Rajen Patel
(rvp140030)
Step
toward secure cloud - Security management as a Service
Abstract—Cloud computing is the most buzz word in the
recent IT industry which has lured the
IT world with its attractive features like multi tenancy, massive scalability,
elasticity, pay-as-you-use ,on demand services etc. However, this promising
avenue is being loomed by the dark shades of security threats. The cloud users
and the providers are equally concerned with the gaps in trust and privacy,
identity and access management, auditing and accounting facilities available in
the existing cloud infrastructure. Here proposed a model for comprehensive
security management in the cloud environment. This model is envisioned as
Security Management As a Service (SMaS) through which both cloud users and
vendors can avail the facilities for Identity and Access Management, Trust and
Privacy, Auditing and Accounting. The striking feature of our work is that its
facilities can be utilized as per demand which is very essential for today's
dynamic world. In addition SMaS helps customers to migrate securely to cloud
environment with considerably less technical upgrade.
SECTION
I
Introduction
1. About Cloud
Computing
Cloud computing technology has
revolutionized the IT industry like never before and is seen to be offering the
most promising future for the computing world. Cloud technology is now in the
stage of unleashing its tremendous capabilities and most of its flavors are
being explored around the world by IT companies, big and small alike. Cloud
computing has almost everything to offer to its customers, whether it is
software as pay-per-use (Software-As-a-Service Model), or development platforms
and tools being offered and accessed through a web browser (Platform-As-a
Service Model) or provides customers with highly scalable and on-demand computing
resources (Infrastructure-As-a-Service).Cloud computing has motivated industry,
academia, businesses to adopt cloud computing to host high computationally
intensive applications down to light weight applications and services. Cloud
computing allows to reduce IT costs and increase capabilities and reach ability
of delivered services. As per Gartner survey, the cloud market was worth
USD 68 billion in 2010 and will reach USD 148 billion by 2014. These revenues
imply that cloud computing is a promising platform.
The following section explores some of
the major security issues that cloud computing faces today:
·
Duplication of Authentication and Identity
Information across multiple Cloud Service Providers [1]: When customers need to
access the cloud resources, they have to provide account information (username
and password) which are often stored at the provider's site. Cloud users
usually have no control over the data that has been given as part of
authentication/identification. This problem gets even more aggravated when a
user decides to use multiple cloud service providers as his data get duplicated
and stored across multiple cloud vendors. For every cloud service, the customer
needs to exchange his/her authentication information with each cloud service provider.
These redundant actions can introduce vulnerabilities by opening up the
authentication data. This is a security concern because authentication and
identification data often can be used to uniquely indentify a person which can
help in targeting attacks against specific users. This in turn can be used to
infringe on the privacy of the customers which have even more greater
significance.
·
Lack of Trust Management and Privacy in Cloud:
As it is seen the cloud environment do not have adequate trust and privacy
management facilities established ill in place to mitigate the fear of cloud
users in moving their critical IT business and data to cloud. Consumers and the
cloud service providers are forced to trust among themselves without much
knowledge about the vendor's competence, back up and availability, job
efficiency, security controls used at the data centre, reputation etc. On the
other hand, the service provider has to trust the customer's data assuming that
the user is a legitimate one without any malicious intent. Any malicious user
can put the service provider's name and reputation at stake and can cause havoc
to many user's data and services as cloud is a multitenant infrastructure. The
privacy issue that often accompanies also need to be addressed as customer's
confidential and sensitive data are put in the cloud, far away from the
physical territory of the users. Thus, trust and privacy management need to be
an intrinsic part of cloud computing environments.
·
Lack of Accountability and Auditing [2]: Another
crucial problem which the cloud computing faces today is the lack of
accountability and auditing features available in the cloud scenario. The
customer places his data on infrastructure where he has absolutely no control
and at the same time, the service provider agrees to run the data and services
of the users he does not know. Hence both users and providers are getting
affected out of this. The use of virtualization for envisioning cloud
technologies has made the question of who is accountable when a problem arises,
often go uninsured. Another related issue which cloud throws out is the limited
auditing features possible. Auditability allows every action to be verified against a pre-determined
policy to determine if the action was compliant. In today's cloud
implementation there are many gaps in
accountability and auditabilty that need to be addressed.
·
Lack of Availability: Network reliability is a
key cornerstone for cloud computing and cloud services. Since a cloud is
accessed over public networks (typically the Internet), the cloud provider must
address the potential for catastrophic loss of Internet backbone connectivity.
The same concern should be a primary consideration for cloud service consumers
who entrust critical infrastructure to the cloud. Availability is also a
primary concern for private cloud infrastructures
2. Motivation
·
There are few solutions available in IT market
for cloud security; however each of these solutions targets few selected needs
only. This model has been designed to offer a comprehensive and single point of
reliance for all the security needs. The proposed model for total cloud
security management has been envisioned by modeling the features of the cloud
environment like on-demand services, pay-as-per-use, elasticity(up-sizing and
down-sizing as per requirement) etc. Both the cloud users and vendors can avail
the services as per demand through an account created with our proposed
security management model. According to the needs of cloud users they can
appropriately choose the solutions available in our portal for their identity
and access requirements, trust and privacy needs. Similarly cloud vendors can
register on our model and ensure their security requirements.
·
The rest of the paper is organized as follows.
In section 2 I look at the various related approaches and works in
this direction and in section 3 I give a detailed explanation of
architecture and working of the model. Finally, in Section 4 I
describe the relative merits of our scheme followed by conclusion and future
work.
SECTION II
Various
Approaches:
·
With the growing adoption of cloud technology by
the IT industry, there arose slowly the security concerns casting shadow on the
promising future of cloud. Henceforth, cloud security became an important point
of research and there are significant works by many researchers in this
area. The work done by the authors in [3] gave a brief but good outline
about the confidentiality, integrity and availability (CIA) problems faced by
cloud users. This paper also mentions about standard protocols for
authentication like SAML [4] and OAuth protocol [5]. However their work does
not address accountability and auditing issues in the cloud, nor does it focus
on trust and privacy. In [6] the authors describe about the CTES based
approach for authentication and authorization of resource and services in
cloud. This work proposes advancement in the traditional Kerberos technique for
authentication but they have not given any solution for trust and privacy nor
auditability or accountability. Also the authors have not discussed about the
implementation in a public cloud with many heterogeneous users and providers.
·
There are also commendable works done on trust
management in cloud. For instance, one among them was [7] by Talal H. Noor
and Quan Z. Sheng in which they have proposed trust as a service framework.
They have introduced an adaptive credibility model that distinguishes between
credible trust feedbacks and malicious feedbacks by considering cloud service
consumers' capability and majority consensus of their feedbacks. The
adaptability of their work adds merit to the model, however the service
provider's feedbacks about the users have not been considered. This model helps
cloud users in selecting trusted providers but fails to identify trusted users
in the cloud. In addition this work has not included the much needed privacy
component. In [8] the authors describe a trust computing model for cloud
using trusted platform module but the challenges of implementing trusted
platform modules cloud environments are not covered.
·
A case for the accountable cloud" [9] by
Andreas Haeberln describes the need for accountability for both the customer
and the provider in cloud computing environment. He also outlines the technical
requirements for an accountable cloud and the various impediments for realizing
accountability in cloud. The author in his another work [10] has done a
significant contribution in log maintenance in distributed systems. In this
paper, tamper-evident log called Peer View is described where each node keeps
record of all actions and it allows other nodes to audit their logs. However,
the reviewing of the provider's logs by cloud users seems to be impractical.
Thus in our model, I addressed this issue by making the task of auditing a part
of SMaS.
·
I have surveyed the various other relevant
technologies that assist accountability in cloud. One such direction is the
work of George W Dunlap in which they describe a technique to enable intrusion
analysis through virtual-machine logging and replay. The authors of [11]
have given convincing results for the acceptability of this approach. Another
important research work worth mentioning is the “Trust Cloud” by Ryan K L Ko
etal. In [12] the authors bring out the urgent need for research in cloud
accountability and the various challenges in achieving a trusted cloud. They
further discuss the policy based and technical approaches that can be used for
establishing an accountable cloud. Their work also focuses on a technique
called provenance logging. The concept of provenance [13] has mainly been
researched in the context of databases, the Ib, and workflow systems.
Generally, provenance of a data item refers to information about its origin,
its creation/collection, and the ways in which it was altered and/or accessed.
Thus tamper evident logging technique and virtualization based replay mechanism
helps in achieving auditability in virtual networks. But both the works have
not shown the implementation of these techniques for a cloud platform.
·
Thus there are researches and studies targeting
any one of the problems in cloud, however, through our model I am trying to
build a comprehensive solution for cloud security. In our proposed SMaS model, I
have tried to bridge the gaps identified in the above works. I have introduced
privacy and trust management, one of the key requirements for cloud users. The
trust management scheme of our model addresses the trust and privacy needs of
both the cloud users and cloud service providers. The proposed model will help
even a startup customer to move to cloud technology without any barrier of
technologies nor fear of security issues. The following sections describe our
model in detail showing how the key players of the model interact and achieve
IAM (Identity and Access management), Trust and Privacy, Auditability and
Accountability.
SECTION III
A. Overview of Proposed Scheme
·
The proposed cloud security management model
allows both the cloud users and cloud service providers to have transparency
and flexibility in managing the secure migration to cloud infrastructure. The
customers can readily move to the cloud environment without having the fear of
loss of privacy and identity, data mishandling at the providers' site, and the
most serious one, the lack of accountability and auditabilty for the cloud
environment. Similarly the cloud service provider can also be relieved that the
users requesting the services are in fact legitimate ones. Hence the troubles
and worries of both the user's and provider's perspective will be mitigated.
The fig. 1 shows the overview of how the proposed security management
service provider works.
Figure 1. Overview of
SMaS
·
Cloud Security Management service provider
provides a simple, easy to use facility much similar in creating an account
with a web portal and availing the benefits without knowing the intricacies of
how the service is being offered and technologies behind it. Any novice cloud
user can go for seamless secure cloud migration without any complex technical
upgrade. They only need to specify their security requirements in the portal
and can have the provision to customize their plan as per the demand: a pure on
demand security model. The following section explains in detail how the model
works and renders the service to both the cloud users
and cloud
service providers.
B. Architecture and Working of the Proposed Scheme
The working of the cloud security
management model involves two phases: Enrollment Phase and Service Rendering
Phase.
1. Enrollment Phase
·
The customers intending to use the services of
the cloud and the cloud service providers need to get enrolled with the Cloud
security management service portal. The enrollment procedure for cloud users
and vendors are different with respect to the data being collected from them.
·
Enrollment for Cloud Users: In the enrollment
phase for the cloud users the login credentials are collected and a pass phrase
is required to be entered by every user and which need to be unique for every
users. A unique one time key will be generated and the login credentials are encrypted
using this key and stored in the SMaS portal under every users' account. In
this phase cloud users will be allocated a pseudo name which the provider will
choose, and the users will be referred to the providers using this pseudo name
(P_Name). After successful registration, cloud users can choose the security
plans available which provides varying degrees of security on demand. The users
can choose from any of the security plans available according to their need:
Basic, Intermediate and Advanced. If the users have limited security
requirements, they can start with the basic plan and can later upgrade the
plan, if the need for higher security needs arises.
·
Enrollment for Cloud Service Providers: Every
cloud service provider can get registered with the SMaS portal. During the
enrollment of Cloud Service Providers (CSP) the following details are collected
from them:
Services
offered
Identity
and Authentication Protocols Supported
Security
Mechanisms and Policies followed
Availability
and Uptime
Usage Rates
History of
Disruption of Services
Auditing
and Accountability agreements
2. Service
Rendering Phase
·
The service rendering phase explains how the
cloud users and CSPs are significantly leveraging the benefits of the SMaS
model for cloud security. The registered users can avail the service by
entering the passphrase they have chosen during enrollment phase.
·
There are three major functional components in
our proposed model viz, Identity and Access Management, Trust and Privacy
Management, Accountability and Auditability Management and the following
section explains how the three components interact among each other to achieve
the goal of attaining transparent and flexible identity and access management,
trust and privacy support and auditing and accountability. The fig. 2 illustrates
the three functional components and how they interact with each other.
Figure 2. Architectural Diagram of SMaS Provider
A) Identity and Access Management
·
When registered cloud users request the
services, appropriate service provider is selected from the list of registered
CSPs. The portal has facilities to choose the appropriate IAM (Identity and
access management) techniques as per the security requirements of the cloud
users. The following industry standard IAM protocols and techniques are
supported by our proposed portal.
·
SAML (Security Assertion Markup Language[4])
This protocol avoid duplication of identity, attributes and credentials and
provide a single sign-on facility for users.
·
SPML (Service Provisioning Markup language [5])-This
helps in automatically provision user accounts with cloud services and also
fully automate the provisioning and deprovisioning user accounts.
·
XACML (eXensible Access Control Markup Language
[5])- This provides a unified method of access control and policy enforcement
across all applications that implement a common authorization standard.
·
OAuth (Open Authentication [5])- This is an
emerging authentication standard that allows customers to share their private
resources stored on one CSP with another CSP without having to disclose the
authentication information.
·
This module also supports the hybrid version of
an OpenlD and OAuth protocol that combines the authorization and authentication
flow in fewer steps to enhance usability.
·
With limited or absolutely no technology upgrade
the cloud users can avail the benefits of a seamless secure migration to cloud
environment. Our model has the striking advantage that none of the user details
collected during enrollment will be exchanged with the CSP during
authentication and authorization. Instead a unique identity card bearing the
trust id and certificate of the SMaS will be exchanged. Thus perfect anonymity
of the customer details is maintained. In addition to this, the customers need
not have to be aware of the technologies involved as they are required to
specify the services needed. SMaS will select the appropriate IAM standards and
protocols based on two factors:
·
Depending on the services they need and the
choice of cloud service provider
·
Depending on the degree of security level users
need to have.
B) Trust and Privacy Management
·
Privacy Management is achieved through the
identity card issued by the SMaS provider. The identity card issued by the SMaS
provider also bears a trust value. Initially during the enrollment phase both
the Cloud users and CSP will be assigned a trust value of 0. The trust and
Privacy Management has following subcomponents.
·
Trust Manager: Trust Manager manages the trust
among the cloud users and the cloud service providers. It assigns the trust
value to the various registered users and CSPs. As the system progresses trust
manager computes new trust values based on the feedback of the cloud users. The
trust values will be gradually incremented if the feedback is positive feedback
and the values of trust are decremented on negative feedback. When the trust
value of either CSP or Cloud user falls below zero then, it will be marked as
untrustworthy and will not be listed among the registered users. However, the
authenticity of the feedback will be verified before updating the trust values.
This is done by the feedback evaluator which is working in sync with the
feedback collector. Based on the evaluator's suggestions, trust manager updates
the trust values.
·
Feedback Collector: This
collects the feedback of the various users. Every cloud user can provide
provide opinion about the following points:
1.
Availability in terms of uptime and downtime
2.
Latency and Throughput
3.
Any breach of SLA
·
Feedback collector also has provision to record
the feedback of the CSPs about the various cloud users. The feedback collector
also has an evaluator which determines the validity of the feedbacks submitted
by users. The feedback evaluator collects the reported feedbacks by various
users and evaluates its trustworthiness by using majority factor.
·
Majority factor for Positive Feedbacks for a CSP
or Cloud (Number of Positive Feedbacks) / (Total Number of Reported
Feedbacks)
·
Majority factor for Negative Feedbacks for a CSP
or Cloud (Number of Negative Feedbacks) / (Total Number of Reported
Feedbacks)
·
A Majority factor value should be in the range
of [0.5, 1], for a feedback to be considered authentic. The authentic feedbacks
are directed to the trust manager to update the trust values.
·
Service level Agreement Negotiator: Service
Level Negotiator negotiates and makes the service level agreement between the
cloud users and CSPs. Any breach of contract of SLA can be reported to the
Service Level Agreement Negotiator which in turn will be reported to the Trust
Manager.
·
Trust Manager itself will rate each CSP on the
basis of the following factors:
Reliability
of hardware and network infrastructure to withstand attacks
Efficiency
of Security Controls for Access installed at CSP site
Appropriate
and efficient log mechanism
Appropriate
notification mechanism to report any problem to CSP
Trust
Manager periodically updates the trust values and trust values will be
decreased on any negative feedback about the cloud user and cloud service
provider. If there is any disruption of service or unavailability of services
faced by the customers, they will be transferred to the other registered Cloud
Service Providers.
C) Auditability and Accountability
Management
·
In cloud computing scenario, when a problem is
detected, the customer and the provider face the potentially difficult task of
deciding who is responsible for it. The absence of a reliable fault detection
and accountability may discourage cloud users in migrating to the cloud
infrastructure. Hence, a cloud computing infrastructure needs to be accountable
and should have the following characteristic features enabled:-
·
Each operation performed on the cloud should be
undeniably linked to the entity that performed it.
·
There should be adequate amount of tamper
evident logs for all the operations performed on the cloud.
·
These logs should be always available for audit
in case a fault.
·
Auditabilty and Accountability can be ensured by
using the following audit standards: SAS 70[14], SysTrust [15], Ib Trust [15]
and IS027001 [16] certification. The CSPs can agree with any of these audit
standards and have to follow the log mechanisms specified by the chosen audit
standards. To avoid tampering of logs by the CSPs, all the logs are
periodically hashed and the hashed log values are retrieved back to the SMaS.
These hash values can be later used for checking the integrity of the logs
maintained.
SECTION IV
Analysis
·
The proposed model envisioned as Security
Management as a Service is helpful in mitigating the woes of both Cloud Service
providers and Cloud customers. This model provides a single point of reliance
for the major security problems in cloud: IAM, Trust and Privacy and Accounting
and Auditing issues. The cloud users need not have to worry about the
infrastructure and technology details of incorporating security. The best and
appropriate IAM techniques and protocols will be selected for them and with
limited technical upgrade like suitable APIs they can get the services done.
From the perspective of customers, they can avail services of trusted CSPs and
any breach of security and privacy can be tracked. Hence the identity information
of the users will not get leaked to cloud service providers. Thus our scheme
achieves efficient Identity and Access Management.
·
Our proposed model has a coordinated trust
management mechanism. The trust manager coordinates the trust assignment and updation
by periodically collecting feedbacks from feedback evaluator and service level
agreement coordinator. The trust manager is the key component which effectively
rides the mechanism ensuring trust in the system and removing untrusted users
receiving periodically negative feedback. Our model further ensures the
validity of feedbacks reported. Thus an effective and dynamic trust management
facility is provided for both cloud users and Cloud service providers
·
The proposed SMaS extends its facility for auditing
and accountability requirement of a secure cloud. All the registered cloud
service provider has to be compliant with the industry specified auditing
standards. The logs collected are verified for integrity, nullifying any chance
of fraud by the CSP. Thus our model helps in minimizing the gaps in cloud
security which i have listed in Section 1.
·
One of the striking the advantage of this model
is that cloud users can dynamically modify the security features as per need
and can elevate security plans as requirement changes. Hence this scheme
provides a dynamic secure cloud management portal for both cloud users and
cloud service providers.
SECTION V
Conclusion
and Future Scope
·
Security Management as a Service scheme helps
users to adopt cloud technology with limited skepticism about security. Our
model helps in ensuring Identity and Access
·
Management, Trust and Privacy and Auditing and
Accounting facility. This scheme acts a broker but offering a legal stand point
and facility to bring the perpetrators before law. Unlike conventional scheme,
cloud users need not have to get locked under one vendor. They can shift to
other vendors on failure of service level agreement or occurrence of any
disruption of service. As a future work, i would like to add on the Accounting
and Auditing module even further by incorporating the file centric perspective
logging and provenance logging.
References
·
1. Chen Liang, (2011, March), The five
major Authentication Issues in the current cloud computing [online]: Available:
http://www.cheliangblog. wordpress.com
·
2. Judy Redman, (2011, June), Accountability
and trust in cloud computing [online]: Available:
http://www.enterprisecioforum.com
·
3. SA Almulla, CY Yeun,"Cloud
Computing Security Management", International Conference on Engineering
Systems Management and its applications (ICESMA2010) doi:9/9/2010
·
4. Eve Maler. Scott Cantor, Jahan Moreh,
Sigaba, Rob Philpott, "Metadata for the OASIS Security Assertion Markup
Language (SAML) V2.0",Copyright © OASIS Open, 2005
·
5. S. T. Mather, S. Kumarasuwamy and S.
Latif, "Cloud Security and Privacy", O'Rielly
·
6. SK Pippal,A Kumari, DS Kushwaha,
"CTES based secure approach for authentication and authorization of
resources in clouds", doi: 10.1109/ICCCT.2011.6075140
·
7. Talal H Noor, Qual Z.Sheng,"Trust
as a Service: a framework for trust management in cloud
environments",Proc. WISE 2011, pp 314-321 ISBN:978-3-642-24433-9
·
8. Zhidong Shen, Qiang Tong,"
Security of cloud computing system enabled by trusted computing
technology" doi: 10.1109/ICSPS.2010.555523
·
9. Andreas Haeberlen, "A case for
the accountable cloud",ACM SIGOPS Operating Systems, Volume 44,Issue 2,
April 2010,pp 52-57, doi: 10.1145/1773912.1773926
·
10. Andreas Haeberlen, Petr Kuznetsov, and
Peter Druschel. PeerReview: Practical accountability for distributed systems,
In Proc.SOSP, October 2007
·
11. George W. Dunlap, Samuel T. King,
Sukru Cinar etal, "ReVirt:: Enabling intrusion analysis through
virtual-machine logging and replay. In Proc. OSDI, December 2002
·
12. Ryan K L Ko, Peter Jagadpramana etal,
" Trust Cloud: A framework for Accountability and Trust in cloud
computing", IEEE ICFP 2011
·
13. K.K. Muniswamy-Reddy, P. Macko and M.
Seltzer, "Provenance for the Cloud, " Proc. Proceedings of the 8 th
USENIX Conference on File and Storage Technologies, USENIX Association, 2010,pp
197-210
·
14. SAS 70 Overview, [Online]:Available:
http://www.SAS70.com
·
15.
SysTrustAVebTrust,[Online]:Available:http://www.assuranceconcepts.com
·
16. A. Calder and S. Watkins, IT
Governance: A Manager's Guide to Data Security and ISO 2700 I/ISO 27002, Kogan
Page LtdLondon, UK,UK,2008
·
17.Complete
Security Management Suite – security as service Available:http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6409116
