Cloud security: Emerging threats and current solutions

Abstract Many organizations are stuck in the cloudify or not to cloudify limbo, mainly due to concerns related to the security of enterprise sensitive data. Removing this barrier is a key pre-condition to fully unleash the tremendous potential of cloud computing. In this paper, we provide a comprehensive analysis of the main threats that hamper cloud computing adoption on a wide scale, and a right to the point review of the solutions that are currently being provided by the major vendors. The paper also presents the (near) future directions of cloud security research, by taking a snapshot of the main research trends and most accredited approaches. The study is done on a best of breed selection of proprietary and Open Source cloud offerings. The paper is thus a useful navigation tool, that can be used by the IT personnel to gain more insight into the security risks related to the use of cloud computing, as well as to quickly weigh the pros and cons of state of the art solutions.

[1]  Jie Xu,et al.  Multi-tenancy in Cloud Computing , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[2]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[3]  Máire O'Neill,et al.  Practical homomorphic encryption: A survey , 2014, 2014 IEEE International Symposium on Circuits and Systems (ISCAS).

[4]  Ella Grishikashvili Pereira,et al.  Evaluating security mechanisms implemented on public Platform-as-a-Service cloud environments case study: Windows Azure , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[5]  Ruby B. Lee,et al.  A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems Workshops.

[6]  Sasko Ristov,et al.  Security evaluation of open source clouds , 2013, Eurocon 2013.

[7]  Benedikt Heinz,et al.  A Cache Timing Attack on AES in Virtualization Environments , 2012, Financial Cryptography.

[8]  Chia-Chu Chiang,et al.  Parallelizing Fully Homomorphic Encryption , 2014, 2014 International Symposium on Computer, Consumer and Control.

[9]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[10]  Hiroaki Hazeyama,et al.  Enabling secure multitenancy in cloud computing: Challenges and approaches , 2012, 2012 2nd Baltic Congress on Future Internet Communications.

[11]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[12]  Wei Xie,et al.  Security and Privacy in Cloud Computing: A Survey , 2010, 2010 Sixth International Conference on Semantics, Knowledge and Grids.

[13]  Ruby B. Lee,et al.  Characterizing hypervisor vulnerabilities in cloud computing servers , 2013, Cloud Computing '13.

[14]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[15]  Angelos D. Keromytis Financial Cryptography and Data Security , 2012, Lecture Notes in Computer Science.

[16]  Swarna Bharathi,et al.  A REVIEW ON DISTRIBUTED CLOUD INTRUSION DETECTION SYSTEM , 2013 .

[17]  Thomas Gross,et al.  Defense-in-Depth Against Malicious Insiders in the Cloud , 2013, 2013 IEEE International Conference on Cloud Engineering (IC2E).

[18]  Rida Khatoun,et al.  Understanding botclouds from a system perspective: A principal component analysis , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[19]  G. Jaspher W. Kathrine,et al.  Security of real time cloud service providers: A survey , 2014, 2014 International Conference on Electronics and Communication Systems (ICECS).

[20]  Deepak Panth,et al.  A Survey on Security Mechanisms of Leading Cloud Service Providers , 2014 .

[21]  Dongsu Han,et al.  A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications , 2015, HotNets.

[22]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[23]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[24]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[25]  Andrew Warfield,et al.  Cloud security: a gathering storm , 2014, CACM.

[26]  Stephen A. Weis,et al.  Protecting Data In-Use from Firmware and Physical Attacks , 2014 .

[27]  K Punithasurya,et al.  Analysis of Different Access Control Mechanism in Cloud , 2012 .

[28]  Zhi Wang,et al.  DKSM: Subverting Virtual Machine Introspection for Fun and Profit , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[29]  Kailas Devadkar,et al.  Understanding DDoS Attack & its Effect in Cloud Environment , 2015 .

[30]  Dimitris Gritzalis,et al.  The Insider Threat in Cloud Computing , 2011, CRITIS.

[31]  Moses Garuba,et al.  Cloud Computing Vulnerability: DDoS as Its Main Security Threat, and Analysis of IDS as a Solution Model , 2014, 2014 11th International Conference on Information Technology: New Generations.

[32]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[33]  Khaled Salah,et al.  Assessing the security of the cloud environment , 2013, 2013 7th IEEE GCC Conference and Exhibition (GCC).