MODULE 4- CLOUD SECURITY

Security has always been a concern in computing, starting when computers were used alone in a room.
Things changed dramatically when computers could connect and communicate with each other, opening
the door to various threats like malware that can spread globally. This growing connectivity makes it
crucial to protect our information systems, especially since many aspects of society now rely on them.

Today, even critical national infrastructure can be targeted by hackers using vulnerabilities in computer
security. A famous example is the Stuxnet virus, which specifically attacked industrial control systems.
The term "cyberwarfare" has emerged to describe actions by countries trying to damage or disrupt each
other's networks.

Cloud computing, where data and services are hosted online, presents a new set of security challenges.
While some people believe that moving to the cloud reduces internal security concerns, this view can be
overly simplistic. Outsourcing computing to the cloud can actually create significant security and privacy
risks. Additionally, service agreements often don't offer enough protection for users, leaving them
vulnerable to issues outside their control.

As technology evolves rapidly, the laws and regulations to govern cloud computing have not kept pace.
This means that many questions about privacy, security, and trust in cloud services are still unresolved.
Since cloud resources can be spread across different countries, there's a need for international regulations
to manage data protection effectively.

9.1 Cloud security risks

Simplified breakdown of the security risks in cloud computing and how to prevent nefarious uses
of cloud resources:

Security Risks Faced by Cloud Users

1. Traditional Security Threats:

o DDoS Attacks: Overloading cloud services to prevent legitimate access.
o Phishing: Trick users into giving up sensitive information.
o SQL Injection & Cross-Site Scripting: Exploiting vulnerabilities in
applications.
2. System Availability Threats:
o Downtime: Failures (like power outages) can render services inaccessible.
o Data Lock-In: Difficulty moving data away from a cloud provider during
outages.
o Complex System Failures: Unique behaviors of cloud systems can lead to
unexpected downtime.
3. Third-Party Data Control:
o Subcontractor Risks: Data may be stored or managed by less secure third
parties.
o Espionage Risks: Proprietary data could be accessed by unauthorized individuals.
o Lack of Transparency: Limited visibility into how data is managed and
protected by cloud providers.
 4. User Responsibility:
o Users must secure their own access points to the cloud.
o Assigning appropriate access levels to employees can be challenging.
5. Account Hijacking:
o Users must guard against credential theft to protect their accounts.
6. Data Loss or Leakage:
o Sensitive information might be lost due to replication failures or unauthorized
access.
7. Unknown Risk Profile:
o Many users may not fully understand the risks associated with cloud computing.

Preventing Nefarious Use of Cloud Resources

1. Enhanced Security Protocols:

o Implement strong authentication and authorization methods.
o Use multi-factor authentication to enhance security.
2. Regular Audits and Compliance:
o Follow guidelines from authorities like NIST to ensure security standards.
o Conduct regular security assessments and audits of cloud services.
3. Data Encryption:
o Encrypt sensitive data both at rest and in transit to protect it from unauthorized
access.
4. Monitoring and Incident Response:
o Continuously monitor cloud activities to detect suspicious behavior.
o Have an incident response plan in place to address security breaches promptly.
5. Education and Awareness:
o Train employees on security best practices and the risks associated with cloud
services.
6. Use of Secure APIs:
o Ensure that APIs used to interact with cloud services are secure and regularly
tested.
7. Contractual Safeguards:
o Carefully review service agreements to understand liabilities and security
responsibilities.
8. Limit Data Exposure:
o Store only necessary data in the cloud and regularly review what is stored.

By recognizing these risks and implementing preventive measures, cloud users can significantly
enhance their security posture and reduce the chances of malicious activities.
Types of Attacks in Cloud Computing

1. Attacks Originating from the Service:

o SSL Certificate Spoofing: An attacker tricks users into believing they are
communicating with a legitimate service by using a fake SSL certificate.
o Browser Cache Attacks: An attacker can exploit saved data in users' browsers to steal
information.
o Phishing Attacks: Users receive fake emails or messages that look legitimate, tricking
them into providing sensitive information.
2. Attacks Originating from the Cloud:
o User Victims: Users can be targeted by malicious activities coming from the cloud itself,
such as fake messages that seem to come from trusted cloud services.
3. Attacks on the Service from the User:
o Buffer Overflow: An attacker sends too much data to a service, causing it to crash or
behave unexpectedly.
o SQL Injection: Malicious code is inserted into database queries to manipulate data.
o Privilege Escalation: A user gains unauthorized access to higher levels of control than
intended.
4. Attacks on the Service from the Cloud Infrastructure:
o Resource Limiting: The cloud infrastructure can be manipulated to restrict access to
resources needed by the service.
o Data Distortion: Attackers can alter or corrupt data being processed by the service.
o Injecting Operations: Malicious commands can be inserted to disrupt the normal
functioning of the service.
5. Attacks on the Cloud Infrastructure from Users:
o Users can target the cloud's control systems to execute similar attacks as they would
against other cloud services.
 o Users can also overload the cloud by requesting excessive resources, leading to a denial
of service for others.

There are multiple ways that attacks can occur in cloud computing. These can come from the service
itself, the cloud infrastructure, or even the users. Understanding these different types of attacks helps in
taking preventive measures to enhance security.

9.2 Security: The top concern for cloud users

The key points regarding cloud security concerns:

1. User Concerns About Security

 Trust Issues: Users worry about trusting cloud service providers (CSPs) with sensitive
information.
 Unauthorized Access: There’s a fear of confidential data being accessed without permission or
stolen.
 Insider Threats: Users are concerned about rogue employees at CSPs who may misuse their
access.

2. Data Vulnerability

 Storage Risks: Data stored in the cloud is vulnerable longer than data being processed.
 Deletion Doubts: Users can’t be sure if their deleted data is truly gone or recoverable by others.

3. Backup Challenges

 Automatic Backups: CSPs often back up data without user consent, raising risks of data loss or
breaches.

4. Lack of Standards

 Interoperability Issues: There are no universal standards for how data and services work across
different CSPs, complicating transitions or service disruptions.

5. Auditing Difficulties

 Full Audit Trails: It's hard to maintain a complete record of all actions taken in the cloud,
making compliance and accountability challenging.

6. Emerging Technologies

 Autonomic Computing: New technologies that self-manage may create additional security risks,
complicating monitoring and accountability.

7. Multitenancy Concerns

 Shared Resources: Many users share the same servers, so a breach can affect multiple users at
once.
  Cost vs. Security: While multitenancy lowers costs, it increases risks.

8. Legal Framework Issues

 Jurisdiction Confusion: Different laws apply based on where data is stored and processed,
making it complex to understand rights and protections.
 Data Sharing with Law Enforcement: CSPs may be required to share user data with authorities,
adding another layer of concern.

9. User Actions to Minimize Risks

 Evaluate CSP Policies: Users should review the security measures and privacy policies of CSPs.
 Clarify Contracts: Contracts should clearly define CSP responsibilities regarding data handling,
liability for breaches, and geographical data storage rules.
 Limit Sensitive Data: Avoid processing highly sensitive information in the cloud when possible.
 Use Encryption: Encrypt sensitive data to protect it, despite the potential complications for data
searching and processing.

10. Technical Solutions

 Secure Data Connectors: Tools like Google's Secure Data Connector help users access data
securely, though they may not work for all applications.
 Encryption Dilemma: While encryption protects data, it can complicate access and processing,
necessitating advanced techniques for efficiency.

By focusing on these points, users can better understand the landscape of cloud security and take
proactive steps to protect their data.

9.3 Privacy and privacy impact assessment

Privacy is the right of individuals or organizations to keep personal information confidential.

Many countries consider privacy a fundamental human right, as stated in documents like the
Universal Declaration of Human Rights. For example, the U.S. Constitution doesn't specifically
mention privacy, but its Bill of Rights protects certain private aspects of life.

Different countries have various laws about privacy. In the UK, the Data Protection Act
safeguards privacy, while in the EU, strict regulations protect personal data, including a "right to
be forgotten," which allows people to remove their online data.

In the digital age, privacy issues have become more complex, especially with cloud services
where personal data is stored on external servers. Users often lose control over their data, which
can be misused by companies, such as for targeted advertising. Privacy concerns differ across
cloud service models and depend on how data is shared.

To protect privacy, regulations often require websites to:

1. Notice: Clearly inform users about what data is collected and how it will be used.
2. Choice: Allow users to decide how their data is used beyond the original purpose.
 3. Access: Enable users to review and correct their personal data.
4. Security: Take steps to protect users' data from unauthorized access.

To assess and manage privacy risks, tools like Privacy Impact Assessments (PIAs) can help
organizations identify potential issues. However, as of mid-2012, there were no universal
standards for these assessments, although some countries require them. A proposed web-based
PIA tool would help organizations analyze their privacy practices and generate reports to ensure
compliance with privacy laws.

9.4 Trust

Trust in cloud computing is similar to trust in general online activities, but it comes with its own unique
challenges. Here’s a breakdown:

1. Definition of Trust: Trust means relying on someone or something to be honest or to perform

well. It's important because it allows people to work together, reduces conflicts, and makes it
easier to form groups that can respond effectively in times of need.

2. Conditions for Trust: Two main things must exist for trust to develop:
o Risk: If there’s no chance of loss, trust isn’t needed. For example, if you’re sure a service
will work, you don’t need to trust it.
o Interdependence: Trust grows when you need others to achieve your goals, meaning you
rely on them.

3. Phases of Trust: Trust goes through three stages:

o Building Phase: This is when trust is formed.
o Stability Phase: Trust is established and exists.
o Dissolution Phase: Trust can decline or be broken.

4. Types of Trust:
o Utilitarian Trust: This is based on the belief that the consequences of breaking trust
(like penalties) outweigh any benefits from cheating.
o Calculus-Based Trust: This trust comes from believing that working with someone will
benefit them, aligning their interests with yours.
o Relational Trust: This develops over time from positive experiences and consistent
behavior.

5. Challenges in Online Trust: Online interactions lack the personal cues we usually rely on to
judge trustworthiness, such as identity and personal characteristics. This anonymity can lead to
mistrust because you can’t be sure who you’re dealing with.
 6. Building Trust Online:
o Security Mechanisms: These include access controls to keep out intruders, transparent
identities (like using biometric identification), and ways to monitor activities (like
logging).
o Credentials: These are proof of someone's abilities, like a diploma or a digital signature,
which can establish trustworthiness.
o Policies and Reputation: Policies set out the rules for trust, while reputation is built over
time based on past interactions and feedback from others.

7. Trust Measurement: In computing, trust can be measured by how reliable you believe someone
or something will be in providing a service over time and in a specific context.

Trust in cloud computing requires understanding risks, dependencies, and the complexities of online
interactions, along with implementing security measures and relying on credentials and reputation.

9.5 Operating system security

1. Role of the Operating System (OS):

o Manages how different programs share computer resources.
o Protects programs from each other and from attacks.
2. Security Threats:
o Malicious code can come from apps or websites.
o Attacks can happen on personal devices like computers and smartphones.
3. Mandatory Security Policies:
o Strict rules that control access to information.
o Define how users are verified (authentication) and how data is protected (encryption).
4. Trusted Applications:
o Special programs with security roles.
o Should have the minimum permissions needed to function.
5. Privilege Issues:
o Some OSs let programs inherit too many privileges, making them risky.
o If one app is compromised, it can affect the whole system.
6. Trusted Paths:
o Secure ways for users to interact with trusted programs.
o Important to prevent malicious software from impersonating trusted apps.
7. Complex Security Processes:
o Experts suggest breaking security tasks into simpler parts (e.g., checking who is
accessing something and then making a decision).
8. Mobile Code Risks:
o Java applets run in a controlled environment but can still have vulnerabilities.
o Weaknesses can be exploited by attackers.
9. Specialized Secure Devices:
o Some devices (like ATMs or certain smartphones) have built-in security features that
protect them.
o These features aren’t typically found in standard computers.
10. Need for Additional Security:
 o A strong OS is essential but not enough alone.
o Extra security measures are necessary for specific applications, especially for sensitive
activities like online banking.
11. Overall Vulnerability:
o Everyday operating systems often lack strong security.
o They are vulnerable to various types of attacks.

9.6 Virtual machine security

1. VM Models: There are different types of VM models, but this discussion focuses on the
traditional system VM model. Other models (like hybrid or hosted VMs) expose more risks
because they depend on the host operating system.
2. Role of the Virtual Machine Monitor (VMM): The VMM manages the VMs and helps provide
security. It controls how VMs access hardware and keeps them isolated from each other. This
isolation is better than what traditional operating systems offer.
3. Trusted Computing Base (TCB): A secure TCB is essential for overall security in a virtualized
environment. If the TCB is compromised, the whole system can be at risk.
4. Isolation and Security Services: The VMM can create a safer environment by allowing VMs to
be isolated and by offering services like saving, restoring, or cloning the state of a VM. Cloning
can help detect malicious applications by running them in a separate environment first.
5. Communication Efficiency: Moving a VM’s files to a dedicated security VM can protect them
from attacks, since communication between VMs is faster than between physical machines.
6. Threats and Challenges: There are various threats to VMs, including:
o VMM-based threats: Such as resource starvation (where one VM uses too many
resources), side-channel attacks (where one VM attacks another), and buffer overflow
attacks.
o VM-based threats: Insecure VMs can be created or accessed due to poor security
practices, such as weak access controls or unverified VM images.
7. Cost of Security: Implementing better security through virtualization comes with trade-offs, like
higher hardware costs and added complexity in development.
 8. Intrusion Detection and Prevention: Some systems, like Livewire and Siren, use the
capabilities of VMs to detect intrusions by isolating, inspecting, and controlling what VMs do.

Overall, while virtualization provides strong isolation and security, it also introduces new challenges that
need careful management.

9.9 Security risks posed by a management OS

The security implications of virtualization, specifically focusing on hypervisors like Xen and the critical
role of the management operating system (Dom0). Here’s a breakdown of the key points:

Hypervisor vs. Traditional OS

1. Size and Complexity: Hypervisors, such as Xen, have significantly fewer lines of code compared
to traditional operating systems. This smaller codebase can make them easier to audit and
potentially more secure.
2. Isolation: Hypervisors provide stronger isolation between virtual machines (VMs) than
traditional operating systems do between processes. This can enhance security by preventing one
VM from affecting another.

Trusted Computing Base (TCB)

3. Components of TCB: In a virtualized environment, the TCB includes the hypervisor, the
management OS (Dom0), and the underlying hardware. While the hypervisor itself is small, the
management OS introduces additional complexity and potential vulnerabilities.
4. Vulnerabilities in Dom0: Many vulnerabilities in Xen have been traced to service components
within Dom0. For example, attackers could exploit weaknesses in the management OS to affect
the integrity and availability of the VMs it manages.
Potential Threats from a Malicious Dom0

5. Denial of Service: A compromised Dom0 could prevent the creation of new VMs, effectively
conducting a denial-of-service attack.
6. Data Manipulation: Dom0 could modify the guest operating system’s kernel, allowing it to
monitor or control applications within the VM.
7. Integrity Risks: By incorrectly setting up memory and CPU registers, Dom0 could undermine
the integrity of the VM.

Communication Between Dom0 and VMs

8. Shared Device Drivers: Communication between Dom0 and guest VMs (DomUs) happens
through a split driver architecture. Dom0 manages device drivers while the frontend operates in
the DomU.
9. Security of Data Transfers: Data transfers between DomUs and external clients rely on Dom0.
This presents a risk since Dom0 could potentially extract sensitive information even when
encrypted protocols like TLS are used.

Security Enhancements Needed

10. Access Controls: To enhance security, Dom0 should only use foreign memory mapping in
response to requests from DomUs. This ensures that memory sharing is controlled and secure.
11. Encrypted Memory Operations: Any time Dom0 accesses memory or CPU states of a DomU,
those operations should involve encryption to protect against data leakage.
12. Integrity Checks: After critical operations that involve hypercalls (functions that allow
communication between the hypervisor and the management OS), the integrity of the affected
DomU should be verified.

Performance Trade-offs

13. Overhead of Security Measures: Implementing these security measures comes at a cost of
increased overhead, affecting the time it takes to build, save, and restore VMs. This is a trade-off
between enhanced security and system performance.

While virtualization can enhance security through stronger isolation and a smaller codebase, it also
introduces new complexities and vulnerabilities, particularly associated with the management OS
(Dom0). Effective security measures must balance protecting VMs with the performance implications of
those measures.

9.10 Xoar: Breaking the monolithic design of the TCB

Xoar is an enhanced version of the Xen hypervisor, focusing on bolstering system security while
maintaining functionality. Here’s a breakdown of its key features and design principles:

Security Model
  Privileged Access: Only trusted system administrators have privileged access, under the
assumption they won’t misuse it.
 Threats: The primary threats come from guest VMs that might try to compromise each
other's data integrity or exploit the hypervisor itself. Additionally, vulnerabilities in the
management virtual machine's initialization code pose risks.

Design Principles

Xoar is designed using microkernel principles, which emphasizes modularity. This helps to:

1. Clarify Risks: Modularity makes it easier to identify and manage security risks by
defining access based on needs.
2. Minimize System Size: Smaller components reduce the potential attack surface,
enhancing security.
3. Tight Control of Privileges: Each component has only the necessary privileges for its
function, limiting the potential for exploitation.
4. Explicit Sharing: Sharing of resources is minimized and made explicit when
unavoidable, allowing for better logging and auditing.
5. Limit Running Time: Components operate only when necessary, reducing their
exposure to attacks.

Component Types
Xoar categorizes its components into four types:

1. Permanent Components: These include XenStore-State, which manages system state

information.
2. Boot Components: These are temporary and self-destruct after booting. They include:
o PCIBack: Manages PCI bus virtualization.
o Bootstrapper: Coordinates the boot process.
3. Request-Restarted Components: These components (like XenStore-Logic and
Toolstack) are reloaded only upon specific requests.
4. Timer-Restarted Components: These manage physical resources and include:
o Blk-Back: Exports storage drivers.
o NetBack: Exports network drivers.

System Interaction

 Device Emulation: QEMU handles emulation of hardware devices.

 Shared Components: Guest VMs share only a few components (Builder, XenStore-
Logic, and XenStore-State), ensuring controlled access.
 Auditing: Actions like creating or stopping VMs are logged in an append-only database
on a separate secure server, enhancing security.
Snapshots

To maintain system integrity without frequent reboots (which could slow down performance),
Xoar employs snapshots. These allow for restoring a VM to a known-good state quickly:

 Service VM Snapshots: Taken before a VM services a request.

 Component Snapshots: Captured immediately after initialization.
 Copy-on-Write Mechanism: This mechanism preserves the original state of pages that
are about to be modified, ensuring that changes do not affect the integrity of the system.

In summary, Xoar aims to provide a secure and modular virtualization environment by strictly
managing privileges, reducing potential vulnerabilities, and enhancing auditing capabilities, all
while maintaining compatibility with existing systems.