A security-based survey and classification of Cloud Architectures, State of Art and Future Directions

Ahmad Waqas Department of Computer Science

Sukkur Institute of Business Administration Sukkur, Pakistan

ahmad.waqas@iba-suk.edu.pk

Zulkefli Muhammed Yusof, Asadullah Shah Department of Computer Science

International Islamic University Malaysia Kuala Lumpur, Malaysia

{zulmy, asadullah}@iium.edu.my

Abstract— This research paper aims to explore the underlying cloud computing architectures with respect to security and auditing services. As most of the standards have not been defined yet for cloud computing, academic and industrial researchers are participating with their ideas and proofs. We have surveyed and classified the available cloud computing architectures into three categories which are 1) Architecture of Cloud Computing Security and Auditing, 2) Data Storage Security, Privacy and Auditing of Data Leakage, and 3) Security and Auditing of Malicious Acts. This taxonomy and analysis of existing cloud architectures will be helpful to address the primary issues focusing the security and auditing perspectives in future research.

Keywords - Cloud Computing, Cloud Architecture, Cloud Security, Cloud Auditing, Data Storage

I. INTRODUCTION Cloud computing is nowadays an attractive business for

the companies and organizations that own large data centers to rent their resources. During the last decade, cloud computing evolved promptly and captured the current business market. Multibillion dollar organizations such as IBM, Amazon, Google and Ebay have hugely capitalized in cloud technology with the hype of cloud computing. Surveys [1] show that enterprises and critical business organizations are moving from public to private cloud. More than 50% of the Fortune500 enterprises are using some form of the cloud computing and its growth ratio is 30% per year.

“Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. According to National Institues of Standards and Technology (NIST) model of cloud computing, cloud assures the five vital features that include “on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service” [2]. A pool of resources (Cloud Services SaaS, PaaS, IaaS) is maintained that is available for cloud users when demanded with minimal interaction of Cloud Service Provider (CSP). To deliver the demanded resource timely with accuracy, access to broad network is required. CSP charge cloud users for cloud services using the “measured service” phenomena. The cloud users have provision to scale the cloud service on

demand. The cloud implements a bunch of on-demand services apportioned to accomplish the client’s request considering certain aspects. This includes the requested tasks, security issues concerning identity management and flow of information, and balancing the workload at servers. The supreme objective is to enable delivery of on-demand services for computing with assurance of scalability, reliability and availability.

The cloud computing is still in its infancy period because no specific standards has been defined yet [3]. To cater with the challenges related to security in cloud computing, many researchers and groups are actively participating with their ideas. Examples of working groups are CloudAudit/A6 group, Cloud Security Alliance (CSA), NIST cloud computing group, TrustCloud group and Cloud Audit Data Federation Work Group. A lot of material is published by academic and industrial researches and many ideas are in process. The key contribution in this research paper is to survey the available literature regarding cloud architectures with respect to security and auditing. The main security and auditing areas in cloud computing includes infrastructure security, auditing of services reliability and delivery, data storage security and auditing data leakages, security from malicious acts and last but not least security from insiders. We have classified the available literature and cloud architectures into three categories that are discussed in section III. This taxonomy and analysis of existing cloud architectures will be helpful to address the primary issues focusing the security and auditing perspectives in future research.

II. SIGNIFICANCE OF SECURITY FOR CLOUD ADOPTION There are two types of security concerns which are

security concerns “from the service provider’s point of view” and “cloud client’s point of view” [3]. For instance, 23% of CSPs says in a survey [4] that developing and maintaining data security in cloud is one of the challenges that become barrier for cloud adoption. Another survey by Fujitsu [5] shows that cloud users are worried about the accessibility and transparency of their data. The security loopholes in public or private clouds are actually caused by the infrastructure of cloud computing because it depends on the substantial virtualization. The CSPs are responsible to ensure the security of cloud infrastructure, client’s data and applications by providing security tools. The important cloud security concerns are identity and access management,

2013 International Conference on Advanced Computer Science Applications and Technologies

978-1-4799-2758-6/13 $31.00 © 2013 IEEE

DOI 10.1109/ACSAT.2013.63

284

privacy of contents, securing data during transmission, auditing and last but not least compliance.

Cloud security is threatened with attacks including traditional information security attacks for example SQL Injection and Distributed Denial-of-Service Attack (DDoS), and many others from the new class of attacks. Examples of such attacks are poisoned virtual machines, attacks against CSP, abuse of billing systems, data leakage via URL and so on. Cloud Security Alliance (CSA) identified top most threats to cloud computing [6] that include “Abuse and Nefarious Use of Cloud Computing, Insecure Interfaces and APIs, Malicious Insiders, Shared Technology Issues, Data Loss or Leakage, Account or Service Hijacking and Unknown Risk Profile”. Purpose of defining threats is to assist organizations for cloud computing adoption for their business and improvement.

III. LITERATURE REVIEW Cloud computing is yet evolving. A lot of literature is

published and plenty of ideas are still being developed by many researchers who are contributing for cloud computing to get mature. We have classified the available literature related to cloud security into the following three categories:

� Architecture of Cloud Computing Security and Auditing

� Data Storage Security, Privacy and Auditing of Data Leakage

� Security and Auditing of Malicious Acts

A. Architecture of Cloud Computing Security and Auditing: An Analysis Different researchers have proposed different cloud

computing architectures for security and auditing but none is standardized up till now. NIST presented a Cloud Computing Reference Architecture and Taxonomy [7] to provide a framework for accurate communication of the components

and offerings of cloud computing. It aims to develop a universal vendor neutral architecture that is reliable to NIST cloud computing definition and to obtain a solution that does not choke innovation by expressing a specified technical solution. There are five components in this model i.e. cloud provider, cloud consumer, cloud broker, cloud carrier and cloud auditor. Cloud providers offer cloud services (SaaS, PaaS, Iaas) having the cloud infrastructure (physical resources) along with service management procedures and ensure security and privacy at every layer of service. Cloud consumer consumes cloud services according to Service Level Agreement (SLA) offered by cloud provider either directly or through a third-party named as cloud broker. Cloud Auditor is a Third-Party Auditor (TPA) who is responsible for auditing of cloud to ensure the quality of services. Cloud Auditing is a vague term because it may include infrastructure auditing, data and location auditing, auditing of data during transfer, auditing of malicious (insider and outsider) acts, performance auditing, security and privacy auditing any many more. Trusting the third-party auditor is an important concern. Cloud carrier is the medium between cloud provider, cloud broker, cloud consumer and cloud auditor. Figure 1 depicts the NIST Cloud Computing Reference Model.

Rui Xie and Rose Gamble [8] proposed an architecture for cloud auditing. This tiered strategy has three layers for auditing that are service auditing tier, cloud auditing tier and inter-cloud auditing tier as shown in Figure 2. Auditing is performed using protocols and monitoring tools at each tier. At the service auditing tier, specified protocol is responsible for maintaining log for precise local events, for example, resource access, incoming and outgoing messages. At the cloud auditing tier, they used Session Manager for ensuring the secure session of web services for fulfilling the client request. The inter-cloud tier is authorized for exchanging resources between clouds. The Cloud Manager introduces at

Figure 1: NIST Cloud Computing Reference Model [7]

285

this tier to record exchanges and establishment of secure session between federated clouds. Information recorded at all tiers forms the audit trails for auditing the cloud including security and privacy.

B. Prasad et al. [9] investigated the architectural requirements for cloud computing. They also categorized these architectural characteristics based on the needs of users, enterprises that use cloud as a platform, and cloud service providers. These requirements and issues classification gives a brief understanding for cloud adoption, implementation, deployment and usage. Cloud provider’s requirements and issues for offering cloud services and maintaining cloud include Service Delivery Model (SaaS, PaaS, IaaS), Service Centric Issues, Interoperability, Scalability, QoS, Fault Tolerance, Virtualization Management, Load Balancing, Data Management, Storage and Processing. For business organization or enterprise, cloud requirements and issues are to choose Cloud Deployment Model (Public, Private, Community, and Hybrid), Security, Cloudonomics (economics of cloud), Data Governance, Data Migration, Interoperability, Scalability, QoS, Business Process Management, Third party Engagement and Transferable Skills. Requirements for Cloud Users are Billing and Metering based on Services Consumption, Privacy, Service Level Agreement (SLA), Adaptability and Learning.

A. M. Talib et al. [10] proposed a Multi Agent System (MAS) approach for security architecture. They gave a framework to ensure integrity, confidentiality and availability through agents. They introduced the “Cloud Service Provider Agent (CSPA)” that is responsible to enable cloud user to connect with CSP’s security service environment through graphical user interface. “Cloud Data Confidentiality Agent (CDConA)” eases the security policy of confidentiality for “Cloud Data Storage (CDS)” using identification, authorization and authentication processes. Another agent, “Cloud Data Correctness Agent (CDCorA)” is responsible for correctness assurance for CDS when a transaction (update, delete, modify etc.) is performed by cloud users. “Cloud Data Availability Agent (CDAA)” enables the availability by receiving and displaying the security issues. “Cloud Data Integrity Agent (CDIA)” is responsible for regular data backup to assure data integrity. It enables the cloud users to rebuild original data through cloud data vectors that are downloaded from cloud servers.

F. Doelitzscher et al. [11] demonstrated a Security Audit as a Service (SAaaS) architecture. The aim of this cloud audit system is to improve trust in cloud infrastructures by setting up further transparency for users and cloud service

provider regarding what is going on in the cloud. They used autonomous agents to detect the infrastructural changes to reevaluate the security status of the cloud and notify the user via an audit report.

Chen and his colleagues [12] proposed an On-Demand Security Architecture that differentiates security according to service-specific characteristics to avoid an unnecessary drain on IT resources. They used the layered approach to cater the issues regarding security policies invocation. Input layer will accept three inputs to decide that which policy manage the service. The Policy Layer generates the security mechanism parameters after receiving input from input layer. These parameters are based on the specified level of security, type of service, and risks relate to network access.

B. Data Storage Security, Privacy and Auditing of Data Leakage Most of the research in cloud computing is related to the

data storage and data security and to identify the entities who are responsible for data leakage from the cloud environment. Many research groups are still investigating the efficient mechanism for storage, security and privacy to gain and maintain the trust of cloud users. An example is a framework proposed by Y. S. Tan et al. [13] called CloudDT. The aim of CloudDT is to audit the leakage of data and tracking data that leaves cloud boundary. They used the “Data Tracker” application that contains an executable file called viewer.exe.

Figure 3 gives the overview of DataTracker. Whenever a

file leaves the cloud boundary, no matter whatever the reason is, this viewer.exe file will be attached to that data file. The purpose of viewer.exe is to log events on data file and send the temper-proof event logs back to the server. This will

Figure 3: Overview of DataTracker

Service Auditing

Tier

Cloud Auditing

Tier

Inter-cloud

Auditing Tier

Figure 2: Cloud Architecture and Tiers [8]

286

enable the administrators to monitor the data file even if it is leaked and to generate the audit trails. These audit trails can be monitored for auditing using underlying rule based monitoring systems such as Arcsight and Drools.

“A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures” proposed by P. Massonet et al. [14], audits the location of data for federated clouds. The cloud may spans over several countries. The audit logs required for compliance auditing can be created with the monitoring information of the service provider. They also discussed issues and requirements related to data compliance in cloud.

Provable data possession (PDP) protocol is a cryptographic method to validate data integrity without requiring a copy of data at an untrusted server. Y. Zhu et al. [15] improved the Provable data possession (PDP) protocol to an interactive PDP protocol. The aim is to avoid illegitimacy of prover and the leakage of verified data.

For validating the outsourced data integrity, C. Wang et al. [16] developed a privacy preserving public auditing model for data storage security. It is significant because cloud users are outsourcing their data to cloud, so the public accountability (third-party accountability) for data integrity is required. Figure 4 depicts the scenario of data storage and retrieval in cloud involving TPA. The users are required to be authenticated and authorized (AA) by some trusted TPA to get access to cloud services and data. Once TPA performs AA process, it delegate cloud access to user and data can flow between cloud and user in trusted manner. But, for TPA, they should not require a local copy of data for auditing because it will put online burden on cloud users and privacy of user data must not be exposed. To achieve the privacy preserving public cloud data auditing, authors proposed combination of homo-morphic authenticator (based on public key) with random masking. The proposed model publically audits the data integrity and preserves the privacy of cloud data that meets the requirement of TPA.

To address the concern of cloud users for losing control

over their own data, S. Sundareswaran et al. [17] proposed an information accountability model for keeping track of users’ data usage in cloud. This accountability framework is highly decentralized that uses object-centric approach for attaching event log information with user’s data. Using the JAR programming capabilities, they ensured the authentication and automated logging whenever data is accessed. Figure 5 illustrates the cloud information

accountability (CIA) components and process of authentication and logging. First of all, users are required to create pair of private and public key. Users with the help of these keys will now create a JAR file that is a logger component to store their data. This JAR file contains the information regarding service subscription and authentication. This JAR file will be sent to CSP for data access based on authentication. The JAR will maintain log record and will encrypt it using public key. The data owner then can view the data log using the private key. Log records will be signed by accessing entity to maintain the trustworthiness of log. This temper-proof log can now be used for efficient auditing.

C. Security and Auditing of Malicious Acts

Malicious entities are dangerous for computing especially cloud computing as cloud contains precious and expensive resources and malicious entities can compromise these resources. For example Amazon EC2, in 2009, was compromised by the malicious users and Microsoft/T-Mobile’s cloud customers lost their data due to ‘sidekick disaster’ [18]. Lots of measures have been taken by researchers and cloud providers to secure cloud from malicious acts. A. J. Duncan et al. [19] classified the current malicious insider, attacks and threats to cloud computing. “A Malicious Insider is an Insider who intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organizations information or information systems”. They presented the nature and behavior of malicious insiders with respect to cloud ecosystem. They identified the inside attackers as Familial insiders (family, friends or outside coercion), Benign-Insider Coercion, Third-party Providers, Malicious Hypervisor, Malicious Clients, Malicious Cloud Provider/Broker and Advanced Persistent Threat (APT related to cloud computing),. These insiders can access cloud assets for example database, passwords or keys, IPs and network infrastructure. Figure 6 represents the view of insiders in the cloud computing.

W. R. Claycomb and A. Nicoll [20] discussed the common notion of inside attackers in three distinctive perspectives. A rough cloud provider administrator who is a trusted person appointed as administrator (Hosting company

Figure 5: Cloud Information Accountability Framework

Figure 4: Cloud Data Storage Architecture

287

administrator, virtual image administrator, system administrator or application administrator) to process client’s data may be motivated financially for threats. Another perspective of insider is the employee in victim organization who accidently or maliciously exploit the weaknesses to get illegal access to cloud data and resources. This can happen because of the vulnerabilities introduced by the cloud or virtualization etc. The third perspective of inside attacker is the employee who intentionally attacks his employer’s resources for stealing or damaging cloud or system data. They further suggest mechanism to secure cloud against these malicious insiders.

T. Khorshed et al. [21] uses the machine learning techniques for proactive malicious attack detection for cloud computing aiming to detect attack at beginning or during the attack and inform cloud customers about attack even when it is hidden by cloud provider. Figure 7 shows the experiment design for attack detection using machine learning technique within single cloud environment. In this experiment design, first of all, attack script is generated using documented attack scenarios and tools. Data collection is next step that is collected based on the nature of data. Next, machine learning will take a proactive action if there is a known type of attack. If the attack type is unknown, it will still detect it as the variation of data that is in normal use and will inform the data owner and security administrators regarding attack.

Figure 7: Attack Detection through Machine Learning

IV. DISCUSSION Lots of literature is available on cloud computing

as researchers are contributing in this filed. Because cloud is one of attractive choice for good business and investment, the researchers are motivated to participate in solving the real problems of cloud computing, more specifically, security and privacy concerns of cloud service providers and cloud users. There are different cloud architectures proposed by researchers and lots of different algorithms for data security, data integrity, data leakage security, securing from malicious acts, security auditing and so on. We felt the need to classify these security related algorithms and architectures to help researchers to identifying the area where improvement is needed to define standards for cloud computing. Table 1 summarizes it. The classification will be also helpful for easy understanding of cloud aspects, issues and solutions.

TABLE 1: CLASSIFICATION OF CLOUD ARCHITECTURES

Focus Methodology

[7]

Overall architecture for cloud computing including internal and external security and auditing aspactss.

A reference model

[8] Cloud auditing Tiered straitegy for auditing within cloud and inter-clouds

[9] Requirements analysis for cloud architecture

Classification of architectural requirements based on users, enterprise, and cloud service providers

[10] Cloud security Multi Agent System

[11] Cloud Security Architecture Security Audit as a Service (SAaaS)

[12] Cloud Security Architecture On-Demand service-specific Security Architecture

[13] Data leakage and tracking Software application “Data Tracker” for tracking of leaked data from cloud .

[14] Auditing logging architectuer Audit data location using audit logs

[15] Data intigrety

Interactive Provable data possession (PDP) protocol based on cryptographic method to validate data integrity and to avoid illegitimacy of prover and data leakage.

[16] Data Security Privacy preserving public auditing model for data storage security

[17] Data ownership

Information accountability model for keeping track of users’ data using JAR programming cababilites.

[19] Malacious insiders Classification of current malicious insider, attacks and threats

[20] Insider attackers Classification of insider attackers based of different perspectives.

[21] Malicious attack detection Machine learning technique

Figure 6: A view of insiders in Cloud

288

V. CONCLUSION & FUTURE WORK Although lots of efforts for securing and auditing the

cloud has been performed and much work is undergoing by academic and industrial researchers but the collaborative cloud architecture for security and auditing without the involvement of TPA has not been focused. Our future research aims to propose collaborative architecture for cloud computing that can share resources when needed with security and can audit themselves without involvement of third party.

REFERENCES [1] B. Claybrook, “Moving to a private cloud : Technology choices and

implementation issues,” Retrieved on 5/4/2013, 2010. [Online]. Available: http://www.computerworld.com/s/article/9196261/Moving_to_a_private_cloud_Technology_choices_and_implementation_issues?taxonomyId=158&pageNumber=1.

[2] P. Mell and T. Grance, “The NIST Definition of Cloud Computing ( Draft ) Recommendations of the National Institute of Standards and Technology,” vol. 145.

[3] A. Waqas, Zulkefli.Muhammed.Yusof, Asadullah Shah, “Fault Tolerant Cloud Auditing,” in IEEE Proceedings of ICT4M, 2013.

[4] M. Krigsman, “Cloud research : Cost matters most and confusion remains,” Retrieved on 23/9/2013 from http://www.cloudave.com/24642/cloud-research-cost-matters-most-and-confusion-remains/, 2012. .

[5] Fujitsu, “Personal data in the cloud : A global survey of consumer attitudes,” Reterived on 5/4/2013, 2010. [Online] Available at http://www.fujitsu.com/global/news/publications/dataprivacy.html.

[6] Cloud Security Alliance, “Top Threats to Cloud Computing, Version 1.0,” 2010.

[7] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, “NIST Cloud Computing Reference Architecture Recommendations of the National Institute of Standards and,” 2011.

[8] R. Xie and R. Gamble, “A Tiered Strategy for Auditing in the Cloud,” 2012 IEEE Fifth Int. Conf. Cloud Comput., pp. 945–946, Jun. 2012.

[9] B. Prasad, R. Admela, D. Katsaros, and Y. Goeleven, “Architectural Requirements for Cloud Computing Systems : An Enterprise Cloud Approach,” JGrid Comput. Springer, pp. 3–26, 2010.

[10] A. M. Amir Mohamed Talib, Rodziah Atan, Rusli Abdullah, “Security Framework of Cloud Data Storage Based on Multi Agent System Architecture - A Pilot Study,” IEEE, pp. 54–59, 2012.

[11] F. Doelitzscher, C. Fischer, D. Moskal, C. Reich, M. Knahl, and N. Clarke, “Validating Cloud Infrastructure Changes by Cloud Audits,” 2012 IEEE Eighth World Congr. Serv. IEEE Comput. Scociety, pp. 377–384, Jun. 2012.

[12] J. Chen, Y. Wang, and X. Wang, “On-Demand Security Architecture for Cloud Computing,” IEEE Computer Society, vol. 0018–9162, no. July, pp. 73–78, 2012.

[13] Y. S. Tan, R. K. L. Ko, P. Jagadpramana, C. H. Suen, M. Kirchberg, T. H. Lim, B. S. Lee, A. Singla, K. Mermoud, D. Keller, and H. Duc, “Tracking of Data Leaving the Cloud,” 2012 IEEE 11th Int. Conf. Trust. Secur. Priv. Comput. Commun., pp. 137–144, Jun. 2012.

[14] P. Massonet, S. Naqvi, C. Ponsard, J. Latanicki, B. Rochwerger, M. Villari, A. G. Cloud, and C. Issues, “A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures,” IEEE Comput. Soc., pp. 1510–1517, 2011.

[15] Y. Zhu, H. Hu, G. Ahn, and S. S. Yau, “Efficient audit service outsourcing for data integrity in clouds,” J. Syst. Softw., vol. 85, no. 5, pp. 1083–1095, 2012.

[16] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing,” IEEE INFOCOM 2010 Proc., 2010.

[17] S. Sundareswaran, A. C. Squicciarini, and D. Lin, “Ensuring Distributed Accountability for Data Sharing in the Cloud,” IEEE Trans. DEPENDABLE Secur. Comput., vol. 9, no. 4, pp. 556–568, 2012.

[18] M. Chung, “Security in the ‘cloud’, Myth versus Reality,” in KPMG, 2011, vol. Hacking th, no. June.

[19] A. J. Duncan, S. Creese, and M. Goldsmith, “Insider Attacks in Cloud Computing,” in 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, 2012, pp. 857–862.

[20] W. R. Claycomb and A. Nicoll, “Insider Threats to Cloud Computing : Directions for New Research Challenges,” in IEEE 36th International Conference on Computer Software and Applications, 2012, pp. 387–394.

[21] T. Khorshed, A. B. M. S. Ali, and S. A. Wasimi, “Trust Issues That Create Threats for Cyber Attacks in Cloud Computing,” in IEEE 17th International Conference on Parallel and Distributed Systems, 2011, vol. [1] T. Kho, pp. 900–905.

289