№1, 2013

AN INVESTIGATION AND ANALYSIS OF SECURITY PROBLEMS OF THE CLOUD COMPUTING

Rasim M. Аlguliev, Fargana C. Abdullayeva

In this paper the security problems of cloud computing technologies have been investigated. At the investigation stage the motives underlying the establishment of cloud computing technologies, main concepts, characteristics, service models and deployment models were studied. Also current security problems of cloud computing technologies, especially in the area of identity management, web applications, virtualization, trust management have been analyzed. At the result the article had identified existing problems of main tasks of cloud computing technologies and offered a number of recommendations towards to solving of these problems. (pp. 3-14)

Keywords: Cloud computing, virtualization, identity management, trust management, single sign-on, federated identity management
References
  • Abdullayeva F.C. Bulud hesablamaları sistemlərinin informasiya təhlükəsizliyi problemləri / Beynəlxalq İnformasiya Təhlükəsizliyi gününə həsr olunmuş Elmi-Praktiki seminarın materialları, Bakı, 2012, s. 23–24.
  • Abdullayeva F.C. Kloud Kompyutinq mühitində təhlükəsizlik problemlərinin analizi / Riyaziyyatın tətbiqi məsələləri və yeni informasiya texnologiyaları, II Respublika elmi konfransının materialları, 2012, s. 100–102.
  • Angin P., Bhargava B., Ranchal R., Singh N., Linderman M. An Entity-centric Approach for Privacy and Identity Management in Cloud Computing / Proc. of the IEEE 29th International Symposium on Reliable Distributed Systems, 2010, pp. 177–183.
  • Baldwin A., Mont M.C., Shiu S. Using Modelling and Simulation for Policy Decision Support in Identity Management / Proc. of the IEEE International Symposium on Policies for Distributed Systems and Networks, 2009, pp. 17–24.
  • Stihler M., Santin A.O., Arlindo L.M., Fraga J.S. Integral Federated Identity Management for Cloud Computing / Proc. of the IEEE 5th International Conference on New Technologies, Mobility and Security (NTMS), 2012, pp. 1–5.
  • Vaidya V. Virtualization Vulnerabilities and Threats: A Solution White Paper. RedCannon Security, 2009, http://www.redcannon.com/vDefense/pdf.
  • Wei J., Zhang X., Ammons G., Bala V., Ning P. Managing security of virtual machine images in a cloud environment / Proc. of the ACM workshop on Cloud computing security, 2009, http://users.cis.fiu.edu/~weijp/Jinpeng_Homepage_files/ccsw09.pdf.
  • Romero M., Bolivar S., Haddad H.M.  Asset Assessment in Web Applications / Proc. of the IEEE 7th International Conference on Information Technology: New Generations (ITNG), 2010, pp. 762–767.
  • Barton R.R., Hery W.J., Liu P. An S-vector for Web Application Security Management / Proc. of the 1st ACM Workshop on Business Driven Security Engineering (BIZSEC), 2004, http://www.smeal.psu.edu/cdt/ebrcpubs/res_papers /2004_01.pdf.
  • Chen  D., Le J., Wei  A Peer-to-Peer Access Control Management Based on Web of Trust / İEEE International Conference on  Future Computer and Communication (ICFCC), 2009, pp. 192–194.
  • Jensen M., Schage S., Schwenk J. Towards an Anonymous Access Control and Accountability Scheme for Cloud Computing / Proc. of the IEEE 3rd International Conference on Cloud Computing, 2010, pp. 540–541. 
  • SP 800-145. The NIST Definition of Cloud Computing. National Institute of Standards and Technology Special Publication, 2011, 7 p.
  • Alhamad M., Dillon T., Chang E. A Trust-Evaluation Metric for Cloud applications // International Journal of Machine Learning and Computing, 2011, V.1, No4, pp. 416–421.
  • Sosinsky B. Cloud Computing Bible. İndiana: Wiley Publishing, 2011, 532 p.
  • Security Guidance for Critical Areas of Focus in Cloud Computing. Cloud Security Alliance, 2011, 176
  • IDC SaaS Summit Spring, The Israeli Association of Grid, 2009, http://www.grid.org.il/_Uploads/dbsAttachedFiles/IDC_ppt.
  • Manavi S., Mohammadalian S., Udzir N.I., Abdullah A. Secure Model for Virtualization Layer in Cloud Infrastructure // IEEE International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2012, No1, pp. 32–40.
  • Takabi H., Joshi D., Ahn G. SecureCloud: Towards a comprehensive security framework for cloud computing environment / Proc. of the IEEE 34th Annual Computer Software and Applications Conference Workshops, 2010, pp. 393–398. 
  • Josang A., Pope S. User Centric Identity Management / AusCERT Conference, 2005, pp. 1–13.
  • Lee H., Jeun I., Jung H. Criteria for evaluating the privacy protection level of Identity Management Services / Proc. of the IEEE Third International Conference on Emerging Security Information, Systems and Technologies, 2009, pp.  155–160.
  • Woda A.  Identity Management in the Cloud / Proc. of the North America Information Security and Risk Management (ISRM) and IT Governance Risk and Compliance Conference (IT GRC), 2012, http://www.isaca.org/Education/ Conferences/Documents/NAISRM-ITGRC-Presentations/211.pdf.
  • Leslie P.A. Manager’s Guide to Identity Management and Federated Identity // Information Systems Control Journal, 2005, V.4, pp. 4–7.
  • SP 800-63-1. Electronic Authentication Guide. National Institute of Standards and Technology (NIST), 2011, 110 p.
  • Liberty Identity Assurance Framework. Liberty Alliance Project, 2008, V.1.1, 128 p.
  • Wan X. TVPDc: A Model for Secure Managing Virtual Infrastructure in IaaS Cloud / Proc. of the IEEE Eighth International Conference on Computational Intelligence and Security (CIS), 2012, 136–141.
  • Manavi S.  Hierarchical secure virtualization model for cloud / Proc. of the IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012, pp. 219–224.
  • Luo  S., Lin Z., Chen X., Yang Z., Chen J. Virtualization security for cloud computing service / Proc. of the IEEE International Conference on Cloud and Service Computing (CSC), 2011, pp. 174–179.
  • Sharma P., Sood S.K., Kaur S. Security Issues in Cloud Computing // High Performance Architecture and Grid Computing Communications in Computer and Information Science, 2011, V.169, pp. 36–45.
  • Tsai  H., Siebenhaar M., Miede A., Huang Y., Steinmetz R. Threat as a Service?: Virtualization's Impact on Cloud Security // IT Professional, 2012, pp. 32–37.
  • Grobauer B.,  Walloschek T.  Stocker E.,  Understanding Cloud Computing Vulnerabilities // IEEE Security & Privacy, 2011, Vol. 9, pp. 50–57.
  • SP 800-95. Guide to Secure Web Services. Recommendations of the National Institute of Standards and Technology, 2007, 128 p.
  • SANS Report: 60% Of All Attacks Hit Web Applications, Dark Reading's special September issue on Web Applications security, 2009, http://www.darkreading.com.
  • OWASP Top 10 Project. The Open Web Application Security Project, 2010, http://www.owasp.org/index.php/Top_10_2010.
  • Web Application Security Scanners, http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
  • Xie W., Ma A policy-based security model for Web system / Proc. of the International Conference on Communication Technology Proc. (ICCT), 2003, Vol. 1, pp. 187–191.
  • Guan H., Chen W., Liu L., Yang H. Estimating Security Risk for Web Applications using Security Vectors // Journal of Computers, 2012, Vol. 23, No 1, pp. 1–5.
  • Hwang K., Kulkarni  , Hu Y. Cloud Security with Virtualized Defense and Reputation-based Trust Management / Proc. of the IEEE 8th International Conference on Dependable, Autonomic and Secure Computing, 2009, pp. 717–722.
  • Rashidi A., Movahhedinia N.A. Model for User Trust in Cloud Computing // IEEE International Journal on Cloud Computing: Services and Architecture (IJCCSA), 2012, Vol. 2, No 2, pp. 1–8.
  • Cabarcos P.A., Mendoza F.A., Lo´pez A.M., Sa´nchez D.D., Guerrero R.S. A Metric-Based Approach to Assess Risk for ‘‘On Cloud’’ Federated Identity Management // Journal of Network and System Management, 2012, Vol. 20, No 4, pp. 513–533.