Table Of Content

Sushil Jajodia · Krishna Kant Pierangela Samarati · Anoop Singhal Vipin Swarup · Cliff  Wang Editors Secure Cloud Computing Secure Cloud Computing Sushil Jajodia • Krishna Kant Pierangela Samarati (cid:129) Anoop Singhal Vipin Swarup (cid:129) Cliff Wang Editors Secure Cloud Computing 123 Editors SushilJajodia KrishnaKant CenterforSecureInformationSystems CenterforSecureInformationSystems GeorgeMasonUniversity GeorgeMasonUniversity Fairfax,VA,USA Fairfax,VA,USA PierangelaSamarati AnoopSinghal UniversityofMilan ComputerSecurityDivision Crema,Italy NationalInstituteofStandards andTechnology(NIST) VipinSwarup Gaithersburg,MD,USA TheMITRECorporation McLean,VA,USA CliffWang ComputingandInformationScience Division InformationSciencesDirectorate TrianglePark,NC,USA Imagescanbeviewedincolorbyvisitingthebook’swebpageonSpringerLinkordownloading theeBookversion. ISBN978-1-4614-9277-1 ISBN978-1-4614-9278-8(eBook) DOI10.1007/978-1-4614-9278-8 SpringerNewYorkHeidelbergDordrechtLondon LibraryofCongressControlNumber:2013957058 ©SpringerScience+BusinessMediaNewYork2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’slocation,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer. PermissionsforusemaybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violations areliabletoprosecutionundertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. While the advice and information in this book are believed to be true and accurate at the date of publication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityfor anyerrorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,with respecttothematerialcontainedherein. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface Cloud computing continues to experience a rapid proliferation because of its potentialadvantageswithrespecttoeaseofdeployingrequiredcomputingcapacity asneededandatamuchlowercostthanrunninganownedcomputinginfrastructure. However, the lack of ownership brings in myriad security and privacy challenges thatarequitedifficulttoresolve.Thepurposeofthisbookistoprovideastate-of- the-artcoverageof the techniquesto address these issues at all levels of the stack rangingfromhardwaremechanismstoapplicationleveltechniques.Itishopedthat thebookwillbeusefultoresearchers,practitioners,andstudentsinfurtherresearch onthesubjectandtheimplementationofthetechniquesinreal-lifesystems. Thetermcloudcomputinghasbeenusedforavarietyofdistributedcomputing environments including some traditional ones. For example, a computing infras- tructureownedbythe organizationisoftenreferredtoasa “privatecloud”,which may or may not be any different from a traditional virtualized data center owned by the organization.The distinction may come if multiple entities or departments within the organization share the same infrastructure, but have their own privacy, informationsensitivity, and security concerns. In contrast, a “public cloud” refers to a facility owned and operated by a separate entity and available for use by anyorganizationor individual.Ownershipand operationmodelsin betweenthese extremes are also possible, such as a cloud intended for use by enterprises that providesmorerestrictiveusepolicies,tightersecurity,higheravailability,etc.than public clouds. Such “community clouds” have domain specific characteristics, capabilities,andvulnerabilitiesdifferentfromprivateorpublicclouds. User access to the cloud infrastructure could be provided at varying levels rangingfrom underlyingphysical infrastructurecontrolleddirectly by the user all the way up to built-in software exposed to the users. Traditionally, three specific levelshavebeenidentified:IaaS(Infrastructureas a Service),PaaS(Platformas a Service),andSaaS(SoftwareasaService).Thechallengesinprovidingtherequired securityandprivacyvaryacrossthelevels,withlowerlevelaccessresultinginmore difficultchallengesinprotectingtheresourcesfrommisuseandattacks. Inrecentyears,therehavebeennumerousincidentsofexposureofconfidential data either accidentally or as a result of hacker attacks. Although many of these v vi Preface incidents are not specific to cloud computing, the increasing adoption of cloud computingbythegovernmentandbusinesseshasraisedthespecterofperhapseven more damaging information leaks in the future. For example, the Cloud Security Alliance (CSA) has identified “The Notorious Nine” cloud computing threats for 2013thatarelikelytopersistinthefutureaswell(seehttps://cloudsecurityalliance. org/research/top-threats/).The most significant threats include: (a) exploitationof side-channelinformationbyVMstoextractsensitiveinformationaboutotherVMs, includingthecryptographickeys,(b)datalossduetoaccidentsorphysicalhazards, (c)illegalaccesstocredentialsorpenetrationofcriticalentitiessuchashypervisor by hackers, (d) weak APIs and interfaces, (e) denial of service or other attacks using the cloud infrastructure, (f) and insider attacks (including the service or infrastructure providers). Significantly, a common theme identified in the list of threats is the vulnerabilities brought about by the solutions themselves. This is normally a result of increased complexity and hence vulnerabilities arising from software bugs and additional configuration data. For example, the keys and other parametersneeded by cryptographicalgorithmsmust themselvesbe managedand protectedagainstattacksandaccidentalloss. A key attribute of cloud computing is the involvement of multiple parties that provide or use the infrastructure or services. These parties could form a natural hierarchywith physicalinfrastructureprovidersat the bottom and the end users at the top. For example, a cloud computing service provider or a broker may use physical infrastructure provided by one or more lower level entities, and expose services or virtual infrastructures used by end users or application service providers. The sharing of increasingly sophisticated and larger computing infrastructures among multiple parties makes cloud computing security a very challengingundertaking.Themainreasonsinclude: 1. Lackoftrustbetweenvariouspartiesupanddownthehierarchy(e.g.,between the cloud service provider and the physical infrastructure provider if they are different, or between service provider and the user) and across a level (betweenserviceprovidersorusersrunningonthesame sharedinfrastructure). The trust model drives the level of information access granted among parties and protections implemented to avoid potential abuse. Some protections (e.g., encryption)mayruleoutcertainoperationswithinthecloudormakethemvery expensive. 2. Complex privacy and anonymity requirements for information exchanges betweenvariousparties.Thisdrivesmechanismsforobfuscatingandrestricting accesstoinformationcontent,acarefulcontrolofassociationbetweendifferent pieces of information, and avoidance of attribution of information to specific parties.Theserequirementsmaydictatewhatdatacanbekeptwhereandwhere theoperationsonthedatatakeplace. 3. Operational disruption, integrity violation, and information leaks caused by attacks that may originate not only from malicious outsiders but also from legitimateprovidersandusersofthecloud.Theseaspectsinturndrivethelevel of protection that needs to be built at various layers including physical infras- tructure, communicationprotocols, data storage and transmission, middleware, etc. Preface vii The chaptersin this book addressrecent advancesin addressingsome of these securityandprivacyissues.Eachchapterisintendedtobeself-contained,although thereaderisexpectedtohaveworkingknowledgeofthesecurityandprivacyfield. Itishopedthatthebookwillfillanimportantneedintherapidlyemergingfieldof cloudcomputingsecurity. Imagescanbeviewedincolorbyvisitingthebook’swebpageonSpringerLink ordownloadingtheeBookversion. Fairfax,VA,USA SushilJajodia Fairfax,VA,USA KrishnaKant Crema,Italy PierangelaSamarati Gaithersburg,MD,USA AnoopSinghal McLean,VA,USA VipinSwarup TrianglePark,NC,USA CliffWang Acknowledgements Weareextremelygratefultothenumerouscontributorstothisbook.Inparticular,it isapleasuretoacknowledgetheauthorsfortheircontributions.Specialthanksgoto CourtneyClark,AssociateEditoratSpringerforhersupportofthisproject.Wealso wishtothanktheArmyResearchOfficefortheirfinancialsupportunderthegrant numberW911NF-12-1-0595.PartoftheworkwasperformedwhileSushilJajodia wasaVisitingResearcherattheUSArmyResearchLaboratory. ix

ebook img

Secure Cloud Computing PDF

351 Pages·2014·7.93 MB·English
by  
#cloud computing #computer security
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Secure Cloud Computing

Sushil Jajodia · Krishna Kant Pierangela Samarati · Anoop Singhal Vipin Swarup · Cliff  Wang Editors Secure Cloud Computing Secure Cloud Computing Sushil Jajodia • Krishna Kant Pierangela Samarati (cid:129) Anoop Singhal Vipin Swarup (cid:129) Cliff Wang Editors Secure Cloud Computing 123 Editors SushilJajodia KrishnaKant CenterforSecureInformationSystems CenterforSecureInformationSystems GeorgeMasonUniversity GeorgeMasonUniversity Fairfax,VA,USA Fairfax,VA,USA PierangelaSamarati AnoopSinghal UniversityofMilan ComputerSecurityDivision Crema,Italy NationalInstituteofStandards andTechnology(NIST) VipinSwarup Gaithersburg,MD,USA TheMITRECorporation McLean,VA,USA CliffWang ComputingandInformationScience Division InformationSciencesDirectorate TrianglePark,NC,USA Imagescanbeviewedincolorbyvisitingthebook’swebpageonSpringerLinkordownloading theeBookversion. ISBN978-1-4614-9277-1 ISBN978-1-4614-9278-8(eBook) DOI10.1007/978-1-4614-9278-8 SpringerNewYorkHeidelbergDordrechtLondon LibraryofCongressControlNumber:2013957058 ©SpringerScience+BusinessMediaNewYork2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’slocation,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer. PermissionsforusemaybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violations areliabletoprosecutionundertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. While the advice and information in this book are believed to be true and accurate at the date of publication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityfor anyerrorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,with respecttothematerialcontainedherein. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface Cloud computing continues to experience a rapid proliferation because of its potentialadvantageswithrespecttoeaseofdeployingrequiredcomputingcapacity asneededandatamuchlowercostthanrunninganownedcomputinginfrastructure. However, the lack of ownership brings in myriad security and privacy challenges thatarequitedifficulttoresolve.Thepurposeofthisbookistoprovideastate-of- the-artcoverageof the techniquesto address these issues at all levels of the stack rangingfromhardwaremechanismstoapplicationleveltechniques.Itishopedthat thebookwillbeusefultoresearchers,practitioners,andstudentsinfurtherresearch onthesubjectandtheimplementationofthetechniquesinreal-lifesystems. Thetermcloudcomputinghasbeenusedforavarietyofdistributedcomputing environments including some traditional ones. For example, a computing infras- tructureownedbythe organizationisoftenreferredtoasa “privatecloud”,which may or may not be any different from a traditional virtualized data center owned by the organization.The distinction may come if multiple entities or departments within the organization share the same infrastructure, but have their own privacy, informationsensitivity, and security concerns. In contrast, a “public cloud” refers to a facility owned and operated by a separate entity and available for use by anyorganizationor individual.Ownershipand operationmodelsin betweenthese extremes are also possible, such as a cloud intended for use by enterprises that providesmorerestrictiveusepolicies,tightersecurity,higheravailability,etc.than public clouds. Such “community clouds” have domain specific characteristics, capabilities,andvulnerabilitiesdifferentfromprivateorpublicclouds. User access to the cloud infrastructure could be provided at varying levels rangingfrom underlyingphysical infrastructurecontrolleddirectly by the user all the way up to built-in software exposed to the users. Traditionally, three specific levelshavebeenidentified:IaaS(Infrastructureas a Service),PaaS(Platformas a Service),andSaaS(SoftwareasaService).Thechallengesinprovidingtherequired securityandprivacyvaryacrossthelevels,withlowerlevelaccessresultinginmore difficultchallengesinprotectingtheresourcesfrommisuseandattacks. Inrecentyears,therehavebeennumerousincidentsofexposureofconfidential data either accidentally or as a result of hacker attacks. Although many of these v vi Preface incidents are not specific to cloud computing, the increasing adoption of cloud computingbythegovernmentandbusinesseshasraisedthespecterofperhapseven more damaging information leaks in the future. For example, the Cloud Security Alliance (CSA) has identified “The Notorious Nine” cloud computing threats for 2013thatarelikelytopersistinthefutureaswell(seehttps://cloudsecurityalliance. org/research/top-threats/).The most significant threats include: (a) exploitationof side-channelinformationbyVMstoextractsensitiveinformationaboutotherVMs, includingthecryptographickeys,(b)datalossduetoaccidentsorphysicalhazards, (c)illegalaccesstocredentialsorpenetrationofcriticalentitiessuchashypervisor by hackers, (d) weak APIs and interfaces, (e) denial of service or other attacks using the cloud infrastructure, (f) and insider attacks (including the service or infrastructure providers). Significantly, a common theme identified in the list of threats is the vulnerabilities brought about by the solutions themselves. This is normally a result of increased complexity and hence vulnerabilities arising from software bugs and additional configuration data. For example, the keys and other parametersneeded by cryptographicalgorithmsmust themselvesbe managedand protectedagainstattacksandaccidentalloss. A key attribute of cloud computing is the involvement of multiple parties that provide or use the infrastructure or services. These parties could form a natural hierarchywith physicalinfrastructureprovidersat the bottom and the end users at the top. For example, a cloud computing service provider or a broker may use physical infrastructure provided by one or more lower level entities, and expose services or virtual infrastructures used by end users or application service providers. The sharing of increasingly sophisticated and larger computing infrastructures among multiple parties makes cloud computing security a very challengingundertaking.Themainreasonsinclude: 1. Lackoftrustbetweenvariouspartiesupanddownthehierarchy(e.g.,between the cloud service provider and the physical infrastructure provider if they are different, or between service provider and the user) and across a level (betweenserviceprovidersorusersrunningonthesame sharedinfrastructure). The trust model drives the level of information access granted among parties and protections implemented to avoid potential abuse. Some protections (e.g., encryption)mayruleoutcertainoperationswithinthecloudormakethemvery expensive. 2. Complex privacy and anonymity requirements for information exchanges betweenvariousparties.Thisdrivesmechanismsforobfuscatingandrestricting accesstoinformationcontent,acarefulcontrolofassociationbetweendifferent pieces of information, and avoidance of attribution of information to specific parties.Theserequirementsmaydictatewhatdatacanbekeptwhereandwhere theoperationsonthedatatakeplace. 3. Operational disruption, integrity violation, and information leaks caused by attacks that may originate not only from malicious outsiders but also from legitimateprovidersandusersofthecloud.Theseaspectsinturndrivethelevel of protection that needs to be built at various layers including physical infras- tructure, communicationprotocols, data storage and transmission, middleware, etc. Preface vii The chaptersin this book addressrecent advancesin addressingsome of these securityandprivacyissues.Eachchapterisintendedtobeself-contained,although thereaderisexpectedtohaveworkingknowledgeofthesecurityandprivacyfield. Itishopedthatthebookwillfillanimportantneedintherapidlyemergingfieldof cloudcomputingsecurity. Imagescanbeviewedincolorbyvisitingthebook’swebpageonSpringerLink ordownloadingtheeBookversion. Fairfax,VA,USA SushilJajodia Fairfax,VA,USA KrishnaKant Crema,Italy PierangelaSamarati Gaithersburg,MD,USA AnoopSinghal McLean,VA,USA VipinSwarup TrianglePark,NC,USA CliffWang Acknowledgements Weareextremelygratefultothenumerouscontributorstothisbook.Inparticular,it isapleasuretoacknowledgetheauthorsfortheircontributions.Specialthanksgoto CourtneyClark,AssociateEditoratSpringerforhersupportofthisproject.Wealso wishtothanktheArmyResearchOfficefortheirfinancialsupportunderthegrant numberW911NF-12-1-0595.PartoftheworkwasperformedwhileSushilJajodia wasaVisitingResearcherattheUSArmyResearchLaboratory. ix

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users