Cloud Computing & Security (BIS613D )

MODULE-4
FACULTY NAME: Dr.RAJANNA M
Prof.CHANDANA D C
SECTION: VI ‘A’ & ‘B’
 MODULE-4
Cloud Security and Trust Management
1. Cloud Security Defense Strategies.
2. Distributed Intrusion/Anomaly Detection.
3. Data and Software Protection Techniques.
4. Reputation-Guided Protection of Data Centers.
 1. Cloud Security Defense Strategies
A healthy cloud ecosystem is desired to free users from abuses, violence, cheating, hacking, viruses,
rumors, pornography, spam, and privacy and copyright violations.

The security demands of three cloud service models, IaaS, PaaS, and SaaS, are described in this
section. These security models are based on various SLAs between providers and users.

1. Basic Cloud Security

2. Security Challenges in VMs

3. Cloud Defense Methods

4. Defense with Virtualization

5. Privacy and Copyright Protection

 1. Basic Cloud Security
Three basic cloud security enforcements are expected.
First, facility security in data centers demands on-site security year round.
 Biometric readers, CCTV (close-circuit TV), motion detection, and man
traps are often deployed. Also, network security demands fault-tolerant
external firewalls, intrusion detection systems (IDSes), and third-party
vulnerability assessment.
 Finally, platform security demands SSL and data decryption, strict
password policies, and system trust certification.
FIGURE 4.31 Cloud service models on the left (a) and corresponding security measures on the right (b); the IaaS is at
the innermost level, PaaS is at the middle level, and SaaS is at the outermost level, including all hardware, software,
datasets, and networking resources.
Figure 4.31 shows the mapping of cloud models, where special security
measures are deployed at various cloud operating levels.
Servers in the cloud can be physical machines or VMs. User interfaces are
applied to request services.
 The provisioning tool carves out the systems from the cloud to satisfy
the requested service.
A security-aware cloud architecture demands security enforcement.
 Malware-based attacks such as network worms, viruses, and DDoS
attacks exploit system vulnerabilities.
These attacks compromise system functionality or provide intruders
unauthorized access to critical information.
security defenses are needed to protect all cluster servers and data
centers. Here are some cloud components that demand special
security protection:
Protection of servers from malicious software attacks such as worms,
viruses, and malware
Protection of hypervisors or VM monitors from software-based
attacks and vulnerabilities
Protection of VMs and monitors from service disruption and DoS
attacks.
Protection of data and information from theft, corruption, and
natural disasters
Providing authenticated and authorized access to critical data and
services
 Security Challenges in VMs
Traditional network attacks include buffer overflows, DoS attacks, spyware,
malware, rootkits, Trojan horses, and worms.
 In a cloud environment, newer attacks may result from hypervisor malware,
guest hopping and hijacking, or VM rootkits.
 Another type of attack is the man-in-the-middle attack for VM migrations. In
general, passive attacks steal sensitive data or passwords.
Active attacks may manipulate kernel data structures which will cause major
damage to cloud servers.
An IDS can be a NIDS or a HIDS. Program shepherding can be applied to control
and verify code execution.
Other defense technologies include using the RIO dynamic optimization infra
structure, or VMware’s vSafe and vShield tools, security compliance for
hypervisors, and Intel vPro technology. Others apply a hardened OS environment
or use isolated execution and sandboxing.
 3.Cloud Defense Methods
Virtualization enhances cloud security. But VMs add an additional layer of
software that could become a single point of failure.
With virtualization, a single physical machine can be divided or partitioned
into multiple VMs (e.g., server consolidation).
 This provides each VM with better secur ity isolation and each partition is
protected from DoS attacks by other partitions.
 Security attacks in one VM are isolated and contained from affecting the
other VMs.
Table 4.9 lists eight protection schemes to secure public clouds and data
centers.
VM failures do not propagate to other VMs.
 The hypervisor provides visibility of the guest OS, with complete guest
isolation
 4. Defense with Virtualization
The VM is decoupled from the physical hardware. The entire VM can
be represented as a software component and can be regarded as
binary or digital data.
The VM can be saved, cloned, encrypted, moved, or restored with
ease.
VMs enable HA and faster disaster recovery.
 Live migration of VMs was suggested by many researchers for
building distributed intrusion detection systems (DIDSes).
Multiple IDS VMs can be deployed at various resource sites including
data centers.
 DIDS design demands trust negation among PKI domains.
 Security policy conflicts must be resolved at design time and
updated periodically
 5.Privacy and Copyright Protection
The user gets a predictable configuration before actual system integration.
Yahoo!’s Pipes is a good example of a lightweight cloud platform. With
shared files and data sets, privacy, security, and copy right data could be
compromised in a cloud computing environment.
 Users desire to work in a software environment that provides many useful
tools to build cloud applications over large data sets.
Google’s platform essentially applies in-house software to protect
resources.
The Amazon EC2 applies HMEC and X.509 certificates in securing
resources.
It is necessary to protect browser-initiated application software in the
cloud environment.
Here are several security features desired in a secure cloud:
Dynamic web services with full support from secure web technologies
Established trust between users and providers through SLAs and
reputation systems
Effective user identity management and data-access management
Single sign-on and single sign-off to reduce security enforcement
overhead
Auditing and copyright compliance through proactive enforcement
 Shifting of control of data operations from the client environment to
cloud providers
 Protection of sensitive and regulated information in a shared
environment
Cloud Security Safeguarded by Gateway and
Firewalls

FIGURE 4.32 :The typical security structure coordinated by a secured gateway plus external firewalls to safeguard
the access of public or private clouds.
Figure 4.32 shows a security defense system for a typical private cloud
environment.
 The gateway is fully secured to protect access to commercial clouds that
are wide open to the general public.
The firewall provides an external shield.
The gateway secures the application server, message queue, database, web
service client, and browser with HTTP, JMS, SQL, XML, and SSL security
protocols, etc.
The defense scheme is needed to protect user data from server attacks.
 A user’s private data must not be leaked to other users without permission
 2. Distributed Intrusion/Anomaly Detection
Data security is the weakest link in all cloud models.
We need new cloud security standards to apply common API tools to cope with
the data lock-in problem and network attacks or abuses.
The IaaS model represented by Amazon is most sensitive to external attacks.
 Role-based interface tools alleviate the complexity of the provisioning system.
 For example, IBM’s Blue Cloud provisions through a role-based web portal.
 A SaaS bureau may order secretarial services from a common cloud platform.
Many IT companies are now offering cloud services with no guaranteed security.
Security threats may be aimed at VMs, guest OSes, and software running on top
of the cloud.
IDSes attempt to stop these attacks before they take effect.
 Both signature matching and anomaly detection can be implemented on VMs
dedicated to building IDSes
Distributed Defense against DDoS Flooding Attacks

FIGURE 4.33 :DDoS attacks and defense by change-point detection at all routers on the flooding tree.
A DDoS defense system must be designed to cover multiple network domains
spanned by a given cloud platform.
These network domains cover the edge networks where cloud resources are
connected.
DDoS attacks come with widespread worms.
The flooding traffic is large enough to crash the victim server by buffer overflow,
disk exhaustion, or connection saturation.
Figure 4.33(a) shows a flooding attack pattern.
Here, the hidden attacker launched the attack from many zombies toward a victim
server at the bottom router R0.
The flooding traffic flows essentially with a tree pattern shown in Figure 4.33(b).
Successive attack-transit routers along the tree reveal the abnormal surge in traffic.
This DDoS defense system is based on change-point detection by all routers.
Based on the anomaly pattern detected in covered network domains, the scheme
detects a DDoS attack before the victim is overwhelmed.
Man-in-the-Middle Attacks
Figure 4.34 shows VM migration from host machine VMM A to host machine VMM B, via a

security vulner able network.

In a man-in-the-middle attack, the attacker can view the VM contents being migrated, steal

sensitive data, or even modify the VM-specific contents including the OS and application

states.

 An attacker posing this attack can launch an active attack to insert a VM-based rootkit into

the migrating VM, which can subvert the entire operation of the migration process without

the knowledge of the guest OS and embedded application.

 3.Data and Software Protection Techniques

1. Data Integrity and Privacy Protection.

2. Data Coloring and Cloud Watermarking.

3. Data Lock-in Problem and Proactive Solutions

 .1 Data Integrity and Privacy Protection.
Users desire a software environment that provides many useful tools to build
cloud applications over large data sets.
In addition to application software for MapReduce, BigTable, EC2, 3S, Hadoop,
AWS, GAE, and WebSphere2, users need some security and privacy protection
software for using the cloud. Such software should offer the following features:
1. Special APIs for authenticating users and sending e-mail using commercial
accounts
2. Fine-grained access control to protect data integrity and deter intruders or
hackers
3. Shared data sets protected from malicious alteration, deletion, or copyright
violation
4. Ability to secure the ISP or cloud service provider from invading users’ privacy
5. Personal firewalls at user ends to keep shared data sets from Java, JavaScript,
and ActiveX applets
6. A privacy policy consistent with the cloud service provider’s policy, to protect
against identity theft, spyware, and web bugs
7. VPN channels between resource sites to secure transmission of critical data
objects
 2.Data Coloring and Cloud Watermarking

FIGURE 4.35 :Data coloring with cloud watermarking for trust management at various security clearance levels in
data centers.
With shared files and data sets, privacy, security, and copyright information
could be compromised in a cloud computing environment.
Users desire to work in a trusted software environment that pro vides useful
tools to build cloud applications over protected data sets.
In the past, watermarking was mainly used for digital copyright management.
As shown in Figure 4.35, the system generates special colors for each data
object.
 Data coloring means labeling each data object by a unique color.
Differently colored data objects are thus distinguishable.
The user identification is also colored to be matched with the data colors.
This color matching process can be applied to implement different trust
management events.
Cloud storage provides a process for the generation, embedding, and
extraction of the watermarks in colored objects.
The data coloring takes a minimal number of calculations to color or decolor
the data objects.
Cryptography and watermarking or coloring can be used jointly in a cloud
environment
4. Data Lock-in Problem and Proactive Solutions
Cloud computing moves both the computation and the data to the server clusters
maintained by cloud service providers.
Once the data is moved into the cloud, users cannot easily extract their data and programs
from cloud servers to run on another platform.
This leads to a data lock-in problem. This has hindered the use of cloud computing.
 Data lock-in is attributed to two causes: lack of interoperability, whereby each cloud vendor
has its proprietary API that limits users to extract data once submitted; and lack of
application compatibility, in that most computing clouds expect users to write new
applications from scratch, when they switch cloud platforms.
One possible solution to data lock-in is the use of standardized cloud APIs.
This requires building standardized virtual platforms that adhere to OVF, a platform-
independent, efficient, extensible, and open format for VMs.
This will enable efficient, secure software distribution, facilitating the mobility of VMs. Using
OVF one can move data from one application to another.
This will enhance QoS, and thus enable cross-cloud applications, allowing workload
migration among data centers to user-specific storage.
By deploying applications, users can access and intermix applications across different cloud
services.
4.Reputation-Guided Protection of Data
Centers.

1. Reputation System Design Options.

2. Reputation Systems for Clouds.

3. Trust Overlay Networks

 1.Reputation System Design Options.

FIGURE 4.36 Design options of reputation systems for social networks and cloud platforms
Figure 4.36 provides an overview of reputation system design options.
Public opinion on the character or standing (such as honest behavior or reliability) of an entity
could be the reputation of a person, an agent, a product, or a service.
It represents a collective evaluation by a group of people/ agents and resource owners.
Many reputation systems have been proposed in the past mainly for P2P, multi agent, or e-
commerce systems.
To address reputation systems for cloud services, a systematic approach is based on the design
criteria and administration of the reputation systems.
Figure 4.36 shows a two-tier classification of existing reputation systems that have been proposed
in recent years. Most of them were designed for P2P or social networks.
These reputation systems can be converted for protecting cloud computing applications.
In general, the reputation systems are classified as centralized or distributed depending on how
they are implemented.
In a centralized system, a single central authority is responsible for managing the reputation
system, while the distributed model involves multiple control centers working collectively.
User-oriented reputation systems focus on individual users or agents.
This reputation applies to products or services offered by the cloud. Commercial reputation
systems have been built by eBay, Google, and Amazon in connection with the services they
provide. These are centralized reputation systems.
 2.Reputation Systems for Clouds
The reputation system must be designed to benefit both cloud users and data centers.
 Data objects used in cloud computing reside in multiple data centers over a SAN.
In the past, most reputation systems were designed for P2P social networking or for online
shopping services.
These reputation systems can be converted to protect cloud platform resources or user
applications in the cloud.
A centralized reputation system is easier to implement, but demands more powerful and
reliable server resources.
Distributed reputation systems are more scalable and reliable in terms of handling failures.
 The five security mechanisms presented earlier can be greatly assisted by using a reputation
system specifically designed for data centers.
Users demand new security mechanisms to protect the cloud. For example, one can apply
secured information logging, migrate over secured virtual LANs, and apply ECC-based
encryption for secure migration.
Sandboxes provide a safe execution platform for running programs.
 Further, sandboxes can provide a tightly controlled set of resources for guest operating
systems, which allows a security test bed to test the application code from third-party
vendors.
3.Trust Overlay Networks
Trust overlay network to model trust relationships among data-center modules.
 This trust overlay could be structured with a distributed hash table (DHT) to achieve fast
aggregation of global reputations from a large number of local reputation scores.
 This trust overlay design was first introduced . Here, the designer needs to have two layers for fast
reputation aggregation, updating, and dissemination to all users.
Figure 4.37 shows construction of the two layers of the trust overlay network.
At the bottom layer is the trust overlay for distributed trust negotiation and reputation
aggregation over multiple resource sites.
This layer handles user/server authentication, access authorization, trust delegation, and data
integrity control.
At the top layer is an overlay for fast virus/worm signature generation and dissemination and for
piracy detection.
This overlay facilitates worm containment and IDSes against viruses, worms, and DDoS attacks.
 The content poisoning technique is reputation-based.
This protection scheme can stop copyright violations in a cloud environment over multiple data
centers.
The reputation system enables trusted interactions between cloud users and data-center owners.
Privacy is enforced by matching colored user identifications with the colored data objects.
THANK YOU