Sections:
Introduction
Cloud Computing background
Securing the Cloud
Virtualization
Mobile Cloud Computing
User safety & energy consumption
Author’s proposal
Conclusion
In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
1. Cloud Security Issues
A comprehensive survey on mobile cloud
computing security issues in convergence
with energy consumption
MSc Candidate: Krasadakis Stelios
February 17, 2017
Technological Educational Institute Of
Crete
Department of Informatics Engineering
MSc “Informatics & Multimedia
2. Sections:
I. Introduction
I. Cloud Computing background
II. Securing the Cloud
III. Virtualization
IV. Mobile Cloud Computing
V. User safety & energy consumption
VI. Author’s proposal
VII. Conclusion
Paper Structure
February 17, 2017
3. Cloud computing is a model for enabling ubiquitous, convenient, on demand
network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) .
Why aren’t more hosts/companies following this model?
• A survey indicated that 80% enterprises hesitate to implement cloud due to
security and privacy issues[1].
Cloud data security is more complicated than data security in traditional
information systems because data is scattered onto different machines.
In order to make cloud computing to be adopted by users and enterprises, security
concerns of users should be rectified by making cloud environment trustworthy,
discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
(1) security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
Introduction
February 17, 2017
4. IaaS,
users are allowed to run any applications and operating systems they please. The
principal unit of IaaS is the server, which can be physical or virtual. Cloud users are
capable of configuring security policies, however cloud vendors must secure their
systems to minimize other threats such as deletion, modification [8], [9].
PaaS,
is used to motivate developers to create their own programs on top of the platform,
while developers must take into account security measures for the applications they
build and run [8].
SaaS,
is the software that is accessed through the Internet via web browsers, from various
devices. The application may be used free of charge or in a “pay as you go” model,
depending on the provider’s policy. SaaS users have a limited control in security in
comparison with the other two models [8].
PaaS and SaaS are on top of IaaS. All of them are inversely related. As a
consequence of this dependency, any violation to any cloud layer can compromise
the other layers as well.
Cloud Architecture Models
February 17, 2017
5. Providers ability to clearly demonstrate the core principles of information security
(CIA) namely as:
1. Data Confidentiality,
2. Data Integrity and
3. Data Availability
Confidentiality
Ensuring user data travelling along the cloud cannot be accessed by unauthorized
parties but traditional solutions like identification and authentication are
inadequate.
Solutions:
1) Proper encryption techniques either symmetric or asymmetric with a fixed key
length [10]
2) Zissis propose a combination of the two cryptographic, known as hybrid
cryptography [11]
3) Homomorphic encryption, the best solution, since decryption is not needed in
users side[12], but its not applied because of having huge impact in power
consumption and responsive time[7]
Securing the cloud
February 17, 2017
6. Integrity,
Constitutes another crucial factor, since it refers to protecting data from illegal
modification, deletion or fabrication.
Solutions:
1) Message Authentication Code (MAC), where a symmetric key provides a check
sum appending in the data [10].
2) Digital Signature, which relies on public key structure.
3) Proofs of Retrievability (PoR), a protocol in which a server proves to a client
that the data is intact, by combining error correction and spot-checking [12].
Computationally obstacle for mobile devices.
4) Based on PoR, another approach which is a local client process of encrypting
suitable metadata in each data block with a secret key, known only by the
authorized user [13].
5) High Availability Integrity Layer (HAIL) is one more improved mechanism
which also uses PoR and overcomes the mobile adversary [14].
Securing the cloud 2
February 17, 2017
7. Availability,
Embodies the idea of anywhere and anytime access to data by users, even if there is
some misbehavior in the system. Availability bows to three risks factors, which are
difficult to detect, including hijacking, DNS attacks and denial of service.
Solutions:
1. Bowers et al. advocate that HAIL could also be used for availability, other than
integrity [14].
2. Author in [11] propose a Third Trusted Party which is a legal organization with
the aim to amplify security. The security requirement for availability, according
to TTP is a combination of Public Key Infrastructure, Lightweight Directory
Access Protocol and Single Sign On.
3. As we were conducting our research, we found out that there are no specific
solutions for availability issues. The authors propose general solutions for
integrity and confidentiality and they imply that availability is guaranteed, only
if these two principles are protected.
Securing the cloud 3
February 17, 2017
8. Virtualization is an essential part of cloud computing. It can be applied to anything,
including memory, networks, storage, hardware, operating systems. It allows users
to move, copy, and manipulate Virtual Machines (VMs) at their will.
Keeping that in mind, virtualization is an extra layer in cloud that must be secured,
since it is more vulnerable for attackers.
Issues in Virtualization:
1. The major problem that arises by introducing virtualization in cloud is that
during migration, an attacker can compromise the hypervisor (Virtual machine
monitor) and transfer VMs to malicious servers. Its after effect is that integrity
is violated.
2. Confidentiality could also be compromised due to VM image files. These files
are configuration files which are used to create VMs and they reside in the
provider’s pool. Any attacker can take advantage of this public pool and create
malicious VM images that can contaminate others who download it. A direct
consequence of that is sensitive data leakage.
3. Last but not least, other types of attacks are also available, such as denial of
service that can tamper with availability [15].
Virtualization
February 17, 2017
9. Solutions:
1. Hypervisor is a software, which is responsible for separating every VM
(isolation). Hashizume et al. [8] suggest that keeping a hypervisor simple and
small reduces the chances of violating CIA.
2. The writers in [3], [16] propose the hyper safe approach, which provides
hypervisor control-flow integrity by using two techniques. The first one
protects the hypervisor’s code and data by locking down write protected
memory pages and the second one restricts indexing in order to convert the
control data into pointer indexes.
3. Another accepted solution to prevent this is the Advanced Cloud Protection
System (ACPS), which is suggested by Lombardi and Pietro [15]. The purpose
of this framework is to monitor cloud components and defend VMs against
intruders and attacks such as worms, Trojans and viruses.
Virtualization 2
February 17, 2017
10. MCC,
refers to a new infrastructure platform for combining both, cloud computing and
mobile devices where data storage and data processing happen outside of the
mobile device [17], [18].
Regarding the definition, Cloud computing exists when tasks and data are kept on
the Internet rather than on individual devices, providing on-demand access.
Applications are run on a remote server and then sent to the user [17].
It can be thought of as a combination of the cloud computing and mobile
environment. The cloud can be used for power and storage, as mobile devices don’t
have powerful resources compared to traditional computation devices.
As the computing has been moved surrounding mobile cloud computing, the
attacks and malware shifted their targets toward mobile cloud computing [19].
Mobile cloud computing
February 17, 2017
11. Since mobile cloud computing is a combination of mobile networks and cloud
computing, the security related issues are then divided into two categories:
• 1. Mobile user’s security on network.
• 2. Cloud security issues (discussed before)
Offloading is one of the main advantages of mobile cloud computing to improve
the battery lifetime for the mobile devices.
Most authors propose of using security software into the cloud for securing mobile
clients and we agree partially with this philosophy. Before mobile users could use a
certain application, it should go through some level of threat evaluation. All file
activities to be sent to mobile devices will be verified if it is malicious or not.
However there are many related issues about efficiency under environmental
changes. For example a code compilation, offloading might consume more
energy in order to send data to the cloud, than that of local processing when the
size of codes is small
Users safety and energy consumption
February 17, 2017
12. A research by A. Rudenko et al. [20] shows that offloading is not always the best
way to save energy, and this is an issue for mobile users.
Solutions in security regarding energy consumption
1. K. Kumar suggests a partitioning program, based on the estimation of the
energy consumption before the program execution. The optimal partitioning
program for offloading is calculated based on the trade-off between the
communication and computation costs [21]
2. Authors in [22], present a partitioning pattern to offload computational tasks on
mobile devices. The idea of this pattern is a construction of a cost graph with
objective to minimize the computation and data communication cost with an
algorithm that prunes the search space to obtain an approximated solution.
Users safety and energy consumption 2
February 17, 2017
13. Based on mobile cloud computing definition and under its offload advantage, in
order to secure clients we propose running security software on both client device
and offloaded in cloud, instead of running anti-virus software just only locally or
remote on cloud.
There will be a heuristic algorithm like genetic algorithm for solving the
optimization problem between locally computation consumption and network
communication energy consumption.
This algorithm should find the approximate best solution about energy efficiency
for the mobile user. In case the local computation energy consumption is less that
the network communication offload, the security software will run tasks locally and
simultaneously the security software on cloud will be deactivated. In contrast, if the
network communication offload consumption is less that local computation
consumption then the local security software tasks will be disabled and the security
software for the mobile clients will be running on cloud.
Authors perspective
February 17, 2017
14. Answers:
• As an answer to our first question, we discussed concerns on cloud are
concentrated on violation of CIA and threats.
• As for the second question, we demonstrated a number of solutions for each
section separately in order be obvious the insurance of each principle.
• As for the third question, data security and client’s security coupled and
proposed a security method for mobile users without increasing the overall
energy consumption.
Despite the huge evolution that cloud has brought in computer science, certain
security hinders raise concerns. From our research we could claim that effective
solutions for security already exist in all sections. However, some of them affect the
performance of the systems, consequently they are not applied. Thus, instead of
striving to find new solutions, researchers could focus on how the existing
solutions can be implemented in cloud without deteriorating system performance
and local power consumption.
Conclusion
February 17, 2017
15. [1] “80% of Enterprises Can’t Rely on Perimeter Security to Protect Cloud
Infrastructures Survey Finds - CloudPassage.” [Online]. Available:
https://www.cloudpassage.com/press-releases/80-of-enterprises-cant-
rely-onperimeter-security-to-protect-cloud-infrastructures-survey-finds.
[2] R. Latif, H. Abbas, S. Assar, and Q. Ali, “Cloud computing risk assessment:
a systematic literature review,” in Future Information Technology, pp. 285–
295, Springer, Berlin, Germany, 2014.
[3] J. Scanlon and B. Wieners, “The internet cloud,” The Industry Standard, Tech.
Rep., 1999.
[4] L.M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “A break in
the clouds: towards a cloud definition,” SIGCOMM Comput. Commun.
Rev., vol. 39, 2009, pp. 50–55.
[5] P. Mell and T. Grance, “The NIST Definition of Cloud Computing
Recommendations of the National Institute of Standards and Technology,”
Natl. Inst. Stand. Technol. Inf. Technol. Lab., vol. 145, p. 7, 2011.
[6] S. Ramgovind, M. M. Eloff, and E. Smith, “The management of security in
Cloud computing,” 2010 Inf. Secur. South Africa, pp. 1–7, 2010.
[7] F. Sabahi, “Cloud computing security threats and responses,” 2011 IEEE
3rd Int. Conf. Commun. Softw. Networks, pp. 245–249, 2011.
References
February 17, 2017
16. [8] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez,
“An analysis of security issues for cloud computing,” J. Internet Serv. Appl.,
vol. 4, no. 1, p. 5, 2013.
[9] B. R. Cyril and S. B. R. Kumar, “Cloud Computing Data Security Issues
Challenges , Architecture and Methods- A Survey,” pp. 848–857, 2015.
[10] S. A. Almulla and C. Y. Yeun, “Cloud computing security management,” Eng.
Syst. Manag. Its Appl. (ICESMA), 2010 Second Int. Conf., pp. 1–7,
2010.
[11] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” Futur.
Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012.
[12] X. Zhifeng and X. Yang, “Security and Privacy in Cloud Computing,” Commun.
Surv. Tutorials, IEEE, vol. 15, no. 2, pp. 843–859, 2013.
[13] R. S. Kumar and A. Saxena, “Data integrity proofs in cloud storage,” Int.
Conf. Commun. Syst. Networks, pp. 1–4, 2011.
[14] K. D. Bowers, A. Juels, and A. Oprea, “Hail,” Proc. 16th ACM Conf. Comput.
Commun. Secur. - CCS ’09, vol. 489, p. 187, 2009. K. D. Bowers,
A. Juels, and A. Oprea, “Hail,” Proc. 16th ACM Conf. Comput.
[15] F. Lombardi and R. Di Pietro, “Secure virtualization for cloud computing,” J.
Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, 2011.
References
February 17, 2017
17. [16] Z. Wang and X. Jiang, “HyperSafe: A lightweight approach to provide lifetime
hypervisor control-flow integrity,” Proc. - IEEE Symp. Secur.
Priv.,pp.380–395,2010.
[17] H. T. Dinh, C. Lee, D. Niyato and P. Wang, "A survey of mobile cloud
computing: architecture, applications, and approaches", Wireless
Communications and Mobile Computing - Wiley, (2011) October
[18] Fernando, Niroshinie, Seng W. Loke, and Wenny Rahayu. "Mobile cloud
computing: A survey." Future Generation Computer Systems 29.1 (2013):
84-106.
[19] K. H. Jashizume, D. Rosado, E. Fernandez-Medina, and B. nEduardo, “An
analysis of security issues for cloud computing,” Journal of Internet
Services and Applications, vol. 4, no. 5, pp. 1-13, 2013.
[20] A. Rudenko, P. Reiher, G. J. Popek, and G. H. Kuenning, “Saving portable
computer battery power through remote process execution, “Journal of
ACM SIGMOBILE on Mobile Computing and Communications Review, vol.
2, no. 1, January 1998.
[21] K. Kumar and Y. Lu,“Cloud Computing for Mobile Users: Can Offloading
Computation Save Energy,”IEEE Computer Society, vol.43, no. 4, April
2010.
References
February 17, 2017
18. [22] Z. Li, C. Wang, and R. Xu, “Computation offloading to save energy on handheld
devices: a partition scheme,” in Proceedings of the 2001 international
conference on Compilers, architecture, and synthesis for embedded
systems (CASES), pp. 238 - 246, November 2001
References
February 17, 2017