Beyond lightning: A survey on security challenges in cloud computing

https://doi.org/10.1016/j.compeleceng.2012.04.015Get rights and content

Abstract

Cloud computing is a model to provide convenient, on-demand access to a shared pool configurable computing resources. In cloud computing, IT-related capabilities are provided as services, accessible without requiring detailed knowledge of the underlying technologies, and with minimal management effort. The great savings promised by the cloud are however offset by the perceived security threats feared by users. This paper gives an overview of cloud computing, and discusses related security challenges. We emphasize that although there are many technological approaches that can improve cloud security, there are currently no one-size-fits-all solutions, and future work has to tackle challenges such as service level agreements for security, as well as holistic mechanisms for ensuring accountability in the cloud.

Highlights

► Security is crucial for the widespread use of cloud computing applications. ► There are no one-size-fits-all solutions for security in cloud computing. ► Users can securely store and share data in cloud with data leakage prevention solution. ► SLA and accountability are two important building blocks for cloud security.

Introduction

According to Google’s Kevin Marks, the term “cloud computing” comes “from [the] early days in the Internet where we drew the network as a cloud. We didn’t care where the message went… the cloud hid it from us” [1]. The National Institute of Standards and Technology (NIST) has defined cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources, e.g. networks, servers, storage, applications, and services, that can be rapidly provisioned and released with minimal management effort or service provider interaction [2].

In contrast to the conventional computing model, where end-user data and computing power are located in the users’ computer systems, cloud computing resources are provided in massive, abstracted (virtualized) infrastructures managed by professional service providers [3]. The cloud model simplifies installation, operation and maintenance of information systems, and reduces costs while increasing system reliability and efficiency. A cloud system is also user friendly, in the respect that it requires less expertise to use. One can draw the analogy with current electricity and running-water systems, where end-users can use services from providers with ease, without being concerned with the technical complexity behind those systems.

Cloud computing can provide elastic resources with dynamic provisioning and scaling based on user demands. This approach is intended to deal with both resource over-provisioning, i.e., more resources than needed are allocated, and resource under-provisioning, i.e., fewer resources than required are allocated. The elastic management yields better overall system resource usage and hence increases system efficiency.

In previous work [4], we have discussed the MapReduce programming model and its impact on cloud computing, and we will not cover this further here. This paper gives an overview of cloud computing and related security challenges, and highlights some areas for further work. The rest of this paper is organized as follows: Section 2 introduces different classifications of cloud computing. In Section 3, we review security challenges that cloud computing needs to address. Section 4 briefly discusses how Service Level Agreements (SLAs) in cloud computing could be extended to also cover security aspects. Section 5 presents a solution to provide trusted data sharing over public cloud storage. Section 6 briefly sketches some important issues regarding accountability in the cloud. Finally, Section 7 concludes the paper.

Section snippets

Cloud computing classification

Although “cloud computing” is a relatively new and emerging term, many believe that other forms of “cloud” existed long before the term was introduced. Though referred to by different names, other technologies and concepts have been developed and used to form the current cloud computing technology.

The first cloud-like technology (“Cloud 1.0”) resulted from the abstraction of TCP/IP layers, where network devices communicate with one another by complying with TCP/IP protocol specifications

Cloud computing security challenges

The benefits introduced by cloud computing are legion. According to IDC [20], the most beneficial aspects of using cloud include fast and easy deployment, the pay-per-use model, and reduction of in-house IT costs. However, they also point out that security is the most important issue to be addressed in order to promote the widespread use of cloud computing.

Cloud computing providers need to solve the common security challenges of traditional communication systems. At the same time, they also

Service level agreements for cloud security

In many respects, cloud computing represents outsourcing of computation and storage to an external service provider. Such outsourcing has been governed by Service Level Agreements (SLAs) that specify minimum levels of performance that the customer can expect, e.g., 99.999% system availability per year. Traditionally, however, SLAs have not covered security aspects such as confidentiality and integrity.

In a cloud computing marketplace, it is reasonable to expect that not all providers will be

Trusted data sharing over untrusted cloud storage providers

Cloud computing shifts most of the IT infrastructure and data storage to off-premises third-party providers, with two important consequences [4]: (a) Data owners have only limited control over the IT infrastructure, therefore data owners must establish a mechanism to mandate the enforcement of their security policies to ensure data confidentiality and integrity; (b) Cloud service providers have excessive privileges, allowing them extensive control and ability to modify users’ IT systems and

Accountability in the cloud

While bulletproof confidentiality-preserving solutions for the cloud remain a desirable goal, it is clear that as long as “big data” needs to be processed in the cloud, there are currently no sufficiently efficient mechanisms that can do this without letting the cloud providers have access to cleartext data. Thus, there is a need for other mechanisms that can allay the fears of users that otherwise might be scared away from using the cloud.

Pearson et al. [40], [41] highlight that the current

Conclusion

Cloud computing is a very promising technology that helps companies reduce operating costs while increasing efficiency. Even though cloud computing has been deployed and used in production environments, security in cloud computing is still in its infancy and needs more research attention. Our paper presents a survey regarding security in cloud computing and discusses a number of possible research topics to improve security in cloud.

We presented an overview of cloud computing, its benefits and

Acknowledgements

Thanks to Dr. Karin Bernsmed for the illustration of security mechanisms in cloud SLAs.

Parts of this work have been funded by the Telenor-SINTEF research agreement.

Chunming Rong is a professor and head of the Center for IP-based Service Innovation at University of Stavanger in Norway. His research interests include cloud computing, big data analysis, security and privacy. He is co-founder and chairman of the Cloud Computing Association (CloudCom.org) and its associated conference and workshop series. He is a member of the IEEE Cloud Computing Initiative, and co-Editor-in-Chief of the Springer Journal of Cloud Computing.

References (41)

  • Mell Peter, Grance Tim. Effectively and securely using the cloud computing paradigm; 2011....
  • National Institute of Standards and Technology. The NIST definition of cloud computing; 2011....
  • Sung-Jin Baek et al.

    Efficient server virtualization using grid service infrastructure

    J Inform Process Syst

    (2010)
  • Rong Chunming, Nguyen Son T. Cloud trends and security challenges. In: Proceedings of the 3rd international workshop on...
  • Vitaly Klyuev et al.

    Semantic retrieval: an approach to representing, searching and summarising text documents

    Int J Inform Technol Commun Converg

    (2011)
  • Åsmund Ahlmann Nyre et al.

    A probabilistic approach to information control

    J Internet Technol

    (2010)
  • Tomasz Wlodarczyk et al.

    Industrial cloud: toward inter-enterprise integration

  • Amy Poh Ai Ling et al.

    Selection of model in developing information security criteria for smart grid security system

    J Converg

    (2011)
  • Ping-Hai Hsu et al.

    Two-layer security scheme for AMI system

    J Converg

    (2011)
  • Natalia Kryvinska et al.

    Integrated management platform for seamless services provisioning in converged network

    Int J Inform Technol Commun Converg

    (2010)
  • Siemens IT Solutions and Services. Community clouds: supporting business ecosystems with cloud computing; 2011....
  • Google, Google Apps....
  • Salesforce. Salesforce CRM applications and software solutions....
  • Microsoft. Microsoft Windows Azure....
  • Google. Google App Engine....
  • Amazon. Amazon Elastic Compute Cloud (EC2)....
  • Dropbox, Where Are My Files Stored?; 2011. <http://www.dropbox.com/help/7> [retrieved...
  • Salesforce. Groupon expands throughout the US and beyond with salesforce; 2011....
  • Hong Joo Lee

    Analysis of business attributes in information technology environments

    J Inform Process Syst

    (2011)
  • IDC Blogs. IT cloud services user survey, pt.2: top benefits & challenges; 2011. <http://blogs.idc.com/ie/?p=210>...
  • Cited by (291)

    • Intrusion detection system in cloud environment: Literature survey &amp; future research directions

      2022, International Journal of Information Management Data Insights
    • A Novel Approach for Block Chain Technology based Cyber Security in Cloud Storage Using Hash Function

      2023, Journal of Advanced Research in Applied Sciences and Engineering Technology
    View all citing articles on Scopus

    Chunming Rong is a professor and head of the Center for IP-based Service Innovation at University of Stavanger in Norway. His research interests include cloud computing, big data analysis, security and privacy. He is co-founder and chairman of the Cloud Computing Association (CloudCom.org) and its associated conference and workshop series. He is a member of the IEEE Cloud Computing Initiative, and co-Editor-in-Chief of the Springer Journal of Cloud Computing.

    Son T. Nguyen is a postdoctoral researcher at University of Stavanger. He obtained his PhD degree in Computer Engineering from the University of Stavanger in 2009 and his Master degree in Telecommunications from Asian Institute of Technology in 2002. He is interested in a broad range of research issues related to security in communications networks and cloud computing.

    Martin Gilje Jaatun is a Senior Scientist at SINTEF ICT (Trondheim, Norway), where he has been employed since 2004. He received his MSc degree in Telematics from the Norwegian Institute of Technology (NTH) in 1992. His research interests include software security, security in cloud computing and security of critical information infrastructures. He is vice chairman of the Cloud Computing Association (cloudcom.org) and a Senior Member of the IEEE.

    Reviews processed and proposed for publication to Editor-in-Chief by Associate Editor Dr. Taeshik Shon.

    View full text