Journal:Multilevel classification of security concerns in cloud computing

From LIMSWiki
Revision as of 23:07, 18 July 2016 by Shawndouglas (talk | contribs) (Created stub. Saving and adding more.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
Full article title Multilevel classification of security concerns in cloud computing
Journal Applied Computing and Informatics
Author(s) Hussain, Syed Asad; Fatima, Mehwish; Saeed, Atif; Raza, Imran; Shahzad, Raja Khurram
Author affiliation(s) COMSATS Institute of Information Technology, Lancaster University, Blekinge Institute of Technology
Primary contact Email: asadhussain at ciitlahore dot edu dot pk
Year published 2016
Volume and issue TBD(TBD) (In Press)
Page(s) TBD (In Press)
DOI 10.1016/j.aci.2016.03.001
ISSN 2210-8327
Distribution license Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Website http://ojphi.org/ojs/index.php/ojphi/article/view/6096
Download http://ojphi.org/ojs/index.php/ojphi/article/download/6096/5181 (PDF)

Abstract

Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.

Keywords: Cloud computing, security, virtualization, SaaS, PaaS, IaaS

Introduction

Cloud computing is a broad paradigm based on models for providing services of storage and platform software. Cloud computing concept has emerged from distributed and grid computing domains that are already in use for mail servers, web storage and hosting services. Cloud computing, as defined by NIST, is referred to as: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.[1]

In cloud computing, clouds can be described at different layers, i.e., SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service). Although applications for clouds are in development phase, however security requirements for the data and services on the clouds are getting attention of researchers and it has become necessary to consider each layer of a cloud for possible attacks. It is worth noting that cloud computing systems have many advantages; however, large organizations are still hesitant to shift their setups on the cloud mainly due to security issues and risks. Thus, it is important to address the security issues and problems in cloud systems, and to find a solution for the widespread acceptance of these solutions. However, being a new domain, the research on the requirements and issues regarding security of clouds is still in its early stages.

In the literature, there are different classifications of cloud security attacks[2][3][4][5][6][7] targeting a specific cloud service or a particular kind of the cloud system. Thus there is a need for a more comprehensive classification of security attacks across versatile cloud services at each layer. This paper proposes a multilevel classification of security attacks for different cloud services and their associated risks at cloud layers. It also discusses provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.

Notes

This presentation is faithful to the original, with only a few minor changes to presentation and nothing more, per the "No Derivatives" portion of the original license.

  1. Mell, P.; Grance, T. (2011). The NIST Definition of Cloud Computing. National Institute of Standards and Technology. pp. 7. doi:10.6028/NIST.SP.800-145. 
  2. Bhadauria, R.; Sanyal, S. (2012). "Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques". International Journal of Computer Applications 47 (18): 47–66. doi:10.5120/7292-0578. 
  3. Yeo, S.-S.; Park, J.H. (2013). "Security Considerations in Cloud Computing Virtualization Environment". Grid and Pervasive Computing. Springer Berlin Heidelberg. pp. 208-215. doi:10.1007/978-3-642-38027-3_22. ISBN 9783642380273. 
  4. Yu, H.; Powell, N.; Stembridge, D.; Yuan, X. (2012). "Cloud computing and security challenges". ACM-SE '12: Proceedings of the 50th Annual Southeast Regional Conference: 298-302. doi:10.1145/2184512.2184581. 
  5. Heiser, J.; Nicolett, M. (3 June 2008). "Assessing the Security Risks of Cloud Computing" (PDF). Gartner, Inc. pp. 6. http://www.globalcloudbusiness.com/SharedFiles/Download.aspx?pageid=138&mid=220&fileid=12. 
  6. Grance, T.; Jansen, W. (2011). Guidelines on Security and Privacy in Public Cloud Computing. National Institute of Standards and Technology. pp. 80. doi:http://dx.doi.org/10.6028/NIST.SP.800-144. 
  7. Mather, T.; Kumaraswamy, S.; Latif, S. (2009). Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media. pp. 338. ISBN 9780596802769. https://books.google.com/books?id=BHazecOuDLYC.