Security Threats In Cloud Computing And Prevention Strategies
Security Threats in Cloud Computing
Discuss about the Security Threats in Cloud Computing and Preventive Methods for Data.
Abstract – Cloud computing is a technology that is used to provide products and services whose foundation is the extensive study carried out on distributed computing, virtualization, utility computing, networking and finally software and web services. It allows for the sharing and access of resources of computer applications over the internet unlike the traditional architecture of applications where access is through client and the applications are located in a server or machines belonging to the client. Due to this aspect of sharing resources that are distributed over the internet and over an open environment, there has been an increased level of insecurity since important resources are channeled to a third party. This poses a challenge in maintaining privacy and the security of the data, data support and the availability of service. This is where the security threats come in. [1]They are caused by the above vulnerabilities and they include: denial of service attack, intrusion on the network, authentication among others. In this research paper, an overview of security threats in the cloud is illustrated together with the solutions that are being used currently to counter the threats and also proposes the future work of research on the same.
Keywords-Cloud computing, Security Threats, Privacy.
Cloud computing provides numerous favorable aspects, for example, an increase in hardware resources utilization, reduction in costs, scalability and deployment that is easy. Due to this, majority of the well-known companies such as Amazon have already implemented cloud computing. Additionally, the number of clients such as Google Drive, LinkedIn among others, shifting their information to cloud has greatly increased.
Numerous security policies of business level, practices, and standards are not executable in cloud since distinctive protection dangers come up[8]. Challenges are still present in regard to the security of the cloud despite of the large number of studies carried out by the researchers over the past ten years.
In order to come up with effective preventive measures, use the existing or new mechanisms on the risks of security in cloud, its essential that clients, providers of service, innovators and scholars to first critically analyze and study the risks involved.
Hence, research on the dangers of security in the cloud needs to carried out so as to acquire the results from the point of view of exploration.
Being an upcoming technology, cloud computing enables sharing of resources as well as reduction of the costs involved. The costing procedure applied in cloud computing depends on how the client uses the resource as the clients pay according the usage[12]. Based on the fact that the resources in the cloud are shared over the internet, the problem with the security comes in as threats are posed to the data stored in the cloud. The following segment contains the threats posed to the data in the cloud:
Prevention Strategies for Cloud Security Threats
This is a major threat discovered by Cloud Security Alliance[3]. A good example is the usage of botnets in spreading malware and spam. Invaders may inject malware over a large number of computers and exploit the abilities of infrastructure of the cloud to harm various computers through intrusion.
Clients mainly use APIs and interfaces of software to connect with the services offered by the cloud. Due to this fact, the APIs, and the interfaces of the software require to be strongly protected in that, the process of authentication should be strictly secure as well as control of access, encryption, mechanisms of monitoring activities. This should be strictly adhered to in the case where third parties engage themselves in the service of cloud.
Based on the fact that majority of the providers of service maintain the secrecy as to who they employ, the manner in which they delegate to them the access rights or the way they observe them, spite from the insiders becomes trickier and a crucial threat. In order to achieve a cloud that is free from threats from the insiders, it’s crucial that transparency become the center of concentration in regard to this threat together with reporting of compliance and notification of any kind of breach.
Sharing of infrastructure is majorly used by the suppliers of IaaS. Unfortunately, the initial intention of these segments used on to base that was totally different. In order to ensure that clients do not over crowd on each other’s domain, monitoring and centralization of management needs to be achieved.
The possibility of the loss of Data and theft is always present whether it’s by erasing with no prepared backup or by losing the key of encoding or by illegal access. This can adversely affect businesses as besides destroying their regard, the law obliges them to protect it against destruction and theft as well as privacy.
An attacker injects a harmful code inside a code of SQL that is standard. In this way, the attackers are able to illegally reach to database and view confidential data.
This is where harmful scripts are forced into the web. There are two ways of executing the attack: through XSS which are stored whereby the script is maintained eternally inside the web application managed resource. On the other hand, XSS that is reflected is where the invader only stores the script temporarily.
This occurs when an attacker invades a conversation that is being held between a client and a sender and sends incorrect data and acquires the right and essential data being conveyed.
Some applications can seize packets moving within a network in case the kind of data that is being moved has not been encrypted and is readable. These attacks are triggered by the applications explained above. When a program used in sniffing is introduced in the network using the Network Interface Card, data connected to various systems is recorded.
This is a digital assault whereby the culprit looks to cause a network or machine assets inaccessible for its proposed clients by incidentally or inconclusively upsetting administrations of the host associated with the Internet.
At times an error is seen and one is unable to get to a site when browsing. This is due to a challenge of the very large number of requests made in order to get to the site.
This is the change of a cookie (individual data in a Web client’s PC) by an aggressor to increase unapproved data about the client for uses, for example, theft of the identity. The assailant may utilize the data to create new records or to access the client’s current records.
At the point when officials make business systems, cloud advancements and specialist organizations must be viewed. Building up a decent guide and agenda for due perseverance while assessing advancements and suppliers is fundamental for the best shot of progress. Associations that hurry to embrace cloud innovations and pick suppliers without performing due tirelessness open themselves to various dangers.
The following strategies can be used to counter the security threats facing cloud computing:
Services offered by the cloud providers can be used after a client registers by the use of a credit card which is valid.
This offers an advantage to hackers whereby they exploit the powerful nature of the clouds to execute illegal actions which include attacking and spamming other systems of computing.
Conduct of such behavior of abuse created by the frail nature of the systems of registration, monitoring of credit cards to evaluate fraud and blocking black lists that are public may be executed. To reduce the abusive use of the power of the cloud, policies of security can be implemented. To effectively manage clouds, regulations and rules that are well structured and stipulated may offer great assistance to the administrators of the network.
The client’s information contained in cloud is secretive and delicate. [6]Therefore, the mechanisms of control of access may be used to make sure that just the clients who are authorized can gain access to the information provided. Besides constantly monitoring the systems of computers that are physical, restrictions on the access traffic of data needs to be observed by the use of the techniques of security. Some various tools such as systems of detection of intrusion and firewalls have been used to limit intrusion from resources that are not trustworthy and to observe activities that are malicious. Furthermore, standards of authentication, eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML) may be applied to limit entrance to the applications of cloud and data. The main focus of SAML is the ways in which decisions of authorization and authentication can be transferred between connected objects and on the other hand, the main focus of XACML is the strategies to be used to come up with the decisions of approval.
Breaches of data created by insiders may be intentional or accidental. As it’s not easy to recognize the behavior of the insider, it’s advisable to use tools of security that are proper in order to handle the threats of the insider.[6] These equipment comprises of: systems of prevention of loss of data, tools of detection of patterns of behavior that is not normal, tools of encryption and preservation of format, profiling of the behavior of the user, technology that is decoy and validation and approval know-hows. The discussed equipment offers roles which include detection of real time on traffic monitoring, recording trails of audit for the forensic of the future among others.
The attack of injection of malware may be avoided by the use of the architecture of the system of File Allocation Table (FAT) [5]. According to the table of FAT, the possibility of a customer running can be identified earlier on. Storing the value of hash in the file image of the original case of service is another option of avoiding attacks of injection of malware[12].
Identification of instances of malicious can be achieved by the performance of checks of integrity between new and original instances of service images.
Analysis of the choices of design which permits systems of management of data that are scalable and modern in order to attain magnitude orders with levels of scalability that are high in comparison with databases that are traditional was carried out by [8].
Definition of a group of ideas and the association being executed in the domain of ISSRM inside the diagram class of UML was carried out by[10] . The results of the study carried out included the development of the diagram of class with characters expressing the metrics elicited.
[5] on the other hand substantiated that the main concern regarding the security of the cloud within the models of the cloud computing included division of assets. Therefore, development of new techniques of security is required and techniques of security used previously required to be disposed in order to utilize the architecture of the cloud. The new model of delivery brings in new methods by which usage and access of assets can be used hence, injecting the technology of security that is already in existence cannot augur well with the new technology.
The analysis of present gaps and the emerging trends in research regarding cloud computing founded on literature of systems information, reports of industry and reflections of experiences that are practical was given out by [11]in form of a summary that was brief. More so, the summary outlines the importance of computing of cloud and the effects on academics and practitioners.
Finally, brought about a thorough analysis of issues of security in cloud computing and problems majoring on the types of cloud computing and the types of delivery of service[13].
Fig 1. Secure architecture of cloud.
Customers trying to shift to cloud are bothered by the security issue which pulls them behind. The following architecture design can be used to address various security concerns. A diagram illustrating the same is shown in Fig.1.
- Provision of a Single Sign On
Multiple logins in cloud lead to problems in authentication, to address this, a complex authentication at the level of the user can be catered for in the cloud.
- ii. Increasing Availability
Dynamic loading of the server and balancing of the ISP load can be enabled to intensify the availability of data within the infrastructure of the network.
iii. Depth Method Protection
Suitable components of prevention and interference exposure in a network should be provided. Apart from the use of firewalls of the first generation, implementation of better virtual firewalls need to be considered.[9] To enhance network protection against individuals within and threats that generate from within.
- Use of a Single Console of Management.
More devices for protecting the network are put in place to guard the network that is virtual.
Cloud computing is a great and rising innovation for the up and coming age of IT applications. Despite the fact that cloud computing has numerous points of interest, there are as yet numerous genuine issues that should be dealt with. The income estimates suggest that cloud computing is an industry to consider. In any case, from another point of view, present vulnerabilities in the model of the cloud will build the dangers from hackers. As indicated by the models of service delivery, models of deployment and fundamental aspects of cloud computing, security of the data and issues with the protection of privacy are the basic issues that should be dealt with soonest. Information security and protection issues are present in all models of service delivery of SPI as well as in all phases of the life cycle of data. Problems in protection of privacy include sharing information while protecting individual data. The capacity to manage the kind of data to uncover and who can get to that data via the Internet has turned into a developing issue. Various procedures have been offered by specialists for protection of information and achieving the highest level of protection of information in cloud. Still, many gaps need to be resolved in perfecting the strategies involved.
Approval and systems of access control should accomplish a bound together, adaptable and reusable model of access control and address the issue of access that is fine-grained approval. Mechanisms of privacy protection that are based on accountability will accomplish real time and dynamical inform, auditing and authorization for the information proprietors when their private information is being gotten to.
Special thanks to Almighty for enabling us to see this research through. I acknowledge my friends and fellow students who assisted in who offered support during my research. I also acknowledge my tutors for their continued support especially in knowledge-sharing as well as continually availing of quality assistance in the challenging sectors in my study.
[1]M. McIntosh, P. Austel, “XML signature element wrapping attacks and countermeasures”, Workshop On Secure Web Services, 2010.
[2]. Kouchaksaraei Hadi, G. Chefranov, “Countering Wrapping Attack on XML Signature in SOAP Message for Cloud Computing”, vol. 0441, 2013.
[3]. C. Mainka, M. Jensen, L. Lo Iacono, J. Schwenk, I. Ivanov, M. Sinderen, F. Leymann, T. Shan, “Making XML Signatures Immune to XML Signature Wrapping Attacks”, Cloud Computing and Services Science Springer International Publishing, vol. 367, pp. 151-167, 2013.
[4]. Pavan Muraidhara, “Security issues in cloud computing and its countermeasures”, International Journal of Scientific & Engineering Research, vol. 4, no. 10, October 2013.
[5]. M. Jensen, J.O. Schwenk, N. Gruschka, L.L. Iacono, “On Technical Security Issues in Cloud Computing”, IEEE International Conference on Cloud Computing (CLOUD-II 2009, pp. 109-116, 2009.
[6]. Constantin Lucian, “Researchers Demo Cloud Security Issue with Amazon A WS Attack”, Computerworld, Oct 2011.
[7]. J. Miranda, J. Guillén, C. Canal, “Identifying Adaptation Needs to Avoid the Vendor Lock – in Effect in the Deployment of Cloud SBAs”, pp. 12-19, 2012.
[8]. Guillén Joaquín et al., “Decoupling Cloud Applications from the Source – A Framework for Developing Cloud Agnostic Software”, 2012.
[9]N. Gruschka, L. Lo Iacono, “Vulnerable Cloud: SOAP Message Security Validation Revisited “ in ICWS ‘09”, Proceedings of the IEEE International Conference on Web Services, 2009.
[10]. Bhaskar Prasad, Eunmi Choi Rimal, “A taxonomy and survey of cloud computing systems”, 2009 Fifth International Joint Conference on INC IMS and IDC published by IEEE Computer Society.
[11] D. Balfanz, R. Chow, O. Eisen, M. Jakobsson, S. Kirsch, S. Matsumoto, J. Molina, P. C. van Oorschot, “The future of authentication”, IEEE Security & Privacy, vol. 10, no. 1, pp. 22-27, 2012.
[12]. D. Balfanz, R. Chow, O. Eisen, M. Jakobsson, S. Kirsch, S. Matsumoto, J. Molina, P. C. van Oorschot, “The future of authentication”, IEEE Security & Privacy, vol. 10, no. 1, pp. 22-27, 2012.
[13]. M. Chauhan, M. Ali Babar, “Migrating service-sriented system to cloud computing: an experience report”, IEEE 4th International Conference on Cloud Computing (CLOUD), pp. 404-411, 2011.