. Workshop on Real-Life Cryptographic Protocols and Standardization; 2010 January 28. Canary Islands, Spain. 8. Takabi H, Joshi J, Ahn G. Security and Privacy Challenges in Cloud Computing Environments. IEEE Security and Privacy [Internet]. 2010 [Cited 2013 Nov 18] 8(6):24-31. Available from: http://www.sis.pitt.edu/~jjoshi/courses/IS2620/Spring13/S&P.pdf 9. Brodkin J. Gartner: Seven cloud-computing security risks. Network World [Internet]. 2008 July 02 [Cited 2013 Nov 18]; Available from:
http://www.idi.ntnu.no/emner/tdt60/papers/Cloud_Computing_Security_Risk .pdf