Multi-tenancy in Cloud Computing

As Cloud Computing becomes the trend of information technology computational model, the Cloud security is becoming a major issue in adopting the Cloud where security is considered one of the most critical concerns for the large customers of Cloud (i.e. governments and enterprises). Such valid concern is mainly driven by the Multi-Tenancy situation which refers to resource sharing in Cloud Computing and its associated risks where confidentiality and/or integrity could be violated. As a result, security concerns may harness the advancement of Cloud Computing in the market. So, in order to propose effective security solutions and strategies a good knowledge of the current Cloud implementations and practices, especially the public Clouds, must be understood by professionals. Such understanding is needed in order to recognize attack vectors and attack surfaces. In this paper we will propose an attack model based on a threat model designed to take advantage of Multi-Tenancy situation only. Before that, a clear understanding of Multi-Tenancy, its origin and its benefits will be demonstrated. Also, a novel way on how to approach Multi-Tenancy will be illustrated. Finally, we will try to sense any suspicious behavior that may indicate to a possible attack where we will try to recognize the proposed attack model empirically from Google trace logs. Google trace logs are a 29-day worth of data released by Google. The data set was utilized in reliability and power consumption studies, but not been utilized in any security study to the extent of our knowledge.

[1]  Thomas Gross,et al.  Defense-in-Depth Against Malicious Insiders in the Cloud , 2013, 2013 IEEE International Conference on Cloud Engineering (IC2E).

[2]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[3]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[4]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[5]  Jie Xu,et al.  An Approach for Characterizing Workloads in Google Cloud to Derive Realistic Resource Utilization Models , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[6]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[7]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[8]  Yongzhao Zhan,et al.  Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing , 2012, 2012 IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops.

[9]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[10]  Pattie Maes,et al.  Hive: distributed agents for networking things , 2000, IEEE Concurr..

[11]  Mukesh Singhal,et al.  Information flow control in cloud computing , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[12]  David Teneyuca Internet cloud security: The illusion of inclusion , 2011, Inf. Secur. Tech. Rep..

[13]  Dejan S. Milojicic,et al.  Perspectives on cloud computing: interviews with five leading scientists from the cloud community , 2011, Journal of Internet Services and Applications.

[14]  Peng Li,et al.  Mitigating access-driven timing channels in clouds using StopWatch , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[15]  Tharam S. Dillon,et al.  Cloud Computing: Issues and Challenges , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[16]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[17]  Sangyeun Cho,et al.  Characterizing Machines and Workloads on a Google Cluster , 2012, 2012 41st International Conference on Parallel Processing Workshops.

[18]  Sheng Di,et al.  Characterization and Comparison of Cloud versus Grid Workloads , 2012, 2012 IEEE International Conference on Cluster Computing.

[19]  Steve Mansfield-Devine Cloud Security: Danger in the clouds , 2008 .

[20]  T. S. Raghu,et al.  The Information Assurance Practices of Cloud Computing Vendors , 2010, IT Professional.

[21]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[22]  Charles Reiss,et al.  Towards understanding heterogeneous clouds at scale : Google trace analysis , 2012 .

[23]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[24]  Dimitrios Pendarakis,et al.  Security audits of multi-tier virtual infrastructures in public infrastructure clouds , 2010, CCSW '10.

[25]  Jemal H. Abawajy,et al.  A Layered Security Approach for Cloud Computing Infrastructure , 2009, 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks.

[26]  Jennifer Rexford,et al.  NoHype: virtualized cloud infrastructure without the virtualization , 2010, ISCA.

[27]  Zhixiong Chen,et al.  IT Auditing to Assure a Secure Cloud Computing , 2010, 2010 6th World Congress on Services.

[28]  Randy H. Katz,et al.  Heterogeneity and dynamicity of clouds at scale: Google trace analysis , 2012, SoCC '12.

[29]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[30]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[31]  François-Xavier Standaert,et al.  Introduction to Side-Channel Attacks , 2010, Secure Integrated Circuits and Systems.

[32]  John C. Grundy,et al.  Emerging Security Challenges of Cloud Virtual Infrastructure , 2016, APSEC 2010.

[33]  Joseph L. Hellerstein,et al.  Obfuscatory obscanturism: Making workload traces of commercially-sensitive systems safe to release , 2012, 2012 IEEE Network Operations and Management Symposium.

[34]  Srinath Perera,et al.  Multi-tenant SOA Middleware for Cloud Computing , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[35]  Augusto Ciuffoletti Monitoring a virtual network infrastructure: an IaaS perspective , 2010, CCRV.