Cloud Security Assessment and Identity Management

Aashish Bhardwaj and Vikas Kumar+ Guru Tegh Bahadur Institute of Technology, Rajouri Garden, New Delhi 110064, India Delhi-110064, + Society for Education & Research Development, Salempur Banger, Yamunanagar 135103, Haryana, India aashish.bhardwaj@gmail.com prof.vikaskumar@gmail.com aashish.bhardwaj@gmail.com,

Abstract Cloud Computing is the long dreamed vision of computing as a utility, to provide on-demand applications and demand services. Users can be relieved from the burden of local data storage and maintenance by hosting their data on the clouds. With all its inherent value, the cloud introduces significant security challenges for both the consumers and cloud service providers in all the public, private, and hybrid cloud configurations. In this paper, security challenges (specifically the identity breach) for both consumers and service providers is presented. Cloud security assessment with Quantitative risk and impact ent framework (QUIRC) and Wide-band Delphi method have band been proposed as a suitable process for collecting input from expert consensus. Major security breach incidents of the past have been discussed along with the present day cloud challenges as per the Cloud Security Alliance. A Dymanic Identity Mapping Association N Discovery System (DIMANDS) as an identity solution for large scale heterogeneous network environments is also discussed. Keywords: Cloud Computing, DIMANDS, Identity Management, Privacy QUIRC. I. INTRODUCTION Cloud computing is a new style of computing in which dynamically scalable and often virtualized resources are provided as a services over the Internet. It can be viewed as a collection of services, which are usually presented as a layered cloud computing architecture [1], as shown in chitecture Fig. 1. The services offered through cloud computing . usually include IT services referred as to SaaS (Software(S as-a-Service), which are shown on top of the stack. SaaS allows users to run applications remotely from the cloud. SaaS has got enormous potential in the present day IT applications and a vast number of SaaS applications are being developed and used in different domains. Google Apps is one of the most commonly used SaaS application. Infrastructure-as-a-service (IaaS) refers to service computing resources as a service. This includes virtualized computers with guaranteed processing power and reserved bandwidth for storage and Int Internet access. Platform-as-a-Service (PaaS) is similar to IaaS, but also Service includes operating systems and required services for a particular application. DaaS (Data-as-a-Service) describes the ability to define data lists in a cloud service and then query against this ag data. Cloud Storage services such as Amazon S3

or Dropbox enable users to store data in the cloud as they would on any other storage device, only the data is uploaded to a virtual Storage. The data data-Storage-as-aService (dSaaS) is the most robust data solution being offered as a service and provides storage that the consumer has used including bandwidth requirements for s the storage. A number of PaaS platforms provide Integrated Development Environment (IDE) including data security, backup and recovery, application hosting, very, and scalable architecture. According to Chappell (2008) there can be three categories of cloud software services (SaaS) [3].
Application (SaaS SaaS) e.g. SalesForce & Google Apps

Platform (PaaS) e.g. Right Scale & Google App Engine

Infrastructure (IaaS IaaS) e.g. Amazon EC2 and GoGrid

Virtualization

Servers and Storage (dSaaS)

Fig. 1 Layered architecture of Cloud Computing f

 Recent IDC cloud research [2] shows that worldwide revenue from public IT cloud services exceeded $16 billion in 2009 and is forecast to reach $55.5 billion in 2014, representing a compound annual growth rate of 27.4%. This rapid growth rate is over five times the projected growth for traditional IT products (5%). The economic downturn has amplified the cloud services adoption due to the cost-cutting mantra of most organizations.There are many benefits of using the cloud such as: (a) Reduced security risk through improved controls, (b)Eased regulatory compliance through transparency, (c) Reduced administrative expenses, (d)Improved efficiency and (e) improved administrative IT Agility through automated security processes. Several banks are using the security infrastructure provided as cloud computing services [4], [5]. However, security and privacy issues impose strong barrier for users adoption of Cloud services. By maintaining data on the cloud, employing strong access control and limiting employee downloading to only what they need to perform a task, cloud computing can limit the amount of information that could potentially be lost. Monitoring data on a cloud is easier than to monitor security of numerous servers and clients as one has to concentrate only on one location. Swap-over in cloud can be done instantly if investigation reveals that data is compromised, rather than replicating the complete data or fixing all the breaches. In a cloud solution security tools can be bundled in and made available with different levels of security, rather than purchasing from third-party security software. II. CLOUD PRIVACY PROBLEMS Many privacy problems have been observed in todays Cloud Computing environment. Zhou et al.[6] have listed a number of incidents : Google Docs found a flaw that inadvertently shares users docs in March 2009. A Salesforce.com employee fell victim to a phishing attack and leaked a customer list, which generated further targeted phishing attacks in October 2007. They also sent a letter to a million subscribers describing how customer emails and addresses have been stolen by cybercriminals. Epic.com lodged a formal complaint to FTC (Federal Trade Commission) against Google for its privacy in March 2009. EPIC was successful in an action against Microsoft Passport. Steven Warshak stops the governments repeated secret searches and seizures of his stored email using the federal Stored Communications Act (SCA) in July, 2007. However, the government argues the Fourth Amendment doesnt protect emails when they are stored with an ISP or a webmail provider like Hotmail or Gmail.

Twitter has been a very vocal proponent of free speech in Iran and as a result been attacked by loyalists to that nation and industry observers suspect the government itself was involved in the act. The Iranian loyalists gained complete control over Twitter for a full day before the startup could regain control of their site. This is due to the use of development technologies originally meant for single use, not multi-tenant platforms [7].

Lots of services, such as DaaS, SaaS, PaaS, IaaS, etc get into practice and provide to millions of users. On the other hand, more and more users are considering Cloud Computing is important and start to setup applications in the Cloud Computing system or adopt the services provided by it. According to a survey conducted by Forrester [8], over a large number of firms, which evaluate the importance of using Software as a Service (SaaS) in terms of their points of view, more and more firms are thinking it is important. Fig. 2 gives it in detail. 15% of the firms view it is important and another 5% of the firms consider it is very important.

In the survey [8], authors claims that a typical organization today might have 5 to 15 applications in the Cloud. As Cloud Computing has advantages for both providers and users, it is developing in an amazing pace and predicted to grow and be adopted by a large amount

of users in the near future [9]. Thus Cloud Computing is becoming a well-known buzzword nowadays. However, security and privacy issues present a strong barrier for users to adapt into Cloud Computing systems [9]. III. CLOUD THREATS AND DOMAINS According to reports of CSA (Cloud Security Alliance), the 13 security domains [10] and the top threats [11] on cloud Computing also five other from [12] are listed in Table 1 and Table 2.
TABLE I SECURITY DOMAINS IN CLOUD COMPUTING

S.No. 1 2 3 4 5 6 7 8 9 10 11 12 13 15 16 17 18 19

Domain definition Cloud Computing Architectural Framework Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Traditional Security, Business Continuity, and Disaster Recovery Data Center Operations Incident Response, Notification, and Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Server Access Security Internet Access Security Database Access Security Data Privacy Security Program Access Security

improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. Availability is defined as Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Chen et al. [14] recently visited the issues surrounding cloud platforms security, and concluded that only few of the security issues are new and unique to cloud platforms, whereas the majority have been investigated and addressed in the context of traditional network and systems security [15], [16]. They identified multi-party trust considerations and mutual auditability as the two requirements unique to cloud platforms. Saripalli and Walters [17] proposed the addition of three more security objectives in the context of cloud platforms: Multiparty Trust, Mutual Audit Ability and Usability. These six security Objectives for the cloud platforms may be referred to as the CIAMAU framework. V. CLOUD SECURITY ASSESSMENT A quantitative risk and impact assessment framework (QUIRC) is presented in [17], to assess the security risks associated with cloud computing platforms. This framework is called as QUIRC which defines risk as a combination of the Probability of a security threat event and its Severity measured as its impact. P Saripalli and B Walters have also demonstrated how the traditional threat modeling can be related to the QUIRC computations, via the identification of threat events. Also Wide-band Delphi method is proposed as a suitable process for collecting such inputs from expert consensus. A. Wide-band Delphi Method A widely accepted method for the evaluation of impacts based on expert opinion is the Wide-band Delphi method, using rankings based on expert opinion about the likelihood and consequences of threats [18]. The Delphi method is a forecasting technique used to collect expert opinion in an objective way, and arrive at consensus conclusions based on that. It was developed by the RAND Corporation in late 1950s [19]-[20] for gathering a knowledge base of military intelligence and experience, without the influence of politics, rank, or other bias. It has since been applied to other domains such as technology, population sciences, usability studies, environmental risk assessment and business applications. B. The Wide Band Delphi Process Step 1: Select session moderator and Subject Matter Experts. Step 2: Hold planning meeting and explain the goals, context and security goals of the cloud deployment. Step 3: Subject Matter Experts individually provide their best numerical estimates for the impact of every

TABLE II THEATS IN CLOUD COMPUTING SECURITY

S.No. 1 2 3 4 5 6 7

Threat Definition Abuse and Nefarious Use of Cloud Computing Insecure Interfaces and APIs Malicious Insiders Shared Technology Issues Data Loss or Leakage Account or Service Hijacking Unknown Risk Profile

IV. SECURITY OBJECTIVES U.S. Federal Information Security Management Act (FISMA) [13] defines three security objectives for information and information systems, as Confidentiality, Integrity and Availability. Confidentiality is defined as Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity is defined as Guarding against

listed event, weights and confidence in values based on the questionnaire. Step 4: Moderator tabulates and compiles this data and shares results, including summary statistics with all involved. Step 5: Repeat step 3-4 to converge all data values within an acceptable range (e.g. 10% variance). Once a trained team is assembled to perform estimates, the moderator fills out the Project Information sheet in the tool. The moderator privately assigns each SME as ID number which should be kept private. For steps 3 and 4 above, the SMEs communicate their estimates privately to the moderator, which the moderator types into a tool for the appropriate round and ID number. The summary results are displayed graphically to all at the end of the round. If the results are narrow enough to accept (step 5 above), the process is complete. Otherwise there is a round of discussion where the SME continue to discuss the results. Any new assumptions surfacing should be listed in the display tool. This process works in live meetings, and email, Internet and phone as well. The data so collected as expert consensus is fed to QUIRC Risk calculations. Advantages of the QUIRC methodology are as follows. A quantitative approach gives vendors, customers and regulation agencies the ability to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner. It also can be helpful in alleviating the considerable FUD (Fear, Uncertainty and Doubt) associated with cloud platform security issues and helping that they are dealt in an effective way. For example, the high risk Security Objectives (SO) and events would emerge which will then be addressed with counter measures. Limitations of the approach include that it requires the meticulous collection of input data for Probabilities of events, which requires collective industry SME inputs. Other industries such as environmental, nuclear and seismology and public health communities have successfully implemented such approaches. Limitations of the approach include that it requires the meticulous collection of input data for Probabilities of events which requires collective industry SME (Subject Matter Experts) inputs. Other industries such as environmental, nuclear and seismology and public health communities have successfully implemented such approaches. VI. IDENTITY MANAGEMENT MATURITY MODELS Identity Management (IDM) assumes to be superset of all the corresponding issues in the whole area of cloud security. As, it is possible that customers hold multiple accounts with the service providers like e-bay, Gmail, etc. The visibility and scope of attributes for every identity has to be verified by the systems. In such a system if identities are not handled with extreme precautions many resources

would be at stake. This necessitates several IDMs based on various technologies to interoperate and function as one consolidated body over a cautiously shared user space. Next section C presents Identity Management Maturity Models. No matter where an application runs in-house or on the cloud, it needs to know about its users. To accomplish this, the application needs a digital identity [21]; a set of bytes to describe the user. Based on this information, the application can determine who the user is and what he or she is allowed to do. In-house applications rely on services like Active Directory to provide this information. Clouds, however, have to use their own identity services. For instance, Amazon cloud services requires user to sign on using an Amazon-defined identity, Googles App Engine requires a Google account, and Windows uses Windows Live ID for use with Microsofts cloud applications. Identity services need not be proprietary [22]. Identity Management Maturity Model for three types of services i.e. Software as a Service (SaaS), Identity as a Service (IDaaS) and Infrastructure as a Service (IaaS) are presented below: TABLE III IDENTITY MANAGEMENT FOR SaaS
Stage 0 Stage 1 Stage 2 Stage 3 Stage 4

Isolat ed Silos

Central Admini s-tration

User selfservice

Rolebased Access Control

Integrated User Management

TABLE IV IDENTITY MANAGEMENT for IDaaS Identity Authentica Federation Authoriz provisioning tion ation/user profile mgmt The secure Credential Exchangin Requireme and timely management g identity nts for the management , strong attributes user of on- authenticatio between profiles and boarding n (typically the service access (provisionin defined as provider control g) and off- multi-factor (SP) and policy vary boarding authetication the depending (deprovision ), delegated identity on whether ing) of users authenticatio provider the user is in the cloud. n and (IdP) in a acting on managing secure his own trust across way. behalf or on all types of the cloud organizatio services. ns bahalf. A. Identity Management in SaaS As SaaS vendors and their customers sort through the security implications of the hybrid on-demand/on-

premises model for cloud applications, they face a number of identity management challenges. Using the protocol Stack for Cloud Computing Identity Management to analyze the levels of maturity within Cloud services providers, analyzing existing research and best practices in identity and role-based management, Kennedy and Gopal [7] have designed a Cloud Computing Identity Management Maturity Model. With three different stages. The stages range from 0 that signify isolated silos, to Stage 1 for Central Administration, Stage 2 for user self-service, stage 3 for role-based access control and stage 4 for integrated user management. Based on the analysis of [22], [23] characteristics and results are shown for each of these stages of the maturity model in Table 3. B. Identity Management in IDaaS Four major Identity Management functions that are essential for successful and effective management of identities in the cloud are presented in Table 4 is adapted from [24]. TABLE V IDENTITY MANAGEMENT FOR IaaS Identity Provisioning Entitlement Prolifer Life and Deation of Cycle provisioning OnManagem demand ent User ID Incorporat es an integrated and comprehe nsive solution for managing the entire lifecycle of user identities and their associated credentials and entitlemen ts Provisioning indicates the federation of user accounts without sharing prior data, based on some trust model. Deprovisioning of a user account has to synchronize instantaneousl y with all participating service providers. Delay could lead to security vulnerability. The set of attributes that specify the access rights and privileges of an authenticated security principal. Lack of interoperable representation of information poses a challenge to the information exchanged among different cloud service providers. One primary user id is made as the key to authenti cate a single end user with multiple service provider s.

C. Identity Management in IaaS The intent to take away the complexity of Identity Management in Infrastructure as a Service from the enterprises and allowing them to direct their energy and resources on their energy and resources on their own functions Table 5 presents different issues [25]. Cloud Identity solution is presented by Lampropoulos K. et. al. [26] as a Dymanic Identity Mapping Association N Discovery System (DIMANDS) as an identity solution for large scale heterogeneous network environments. The DIMANDS architecture is based on an innovative Distribute Hash Table (DHT) overlay infrastructure which combines the routing capabilities of DHT networks and the security benefits of individual Identity Providers (IdPs). The basic characteristics of DIMANDS overlay are: Only nodes (individual IdPs) exist in DIMANDS overlay and not objects (identity data). The overlay is used only for routing purposes (and not for storage of any kind of data). Participating nodes cannot change their position in the overlay. Only validated providers may issue requests to retrieve information from DIMANDS. Requests can be sent to any one of the DIMANDS servers, and then forwarded to their final destination. DIMANDS seeks to be a totally independent system thus discovery of a DIMANDS server is not held through DNS (Domain Name System). Each service provider, organization or any other entity that wants to submit requests to DIMADS must acquire a list of available DIMANDS servers only by the Regional Authority (RA) of its geographical area and establish a long term secure connection with one of them. The long term connection is required for two reasons. The first one is to minimize traffic to RAs for the retrieval of available DIMANDS nodes and the second one is that long term connections build gradual and sufficient trust relations between DIMANDS nodes and outside entities that ask for information, thus enhancing systems security. It must be noted that the response of a submitted request is returned back by the DIMANDS node that sustains a long term secure connection with the requester, and not by the IdP in the overlay that actually processed the request. This is required for security reasons to avoid man in the middle attacks. VI. CONCLUSIONS In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, Cloud Computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. However, security and privacy issues impose strong barrier for users adoption of Cloud systems and Cloud services. The paper suggests that more security strategies

should be deployed in the Cloud environment to achieve these goals. As well as privacy acts should be modified to adapt a new relationship between users and providers. Privacy should be taken into account when designing cloud services; it is not recommended to try to insert privacy at a later stage in the design process. Also, in future the identity management problem will become more complex and will have to deal with not only with the management of users identities but also with interconnected devices, machines and software components. Future work will try to address this important framework which deals with the identity management problem as a whole. REFERENCES [1] Jones, M. T. Cloud computing with linux, www.ibm.com/developerworks/linux/library/lcloudcomputing. Zhang Shuai, zhang Shufen, Chen Xuebin & Huo Xiuzhen, Cloud Computing and Development Trend, Proc. of IEEE Second International Conference on Future Networks, pp 70-75, 2010. Chappell, D., A short introduction to cloud platforms: An enterprise-oriented view IEEE ITPro, pp. 2327, August 2008. Anonymous, Bank outsources security to the cloud, Communications NEWS, vol. 42, no. 12, December 2005. Anonymous, Bank trusts security to the cloud, Communications NEWS, vol. 43, no. 9, September 2006. Zhou M, Zhang R, Xie W, Qian W and Zhu A, Security and Privacy in Cloud Computing: A Survey, IEEE Sixth International Conference on Semantics, Knowledge and Grids, Computer Society, pp. 105 112, 2010. PalsonKennedy R. and Gopal T.V., Assessing the Risks and Opportunities of Cloud Computing Defining Identity management Systems and Maturity Models, IEEE ITPro, pp. 138-142, 2010. Wang. C, Forrester: A close look at cloud computing security issues http://www.forrester.com/securityforum2009, 2009. IDC, IT cloud services user survey, pt. 2: Top benefits & challenges, http://blogs.idc.com/ie/?p=210, 2008. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, http://www.cludsecurityalliance.org/csaguide.pdf Cloud Security Alliance, Top Threats to Cloud Computing V1.0,

[12]

[13]

[14]

[15]

[2]

[16]

[3]

[17]

[4]

[18] [19] [20]

[5]

[6]

[7]

[21]

[22]

[8]

[24]

[9]

[25]

[10]

[26]

[11]

http://www.cloudsecurityalliance.org/topthreats.v 1.0.pdf. Kandukuri B R et al., Cloud Security Issues, IEEE International Conference on Services Computing, pp. 517-520, 2009. Federal Information Processing Standards Pub 199: Standards for security Categorization of Federal Information and Information Systems http://csrc.nist,gov/publications/fips/fips199/FIP S-PUB-199-final.pdf. Chen Y., Paxson V. and Katz R. H., Whats New About Cloud Computing Security, University of California, Berkley Report No. UCB/EECS-2010-5 January 20, 2010 http://www.eecs.berkley.edu/pubs/techRpts/2010 /EECS-2010-5.pdf. Pore R. S., International Information Security Foundation Generally Accepted System Security Principles release for Public Comment. www.infosectoday.com/Articles/gassp.pdf Elahi G. and Yu E., A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs Lecture Notes in Computer Science Springer Berlin/ Heidelberg Volume 4801, 2007. Saripalli P and Walters B., QUIRC: A Quantitative impact and Risk Assessment framework for Cloud Security, IEEE 3rd International Conference on Cloud Computing, 2010. Linstone H. A., The Delphi Method: Techniques and Applications, Addison-Wesley, 1999. RAND Corporation, A collection of RAND publications on the Delphi method, 2007. Stuter L. M., The Delphi Technique: What is it, Lynns Educational and Research Network, March 1996. http://www.learnusa.com/transformation_process /acf001.htm. Sun Microsystems, Introduction to cloud computing architecture, White Paper, Sun Microsystems, June 2009. Velte A. T, Velte T.J. and Elsenpeter R, Cloud Computing A Practical Approach, Tata McGraw-Hill Edition 2010, ISBN-13: 978-0-07068351-8, pp. 69-87. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,pp. 63-67, 2009. Gopalakrishnan A, Cloud Computing Identity Management, ` SETLabs Briefings Vol. 7, No. 7, pp. 45-54, 2009. Lampropoulos K. Et. al., Introducing a Cross federation Identity Solution for Converged Network Environments, ACMs IPTComm10, Munick, Germany, pp. 1-11, August 2-3, 2010.