Cloud computing brings many benefits—but also security and trust challenges. Since user applications and data are hosted remotely, lack of trust between users and cloud service providers is a major barrier to cloud adoption.
Trust is not just a technical problem—it’s a social issue, but it can be solved through technical means like encryption, policies, and access control.
Cloud Security Defense Strategies
Issues in Cloud Trust
- Users fear data theft, privacy violations, unauthorized access, and copyright breaches.
- Trust management is critical in all service models:
- IaaS (Infrastructure as a Service)
- PaaS (Platform as a Service)
- SaaS (Software as a Service)
Basic Cloud Security Enforcements
Cloud security operates at 3 levels:
| Level | Security Feature |
|---|---|
| Facility Security | CCTV, biometric access, motion detectors, and year-round surveillance in data centers |
| Network Security | Firewalls, intrusion detection systems (IDS), and third-party security audits |
| Platform Security | SSL encryption, strong password policies, digital certificates, and system trust validation |
All cloud layers—physical servers, VMs, and user interfaces—must be secured from malware, DoS attacks, and data loss.
Security Challenges in VMs
VM-based attacks are unique to the cloud:
| Attack Type | Description |
|---|---|
| Hypervisor Malware | Malware targeting the VM monitor or hypervisor |
| Guest Hopping | One guest VM attempts to access another |
| VM Rootkits | Malicious code embedded in VMs |
| Man-in-the-Middle during VM Migration | Attacks during live VM transfers |
Solutions include:
- IDS (NIDS, HIDS)
- Program shepherding
- Sandboxing
- VMware’s vSafe, vShield
- Hardened OS
- Intel vPro technology
Cloud Defense Methods
Virtualization offers security isolation but also introduces new risks.
| Advantages | Challenges |
|---|---|
| VMs isolate attacks (fault containment) | VMs themselves may be targeted |
| Hypervisors monitor VMs | Hypervisor can be single point of failure |
| VM failures are contained | Shared environment = shared risks |
Defense Strategies:
- Trust negotiation via SLAs
- Public Key Infrastructure (PKI)
- Reputation systems for data centers
- Worm and DDoS containment
- Secure provisioning of cloud resources
Defense with Virtualization
Virtualization = Decoupling VM from hardware
VMs can be:
- Saved
- Cloned
- Moved
- Encrypted
VMs enable:
- High Availability (HA)
- Disaster Recovery
- Live migration
IDS VMs can be deployed across data centers to monitor threats (Distributed Intrusion Detection Systems – DIDS).
DIDS require:
- Cross-domain trust
- Security policy coordination
- Periodic updates
Privacy and Copyright Protection
Users demand protection for:
- Shared files
- Sensitive data
- Proprietary content
Features of a secure cloud:
| Feature | Description |
|---|---|
| Dynamic Web Services | Secure web tech like HTTPS, SSL |
| SLA & Reputation Systems | Build trust between users & providers |
| Identity Access Management | Control who accesses what |
| Single Sign-On (SSO) | Unified login across cloud services |
| Auditing | Log and monitor data usage, copyright |
| Shift Control | Transfer responsibility to the provider |
| Regulation Compliance | Meet privacy laws (like GDPR) |
Examples:
- Google uses internal tools for resource protection
- Amazon EC2 uses X.509 certificates and HMEC
