SECURITY PITFALLS IN MULTI-CLOUD COMPUTING ENVIROMENT

Vaishali Chauhan

¹

, Anil Singh

²

1M.Tech Student, ²Assistant Professor, Department of Computer Science and Engineering, AP Goyal Shimla University, (India)

ABSTRACT

As cloud has becomes the tool of choice for every organization who wants to reduce their computing operational cost. Cloud Computing provides various services (SaaS, PaaS, IaaS) to their cloud consumer. The cloud guarantees about its environment that it is reliable, dynamic and assure about good quality of service.

But to maintain the cost and QOS optimization every time the user can’t move from one cloud to another cloud.

To overcome this Multi-cloud computing framework is been introduced which allows dynamic resources sharing among cloud-based system. Security in such a Multi-cloud computing is an even complex issue. This paper mainly focused on identifying the challenges associated with Multi cloud security.

Keywords: Cloud Computing Security, Data Segregation, IP Spoofing, Multi-Clouds, Security Threats.

I. INTRODUCTION

The term ‗Cloud Computing‘ is the combination of two words cloud and computing. Cloud is synonymous with the internet which means a network interlinked with various resources, that are been provided by the client- server architecture. The term computing is refereed to processing. Cloud computing, as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-145, is ―a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction [1]. NIST goes even further to list what are deemed as five

"essential characteristics" which are used for the composition of a cloud model, these five characteristics, in no particular order, are - On-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service [1]. Formally cloud computing [2] can be defined as— ―It is a model for enabling ubiquitous , convenient, on-demand, network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.‖ Clouds can be categorized taking the physical location from the viewpoint of the user into account [1]. Cloud computing are pay-per-use model for authorize convenient, on-demand network access to a shared pool of configurable computing resources that can be swiftly provisioned and released with minimal management effort or service provider interaction [6].

The three service type of model achieved in cloud: software-as-a-service, platform-as-a-service, and infrastructure-as-a-service [7]. Software-as-a-service (SAAS) administrates, control and provide the cloud

subscribers to approach the software which is running on the cloud infrastructure. For example, Google Docs relies on JAVA Script, which runs over the Web browser [7].

Platform-as-a-service (PaaS) is delivery model, in which the user can make their own application and deploy them on the providers cloud infrastructure. Example is the Google App Engine, a service that lets developer to write programs to run them on Google‘s infrastructure [7]. Infrastructure-as-a-service (IaaS) This service basically delivers virtual machine images as a service and the machine can contain whatever the developers want [7]. Instead of purchasing servers, software, data center resources, network equipment, and the expertise to operate them, customers can buy these resources as an outsourced service delivered through the network cloud [8] For example, host firewalls [7].

Figure 1: Cloud Environment Architecture

Deploying cloud computing can differ depending on requirements, and the following four deployment models have been identified, each with specific characteristics that support the needs of the services and users of the clouds in particular ways:[9] Private Cloud infrastructure has been deployed, and is maintained and operated for a specific organization. The operation may be in-house or with a third party on the premises. Community Cloud infrastructure is shared among a number of organizations with similar interests requirements. Public Cloud infrastructure is available to the public on a commercial basis by a cloud service provider. This enables a consumer to develop and deploy a service in the cloud with very little financial outlay compared to the capital expenditure requirements normally associated with other deployment options. Hybrid Cloud infrastructure consists of a number of clouds of any type, but the clouds have the ability through their interfaces to allow data and/or applications to be moved from one cloud to another. This can be a combination of private and public clouds that support the requirement to retain some data in an organization, and also the need to offer services in the cloud.

1.1 Multi-Cloud Environment

The term ―multi-clouds‖ is similar to the terms ―intercloud‖ or ―cloud-of-clouds‖ that were introduced by Bucolic [3]. Cloud-of-clouds manage the multiple cloud computing services in a solitary heterogeneous architecture. Exploiting a multicloud architecture brings an advantages, including diminish reliability on a single

vendor, increasing flexibility according to user choice, mitigating against disasters, etc.. It is a identified fact that no one provider can be everything for everyone. The multiple cloud services rather than multiple deployment modes (public, private, legacy) is differs from hybrid cloud [4]. The idea of making use of multiple clouds has been proposed by Bernstein and Celesti [10].

Recent research has focused on the multi-cloud environment [11] which control several clouds and avoids dependency on any one individual cloud. Cachin et al. [11] identify two layers in the multicloud environment:

the bottom layer is the inner-cloud, while the second layer is the inter-cloud. The Intercloud layer offers a unique environment for building dependable services. The multi cloud aim is to address the computational and storage resources of the virtualization infrastructures of other clouds.

Figure 2: Multicloud Topology and elements [21]

Switching from inner-clouds to multiclouds is reasonable and important for many reasons. Cachinet al. [12]

―Services of single clouds are still subject to outage‖. Bowers et al. [13] showed that over 80% of company management ―fear security threats and loss of control of data and systems‖. Vukolic [14] assumes that the main purpose of moving to intercloud is to enhance what was offered in single clouds by distributing reliability, trust, and security among multiple cloud providers. Abu-Libdeh et al. [15] assume that to avoid ―vender lock-in‖, distributing a user‘s data among multiple clouds is a helpful solution. This replication also decreases the cost of switching providers and offers better fault tolerance.

1.2 Advantages of Using Multi-Cloud Enviroment

There are some reasons for which Inter Cloud has been preferred now a day‘s [20].

 Enhance Security: With Multi-Cloud, no data goes through the Internet. You access your outsourced critical applications through an end-to-end private network, including the access to public Clouds

 Benefit from commitments on performances: Through specific agreements with the main Cloud Computing Service Providers and a network specifically designed for this purpose, Inter Cloud improves hosted applications‘ performance with a smooth flow and comparable to internal applications.

 Benefit from the Flexibility of on-demand service: Inter-Cloud designed a network that can adjust itself to any billing model of Cloud Computing, on a per-user unit basis rather than per- bandwidth basis, but per- user or per-use.

 Benefit from an end-to-end commitment: Inter Cloud is committed on performance and on service continuity, from the customer site to the outsourced platform, thus filling the existing vacuum in terms of service level commitment between the Cloud and the end users.

 Benefit from a one-stop shop: Inter Cloud is the single contact for all outsourced applications, whether they are hosted on private or public Clouds, allowing the IT department to answer all networks, security and performance related issues for its outsourced services.

 Optimize your costs: Inter Cloud has heavily invested in interconnection infrastructures with the main Cloud Computing Providers and Private Cloud Providers in particular. Therefore, using the Inter Cloud network rather than your usual network operator to connect to these services is leads to substantial cost savings.

 Rely on a trusted third party: As a neutral intermediary between you and Cloud Service Providers, Multi Cloud can claim a position of privileged partner to IT departments. Inter Cloud can objectively perform transparent audits in regards to hosted applications.

This paper is organized as follows. In section 2, we discuss the pitfalls in Multi-cloud computing. Section 3 reviews the security problems in Multi-cloud computing. Finally, we conclude this paper in Section 4, and briefly discuss future work in Section 5.

II. PITFALLS IN MULTI-CLOUD

Various issues also present themselves in a multicloud environment. Security and governance is more complicated, and more "moving parts" may create resiliency issues. Selection of the right cloud products and services can also present a challenge, and users may suffer from the paradox of choice [5]. The multi cloud raises many more challenges the cloud federation, security, interoperability, Quality of Service, vendor's lock- ins, trust, legal issues, monitoring and billing.[16] Service Unavailability One of the most critical problems in Inter- cloud services is service accessibility or service availability. Service accessibility is most important in the cloud computing security. Amazon currently mentions in its authorizing agreement that it is possible that the service might be unavailable from time to time. The user‘s World Wide Web service may terminate for any cause at any time if any user‘s documents shatter the cloud storage principle [22]. The cloud computing field is a flourishing industry with its own new security challenges. The users and organisations store sensitive information such as customer information and corporate information into the cloud service provider platforms to reduce the cost economically by giving up the control of some data [17]. But the worry arises by the user or organization is data security in cloud. This issue leads to the leakage of the data or the data may be corrupted by attackers. To identify the top most security threats impending in cloud computing, Cloud Security Alliance conducted a survey of industry experts to compile professional opinion on the greatest vulnerabilities within cloud computing. In this most recent edition of this report, experts identified the following critical threats to cloud security [18]

III. SECURITY PITFALLS IN MULTI-CLOUD COMPUTING

1. Network Security: Either it‘s single cloud or multi cloud data will always flow over the network. Most of the chances of leakage of sensitive information are over the network. Traditional network security issues:

Man in the middle, IP spoofing, Port scanning.

2. Data locality: Various countries have data privacy laws and due to which compliance of location of Data is of utmost importance in many enterprise architecture.

3. Data Segregation: As a result of multi-tenancy multiple users can store their data using the applications provided by SaaS. In such a situation, data of various users will reside at the same location, so Intrusion of data of one user by another becomes possible in this environment. This intrusion can be done either by hacking through the loop holes in the application or by injecting client code into the SaaS system[23].

4. Data Access: Security policies which is been provided to the users while accessing the data is main issue of data access.

5. Virtualization Vulnerability: Ensure isolation of different instances running on the same physical machine [Current VMMs (Virtual Machine Monitor) do not offer perfect isolation]. Also Controls host and guest operating system by the administrator [23].

6. Insecure Interfaces and APIs: The security and availability of general cloud services is dependent upon the security of these basic APIs, this introduces the complexity of the new layered API [23].

IV. CONCLUSION

This paper explored various challenges unique to Multi-cloud security. The cloud is a multi-tenant environment, where resources are shared. Threats can happen from anywhere, inside the shared environment or from outside of it. Since the concept of Cloud Computing was proposed Cloud Security has inevitably become a significant business differentiator. There are several emerging solutions to these challenges in the form of supplements in standards, regulations, new technologies, etc. We are also looking into emerging approaches and technologies that may be potentially continued and improved for future research. Therefore, in our next stage of research, a thorough work will be introduced.

V. FUTURE WORK

Our future research will be more focused on the existing algorithms complexity applied over the Multi- cloud security techniques. There are many practical concerns regarding to security the future work is much concentrated to Multi-cloud security techniques which targets to concepts and provide a practical solution for cloud security.

REFERENCES

[1] Mell, Peter and Grance, Timothy. (2011). The NIST Definition of Cloud Computing. Special Publication 800-145. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

[2] Fang Liu, et.al,. (NIST cloud computing reference Architecture; NIST special publication 500-292, 2011.)

[3] M. Vukolic The Byzantine empire in the inter cloud, ACM SIGACT News, 41 (2010), pp. 105-111.

[4] Rouse, Margaret. "What is a multi-cloud strategy". SearchCloudApplications. Retrieved 3 July 2014.

[5] Linthicum, David. "Why you should care about multicloud". Infoworld. Retrieved 3 July 2014.

[6] George Reese, ―Cloud Application Architectures‖, First edition, O‘Reilly Media, April 2009, ISBN 9780596156367, pp. 2-4, 99-118.

[7] John Viega, McAffee, Cloud Computing and the Common Man,‖ published on the IEEE Journal ON Cloud Computing Security, pp. 106-108, August 2009

[8] Cisco White Paper, http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/n s537/white_paper_c11-532553.html, published 2009, pp. 1-6.

[9] N. Suresh, ―Security Challenges In Cloud Computing‖ International Journal of Engineering Research &

Technology (IJERT) Vol. 2 Issue 2, February- 2013 ISSN: 2278-0181

[10] Celesti, F. Tusa, M. Villari, and A. Puliafito, ―How to Enhance Cloud Architectures to Enable Cross- Federation,‖ Proc. IEEE Third Int‘l Conf. Cloud Computing (CLOUD), pp. 337-345, 2010.

[11] C. Cachin, R. Haas and M. Vukolic, "Dependable storage in the Intercloud", Research Report RZ, 3783, 2010.

[12] C. Cachin, I. Keidar and A. Shraer, "Trusting the cloud", ACM SIGACT News, 40, 2009, pp. 81-86.

[13] K.D. Bowers, A. Juels and A. Oprea, "HAIL: A high-availability and integrity layer for cloud storage", CCS'09: Proc. 16th ACM Conf. on Computer and communications security, 2009, pp. 187-198.

[14] M. Vukolic,"The Byzantine empire in the intercloud", ACM SIGACT News, 41,2010, pp. 105-111.

[15] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, "RACS: a case for cloud storage diversity", SoCC'10:Proc. 1st ACM symposium on Cloud computing, 2010, pp. 229-240

[16] Sudhir Dhage and Akassh A Mishra, ―Security in Inter-Cloud Communication‖ , EIE‘s 2nd Intl‘

Conf.Comp., Energy, Net., Robotics and Telecom.| eieCon2012

[17] N. Suresh, et al., ―Security Challenges In Cloud Computing‖ International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181. Vol. 2 Issue 2, February- 2013

[18] ―The Notorious Nine: Cloud Computing Top Threats in 2013‖, Top Threats Working Group, Cloud Security Alliance, February 2013

[19] Nilotpal Chakraborty et.al,. (Security Challenges in Cloud Computing: A Comprehensive Study) International Journal of Computer Science Engineering and Technology (IJCSET) | January 2014 | Vol 4, Issue 1, 1-4.

[20] https://www.intercloud.com/why/10-reasons/

[21] David Bernstein Deepak Vij Huawei Technologies, USA Huawei Technologies, USA dbernstein@huawei.com dvij@huawei.com, ―Intercloud Security Considerations‖.

[22] Rajkumar Buyya, Rajiv Ranjan, Rodrigo N. Calheiros ,‖InterCloud: Utility-Oriented Federation of Cloud Computing Environments for Scaling of Application Service‖,C.-H. Hsu et al. (Eds.): ICA3PP 2010, Part I, LNCS 6081, pp. 13–31, 2010. © Springer-Verlag Berlin Heidelberg 2010

[23] Sharmistha Dey, Sourav Auddy, Sonali Saha, ―A Survey on Security Issues of Inter Cloud Computing‖, International Journal of Advanced Research in Computer Science and Software Engineering Volume 3, Issue 11, November 2013 ISSN: 2277 128X