Addressing cloud computing security issues

The recent emergence of cloud computing has drastically altered everyone's perception of infrastructure architectures, software delivery and development models. Projecting as an evolutionary step, following the transition from mainframe computers to client/server deployment models, cloud computing encompasses elements from grid computing, utility computing and autonomic computing, into an innovative deployment architecture. This rapid transition towards the clouds, has fuelled concerns on a critical issue for the success of information systems, communication and information security. From a security perspective, a number of unchartered risks and challenges have been introduced from this relocation to the clouds, deteriorating much of the effectiveness of traditional protection mechanisms. As a result the aim of this paper is twofold; firstly to evaluate cloud security by identifying unique security requirements and secondly to attempt to present a viable solution that eliminates these potential threats. This paper proposes introducing a Trusted Third Party, tasked with assuring specific security characteristics within a cloud environment. The proposed solution calls upon cryptography, specifically Public Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrity and confidentiality of involved data and communications. The solution, presents a horizontal level of service, available to all implicated entities, that realizes a security mesh, within which essential trust is maintained.

[1]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[2]  Julian Ashbourn,et al.  A Technology Overview , 2014 .

[3]  Despina Polemi Trusted third party services for health care in Europe , 1998, Future Gener. Comput. Syst..

[4]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[5]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.

[6]  Katarina Stanoevska-Slabeva,et al.  Grid and Cloud Computing, A Business Perspective on Technology and Applications , 2009, Grid and Cloud Computing.

[7]  Vijay Varadharajan,et al.  Dynamic trust enhanced security model for trusted platform based services , 2011, Future Gener. Comput. Syst..

[8]  Stefanos Gritzalis,et al.  Quality assured trusted third parties for deploying secure internet-based healthcare applications , 2002, Int. J. Medical Informatics.

[9]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[10]  Ian T. Foster,et al.  A Flexible Attribute Based Access Control Method for Grid Computing , 2008, Journal of Grid Computing.

[11]  Danny Williams,et al.  Cloud Application Architectures: Building Applications and Infrastructure in the Cloud , 2009 .

[12]  Dimitrios Lekkas Establishing and managing trust within the public key infrastructure , 2003, Comput. Commun..

[13]  A. Giddens The consequences of modernity , 1990 .

[14]  Björn Victor Distributed Systems Security , 2004 .

[15]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..

[16]  Takamichi Saito,et al.  A technical comparison of IPSec and SSL , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[17]  Dimosthenis Kyriazis,et al.  Service Selection Decision Support in the Internet of Services , 2010, GECON.

[18]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .