Course on Cloud Computing

Cloud Security in Cloud Computing-I

by

Dr. Gitanjali Chandwani Manocha

Assistant Professor
Department of Electronics & Communication Engg
Thapar Institute of Engineering and Technology, Patiala
 Course on Cloud Computing
Cloud Security in Cloud Computing-II
by

Dr. Gitanjali Chandwani Manocha

Assistant Professor
Department of Electronics & Communication Engg
Thapar Institute of Engineering and Technology, Patiala
 Course on Cloud Computing
Cloud Security in Cloud Computing-III
by

Dr. Gitanjali Chandwani Manocha

Assistant Professor
Department of Electronics & Communication Engg
Thapar Institute of Engineering and Technology, Patiala
 Course on Cloud Computing
Cloud Security in Cloud Computing-IV
by

Dr. Gitanjali Chandwani Manocha

Assistant Professor
Department of Electronics & Communication Engg
Thapar Institute of Engineering and Technology, Patiala
 Cloud Security in Cloud Computing
Definition: Cloud security involves the procedures and technology
that secure cloud computing environments against both external
and insider cybersecurity threats.

• Cloud Computing has enormous potential as it provides following

advantages to customers:

i. Reduce capital costs

ii. Divest from infrastructure management
iii.Focus on core competencies
iv. Agility (Organizations can move faster since they don’t have to purchase
and provision hardware, and everything is software defined)
v. Resilience (Reduce downtime because of inherent elasticity and other
cloud characteristics)
vi. Aligns IT with business strategies and needs quickly.
 Cloud Security in Cloud Computing
• Customers Concerns: are about the risks of cloud computing if not properly
secured, and the loss of direct control over systems for which they are
nonetheless accountable.
• General Concerns are;
i. Data/Processes are running on third party
ii. Availability of stored data
iii. Unauthorized access to data
iv. Process/Data intercepted some other parties or client of cloud
v. Missing of critical process/data such as of banking, defense, even student
related data
• In order to address such issues to aid both cloud customers and cloud providers,
CSA developed “Security Guidance for Critical Areas in Cloud Computing”
designed 1st version of best practices by Cloud Security Alliance (CAS) in 2009,
now V no. 4 is followed.

• Cloud security and security management best practices are designed to prevent
unauthorized access and to keep data and applications in the cloud secure from
current and emerging cybersecurity threats.
 Cloud Security in Cloud Computing
Unauthorized
Best Practices in Entry
Services/Data Cloud Security &
/Application Security Management Secures
System Services/Data
/Applications

We shall discuss security in General and subsequently we will discuss security in

view of cloud computing
• Cloud Security is a sub-domain of computer security, network security, and,
more broadly, information security.
• In general security has 3 main components CS/NS are,

Computer /Network Security

components

Confidentiality Integrity Availability

 Cloud Security in Cloud Computing
Confidentiality
Data & Resource are hidden
• Confidentiality is the concealment of information or resources e.g.,
cryptography, enciphered data

Integrity
Data Integrity & Authentication

• Integrity refers to the trustworthiness of data or resources, and it is

usually phrased in terms of preventing improper or unauthorized
change in data.

Availability
Access to data/processes/resources

• Availability refers to the ability to use the information or resource as

and when desired.
 Classification of Attacks
All attacks on the Computer, Network and Information Systems are to
compromise the components of security. Example denial of services
(DOS) or Distributed Denial of Service (DDoS), such attacks are
denial of resources to the legitimate users.

• There are various types of attacks on information security, Here we

will discuss few classifications and discuss their sub-components
briefly.
Web-based
Attack
Attack
System-based
Attack

Classification of CNS attacks

 Web-Based Attacks
It is a crucial attack that destroys fully or partially, victim’s network or
DoS the entire IT infrastructure to make it unavailable to the legitimate
users.
In this attack, the attacker uses multiple compromised systems to
DDoS target a single DoS attack targeted system. The DDoS attack also
leverages botnets.
It is a type of attack which attempts to steal sensitive information like user
Phishing login credentials and credit card number. occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.
It allows an attacker to intercepts the connection between client and server
Man in the and acts as a bridge between them. Due to this, an attacker will be able to
middle attacks read, insert and modify the data in the intercepted connection.
It is about compromising a computer by corrupting domain name system
DNS Spoofing (DNS) data and then introducing in the resolver’s cache. This causes the
name server to return an incorrect IP address.

It is the process of injecting packets in the internet using a false source

IP Spoofing address and is one of the ways to masquerade as another user

Compromised An attacker gains unauthorized access to a secured communication

Key using a compromised key.
 System-Based Attacks
It is a type of malicious software program which is not self-
Virus executable, that spread throughout the computer files without the
knowledge of a user.
Malware attack is one of the most severe cyberattacks that is specifically
Malware designed to destroy or gain unauthorized access over a targeted computer
system.

Worm It enters the computer when infected network application is executed

by user, it replicates and infect other uninfected computers.

Trojan horse It is a malicious program that causes unexpected changes to computer

setting and unusual activity, even when the computer is idle.
It is a method that bypasses the normal authentication process. A developer
Backdoors may create a backdoor so that an application or operating system can be
accessed for troubleshooting or other purposes.

A bot (short for "robot") is an automated process that interacts with other
Bots network services. Some bots program run automatically, while others only
execute commands when they receive specific input.
 Classification of Attacks (contd..)

Active Attack
Attack
Passive
Attack
Another way of classification of security attacks

• Active Attack: An Active attack attempts to alter system resources or

effect their operations. Active attack involves some modification of the
data stream or creation of false stream. It can be subdivided into four
categories.
i. Masquerade: The attacker uses false identity to access
otherwise unauthorized information legitimately.
ii. Modification of Messages: It means that some portion of a
message is altered or that message is delayed or reordered to
produce an unauthorized effect.
 Classification of Attacks (contd..)
iii. Replay attack: is a form of network attack in which a valid data
transmission is fraudulently repeated/delayed. This is carried out
either by the originator or by an adversary who intercepts the data
and re-transmits it.

iv. A Denial-of-Service (DoS) attack: Is an attack meant to shut down

a network, making it inaccessible to its intended users.
DoS attacks accomplish this by flooding the target with traffic, or
sending it information that triggers a crash. In both instances, the
DoS attack deprives legitimate users (i.e. employees, members, or
account holders) of the service or resource they expected.
 Classification of Attacks (contd..)
• Passive Attack: Passive attacks are in the nature of eavesdropping
on, or monitoring of transmissions. The goal of the opponent is to
obtain information that is being transmitted. Passive attacks are
difficult to detect There are 2 types of passive attacks.

i. Traffic analysis: Even if information is masked or

encrypted, the attacker by analyzing the traffic can get lot of
information such as, pattern of these messages, the location
and identity of communicating hosts the frequency and
length of messages being exchanged.
ii. Release of message contents: In this type, an attacker will
monitor an unprotected communication medium like
unencrypted email or telephone call and intercept it for
sensitive information.
 Threat
Threat: A potential cause of an incident, that may result in harm of
systems and organization. (ISO 27005)

Definition: Any circumstance or event with the potential to adversely

impact organizational operations (including mission, functions, image,
or reputation), organizational assets, or individuals through an
information system via unauthorized access, destruction, disclosure,
modification of information, and/or denial of service. Also, the
potential for a threat-source to successfully exploit a particular
information system vulnerability. (NIST, USA)
 Threat (contd..)
• Threat: An object, person, or other entity that represents a
constant danger to an asset.
• Threat agent: Specific object, person who poses such a danger
(by carrying out an attack) DDoS attacks are a threat If a hacker
carries out a DDoS attack, he’s a threat agent.
• Vulnerability: Weakness or fault that can lead to an exposure.
• Risk: refers to the calculated assessment of potential threats to an
organization’s security and vulnerabilities within its network and
information systems. (Risk = Threat × Likelihood × Impact)

Threat Classification

Human Error Intentional

Natural Threats
or Failure Threats
 Threat Classification
Natural Threats Acts of nature that can be unpredictable in terms of
onset, duration and impact. Examples of natural threats, also known
as natural hazards, include earthquakes, floods and forest fires.

• Forces of nature: among most dangerous threats.

• Disrupt individual lives plus information storage, transfer
• Organizations must implement controls to limit damage, prepare
for worst-case scenarios

Human error or Failure

• Includes actions without malicious intent

 Causes include: Inexperience, Improper training, Incorrect

assumptions.
 Threat Classification (contd..)
• Employee mistakes can easily lead to:
 Revelation of classified data, Entry of erroneous data ,
Accidental data deletion or modification, Data storage in
unprotected areas, Failure to protect information

• Deliberate Acts of Espionage/Trespass

 Unauthorized people access protected information.
 Competitive intelligence (legal) vs. industrial espionage (illegal)
 Controls let trespassers know they are encroaching on
organization’s cyberspace
 Hackers uses skill, guile, or fraud to bypass controls protecting
others information.
 Threat Classification (contd..)
• Deliberate Acts of Theft: Electronic theft is more complex evidence
of crime not obvious.
 Illegal taking of another’s physical, electronic or intellectual
property.
 Piracy, copyright infringement, abuse of rights, denial of actions.

• Intentional Threats: activity done on purpose to compromise an IT

system, brought about by threat actors or groups.
• Deliberate Software Attacks (already discussed earlier)
• Others Threats
• Deviations in service from providers (Power and Internet provider issues)
• Technological hardware failures (Equipment failure)
• Technological software failures (Bugs, code problems, unknown loopholes)
• Technological obsolescence (Antiquated or outdated technologies)
 Threat Mitigation
Why should organizations do threat modeling?
• Change in technology increases the threat rate on the network
security
• Cyber crime damage cost is estimated up to $ 6 trillion annually.
• Threats can come from outside or within organizations
• Attacks can cause systems dysfunction entirely or may lead to the
leaking of sensitive information.
• To prevent threats to exploit systems vulnerabilities, one of the
effective methods to mitigate threat, is threat modeling.
What is threat modeling?
• Threat Modeling method are used to create:
• a generalization of the system.
• profiles of potential attackers, including their goals and
methods adopted by them to attack.
• a set of potential threats that may arise.
 Threat Mitigation (contd..)
When should we do threat modeling?
• Threat modeling should be performed early in the development cycle
when potential issues can be detected early and resolved.
Advantages of threat modeling
• If used early than it can prevent expensive fix, required later on
• Using threat modeling one can take proactive architectural decisions
regarding security requirements that can help reduce threats from the
start.
• Threat modeling can be particularly helpful in the area of cyber-
physical systems.
What model or methods are available for threat modeling?
• Here we will enlist 12 available model for threat modeling, and
highlight their features, the details of these models are way beyond
this course.
 Threat Modeling
Threat Modeling Method Features

STRIDE (Spoofing, Tampering, • Helps identify relevant mitigating

Repudiation, Information disclosure, techniques
Denial of service, Elevation of privilege) • It is the most mature model.
• Easy to use, slow execution.
PASTA (The Process for Attack Simulation • Helps identify relevant mitigating
and Threat Analysis) techniques
• Directly contributes to risk management
• Encourages collaboration among
stakeholders
• Contains built-in prioritization of threat
mitigation
• Is laborious but has rich documentation
LINDDUN (linkability, identifiability, • Helps identify relevant mitigation
nonrepudiation, detectability, disclosure of techniques
information, unawareness, noncompliance) • Contains built-in prioritization of threat
mitigation
• Can be labor intensive and time
consuming
 Threat Modeling
Threat Modeling Method Features
CVSS (The Common Vulnerability Scoring • Contains built-in prioritization of threat
System) mitigation
• Has consistent results when repeated
• Automated components
• Has score calculations that are not
transparent
Attack Trees • Helps identify relevant mitigation
techniques
• Has consistent results when repeated
• Is easy to use if you already have a
thorough understanding of the system

Persona non Grata • Helps identify relevant mitigation

techniques
• Directly contributes to risk
management
• Has consistent results when repeated •
• Tends to detect only some subsets of
threats.
 Threat Modeling
Threat Modeling Method Features

Security Cards • Encourages collaboration among

stakeholders
• Targets out-of-the-ordinary threats
• Leads to many false positives

hTMM (The Hybrid Threat Modeling • Contains built-in prioritization of threat

Method) mitigation
• Encourages collaboration among
stakeholders
• Has consistent results when repeated
Quantitative TMM (Threat Modeling • Contains built-in prioritization of threat
Method) mitigation
• Has automated components
• Has consistent results when repeated
 Threat Modeling
Threat Modeling Method Features

Security Cards • Encourages collaboration among

stakeholders
• Targets out-of-the-ordinary threats
• Leads to many false positives

hTMM (The Hybrid Threat Modeling • Contains built-in prioritization of threat

Method) mitigation
• Encourages collaboration among
stakeholders
• Has consistent results when repeated

Quantitative TMM (Threat Modeling • Contains built-in prioritization of threat

Method) mitigation
• Has automated components
• Has consistent results when repeated
 Threat Modeling Method Features
Trike • Helps identify relevant mitigation
techniques
• Directly contributes to risk management
• Contains built-in prioritization of threat
mitigation
• Encourages collaboration among
stakeholders
• Has automated components
• Has vague, insufficient documentation
VAST Modeling (The Visual, Agile, and • Helps identify relevant mitigation
Simple Threat ) techniques
• Directly contributes to risk management
• Contains built-in prioritization of threat
mitigation
• Encourages collaboration among
stakeholders
• Has consistent results when repeated
• Has automated components
• Is explicitly designed to be scalable
• Has little publicly available
documentation.
 Threat Modeling Method Features
OCTAVE • Helps identify relevant mitigation
techniques
• Directly contributes to risk management
• Contains built-in prioritization of threat
mitigation
• Encourages collaboration among
stakeholders
• Has consistent results when repeated
• Explicitly designed to be scalable •
• Time consuming and has vague
documentation
Source THREAT MODELING: A SUMMARY OF AVAILABLE METHODS
Nataliya Shevchenko, Timothy A. Chick, Paige O’Riordan, Thomas Patrick Scanlon, PhD, & Carol Woody, PhD

• Not all of them are comprehensive; some focus on the abstraction and encourage
granularity while others are more people-centric. Some methods focus
specifically on risk or privacy concerns.
• Threat modeling methods can be combined to create a more robust and well-
rounded view of potential threats.
• Selection depends on area of focus, time frame for analysis, experience of
modeling etc.,
 Cloud Security
• Now after the discussion on network and information security, we are now
more prepared to understand the security challenges in the cloud and methods
to mitigate these challenges.
• We have already discussed massive advantages of cloud computing from
economic advantages to scalability of resources to the elasticity in computing.
• All these advantages pose win-win situation for both the client and the service
providers, then why not everybody is using cloud?
• The cloud seems to be a big black box, nothing is visible to the clients
• Major hindrances to move on cloud are threats posed on cloud computing such
as confidentiality, loss and leakage of data (lack of trust), issues regarding
privacy, shared technology (co-tenancy), insecure application, account &
service hijacking and many unlisted threats are associated with it.
• Client has a sense of loss of control, as data, applications, resources are
located with provider
• Client heavily depends on provider for recourse allocation, identity
management and authentication, data and service security & Monitoring and
repairing of services/resources.
 Cloud Security
• Cloud Computing brings new threats, such as multiple independent
users share the same physical infrastructure, thus an attacker can
legitimately be in the same physical machine as the target.

• Multi-Tenancy although not an essential characteristic of cloud

computing in the NIST model, CSA has identified multi-tenancy as
an important element of cloud.

• Multi-tenancy in its simplest form implies use of same resources or

application by multiple consumers that may belong to same
organization or different organization.
 Cloud Security

Source SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0

• Understanding the relationships and dependencies between cloud computing models is

critical to understanding cloud computing security risks.

• IaaS is the foundation of all cloud services, with PaaS building upon IaaS, and SaaS in turn
building upon PaaS as described in the Cloud Reference Model diagram.

• The capabilities are inherited from one stack to another so are information security issues
and risk. Commercial cloud providers may not exactly fit into the layered service models.
however, the reference model is important for relating real-world services to an
architectural framework and understanding that the resources and services require security
analysis.
 Cloud Reference Model
Definition Examples
‾ Software delivery model in which software • Browsers
Increase customers security responsibility

and its associated data are hosted centrally.

Increase Providers security responsibility

• Mobile app
‾ Multitenant applications architectural • Gmail
complexities. • Zoho
‾ Have an application/logic layer and data
SaaS storage, with an API on top.

‾ Delivery of a computing platform and • Google

solution stack as a service. App
‾ Platform enables developer to develop Engine,
PaaS applications that run on cloud. • MSAzure
‾ Applications available for quick deployment. • Force.com

‾ Consist of servers. storage, security, • Amazon

database EC2,S3,
IaaS ‾ Delivers computer infrastructure • Google
applications. cloud
‾ A highly integrating layer providing storage,
service remotely to consumers. • Rockspace
• VMware
 Threats in Cloud Computing
• We will review the security threats for the cloud based on the research conducted
by the Cloud Security Alliance (CSA) Top Threats Working Group.
• Mainly 9 threats are identified by CSA
1. Data breaches
2. Data loss
3. Account or service traffic hijacking
4. Insecure interfaces and application programming interfaces (APIs)
5. Denial of service
6. Malicious insiders
7. Abuse of cloud services
8. Insufficient due diligence
9. Shared technology vulnerabilities
• We shall now discuss these threats.
1. Data Breaches: Data breach is security threat where data is accessed by
unauthorized user. Cited as the number one security threat for cloud computing,
data breaches refer to the loss of confidentiality for data stored within a
particular cloud instance. Such a threat is likely to exist even within an on-
premise solution, or traditional outsourced solution.
 Threats in Cloud Computing
• The loss of confidentiality for an organization can have a significant impact regardless
of whether the data are hosted externally or are an internally provisioned service.
• Types Data Breaches.
• Intellectual property: loss of intellectual property and confidential
business information, some sectors finance, chemicals, aerospace, energy,
defense, and IT are more likely to be targeted and face attacks that persist
until they succeed.

• Financial crime: “Financial crime usually involves fraud, but this can take
many forms to exploit consumers, banks, and government agencies. The
most damaging financial crimes seek to penetrate bank networks, with
cybercriminals gaining access to accounts and siphoning money. These types
of attacks are not solely targeted at cloud computing.

• Confidential business information: “The theft of confidential business

information is the third largest cost from cybercrime and cyberespionage.
Business confidential information can be turned into immediate gain. The
loss of investment information, exploration data, and sensitive commercial
negotiation data can be used immediately. The damage to individual
companies runs into the millions of dollars
 Threats in Cloud Computing
2. Data Loss: loss of data refers to the unavailability of data stored
within the cloud for the end customer.
• There can be many reasons for loss of data.
i. Provider gets bankrupt: Recognizing the impact of a provider going
bankrupt has led to the introduction of legislation that allows the end
customer a legal right to claim back data from a bankrupt provider.
Introduced in July 2013, the European country Luxembourg
introduced Article 567 p2, of the Code of Commerce
 The bankrupt company must not be the legal owner of the data but
only hold it;
 The claimant must have entrusted the data to the bankrupt company or
be the legal owner of the data;
 The data must be separable from the other intangible and nonfungible
movable assets of the company at the time of the opening of
bankruptcy proceedings.
ii. Provider do not follow the service level agreement regarding the
availability. (legal action against provider, compensation claim as
per contract etc.,)
 Threats in Cloud Computing
• Error: There could be something as simple as a human error, for example, an
operator inadvertently deleting something or powering down an important asset. While
the action may be an accident, the result is likely to be the same, namely, the
unavailability of data to the end customer.
3. Account or Service Hijacking: It is a kind of identity theft, carried out by an
attacker to steal the information of person or an organization. The information can be
gathered by attackers using malicious software, phishing, or information may be
leaked by carelessness of users.
• Insecure Interfaces and APIs: APIs within cloud environments are used to offer end
customers software interfaces to interact with their provisioned services. There are
multitudes of APIs available within a cloud environment; these can include
provisioning new hardware and monitoring the cloud services. Insecure interfaces and
API’s can be exploited for hijacking cloud services. DoS can be categorized in 2 types
4. Denial of Service (DoS): It refers to an attack that aims to overwhelm the victim
with network traffic or consume resources (central processing unit, Memory, for
example) and subsequently prevent the processing of legitimate requests.
i. Infrastructure-based attacks: These particular attacks reside within layers 3 and 4 of
the Open Systems Interconnection model (OSI) stack, but in effect intend to submit
large volumes of traffic intended to overwhelm the target, and prevent its ability to
respond to legitimate requests.
 Threats in Cloud Computing
ii. Application-based attacks: Unlike the use of traditional infrastructure based DDoS
attacks, the emerging trend has been for the use of layer 7 attacks (OSI stack). What
this actually means is that rather than using network traffic to overwhelm the target, it
would use traffic that appears legitimate.
• In the McAfee report entitled “Cybercrime exposed,” DOS (or DDoS) services are
accessible to anybody with access to a search engine, and can be purchased for as little
as $2 per hour. Subsequently, the probability of such attacks occurring is increasing.

5. Malicious Insiders: within a cloud computing environment there are three types of
cloud-related insider threats based upon the CERT Program Software Engineering
Institute Carnegie Mellon University:
i. Rogue administrator: Hosting company administrator: Has the highest level
of access and therefore could cause the greatest impact such as updating the
drivers of the virtual machines to compromise the images.
ii. Virtual image administrator: Could create alternate images outside of the
authorized baseline, and that report they align with such baseline.
iii. System administrators: Have the ability to conduct operating system
attacks, and could update the virtual machine drivers to vulnerable instances.
 Threats in Cloud Computing
6. Exploit weaknesses introduced by use of the cloud: The use of cloud computing
introduces vulnerabilities that the malicious insider will look to exploit. One particular
example of these vulnerabilities includes a difference between the access control model
between the local system and the cloud-based system.

7. Abuse of Cloud Services: The abuse of cloud services extends beyond malicious
insiders and potentially allows cybercriminals the ability to utilize such services for
criminal gain.
• Resource Intensive Operations -Cracking Passwords: In particular, using the
computing resources to undertake a brute force attack (repeatedly trying different
passwords to find the right one), is made considerably more efficient with cloud. There
have been many demonstrations highlighting the use of cloud computing to brute force
passwords.

8. Due diligence: It is the process of evaluating cloud vendors, and in some cases internal
procedures and resources, to ensure business objectives are met and the company's
interests are protected. In the case of selecting a cloud computing provider, due diligence
entails investigating the potential cloud providers to understand how they implement best
practices, protect their customers' assets and meet the scope of your requirements.
 Threats in Cloud Computing
9. Shared Technology Vulnerabilities: One of the many benefits of cloud computing
is the ability to leverage economies of scales by sharing resources across multiple
customers. However, this very benefit also represents a significant weakness.
• The types of risks associated with this category includes the failure of mechanisms
associated with the storage memory, routing, and even reputation between different
tenants of the shared infrastructure (e.g., so-called guest-hopping attacks, SQL injection
attacks exposing multiple customers’ data stored in the same table, and side channel
attacks).
• ADDITIONAL CLOUD THREATS
• Loss of governance: Where the use of cloud computing results in the end customer
handing control to the CSP.
• Lock-in: Where it becomes difficult for the end customer to migrate from their cloud
provider.
• Isolation failure: Relates to the risk of a failure in mechanisms that are intended to
separate storage, memory, routing and even reputation between different tenants.
• Compliance risks: Migration to the cloud may result in compliance failure for the
potential cloud customer, for example, the migration of personally identifiable data
outside of specific regions.
• Management interface compromise: As the interface to the cloud service is
externally accessible (via the Internet) and provides access to large sets of resources,
the risk is therefore increased.
 Cloud Security Challenges
Authentication
• Authentication refers to digitally confirming the identity of the entity requesting access to
some protected information.
• In a traditional in-house IT environment authentication polices are under the control of
the organization. However, in cloud computing environments, where applications and
data are accessed over the internet, the complexity of digital authentication mechanisms
increases rapidly.
Authorization
• Authorization refers to digitally specifying the access rights to the protected resources
using access policies.
• In a traditional in-house IT environment, the access policies are controlled by the
organization and can be altered at their convenience.
• Authorization in a cloud computing environment requires the use of the cloud service
providers services for specifying the access policies.
Security of data at rest
• Due to the multi-tenant environments used in the cloud, the application and database
servers of different applications belonging to different organizations can be provisioned
side-by-side increasing the complexity of securing the data.
• Appropriate separation mechanisms are required to ensure the isolation between
applications and data from different organizations.
 Cloud Security Challenges
• Security of data in motion
• In traditional in-house IT environments all the data exchanged between the applications
and users remains within the organization’s control and geographical boundaries.
• With the adoption of the cloud model, the applications and the data are moved out of the
in-house IT infrastructure to the cloud provider.
• Therefore, appropriate security mechanisms are required to ensure the security of data in,
and while in, motion.
• Data Integrity
• Data integrity ensures that the data is not altered in an unauthorized manner after it is
created, transmitted or stored.
• Due to the outsourcing of data storage in cloud computing environments, ensuring integrity
of data is important.
• Auditing
• Auditing is very important for applications deployed in cloud computing environments.
• In traditional in-house IT environments, organizations have complete visibility of their
applications and accesses to the protected information.
• For cloud applications appropriate auditing mechanisms are required to get visibility into
the application, data accesses and actions performed by the application users, including
mobile users and devices such as wireless laptops and smartphones.
 CSA Cloud Security Architecture
• Cloud Security Alliance (CSA) provides a Trusted Cloud Initiative (TCI) Reference
Architecture.

• TCI is a methodology and a set of tools that enable cloud application developers and
security architects to assess where their internal IT and their cloud providers are in terms of
security capabilities, and to plan a roadmap to meet the security needs of their business.

• Security and Risk Management (SRM) domain within the TCI

Reference includes
• Governance, Risk Management, and Compliance
• Information Security Management
• Privilege Management Infrastructure
• Threat and Vulnerability Management
• Infrastructure Protection Services
• Data Protection
• Policies and Standards
CSA Cloud Security Architecture

Source: Bahga Book website: www.cloudcomputingbook.info & Madisetti, © 2014

 Authentication
Authentication refers to confirming the digital identity of the entity
requesting access to some protected information.
• The process of authentication involves, but is not limited to,
validating the at least one factor of identification of the entity to
be authenticated.
• A factor can be something the entity or the user knows (password
or pin), something the user has (such as a smart card), or
something that can uniquely identify the user (such as
fingerprints).
• In multifactor authentication more than one of these factors are
used for authentication.
• There are various mechanisms for authentication including:
• SSO
• SAML-Token
• OTP
 Single Sign-on (SSO)
• Single Sign-on (SSO) enables users to access multiple systems or applications
after signing in only once, for the first time.
• When a user signs in, the user identity is recognized and there is no need to sign
in again and again to access related systems or applications.
• Since different systems or applications may be internally using different
authentication mechanisms, SSO upon receiving initial credential translates to
different credentials for different systems or applications.
• The benefit of using SSO is that it reduces human error and saves time spent in
authenticating with different systems or applications for the same identity.
• There are different implementation mechanisms:
• SAML-Token
• Kerberos
 SAML-Token
• Security Assertion Markup Language (SAML) is an
XML-based open standard data format for
exchanging security information (authentication and
authorization data) between an identity provider and
a service provider.
SAML-token based SSO authentication
• When a user tries to access the cloud application, a
SAML request is
• generated and the user is redirected to the identity
provider.
• The identity provider parses the SAML request and
authenticates the user.
• A SAML token is returned to the user, who then
accesses the cloud application with the token.
• SAML prevents man-in-the-middle and replay
attacks by requiring the use of SSL encryption when
Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud
transmitting assertions and messages. computing: A hands-on approach.
• SAML also provides a digital signature mechanism
that enables the assertion to have a validity time
range to prevent replay attacks.
 Kerberos
• Kerberos is an open authentication protocol that was
developed At MIT.
• Kerberos uses tickets for authenticating client to a
service that communicate over an unsecure network.
• Kerberos provides mutual authentication, i.e. both the
client and the server authenticate with each other.

One Time Password (OTP)

One time password is another authentication mechanism
that uses passwords which are valid for single use
only for a single transaction or session.
• Authentication mechanism based on OTP tokens are
more secure because they are not vulnerable to replay
attacks.
Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud
• Text messaging (SMS) is the most common delivery computing: A hands-on approach.
mode for OTP tokens.
• The most common approach for generating OTP tokens
is time synchronization.
• Time-based OTP algorithm (TOTP) is a popular time
synchronization based algorithm for generating OTPs.
 Authorization
Authorization refers to specifying the access rights to the
protected resources using access policies.
• OAuth
• OAuth is an open standard for authorization that
allows resource owners to share their private resources
stored on one site with another site without handing out
the credentials.

• In the OAuth model, an application (which is not the

resource owner) requests access to resources controlled
by the resource owner (but hosted by the server).

• The resource owner grants permission to access the

resources in the form of a token and matching shared-
secret. Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud
computing: A hands-on approach.
• Tokens make it unnecessary for the resource owner to
share its credentials with the application.

• Tokens can be issued with a restricted scope and

limited lifetime, and revoked independently.
 Identity & Access Management

Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud computing: A hands-on approach.

• Identity management provides consistent methods for digitally identifying persons and
maintaining associated identity attributes for the users across multiple organizations.

• Access management deals with user privileges.

• Identity and access management deal with user identities, their authentication,
authorization and access policies.
 Identity & Access Management
Federated Identity Management
• Federated identity management allows users of one domain to securely access data or
systems of another domain seamlessly without the need for maintaining identity
information separately for multiple domains.
• Federation is enabled through the use single sign-on mechanisms such as SAML
token and Kerberos.
• Role-based access control
• Used for restricting access to confidential information to authorized users.
• These access control policies allow defining different roles for different users.
Securing Data at Rest
• Data at rest is the data that is stored in database in the form of tables/records, files on a file
server or raw data on a distributed storage or storage area network (SAN).
• Data at rest is secured by encryption.
• Encryption is the process of converting data from its original form (i.e., plaintext) to a
scrambled form (ciphertext) that is unintelligible. Decryption converts data from ciphertext
to plaintext.
• Encryption can be of two types:
• Symmetric Encryption (symmetric-key algorithms)
• Asymmetric Encryption (public-key algorithms)
 Symmetric Encryption
• Symmetric encryption uses the same secret key for both encryption and decryption.
• The secret key is shared between the sender and the receiver.
• Symmetric encryption is best suited for securing data at rest since the data is accessed by
known entities from known locations.
• Popular symmetric encryption algorithms include:
• Advanced Encryption Standard (AES)
• Twofish
• Blowfish
• Triple Data Encryption Standard (3DES)
• Serpent
• RC6
• MARS

Asymmetric Encryption
• Asymmetric encryption uses two keys, one for encryption (public key) and other for
decryption (private key).
• The two keys are linked to each other such that one key encrypts plaintext to cipher text
and other decrypts cipher text back to plaintext.
• Public key can be shared or published while the private key is known only to the user.
 Asymmetric Encryption

Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud computing: A hands-on approach.

• Asymmetric encryption is best suited for securing data that is exchanged between two
parties where symmetric encryption can be unsafe because the secret key has to be
exchanged between the parties and anyone who manages to obtain the secret key can
decrypt the data.

• In asymmetric encryption a separate key is used for decryption which is kept private.
 Encryption Levels
Encryption can be performed at various levels:

• Application
• Application level encryption involves encrypting application data right at the
point where it originates i.e. within the application.
• Application level encryption provides security at the level of both the operating
system and from other applications.
• An application encrypts all data generated in the application before it flows to the
lower levels and presents decrypted data to the user.

• Host
• In host-level encryption, encryption is performed at the file-level for all
applications running on the host.
• Host level encryption can be done in software in which case additional
computational resource is required for encryption or it can be performed with
specialized hardware such as a cryptographic accelerator card.
 Encryption Levels
• Network
• Network-level encryption is best suited for cases where the threats to data are at the
network or storage level and not at the application or host level.
• Network-level encryption is performed when moving the data form a creation point
to its destination using a specialized hardware that encrypts all incoming data in real-
time.
• Device
• Device-level encryption is performed on a disk controller or a storage server.
• Device level encryption is easy to implement and is best suited for

Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud

computing: A hands-on approach.
 Securing Data in Motion
Securing data in motion, i.e., when the data flows
between a client and a server over a potentially insecure
network, is important to ensure data confidentiality and
integrity.
• Data confidentiality means limiting the access to
data so that only authorized recipients can access it.
• Data integrity means that the data remains
unchanged when moving from sender to receiver.
• Data integrity ensures that the data is not altered in
an unauthorized manner after it is created,
transmitted or stored.
• Transport Layer Security (TLS) and Secure Socket
Layer (SSL) are the mechanisms used for securing
data in motion.
• TLS and SSL are used to encrypt web traffic using
Hypertext Transfer Protocol (HTTP).
• TLS and SSL use asymmetric cryptography for Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud
authentication of key exchange, symmetric computing: A hands-on approach.

encryption for confidentiality and message

authentication codes for message integrity.
 Key Management

Sourse: Bahga, Arshdeep, and Vijay Madisetti. Cloud computing: A hands-on approach.

• Management of encryption keys is critical to ensure security of encrypted data.

• The key management lifecycle involves different phases including:
• Creation
• Backup
• Deployment
• Monitoring
• Rotation
• Expiration
• Archival
• Destruction
 Key Management

• Key Management Approach

i. All keys for encryption must be stored in a data store which is
separate and distinct from the actual data store.
ii. Additional security features such as key rotation and key
encrypting keys can be used.
iii. Keys can be automatically or manually rotated.
iv. In the automated key change approach, the key is changed after
a certain number of transactions.
v. All keys can themselves be encrypted using a master key.
 Auditing
• Auditing is mandated by most data security regulations.
• Auditing requires that all read and write accesses to data be logged.
• Logs can include the user involved, type of access, timestamp, actions
performed and records accessed.
• The main purpose of auditing is to find security breaches, so that necessary
changes can be made in the application and deployment to prevent a further
security breach.

• The objectives of auditing include:

i. Verify efficiency and compliance of identity and access management
controls as per established access policies.
ii. Verifying that authorized users are granted access to data and services
based on their roles.
iii. Verify whether access policies are updated in a timely manner upon
change in the roles of the users.
iv. Verify whether the data protection policies are sufficient.
v. Assessment of support activities such as problem management.
 References
1. THREAT MODELING: A SUMMARY OF AVAILABLE METHODS
Nataliya Shevchenko, Timothy A. Chick, Paige O’Riordan, Thomas Patrick
Scanlon, PhD, & Carol Woody, PhD

2. Samani, Raj, Jim Reavis, and Brian Honan. CSA guide to cloud computing:
Implementing cloud privacy and security. Syngress, 2014.

3. Von Solms, Rossouw, and Johan Van Niekerk. "From information security to
cyber security." computers & security 38 (2013): 97-102.

4. Bahga, Arshdeep, and Vijay Madisetti. Cloud computing: A hands-on

approach. Create Space Independent Publishing Platform, 2013.

5. Sanders, Chris, and Jason Smith. Applied network security monitoring:

collection, detection, and analysis. Elsevier, 2013.
Thank You