Chapter 5.3: Data Security in Cloud Computing - Virginia Tech

1 Chapter : data Security in Cloud ComputingShucheng Yu1, Wenjing Lou2, and Kui Ren31 University of Arkansas at Little Rock, AR, USA2 Virginia Polytechnic Institute and State University, VA, USA3 Illinois Institute of Technology, IL, Computing has come into reality as a new IT infras-tructure built on top of a series of techniques such as distributed comput-ing, virtualization, etc. Besides the many benefits that it can bring forth, Cloud Computing also introduces the difficulty of protecting the securityof data outsourced by Cloud users. This Chapter will first study the basicconcepts and analyze the essentials of data Security issues pertaining toCloud Computing . Then we elaborate on each issue by discussing its na-ture and existing solutions if available. Specifically, we will emphasize onissues of protecting data confidentiality/integrity/availability, securingdata access and auditing, and enforcing the regulations and compliancesregarding to data Security and Computing , data Security , confidentiality, integrity, avail-ability, access control1 OverviewCloud Computing is a new IT infrastructure in which Computing resources areprovided as a utility to Cloud users in the pay-as-you-go manner.

2 By integrat-ing techniques such as Service Oriented Architecture (SOA), virtualization, dis-tributed Computing and etc, Cloud Computing offers elastic, on-demand and mea-sured services to Cloud users anytime anywhere whenever Internet is available,and enable them to enjoy the illusionary unlimited Computing resources. Theservices provided by the Cloud can be at different levels of the system stack,which can be described by the terminology of X as a service (XaaS) whereX could be Software, Infrastructure, Hardware, Platform and etc. For example,Amazon EC2 provide Infrastructure as a service and allow Cloud users to managevirtual machine instances and control almost the entire software stack above theOS kernel; Google AppEngine provides Software as a service which is targetedat traditional web applications; Microsoft Azure offers services which are inter-mediate between AppEngine and EC2.

3 By deploying applications in the Cloud , Cloud users are able to enjoy massive and elastic Computing resources withoutthe large capital outlays in building their own data centers. Such a fact will sig-nificantly benefit the IT industry, especially small and medium IT enterprises,letting alone individuals, who were greatly limited by Computing resources. Forthis reason, Cloud Computing is believed to have the potential to shape the ITindustry in the What is Cloud Computing ?Although the benefits of Cloud Computing are obvious, it is not trivial to pro-vide a concrete definition for Cloud Computing due to its intrinsic the date when this book is written, there is no standardized definition ofthe termcloud computingexcept several attempts by leading institutions andstandard organizations. A research group from the University of California atBerkeley [19] defines Cloud Computing as below: Cloud Computing refers to both the applications delivered as services over theInternet and the hardware and systems software in the datacenters that providethose services.

4 The services themselves have long been referred to as Software asa Service (SaaS). The datacenter hardware and software is what we will call aCloud. When a Cloud is made available in a pay-as-you-go manner to the generalpublic, we call it a Public Cloud ; the service being sold is Utility Computing . Weuse the term Private Cloud to refer to internal data centers of a business or otherorganization, not made available to the general public. Thus, Cloud Computingis the sum of SaaS and Utility Computing ..- Above the Clouds: A Berkeley View of Cloud Computing NIST [15] gives the following unofficial definition of Cloud Computing : Cloud Computing is a pay-per-use model for enabling available, convenientand on-demand network access to a shared pool of configurable Computing re-sources ( , networks, servers, storage, applications and services) that canbe rapidly provisioned and released with minimal management effort or serviceprovider NIST unofficial draftNotwithstanding that there is no such a unique definition of Cloud Computing ,these works together do outline several most important characteristics of cloudcomputing.

5 1) Computing resources at different level of the system stack areprovided as Cloud services in the pay-as-you-go manner like traditional utilityservices, , Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) andInfrastructure-as-a-Service (IaaS). Cloud users just need to pay for what theyhave actually used. 2) Rapidly elastic and scalable resources are available tocloud users. Cloud users are able to launch more Computing resources at peaktime and release them at nonpeak times, and saves their capital expenditurein hardware/software to deal with the fluctuation in workloads. 3) The servicesare provided in the on-demand manner and can be configured by Cloud usersthemselves. This makes it very convenient for Cloud users to access Cloud servicesas they no longer need to interact with the system administrator and go throughthe usually lengthy processing routines.

6 4) Cloud services are made accessiblevia the Internet. Cloud users can launch these services on any platform thatsupports web techniques. 5) Computing resources are pooled and provided tocloud users independent of their locations. Besides these essential characteristics,3 Cloud Computing also has other properties such as multi-tenant architecture, , applications of numerous customers may co-run or co-exist on the samephysical device. According to its ownership and the technical architecture, CloudComputing can be categorized asPublic Cloud ,Private Cloud ,Hybrid CloudandCommunity Cloud . Pubic Clouds provide services to the general public across theInternet while a Private Cloud exclusively serves a single Clouds integrate models of both Public Cloud and Private Cloud to meetspecific business and technology needs. Community Clouds are usually used byorganizations with similar Key Enabling Techniques of Cloud ComputingAlthough the termCloud Computingis new, the underlying concept of cloudcomputing is actually not new.

7 In the 1960s, John McCarthy mentioned that computation may someday be organized as a public utility in his speaking atthe MIT Centennial. Douglas Parkhill in his 1966 book [47] thoroughly exploredthe characteristics of the Computer Utility which are very similar to thosecharacteristics of the modern-day Cloud Computing . However, Cloud Computing ,or the Computer Utility , had not become a reality until the late 2000s whenseveral critical enabling techniques at various levels of the system stack are allmade available: broadband networks, the Web technology, Service Oriented Ar-chitecture (SOA), Software as a Service (SaaS), virtualization, distributed com-puting and the plentiful of software and operating systems. The broadband net-works serve as a fundamental element in Cloud Computing for efficiently couplingphysically distributed resources into a logically integrated service and providingsmooth remote access for Cloud users.

8 The Web technologies offer platform inde-pendent ways for users to visualize and configure remote services. SOA makes itpossible to deploy applications based on a loosely-coupled suite of services acrossmultiple separate systems/servers over the Internet. SaaS provides applicationlevel of services in a pay-as-you-go model. Virtualization abstracts logical de-vices from physical devices and allows co-residence of multiple logically isolatedinstances such as operation systems on a single physical machine. Virtualizationand distributed Computing together make Computing as utility and elasticityof Computing resources possible. The availability of high-performance and cost-effective Computing and storage hardware devices is fundamental to the illusionof unlimited Security in Cloud ComputingThe many characteristics of Cloud Computing have made the long dreamed vi-sion of Computing as a utility a reality and will have the potential to benefitand shape the whole IT industry.

9 When deciding whether or not to move intothe Cloud , potential Cloud users would take into account factors such as serviceavailability, Security , system performance and etc, among which Security is themain concern according to a survey conducted by the IDC Enterprise Panel4in 2008. However, the Security issue of Cloud Computing is intrinsically compli-cated, which can be explained by the fact that Cloud Computing is built on top ofexisting techniques and architectures such as SOA, SaaS, distributed computingand etc. When combining all the benefits of these techniques and architectures, Cloud Computing also inherits almost all their Security issues at various levels ofthe system stack. Besides this, the operation model of Cloud Computing will alsoreshape the trust model when Cloud users move their applications from withintheir enterprise/organization boundary into the open Cloud .

10 By doing so, cloudusers may lose physical control over their applications and data . In Cloud envi-ronments network perimeters will no longer exist from Cloud users perspective,which renders traditional Security protection mechanisms such as firewalls notapplicable to Cloud applications. Cloud users have to heavily rely on the cloudservice providers for Security protection. On the other hand, in Cloud Computing (except private clouds) users and Cloud service providers are not necessarily fromthe same trust domain. In applications such as heathcare, Cloud service providersand/or their system administrators may not even be allowed to access sensitiveuser data when providing Security protection according to corresponding regu-lations/compliances. It requires that Cloud service providers are able to providenecessary Security services to meet individual Cloud users Security requirementswhile abiding to the regulations/compliances.