Beyond lightning: A survey on security challenges in cloud computing☆
Graphical abstract
Highlights
► Security is crucial for the widespread use of cloud computing applications. ► There are no one-size-fits-all solutions for security in cloud computing. ► Users can securely store and share data in cloud with data leakage prevention solution. ► SLA and accountability are two important building blocks for cloud security.
Introduction
According to Google’s Kevin Marks, the term “cloud computing” comes “from [the] early days in the Internet where we drew the network as a cloud. We didn’t care where the message went… the cloud hid it from us” [1]. The National Institute of Standards and Technology (NIST) has defined cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources, e.g. networks, servers, storage, applications, and services, that can be rapidly provisioned and released with minimal management effort or service provider interaction [2].
In contrast to the conventional computing model, where end-user data and computing power are located in the users’ computer systems, cloud computing resources are provided in massive, abstracted (virtualized) infrastructures managed by professional service providers [3]. The cloud model simplifies installation, operation and maintenance of information systems, and reduces costs while increasing system reliability and efficiency. A cloud system is also user friendly, in the respect that it requires less expertise to use. One can draw the analogy with current electricity and running-water systems, where end-users can use services from providers with ease, without being concerned with the technical complexity behind those systems.
Cloud computing can provide elastic resources with dynamic provisioning and scaling based on user demands. This approach is intended to deal with both resource over-provisioning, i.e., more resources than needed are allocated, and resource under-provisioning, i.e., fewer resources than required are allocated. The elastic management yields better overall system resource usage and hence increases system efficiency.
In previous work [4], we have discussed the MapReduce programming model and its impact on cloud computing, and we will not cover this further here. This paper gives an overview of cloud computing and related security challenges, and highlights some areas for further work. The rest of this paper is organized as follows: Section 2 introduces different classifications of cloud computing. In Section 3, we review security challenges that cloud computing needs to address. Section 4 briefly discusses how Service Level Agreements (SLAs) in cloud computing could be extended to also cover security aspects. Section 5 presents a solution to provide trusted data sharing over public cloud storage. Section 6 briefly sketches some important issues regarding accountability in the cloud. Finally, Section 7 concludes the paper.
Section snippets
Cloud computing classification
Although “cloud computing” is a relatively new and emerging term, many believe that other forms of “cloud” existed long before the term was introduced. Though referred to by different names, other technologies and concepts have been developed and used to form the current cloud computing technology.
The first cloud-like technology (“Cloud 1.0”) resulted from the abstraction of TCP/IP layers, where network devices communicate with one another by complying with TCP/IP protocol specifications
Cloud computing security challenges
The benefits introduced by cloud computing are legion. According to IDC [20], the most beneficial aspects of using cloud include fast and easy deployment, the pay-per-use model, and reduction of in-house IT costs. However, they also point out that security is the most important issue to be addressed in order to promote the widespread use of cloud computing.
Cloud computing providers need to solve the common security challenges of traditional communication systems. At the same time, they also
Service level agreements for cloud security
In many respects, cloud computing represents outsourcing of computation and storage to an external service provider. Such outsourcing has been governed by Service Level Agreements (SLAs) that specify minimum levels of performance that the customer can expect, e.g., 99.999% system availability per year. Traditionally, however, SLAs have not covered security aspects such as confidentiality and integrity.
In a cloud computing marketplace, it is reasonable to expect that not all providers will be
Trusted data sharing over untrusted cloud storage providers
Cloud computing shifts most of the IT infrastructure and data storage to off-premises third-party providers, with two important consequences [4]: (a) Data owners have only limited control over the IT infrastructure, therefore data owners must establish a mechanism to mandate the enforcement of their security policies to ensure data confidentiality and integrity; (b) Cloud service providers have excessive privileges, allowing them extensive control and ability to modify users’ IT systems and
Accountability in the cloud
While bulletproof confidentiality-preserving solutions for the cloud remain a desirable goal, it is clear that as long as “big data” needs to be processed in the cloud, there are currently no sufficiently efficient mechanisms that can do this without letting the cloud providers have access to cleartext data. Thus, there is a need for other mechanisms that can allay the fears of users that otherwise might be scared away from using the cloud.
Pearson et al. [40], [41] highlight that the current
Conclusion
Cloud computing is a very promising technology that helps companies reduce operating costs while increasing efficiency. Even though cloud computing has been deployed and used in production environments, security in cloud computing is still in its infancy and needs more research attention. Our paper presents a survey regarding security in cloud computing and discusses a number of possible research topics to improve security in cloud.
We presented an overview of cloud computing, its benefits and
Acknowledgements
Thanks to Dr. Karin Bernsmed for the illustration of security mechanisms in cloud SLAs.
Parts of this work have been funded by the Telenor-SINTEF research agreement.
Chunming Rong is a professor and head of the Center for IP-based Service Innovation at University of Stavanger in Norway. His research interests include cloud computing, big data analysis, security and privacy. He is co-founder and chairman of the Cloud Computing Association (CloudCom.org) and its associated conference and workshop series. He is a member of the IEEE Cloud Computing Initiative, and co-Editor-in-Chief of the Springer Journal of Cloud Computing.
References (41)
- Mell Peter, Grance Tim. Effectively and securely using the cloud computing paradigm; 2011....
- National Institute of Standards and Technology. The NIST definition of cloud computing; 2011....
- et al.
Efficient server virtualization using grid service infrastructure
J Inform Process Syst
(2010) - Rong Chunming, Nguyen Son T. Cloud trends and security challenges. In: Proceedings of the 3rd international workshop on...
- et al.
Semantic retrieval: an approach to representing, searching and summarising text documents
Int J Inform Technol Commun Converg
(2011) - et al.
A probabilistic approach to information control
J Internet Technol
(2010) - et al.
Industrial cloud: toward inter-enterprise integration
- et al.
Selection of model in developing information security criteria for smart grid security system
J Converg
(2011) - et al.
Two-layer security scheme for AMI system
J Converg
(2011) - et al.
Integrated management platform for seamless services provisioning in converged network
Int J Inform Technol Commun Converg
(2010)
Analysis of business attributes in information technology environments
J Inform Process Syst
Cited by (291)
Tamper-proof access control for IoT clouds using enclaves
2023, Ad Hoc NetworksThe adoption of remote work platforms after the Covid-19 lockdown: New approach, new evidence
2023, Journal of Business ResearchTo adopt or not to adopt? The determinants of cloud computing adoption in information technology sector
2022, Decision Analytics JournalIntrusion detection system in cloud environment: Literature survey & future research directions
2022, International Journal of Information Management Data InsightsA Novel Approach for Block Chain Technology based Cyber Security in Cloud Storage Using Hash Function
2023, Journal of Advanced Research in Applied Sciences and Engineering Technology
Chunming Rong is a professor and head of the Center for IP-based Service Innovation at University of Stavanger in Norway. His research interests include cloud computing, big data analysis, security and privacy. He is co-founder and chairman of the Cloud Computing Association (CloudCom.org) and its associated conference and workshop series. He is a member of the IEEE Cloud Computing Initiative, and co-Editor-in-Chief of the Springer Journal of Cloud Computing.
Son T. Nguyen is a postdoctoral researcher at University of Stavanger. He obtained his PhD degree in Computer Engineering from the University of Stavanger in 2009 and his Master degree in Telecommunications from Asian Institute of Technology in 2002. He is interested in a broad range of research issues related to security in communications networks and cloud computing.
Martin Gilje Jaatun is a Senior Scientist at SINTEF ICT (Trondheim, Norway), where he has been employed since 2004. He received his MSc degree in Telematics from the Norwegian Institute of Technology (NTH) in 1992. His research interests include software security, security in cloud computing and security of critical information infrastructures. He is vice chairman of the Cloud Computing Association (cloudcom.org) and a Senior Member of the IEEE.
- ☆
Reviews processed and proposed for publication to Editor-in-Chief by Associate Editor Dr. Taeshik Shon.